Principles of Policy in Secure Groups Hugh Harney SPARTA, Inc. Andrea Colegrove SPARTA, Inc. Patrick McDaniel University of Michigan.

Slides:

Advertisements

Similar presentations

Chapter 14 – Authentication Applications

Advertisements

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Authentication & Kerberos

Symmetric Key Infrastructure Karel Masarik, Daniel Cvrcek Faculty of Information Technology Brno University of Technology

1/6/2015HostAP1 P2P Security Case Study: COCA (Cornell Online Certification Authority) Mobile Multimedia Lab, AUEB, 04/04/2003.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

Chapter 1 – Introduction

SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Sepucha_Date_01 Group Key Management Architecture Howie Weiss NASA/JPL/SPARTA

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Group Secure Association Key Management Protocol (GSAKMP) Presented by Hugh Harney

Applied Cryptography for Network Security

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Introduction (Pendahuluan)  Information Security.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Key Management in Cryptography

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

Group Key Management Protocol (GKMP) Presented By Aafreen Shaikh Course CMSC 621.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Sanzi-1 CSE5 810 CSE5810: Intro to Biomedical Informatics Dynamically Generated Adaptive Credentials for Health Information Exchange Eugene Sanzi.

General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.

Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

Cryptography, Authentication and Digital Signatures

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

Chapter 21 Distributed System Security Copyright © 2008.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Access Control / Authenticity Michael Sheppard 11/10/10.

Design Principles and Common Security Related Programming Problems

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Fall 2006CS 395: Computer Security1 Key Management.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

Doc.: IEEE /0098r0 Submission July 2010 Alex Reznik, et. al. (InterDigital)Slide Security Procedures Notice: This document has been.

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Group Key Management Architecture

Training for developers of X-Road interfaces

Cryptography and Network Security

Cryptography and Network Security

WS Standards – WS-* Specifications

Security Requirements for an Abbreviated MSA Handshake

Cryptography and Network Security

Presentation transcript:

Principles of Policy in Secure Groups Hugh Harney SPARTA, Inc. Andrea Colegrove SPARTA, Inc. Patrick McDaniel University of Michigan

Definitions A secure group is the collection of cooperating entities operating under a shared security policy Security policies combine elements of Identification and Authentication, Authorization, Access Control, Mechanism Choices, and mechanisms for verifying the Validity of each

Peer vs. Group Different assumptions can be made for each: – Peers --can determine who they are communicating with, can participate in key exchange, mechanisms negotiated according to local policy – Groups -- security association is greater and more abstract than pair-wise counterpart This difference affects what parts of policy must be explicitly determined and how that policy in enforced.

Explicit Policy Elements Identification -- Explicitness principle, etc. Access Control -- Who will you potentially communicate with? Authorization -- Who can affect the security? Security Mechanisms -- How is the data protected? Verification -- Bootstrap

Principle 1 Enforcement of group policy must be consistent across a group Consistency mechanism equivalence synchronization Consequence: Weakest link concept

Example of Principle 1 GSAKMP enforces the use of equivalent mechanisms through policy token definition It provides methods for key and policy synchronization Joins Rekey Compromise Recovery Policy token updates

Principle 2 Only authorized entities can affect the security posture of the group – Policy creation, key dissemination, rekey initiation, and group destruction – Actions affect group security posture – Limited to designated authorities Authorization and Authentication checks

Example of Principle 2 How GSAKMP limits security posture influence to authorized entities: – Chain of trust Policy token comes from authorized source and is authenticated –Known group owner, trusted third party, etc. Authorized entities are identified in the token Messages identified as affecting security posture are verified to have come from authorized entity

Principle 3 Group content must be protected – Access control Secure key possession in accordance with access control policy + secure mechanisms

Example of Principle 3 How GSAKMP provides group content protection: – Crypto mechanisms specified in token – Access control policy specified in token and enforced through legitimate distribution

Principle 4 Groups must be capable of recovery from security relevant failures to a secure state – Compromise recovery – Group Deletion – Secure (authenticated) transactions

Example of Principle 4 How GSAKMP provides recovery: – Aborting failed join exchanges by either parties Signatures, nonces, id fields, inadequate credentials – Detecting and rejecting counterfeited rekey Incorrect signatures, timestamps, authorization failures (token mismatch) – Detecting and rejecting fake deletion – Access recovery via key trees such as LKH or OFC

Conclusions Principles illustrate necessary requirements – Define and enforce policy – Failure recovery – How to ensure that good policy is defined?