Presentation is loading. Please wait.

Presentation is loading. Please wait.

2003.03.31 (c) Mitsubishi Electric Corp. 1 User Scenarios & Security Considerations in APPAGG part 2/2 2003.03.31 Nobuhiro Electric.

Published byDarleen Gray Modified over 8 years ago

Similar presentations

Presentation on theme: "2003.03.31 (c) Mitsubishi Electric Corp. 1 User Scenarios & Security Considerations in APPAGG part 2/2 2003.03.31 Nobuhiro Electric."— Presentation transcript:

1 2003.03.31 (c) Mitsubishi Electric Corp. 1 User Scenarios & Security Considerations in APPAGG part 2/2 2003.03.31 Nobuhiro Kobayashi@Mitsubishi Electric Corp. n-koba@iss.isl.melco.co.jp

2 2003.03.31 (c) Mitsubishi Electric Corp. 2 Solution Who grants the rights to the subject ? Who stores the rights ? How describe the rights ? Who authenticates the subject ? Who authenticates the object ? Who authorizes the subject ? (? Any other items ? )

3 2003.03.31 (c) Mitsubishi Electric Corp. 3 Solution (cont.) Who grants the rights to the subject ? –Owner –(? default settings by manufacturer )

4 2003.03.31 (c) Mitsubishi Electric Corp. 4 Solution (cont.) Who stores the rights ? –? each appliance –? Owner’s wearable appliance (ex. watch)

5 2003.03.31 (c) Mitsubishi Electric Corp. 5 Solution (cont.) How describe the rights ? –? XML –? original format

6 2003.03.31 (c) Mitsubishi Electric Corp. 6 Solution (cont.) Who authenticates the subject ? –Owner –? Owner’s wearable appliance –? each appliance –? Trusted third party

7 2003.03.31 (c) Mitsubishi Electric Corp. 7 Solution (cont.) Who authenticates the object ? –Owner –? Owner’s wearable appliance –? each appliance –? Trusted third party

8 2003.03.31 (c) Mitsubishi Electric Corp. 8 Solution (cont.) Who authorizes the subject ? –Owner –? Owner’s wearable appliance –? each appliance –? Trusted third party

9 2003.03.31 (c) Mitsubishi Electric Corp. 9 Example. Rights List for watch Owner is John. Owner can turn on the lights. Owner can use the laptop. Rights List for watch Owner is John. Owner can turn on the lights. Owner can use the laptop. John grants the rights to his watch. Rights List for light Owner is John. Rights List for light Owner is John. John grants the rights to the light. command Turn ON the light. How to set the rights to the lights ? John’s wearable appliance “watch” has the rights list. The “watch” sends command to the light.

10 2003.03.31 (c) Mitsubishi Electric Corp. 10 command A( watch )B( light )C( attacker ) command success replay attack normal attack Version 1

11 2003.03.31 (c) Mitsubishi Electric Corp. 11 Solution (cont.) To protect from replay attack. –Use Random Number –Use HMAC ( Keyed-Hashing for Message Authentication) It is more lightweight than other cryptographic routines.

12 2003.03.31 (c) Mitsubishi Electric Corp. 12 RN command RN command RN HMAC RN2 cannot replay attack start request command RN HMAC check command RN HMAC ERROR normal attack generate Random Number ( RN ). command RN HMAC key HMAC tmp key check Version 2 compute HMAC with key A( watch )B( light )C( attacker )

13 2003.03.31 (c) Mitsubishi Electric Corp. 13 RN command RN command RN command RN HMAC RN doesn’t execute command start request command RN HMAC check command RN HMAC normal attack key HMAC tmp key check Version 2’ A( watch )B( light )C( attacker )

14 2003.03.31 (c) Mitsubishi Electric Corp. 14 normal attack RN_A start request RN_A start request HMAC_B RN_B HMAC_B RN_B key HMAC tmp key check command RN_B HMAC_A key command RN_B HMAC_A HMAC tmp key check RN_A2 start request HMAC_B RN_B HMAC tmp key check ERROR HMAC_B RN_B RN_A start request RN_A2 start request HMAC_B RN_B attack detected Version 3 A( watch )B( light )C( attacker )

15 2003.03.31 (c) Mitsubishi Electric Corp. 15 References Appliance Aggregation Architecture Terminology, Survey, and Scenarios http://www.hpl.hp.com/hosted/ggf/AppAggSurvery.doc, March 2003 http://www.hpl.hp.com/hosted/ggf/AppAggSurvery.doc terminology translation ( English Japanese ) http://www.ipa.go.jp/security/ciadr/word_idx.html http://www.ipa.go.jp/security/ciadr/crword.html http://www.sisnet.or.jp/sis/dokuhon/p10.htm http://www.ipa.go.jp/security/ciadr/word_idx.html http://www.ipa.go.jp/security/ciadr/crword.html http://www.sisnet.or.jp/sis/dokuhon/p10.htm

16 2003.03.31 (c) Mitsubishi Electric Corp. 16 END Thank you.

17 2003.03.31 (c) Mitsubishi Electric Corp. 17 NOT USE

18 2003.03.31 (c) Mitsubishi Electric Corp. 18 Example. (cont.) Rights List for watch Owner is John. Owner can turn on the lights. Owner can use the laptop. Rights List for watch Owner is John. Owner can turn on the lights. Owner can use the laptop. Rights List for light Owner is John. Rights List for light Owner is John. John sets “secret key”. AA John sets “secret key” to the “watch” and the light. The “watch” make HMAC from the command by “secret key”, and sends the command and HMAC to the light. The lights make HMAC from the received command by “secret key”, and compares this HMAC and the received HMAC. John sets “secret key”. HMAC made by watch command Turn ON the light. command Turn ON the light. HMAC made by watch HMAC made by light compare the HMAC

19 2003.03.31 (c) Mitsubishi Electric Corp. 19 Example. (cont.) AA To against “replay attack”, use 3 handshakes and random numbers. HMAC made by watch command Turn ON the light. command Turn ON the light. HMAC made by watch HMAC made by light compare the HMAC L R.N. HMAC_L (R.N.) Generate random number. HMAC_L (R.N.) HMAC_L (R.N.) compare the HMAC Session Start Request W R.N. HMAC_W (R.N.) Generate random number. HMAC_L (R.N.) HMAC_W (R.N.) HMAC_W (R.N.) compare the HMAC

20 2003.03.31 (c) Mitsubishi Electric Corp. 20 Terminology translation ( English Japanese ) Impersonation, spoof なりすまし authentication 認証 replay attack 再送攻撃 eavesdrop 盗聴 encryption 暗号化 alteration 改ざん Integrity 完全性 hash ハッシュ message digest メッセージ・ダイジェスト digital signature デジタル証明 repudiation 否認(事後否認) non-repudiation 否認拒否 authorization 認可 access control アクセス制御 privilege control 特権制御 principal 認証をうける単位(ユーザ、ホスト、アプリケーション等)

Download ppt "2003.03.31 (c) Mitsubishi Electric Corp. 1 User Scenarios & Security Considerations in APPAGG part 2/2 2003.03.31 Nobuhiro Electric."

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Computer Security Key Management

Computer Security Key Management
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Applied Cryptography for Network Security

Applied Cryptography for Network Security

Similar presentations

Ads by Google