Chap 13. Representing Identity 정보보호 알고리즘 연구실 이 민 호 Chap 13. Representing Identity
Representing Identity 13.1 What Is identity? 13.2 Files and Objects 13.3 Users 13.4 Groups and Roles 13.5 Naming and Certificates 13.6 Identity on the Web
13.1 What is Identity? Principal : a unique entity Identity: specifies a principal Authentication : binds a principal to a representation of identity internal to the computer Purpose of Identities For accountability For access control
13.2 Files and Objects The identity of file or object depends on system that containing object Local systems identify objects by assigning names Name may be intended For human use (e.g file name) For process use (e.g file descriptor or handle) For kernel use (e.g file allocation table entry, inode) Each name may have different semantics If the object resides on a different system, the name must encode the location of the object
13.3 Users Systems represent user identity in a number of different ways EXAMPLE : UNIX operating system - Represent user identity as an integer (0 ~ usually 65,535) - User Identification Number (UID) - Each login name uniquely corresponds to a single UID, but multiple login names have a common UID (Kernel uses UID to identify users)
13.3 Users (cont.) The same principal may have many different identities. Each identity serves a particular function EXAMPLE : UNIX operating system -Real UID : user identity at login, but changeable -Effective UID : user identity used for access control Setuid changes effective UID -Saved UID : UID before last change of UID Used to implement least privilege Work with privileges, drop them, reclaim them later -Audit/Login UID : user identity used to track original UID Cannot be altered; used to tie actions to login identity
13.4 Groups and Roles Groups Two implementations of groups The members of the set must be distinguishable Used to share access to file Two implementations of groups alias for a set of principals - Processes assigned to groups and stay in those groups for their lifetime of their sessions principals can change groups - Rights due to old group discarded; rights due to new group added
13.4 Groups and Roles (cont.) A type of group that membership tied to function Rights given are consistent with rights needed to perform function EXAMPLE : DG/UX system System administrator privileges are in sysadmin role Network administrator privileges are in netadmin role Users can assume either role as needed
13.5 Naming and Certificates The identifier must uniquely identify the principal to avoid confusion Problem: names may be ambiguous - Does the name “Matt Bishop” refer to We don’t know that the "Matt Bishop" who teaches at UC Davis from the "Matt Bishop" who works at Microsoft Corporation Identifiers must include ancillary information to distinguish
13.5 Naming and Certificates (cont.) EXAMPLE : X.509v3 Distinguished Names Identifies a principal Consists of a series of fields (e.g.) /O=University of Sogang/OU=Seoul campus/OU=Department of Computer Science/CN=Lee Minho/ (CN is common name, OU is organizational unit, O is organization)
13.5 Naming and Certificates (cont.) Certification authorities (CAs) vouch, at some level, for the identity of the principal to which the certificate is issued CA’s authentication policy says the level of authentication required to identify the principal the certificate is to be issued CA’s issuance policy says to which principals the CA will issue certificates
13.5 Naming and Certificates (cont.) Certification Hierarchy Tree structured arrangement of CAs Root is Internet Policy Registration Authority, or IPRA Sets policies all subordinate CAs must follow Certifies subordinate CAs (called policy certification authorities, or PCAs), each of which has own authentication, issuance policies Does not issue certificates to individuals or organizations other than subordinate Cas PCAs issue certificates to ordinary CAs Does not issue certificates to individuals or organizations other than subordinate CAs
13.5 Naming and Certificates (cont.) University of Valmont issues certificates to students, staff Students must present valid reg cards (considered low assurance) First PCA: requires subordinate CAs to make good-faith effort to verify identities of principals Staff must present proof of employment and fingerprints, which are compared to those taken when staff member hired (considered high assurance) Second PCA: requires use of biometrics to verify identity
13.5 Naming and Certificates (cont.) UValmont and Certification Hierarchy IPRA PCA-1 UValmont Student CA student PCA-2 Staff CA staff high assurance PCA low assurance
13.5 Naming and Certificates (cont.) Certificate tied to a role EXAMPLE : A company wishes to have its comptroller authorized to digitally sign documents Distinguished Name /O=University of Valmont/OU=Office of the Big Bucks/RN=Comptroller where “RN” is role name; note the individual using the certificate is not named, so no CN Even if the current comptroller leaves, the same certificate can be used
13.5.1 The Meaning of the Identity The authentication policy defines that principals prove their identities If incorrect, CA may misidentify entity unintentionally Cause trust problem
13.5.1 The Meaning of the Identity (cont.) Persona Certificate With the erosion of privacy, comes the need for anonymity Persona Certificate supply the requisite anonymity Certificate with meaningless Distinguished Name
13.5.2 Trust Goal of certificate : bind the correct identity to the public key The critical question : What is the degree of that assurance? X.509v3, certificate hierarchy Depends on policy of CA issuing certificate Depends on how well CA follows that policy Really, estimate based on the above factors
13.5.2 Trust (cont.) EXAMPLE : Passport required CA require name on passport, number and issuer of passport What are points of trust? Passport not forged and name on it not altered Passport issued to person named in passport Person presenting passport is person to whom it was issued CA has checked passport and individual using passport
13.6 Identity on the Web 13.6.1 Host identity 13.6.2 State and Cookies 13.6.1.1 Static identifiers: do not change over time 13.6.1 .2 Dynamic identifiers: changes as a result of an event or the passing of time 13.6.2 State and Cookies 13.6.3 Anonymity 13.6.3 .1 Anonymous email 13.6.3 .2 Anonymity: good or bad?
