Presentation is loading. Please wait.

Presentation is loading. Please wait.

EE515/IS523 Think Like an Adversary Lecture 5 Access Control in a Nutshell Yongdae Kim.

Published byΦιλομήνα Μπότσαρης Modified over 6 years ago

Similar presentations

Presentation on theme: "EE515/IS523 Think Like an Adversary Lecture 5 Access Control in a Nutshell Yongdae Kim."— Presentation transcript:

1 EE515/IS523 Think Like an Adversary Lecture 5 Access Control in a Nutshell
Yongdae Kim

2 Recap http://syssec.kaist.ac.kr/courses/ee515 E-mail policy
Include [ee515] or [is523] in the subject of your Class Presentation Choices (say “yes” to at least 3) News posting, Match making, criticism KLMS Text only posting, ! Preproposal meeting this week Group leader sends me three 30-min time windows between Wednesday and Friday (evening is OK)

3 Recap Cryptography Hash, MAC Digital Signature
Challenge-Response Protocols

4 Encryption and Authentication
EK(M) Redundancy-then-Encrypt: EK(M, R(M)) Hash-then-Encrypt: EK(M, h(M)) Hash and Encrypt: EK(M), h(M) MAC and Encrypt: Eh1(K)(M), HMACh2(K)(M) MAC-then-Encrypt: Eh1(K)(M, HMACh2(K)(M))

5 Challenge-response authentication
Alice is identified by a secret she possesses Bob needs to know that Alice does indeed possess this secret Alice provides response to a time-variant challenge Response depends on both secret and challenge Using Symmetric encryption One way functions

6 Challenge Response using SKE
Alice and Bob share a key K Taxonomy Unidirectional authentication using timestamps Unidirectional authentication using random numbers Mutual authentication using random numbers Unilateral authentication using timestamps Alice  Bob: EK(tA, B) Bob decrypts and verified that timestamp is OK Parameter B prevents replay of same message in B  A direction

7 Challenge Response using SKE
Unilateral authentication using random numbers Bob  Alice: rb Alice  Bob: EK(rb, B) Bob checks to see if rb is the one it sent out Also checks “B” - prevents reflection attack rb must be non-repeating Mutual authentication using random numbers Alice  Bob: EK(ra, rb, B) Bob  Alice: EK(ra, rb) Alice checks that ra, rb are the ones used earlier

8 Challenge-response using OWF
Instead of encryption, used keyed MAC hK Check: compute MAC from known quantities, and check with message SKID3 Bob  Alice: rb Alice  Bob: ra, hK(ra, rb, B) Bob  Alice: hK(ra, rb, A)

9 Key Establishment, Management
Process to whereby a shared secret key becomes available to two or more parties Subdivided into key agreement and key transport. Key management The set of processes and mechanisms which support key establishment The maintenance of ongoing keying relationships between parties

10 Access Control Yongdae Kim

11 Kerberos vs. PKI vs. IBE Still debating  Let’s see one by one!

12 Kerberos (cnt.) T A B EKBT(k, A, L): Token for B
EKAT(k, NA, L, B): Token for A L: Life-time NA? A, B, NA EKBT(k, A, L), EKAT(k, NA, L, B) Ek(A, TA, Asubkey): To prove B that A knows k TA: Time-stamp Ek(B, TA, Bsubkey): To prove A that B knows k EKBT(k, A, L), Ek(A, TA, Asubkey) A B Ek(TA, Bsubkey)

13 Kerberos (Scalable) T (AS) G (TGS) A B
EKGT(kAG, A, L), EKAT(kAG, NA, L, G) A, G, NA EKGT(kAG, A, L), EkAG(A, TA), B, NA’ EKAG(kAB, NA’, L, B), EkGB(kAB, A, L, NA’), B, NA’ EKGB (kAB, A, L, NA’), EkAB(A, TA’, Asubkey) A B Ek(TA’, Bsubkey)

14 Public Key Certificate
Public-key certificates are a vehicle public keys may be stored, distributed or forwarded over unsecured media The objective make one entity’s public key available to others such that its authenticity and validity are verifiable. A public-key certificate is a data structure data part cleartext data including a public key and a string identifying the party (subject entity) to be associated therewith. signature part digital signature of a certification authority over the data part binding the subject entity’s identity to the specified public key.

15 CA a trusted third party whose signature on the certificate vouches for the authenticity of the public key bound to the subject entity The significance of this binding must be provided by additional means, such as an attribute certificate or policy statement. the subject entity must be a unique name within the system (distinguished name) The CA requires its own signature key pair, the authentic public key. Can be off-line!

16 ID-based Cryptography
No public key Public key = ID ( , name, etc.) PKG Private key generation center SKID = PKGS(ID) PKG’s public key is public. distributes private key associated with the ID Encryption: C= EID(M) Decryption: DSK(C) = M

17 Discussion (PKI vs. Kerberos vs. IBE)
On-line vs. off-line TTP Implication? Non-reputation? Revocation? Scalability? Trust issue?

18 OS Security OS Security is essentially concerned with four problems:
User authentication links users to processes. Access control is about deciding whether a process can access a resource. Protection is the task of enforcing these decisions: ensuring a process does not access resources improperly. Isolation is the separation of processes’ resources from other processes.

