Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 1 Security Systems Lecture notes Dr.

Slides:



Advertisements
Similar presentations
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Advertisements

Chapter 14 – Authentication Applications
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Attacks on cryptography – Cyphertext, known pltext, chosen pltext, MITM, brute-force Types of ciphers – Mix of substitution and transposition – Monoalphabetic,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Five –
Security Management.
Computer Science Public Key Management Lecture 5.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Configuring Directory Certificate Services Lesson 13.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
06 APPLYING CRYPTOGRAPHY
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Advanced Operating Systems Lecture notes Dr.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.
Private key
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Fall 2006CS 395: Computer Security1 Key Management.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Lecture 6.
Key management issues in PGP
Cryptography and Network Security
Security in ebXML Messaging
Public Key Infrastructure
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Presentation transcript:

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Dr. Clifford Neuman University of Southern California Information Sciences Institute

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall CSci530: Security Systems Lecture 5 – September 24, 2004 Key Management (2) Dr. Clifford Neuman University of Southern California Information Sciences Institute Slides by Drs. Brian Tung and Clifford Neuman

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Administration v Assignment 1 is on web page –Due October 1 –Corrections posted last night (typos) v Paper proposal assignment on web –Proposals due October 8 –Will respond sooner if received early –Be sure to send queries to correct address

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Key Management v Key management is where much security weakness lies –Choosing keys –Storing keys –Communicating keys

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Key Management Review v Classes of Crypto –Public key – 2n keys –Conventional n 2 keys

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Public Key Distribution v Public key can be public! –How does either side know who and what the key is for? Private agreement? (Not scalable.) v Does this solve the key distribution problem? –No – while confidentiality is not required, integrity is.

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Certification Infrastructures v Public keys represented by certificates v Certificates signed by other certificates –User delegates trust to trusted certifiers. –Certificate chains transfer trust several steps

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Examples v PGP –“Web of Trust” –Can model as connected digraph of signers v X.500 –Hierarchical model: tree (or DAG?) –(But X.509 certificates use ASN.1!)

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Examples v SSH –User keys out of band exchange. –Weak assurance of server keys. u Was the same host you spoke with last time. –Discussion of benefits v SET –Hierarchical –Multiple roots –Key splitting

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall What to do with keys v Practical issues –How to carry them u Passwords vs. disks vs. smartcards –Where do they stay, where do they go –How many do you have –How do you get them to begin with.

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Key Distribution v Conventional cryptography –Single key shared by both parties v Public Key cryptography –Public key published to the world –Private key known only by owner v Third party certifies or distributes keys –Certification infrastructure –Authentication

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Practical use of keys v (PEM or S/MIME) –Hashes and message keys to be distributed and signed. v Conferencing –Group key management (discussed later) v Authentication (next lecture) v SSL –And other “real time” protocols –Key establishment

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Recovery from exposed keys v Revocation lists (CRL’s) –Long lists –Hard to propogate v Lifetime / Expiration –Short life allows assurance of validitiy at time of issue. v Realtime validation –Online Certificate Status Protocol (OCSP) v What about existing messages?

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Key Management Overview v Key size vs. data size –Affects security and usability v Reuse of keys –Multiple users, multiple messages v Initial exchange –The bootstrap/registration problem –Confidentiality vs. authentication

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Key Management Review v KDC’s –Generate and distribute keys –Bind names to shared keys

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Key Management Overview v Who needs strong secrets anyway –Users? –Servers? –The Security System? –Software? –End Systems? v Secret vs. Public

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Architectures v DSSA –Delegation is the important issue u Workstation can act as user u Software can act as workstation –if given key u Software can act as developer –if checksum validated –Complete chain needed to assume authority –Roles provide limits on authority – new sub-principal

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Group Key Management v Group key vs. Individual key –Identifies member of groups vs. which member of group –PK slower but allows multiple verification of individuals

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Group Key Management Issues v Revoking access –Change messages, keys, redistribute v Joining and leaving groups –Does one see old message on join –How to revoke access v Performance issues –Hierarchy to reduce number of envelopes for very large systems –Hot research topic

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Group Key Management Approaches v Centralized –Single entity issues keys –Optimization to reduce traffic for large groups –May utilize application specific knowledges v Decentralized –Employs sub managers v Distributed –Members do key generation –May involve group contributions

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Current event Slashdot (by CmdrTaco Tuesday September Saint Aardvark writes "Lexar describes the JumpDrive Secure as "loaded with software that lets you password- protect your data. If lost or stolen, you can rest assured that what you've saved there remains there with 256-bit AES has a different take: The password can be observed in memory or read directly from the device, without evidence of tampering." And best of all, the punch line: "[The password] is stored in an XOR encrypted form and can be read directly from the device without any authentication." That's why I use ROT-13 for my encryption needs."Saint has a different take

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.