13.6.1 Host Identity Bound up to networking Not connected: pick any name (only locally) Connected: one or more names depending on interfaces, network structure, context Each principal on an individual host can gave different names “Name” identifies a principal, “Address” identifies where that principal is located
13.6.1 Host Identity (cont.) EXAMPLE : Layered network -MAC layer Ethernet address: 00:05:02:6B:A8:21 AppleTalk address: network 51, node 235 -Network layer IP address: 192.168.35.89 -Transport layer Host name: cherry.orchard.chekhov.ru
13.6.1.1 Static and Dynamic Identifiers Static identifier : Not change over time Dynamic identifier : changes either as a result of an event or over time Domain Name Server(DNS) : associates hostnames and IP addresses Maps transport identifiers (host names) to network identifiers (host addresses) Forward records: host names IP addresses Reverse records: IP addresses host names
13.6.1.1 Static and Dynamic Identifiers (cont.) If dynamic identifiers, Assigned to principals for a limited time Server maintains pool of identifiers Client contacts server using local identifier Only client, server need to know this identifier Server sends client global identifier Client uses global identifier in other contexts, for example to talk to other hosts Server notifies intermediate hosts of new client, global identifier association
13.6.1.2 Security Issues with the Domain Name Service Trust is that name/IP address binding is correct Goal of attacker: associate incorrectly an particular IP address with a host name Assume attacker controls name server, or can intercept queries and send responses
13.6.1.2 Security Issues with the Domain Name Service Attacker can change records on server - Called “control” Add extra record to response, giving incorrect name/IP address association - Called “cache poisoning” Attacker sends victim request that must be resolved by asking attacker - Attacker responds with answer plus two records for address spoofing (1 forward, 1 reverse) - Called “ask me”
13.6.2 State and Cookies Cookie : a token that contains information about the state of a transaction on a network The Cookies consist of several values name, value: name has given value expires: how long cookie valid Expired cookies discarded, not sent to server If omitted, cookie deleted at end of session domain: domain for which cookie intended Consists of last n fields of domain name of server Must have at least one “.” in it (.com ) secure: send only over secured (SSL, HTTPS) connection
13.6.3 Anonymity on the Web Only one person is using the original host, and the address is not spoofed, someone could guess the identity of the sender with high accuracy Anonymizer: a site that hides origins of connections Usually a proxy server User connects to anonymizer, tells it destination Anonymizer makes connection, sends traffic in both directions Destination host sees only anonymizer
13.6.3 Anonymity on the Web (cont.) EXAMPLE : anon.penet.fi Offered anonymous email service Sender sends letter to it, naming another destination Anonymizer strips headers, forwards message Assigns an ID (say, 1234) to sender, records real sender and ID in database Letter delivered as if from anon1234@anon.penet.fi Recipient replies to that address Anonymizer strips headers, forwards message as indicated by database entry
13.6.3 Anonymity on the Web (cont.) Cypherpunk Remailer : Remailer that deletes header of incoming message, forwards body to destination Also called Type I Remailer No record kept of association between sender address, remailer’s user name Prevents tracing, as happened with anon.penet.fi Usually used in a chain, to obfuscate trail For privacy, body of message may be enciphered
13.6.3 Anonymity on the Web (cont.) Encipher message Add destination header Add header for remailer n … Add header for remailer 2 send to remailer 1 send to remailer 2 send to Alice Hi, Alice, It’s SQUEAMISH OSSIFRIGE Bob
13.6.3 Anonymity on the Web (cont.) Mixmaster Remailer : Cypherpunk remailer that handles only enciphered mail and pads (or fragments) messages to fixed size before sending them Also called Type II Remailer Designed to hinder attacks on Cypherpunk remailers Messages uniquely numbered Fragments reassembled only at last remailer for sending to recipient
13.6.3 Anonymity on the Web (cont.) Mixmaster message enciphered with RSA for remailer #1 remailer #2 address packet ID: 135 Triple DES key: 1 enciphered with Triple DES key #1 enciphered with RSA for remailer #2 final hop address packet ID: 168 message ID: 7839 Triple DES key: 2 random garbage enciphered with Triple DES key #2 recipent’s address any mail headers to add message padding if needed
13.6.3.1 Anonymity for Better or Worse Benefit Removes personalities from debate Anonymity allows whistleblowers considerable protection Anonymity protects privacy Incorrect conclusions from misinterpreted data Harm from erroneous information Not being let alone Are these benefits or drawbacks? Depends on society, and who is involved