Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Slides:



Advertisements
Similar presentations
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Advertisements

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Computer Security Key Management. Introduction We distinguish between a session key and a interchange key ( long term key ). The session key is associated.
Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Cryptographic Technologies
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
Digital Signature Technologies & Applications Ed Jensen Fall 2013.
X.509 Certificate management in.Net By, Vishnu Kamisetty
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Masud Hasan Secue VS Hushmail Project 2.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
+1 (801) Standards for Registration Practices Statements IGTF Considerations.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Unit 1: Protection and Security for Grid Computing Part 2
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Identity.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Using Public Key Cryptography Key management and public key infrastructures.
Chapter 14: Representing Identity Dr. Wayne Summers Department of Computer Science Columbus State University
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University
1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
Chapter 4 Access Control. Access Control Principles RFC 4949 defines computer security as: “Measures that implement and assure security services in a.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Lecture 6.
Key management issues in PGP
S/MIME T ANANDHAN.
Chapter 14: Representing Identity
Digital Signatures and Forms
Pooja programmer,cse department
Public Key Infrastructure (PKI)
ELECTRONIC MAIL SECURITY
ELECTRONIC MAIL SECURITY
Appropriate Access InCommon Identity Assurance Profiles
PKI (Public Key Infrastructure)
Presentation transcript:

csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity

csci5233 Computer Security2 Outline Introduction Naming & Certificates Identity on the web Anonymity

csci5233 Computer Security3 What is identity? An identity specifies a principal. –A principal is a unique entity. –What can be an entity? Subjects: users, groups, roles e.g., a user identification number (UID) identifies a user in a UNIX system Objects: files, web pages, etc. + subjects e.g., an URL identifies an object by specifying its location and the protocol used (such as

csci5233 Computer Security4 Authentication vs identity Authentication binds a principal to a representation of identity internal to the computer. Two main purposes of using identities: –Accountability (logging, auditing) –Access control

csci5233 Computer Security5 Identity Naming and Certificates In X.509 certificates, distinguished names (that is, X.500 Distinguished Name) are used to identify entities. X.500 Distinguished Name e.g., /O=UHCL/OU=SCE/CN=Andrew Yang/L=Houston/SP=Texas/C=US e.g., /O=UHCL/OU=SCE/CN=UnixLabAdministrator/L=Ho uston/SP=Texas/C=US A certification authority (CA) vouches, at some level, for the identity of the principals to which the certificate is issued.

csci5233 Computer Security6 Structure of CAs [RFC 1422, S. Kent, 1993] Privacy Enhancement for internet Electronic Mail: Part II, Certificate- Based Key Management The certificate-based key management infrastructure organizes CAs into a hierarchical, tree-based structure. Each node in the tree corresponds to a CA. A Higher-level CA set policies that all subordinate CAs must follow; it certifies the subordinate CAs.

csci5233 Computer Security7 Certificates & Trust A certificate is the binding of an external identity to a cryptographic key and a Distinguished Name. If the certificate issuer can be fooled, all who rely on that certificate may also be fooled. The authentication policy defines the way in which principals prove their identities, relying on nonelectronic proofs of identity such as biometrics, documents, or personal knowledge.

csci5233 Computer Security8 Certificates & Trust The goal of certificates is to bind a correct pair of identity and public key. PGP certificates include a series of signature fields, each of which contains a level of trust. The OpenPGP specification defines 4 levels of trusts: 1.Generic: no assertions 2.Persona (i.e., anonymous): no verification of the binding between the user name and the principal 3.Casual: some verification 4.Positive: substantial verification

csci5233 Computer Security9 Certificates & Trust Issues with the OpenPGP’s levels of trusts: The trust is not quantifiable. The same terms (such as ‘substantial verification’) can imply different levels of assurance to different signers. The interpretations are left to the verifiers. The point: “Knowing the policy or the trust level with which the certificate is signed is not enough to evaluate how likely it is that the identity identifies the correct principal.” Other knowledge is needed: e.g., how the CA or signer interprets the policy and enforces its requirements

csci5233 Computer Security10 Identity on the Internet

csci5233 Computer Security11 Summary Naming of identities & Certificates Identity on the web Anonymity

csci5233 Computer Security12 Next Chapter 27: system security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.