19 Access Control The OS mediates access requests between subjects and objects. This mediation should (ideally) be impossible to avoid or circumvent. ? Object Subject Reference monitor

20 Definitions Subjects make access requests on objects.
Subjects are the ones doing things in the system, like users, processes, and programs. Objects are system resources, like memory, data structures, instructions, code, programs, files, sockets, devices, etc… The type of access determines what to do to the object, for example execute, read, write, allocate, insert, append, list, lock, administer, delete, or transfer

21 Access Control Discretionary Access Control: Mandatory Access Control:
Access to objects (files, directories, devices, etc.) is permitted based on user identity Each object is owned by a user. Owners can specify freely (at their discretion) how they want to share their objects with other users, by specifying which other users can have which form of access to their objects. Discretionary access control is implemented on any multi-user OS (Unix, Windows NT, etc.). Mandatory Access Control: Access to objects is controlled by a system-wide policy for example to prevent certain flows of information. In some forms, the system maintains security labels for both objects and subjects based on which access is granted or denied. Labels can change as the result of an access Security policies are enforced without the cooperation of users or application programs. Mandatory access control for Linux:

22 Access Control Matrix   Obj 1 Obj 2 Obj 3 … Obj n Subj 1 rwl rwlx -
rlx Subj 3 rl r Subj m lw rw

23 Representations An access control matrix can
be represented internally in different ways: Access Control Lists (ACLs) store the columns with the objects Capability lists store the rows with the subjects Role-based systems group rights according to the “role” of a subject. O1 O2 S1 rwl wl - S2 ida wlk S3 rl Sm rwlx wi w

24 Access Control Lists The ACL for an object lists the access rights of each subject (usually users). To check a request, look in the object’s ACL. ACLs are used by most OSes and network file systems, e.g. NT, Unix, and AFS.

25 ACL Problems To be secure, the OS must authenticate that the user is who (s)he claims to be. To revoke a user’s access, we must check every object in the system. There is often no good way to restrict a process to a subset of the user’s rights.

26 Capabilities Capabilities store the allowed list of object accesses with each subject. When the subject requests access to object O, it must provide a “ticket” granting access to O. These tickets are stored in an OS-protected table associated to each process. No widely-used OS uses pure capabilities. Some systems have “capability-like” features: e.g. Kerberos, NT, OLPC, Android

27 ACL vs. Capabilities Capabilities do not require authentication: the OS just checks each ticket on access requests. Capabilities can be passed, or delegated, from one process to another. We can limit the privileges of a process, by removing unnecessary tickets from the table.

28 Roles S1 S2 S3 Sm S1 S2 S3 Sm R1 R2 O1 O2 On O1 O2 On

29 Unix/POSIX Access Control
(~) % id uid=3259(kyd) gid=717(faculty) groups=717(faculty),1686(mess),1847(S07C8271),1910(F07C5471),2038(S08C8271) (~) % ls -l News_and_Recent_Events.zip -rw-rw-rw- 1 kyd faculty Feb 22 10:00 News_and_Recent_Events.zip (/web/classes02/Spring-2011/csci5471) % ls –al drwxrwsr-x 4 kyd S11C Jan 19 10:23 ./ drwxr-xr-x 46 root daemon 1024 Feb 17 23:04 ../ drwxrwsr-x 3 kyd S11C Feb 16 00:36 Assignment/

30 Mandatory Access Control policies
Restrictions to allowed information flows are not decided at the user’s discretion (as with Unix chmod), but instead enforced by system policies. Mandatory access control mechanisms are aimed in particular at preventing policy violations by untrusted application software, which typically have at least the same access privileges as the invoking user.

31 Data Pump/Data Diode Like “air gap” security, but with one-way communication link that allow users to transfer data from the low-confidentiality to the high- confidentiality environment, but not vice versa. Examples: Workstations with highly confidential material are configured to have read-only access to low confidentiality file servers.

32 The covert channel problem
Reference monitors see only intentional communications channels, such as files, sockets, memory. However, there are many more “covert channels”, which were neither designed nor intended to transfer information at all. A malicious high-level program can use these to transmit high-level data to a low-level receiving process, who can then leak it to the outside world. Examples for covert channels: Resource conflicts – If high-level process has already created a file F, a low-level process will fail when trying to create a file of same name → 1 bit information. Timing channels – Processes can use system clock to monitor their own progress and infer the current load, into which other processes can modulate information. Resource state – High-level processes can leave shared resources (disk head position, cache memory content, etc.) in states that influence the service response times for the next process. Hidden information in downgraded documents – Steganographic embedding techniques can be used to get confidential information past a human downgrader (least-significant bits in digital photos, variations of punctuation/spelling/whitespace in plaintext, etc.).

Download ppt "EE515/IS523 Think Like an Adversary Lecture 5 Access Control in a Nutshell Yongdae Kim."

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Security Management.

Security Management.
Lecture 7 Access Control

Lecture 7 Access Control
1 Authentication Protocols Celia Li Computer Science and Engineering York University.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Switch off your Mobiles Phones or Change Profile to Silent Mode.

Switch off your Mobiles Phones or Change Profile to Silent Mode.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.

EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
IS511 Introduction to Information Security Lecture 4 Cryptography 2

IS511 Introduction to Information Security Lecture 4 Cryptography 2

Similar presentations

Ads by Google