Representing Identity
Download
Report
Transcript Representing Identity
Bishop: Chapter 14
Representing Identity
csci5233 Computer Security
1
Outline
•
Introduction
•
Naming & Certificates
•
Identity on the web
•
Anonymity
csci5233 Computer Security
2
What is identity?
•
An identity specifies a principal.
–
A principal is a unique entity.
–
What can be an entity?
• Subjects: users, groups, roles
e.g., a user identification number (UID) identifies a user
in a UNIX system
•
Objects: files, web pages, etc. + subjects
e.g., an URL identifies an object by specifying its
location and the protocol used (such as
http://sce.cl.uh.edu/).
csci5233 Computer Security
3
Authentication vs identity
•
Authentication binds a principal to a
representation of identity internal to the
computer.
•
Two main purposes of using identities:
–
–
Accountability (logging, auditing)
Access control
csci5233 Computer Security
4
Identity Naming and Certificates
•
In X.509 certificates, distinguished names (that is,
X.500 Distinguished Name) are used to identify
entities.
e.g., /O=UHCL/OU=SCE/CN=Andrew
Yang/L=Houston/SP=Texas/C=US
e.g.,
/O=UHCL/OU=SCE/CN=UnixLabAdministrator/L=Ho
uston/SP=Texas/C=US
•
A certification authority (CA) vouches, at some
level, for the identity of the principals to which the
certificate is issued.
csci5233 Computer Security
5
Structure of CAs
•
•
•
•
[RFC 1422, S. Kent, 1993] Privacy Enhancement
for internet Electronic Mail: Part II, CertificateBased Key Management
The certificate-based key management
infrastructure organizes CAs into a hierarchical,
tree-based structure.
Each node in the tree corresponds to a CA.
A Higher-level CA set policies that all subordinate
CAs must follow; it certifies the subordinate CAs.
csci5233 Computer Security
6
Certificates & Trust
•
A certificate is the binding of an external identity
to a cryptographic key and a Distinguished Name.
•
If the certificate issuer can be fooled, all who rely
on that certificate may also be fooled.
•
The authentication policy defines the way in
which principals prove their identities, relying on
nonelectronic proofs of identity such as
biometrics, documents, or personal knowledge.
csci5233 Computer Security
7
Certificates & Trust
•
The goal of certificates is to bind a correct pair of
identity and public key.
•
PGP certificates include a series of signature
fields, each of which contains a level of trust.
•
The OpenPGP specification defines 4 levels of
trusts:
1. Generic: no assertions
2. Persona (i.e., anonymous): no verification of the
binding between the user name and the principal
3. Casual: some verification
4. Positive: substantial verification
csci5233 Computer Security
8
Certificates & Trust
•
Issues with the OpenPGP’s levels of trusts:
The trust is not quantifiable.
The same terms (such as ‘substantial verification’) can
imply different levels of assurance to different signers.
The interpretations are left to the verifiers.
•
The point:
“Knowing the policy or the trust level with which the
certificate is signed is not enough to evaluate how
likely it is that the identity identifies the correct
principal.”
Other knowledge is needed: e.g., how the CA or signer
interprets the policy and enforces its requirements
csci5233 Computer Security
9
Identity on the Internet
•
Host identity: How is a computer identified on
the Internet?
–
–
•
ISO/OSI 7-layer model
The possibility of ‘spoofing’ a computer’s IP or MAC
address
Static vs Dynamic Identifiers
–
The NAT (Network Address Translation) protocol
csci5233 Computer Security
10
Domain Name Services
•
DNS provides an association between a host
name and an IP address.
•
If the association is corrupted, the identifier in
question will be associated with the wrong host
(sometimes the malicious one).
•
Attacks on the DNS: Bellovin, Schuba
csci5233 Computer Security
11
State and Cookies
•
The HTTP protocol is a stateless protocol: basically
request/response
•
Other mechanisms (such as cookies or sessions) are
needed to maintain states between a client and a server.
•
Def. 14-4: A cookie is a token that contains information
about the state of a transaction on a network.
•
pp.369-370: Values in the cookies
•
Cookies may contain sensitive information. Protecting the
confidentiality of the cookies may be critical.
csci5233 Computer Security
12
Anonymity on the Web
• Anonymity: The ability to hide the identity
of a host
• When would anonymity be needed?
• Examples: anonymous remailers, mixers
More details in the ‘network security’
course
csci5233 Computer Security
13