Where are we at - Topic overview Lecture 1A: Security requirements/features Lecture 7A Threatens Privacy Threatens Try to achieve Lecture 2B: Network threats Lecture 3A: Attacks on Lecture 6A: Security Protocols Web servers, malware Use Lecture 5A&B Authentication Lecture 1B,2A: Cryptography 3B: Certificates and Trust Lecture 4A&B Access Rights 1
Certificates & Trust Hashes, Digital Signature, PKIs, Trust management
Error correction - Hash - MAC Excerpt; short `description’ of document Fixed size output for any size input 134396e4399b7e753ffca7ba366c418f gimp-2.8.0-RC1.tar.bz2 28997d14055f15db063eb92e1c8a7ebb gimp-2.8.0.tar.bz2 CRC check or MD5 checksum Common for e.g. ftp sites Does this add security? 3
Error correction - Hash - MAC Excerpt; short `description’ of document Fixed size output for any size input Goals Integrity: message not altered Authentication: message from X Proof of possession without revealing content now Non-repudiation 134396e4399b7e753ffca7ba366c418f gimp-2.8.0-RC1.tar.bz2 28997d14055f15db063eb92e1c8a7ebb gimp-2.8.0.tar.bz2 4
Properties of Hash functions 1-Way `random function’ Pre-image resistant Collision resistant Second pre-image resistant m m H(m) H(m) = = m H(m) H(m’) H(m’) m’ m’ Hard to find: m with H(m) = h m, m’ with H(m) = H(m’) m’ with H(m’) = H(m) Practical Efficiently computable m H(m) 5
Applications of Hash functions Message Digest Check have correct message Password storage No reverse; how verified? Password recovery? Message Signing Signing large message is slow Sign hash of message instead 6
An Example: MD5 Message padded so total size is multiple of 512 bits 64 bits message padding: 10..00 length 512 bits 512 bits 512 bits Y output IV CVi CVi+1 HMD5 HMD5 HMD5 128 128 128 128 128 128 Compression Function 7
Compression functionHMD5 CV(in) Y (block) 128 512 X P1 RF(F) Round Permutations Permutations Permutations Permutations P2 RF(G) Function (next slide) P3 RF(H) P4 RF(I) 128 CV(out) 8
RF(F) Modular addition For k=1 to 16 do A B C D Permuted Text Block F Chaining Chaining Value (CV) Value (CV) X[k] T[k] S[k] Array of Array of A B C D Constants Constants 9
Weakness MD5 http://www.win.tue.nl/hashclash/rogue-ca/ video at e.g. http://dewy.fem.tu-ilmenau.de/CCC/25C3/ video_h264_720x576/25c3-3023-en- making_the_theoretical_possible.mp4 10
Message Authentication Codes Unable to predict for unseen message Keyed; validation requires same key Authenticity and Integrity Example: Keyed-Hash; uses (symmetric) key Hmac; masked key pre-pended before hash. Key Generation & Message MAC Validation (any length) 11
Digital Signatures `Public key version of a MAC’ Signing with a private key Decryption of Hash of Message Verification with public key Message Message (any length) (any length) Private Key Public Key ? Decrypt Digital = Hash Encrypt Hash (=Sign) Signature Generation Validation 12
Digital signatures with RSA Public key Private key Alice: KA Alice: kA Signing Message M: Checking Signature: Compute hash h := H(M) Compute hash h := H(M) Signature s := RSA_D(kA, h) Check: RSA_E(KA, s) == h Uses fact: RSA_E( KA, RSA_D(kA, x) ) = x 13
Key distribution Private key Public key Signature Alice Bob 14
(Wo)man-in-the-middle attack Private key Public key Eve Signature Alice Bob 15
Bob’s public key is 1234 Certificate Bob is a Baker ... EXP DATE: 29-2-2013 Statement (e.g. Identity, Attribute) signed by principal whom believes it to be true at time of signing and/or: assumes responsibility, liability, … Example: X.509 - Statement links a key to attributes Note: Revocation; Validity period – revocation certificate 16
Trust me I’m a doctor Certificate based Trust Management Trust based on formal relationships PoFI 2010 Feb 5 th 2010
Certificate Authority CA E.g. Verisign Verification method? Root CA validate, certify Intermediate CA Intermediate CA Intermediate CA validate, Validates attribute certify Identity, role, e-mail address, Intermediate CA Intermediate CA Web address, etc. validate, Links them to pub key certify pub key - pub key - pub key - attributes attributes attributes (Demo Certificates and CA in browser) 18
Transitive and full trust Dec12/Jan 13: Turktrust fake certificate discovery Fake intermediate CA certificates (issued august 11) Aug11: Hack DigiNotar confirmed Dutch Certificate Authority First hack already in June 2011 Many rogue SSL certificates (Diginotar bankrupt in September 2011) March11: Comodo partner incidient 9 fake certificates issued (e.g. live/google/yahoo/skype/mozilla) quickly discovered and disseminated. CA can Issue any certificate. 19
Web of Trust Recall First Lab session Validate key directly New keys signed by known keys No centralized CAs Each user signs keys they trust User can choose degree of trust in other keys For communication For signing other keys Compare S/MIME – CA signed certificates 20
Rule based trust management Generalizes tree of CAs Policy rules Alice: Meaning: A.r ← B Alice trusts Bob in role r (Bob is certified for r) A.r ← B.r Alice trust Bob certifying r (Bob is a CA for r) A.r ← A.cert.r Alice trusts anyone in A.cert to certify r (Everybody in A.cert is CA for r) A.r ← B.r /\ C.r Alice trusts if both Bob and Charlie trust. Can also use multiple different roles `r’. 21
Certificate, Rule Based Trust Policy: GMS.Dr may read Patient record Green Rules to establish Doctors Medical Service GMS.Dr ← GMS.Department.Dr GMS.Department ← Radiology Radiology.Dr ← Alice Alice may read the patient record Trusted, Certified facts & Delegation 22
1.000 satisfied customers and counting. You can trust me, ask anyone Reputation based Trust Management Trust based on opinions/experiences
Fast Reputation, Behaviour Based Trust and Quite Good Policy Dr with good reputation may treat Reputation based on Past Performance Feedback after interaction updates reputation E-bay, Eigentrust, pagerank, centrality measures Estimate risk based on Reputation Good reputation valuable Incentive for good behaviour 24
Combined Trust Scores Certificates Fast and Quite Good Other sources… Feedback & Recommendations User’s Requirements determine how to mix TRUST 100% 25
Recommend
More recommend
