Representing Identity - PowerPoint PPT Presentation

About This Presentation
Title:

Representing Identity

Description:

Reverse: map IP addresses to host names. May compare forward and reverse mappings in order to determine whether to trust a host name ... – PowerPoint PPT presentation

Number of Views:168
Avg rating:3.0/5.0
Slides: 14
Provided by: matt298
Category:

less

Transcript and Presenter's Notes

Title: Representing Identity


1
Representing Identity
  • CSSE 490 Computer Security
  • Mark Ardis, Rose-Hulman Institute
  • April 19, 2004

2
Overview
  • Certificates
  • Network identities
  • Remailers

3
What is Identity?
  • Def A principal is a unique entity. An identity
    specifies a principal.
  • A principal may be a person, an organization, or
    an object

4
Example Identities
  • URL
  • File name
  • File descriptor
  • Login
  • User Identification Number (UID)

5
Certificates
  • Used to bind crypto keys to identifiers
  • Certification Authority (CA) vouches for identity
    of principal to which certificate is issued
  • CA authentication policy describes level of
    authentication required to identify principal
    when certificate issued
  • CA issuance policy describes principals to whom
    CA will issue certificates

6
Internet Policy Registration Authority (IPRA)
  • Sets policies for all subordinate CAs
  • Certifies Policy Certification Authorities (PCAs)
  • each may have their own authentication and
    issuance policy
  • may not conflict with IPRA
  • PCAs issue certificates to CAs
  • CAs issue certificates to organizations and
    individuals

7
Network Identities
  • Media Access Control (MAC) address used at link
    layer
  • Internet Protocol (IP) address used at network
    layer
  • Host name used at application layer
  • Dynamic Host Configuration Protocol (DHCP) may be
    used to temporarily assign an IP address

8
Domain Name System (DNS) Records
  • Forward map host name to IP address
  • Reverse map IP addresses to host names
  • May compare forward and reverse mappings in order
    to determine whether to trust a host name

9
Cookies
  • Used to represent state of a web session
  • Fields
  • Name, value bind value to name
  • Expires delete at end of session or at specified
    time
  • Domain to whom cookie may be sent, must have
    embedded "."
  • Path restricts domain
  • Secure whether to use SSL

10
Anonymity on the Web
  • Pseudo-anonymous remailer - replaces originating
    email address before forwarding, keeps mapping of
    anonymous identities and associated origins
  • Cypherpunk remailer (type 1) - deletes header of
    incoming message and forwards remainder
  • typically used in chain
  • typically enciphered messages

11
Attacking Cypherpunk
  • Monitor traffic in/out of remailers
  • Observe times of arrival/departure
  • Observe size of messages
  • Flood remailer with messages to defeat
    countermeasures

12
Mixmaster Remailers (Type 2)
  • Cypherpunk remailer plus
  • padding or fragmentation to create fixed size
    records
  • uniquely numbered messages to avoid replay attacks

13
Why is Anonymity Needed?
  • Whistleblowing
  • Protection of privacy
  • ???
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Representing Identity" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!