Bishop: Chapter 14 Representing Identity - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Bishop: Chapter 14 Representing Identity

Description:

... location and the protocol used (such as http://sce.cl.uh.edu ... Casual: some verification. Positive: substantial verification. csci5233 Computer Security ... – PowerPoint PPT presentation

Number of Views:178
Avg rating:3.0/5.0
Slides: 13
Provided by: tandre
Category:

less

Transcript and Presenter's Notes

Title: Bishop: Chapter 14 Representing Identity


1
Bishop Chapter 14Representing Identity
2
Outline
  • Introduction
  • Naming Certificates
  • Identity on the web
  • Anonymity

3
What is identity?
  • An identity specifies a principal.
  • A principal is a unique entity.
  • What can be an entity?
  • Subjects users, groups, roles
  • e.g., a user identification number (UID)
    identifies a user in a UNIX system
  • Objects files, web pages, etc. subjects
  • e.g., an URL identifies an object by specifying
    its location and the protocol used (such as
    http//sce.cl.uh.edu/).

4
Authentication vs identity
  • Authentication binds a principal to a
    representation of identity internal to the
    computer.
  • Two main purposes of using identities
  • Accountability (logging, auditing)
  • Access control

5
Identity Naming and Certificates
  • In X.509 certificates, distinguished names (that
    is, X.500 Distinguished Name) are used to
    identify entities.
  • e.g., /OUHCL/OUSCE/CNAndrew Yang/LHouston/SPT
    exas/CUS
  • e.g., /OUHCL/OUSCE/CNUnixLabAdministrator/LHou
    ston/SPTexas/CUS
  • A certification authority (CA) vouches, at some
    level, for the identity of the principals to
    which the certificate is issued.

6
Structure of CAs
  • RFC 1422, S. Kent, 1993 Privacy Enhancement for
    internet Electronic Mail Part II,
    Certificate-Based Key Management
  • The certificate-based key management
    infrastructure organizes CAs into a hierarchical,
    tree-based structure.
  • Each node in the tree corresponds to a CA.
  • A Higher-level CA set policies that all
    subordinate CAs must follow it certifies the
    subordinate CAs.

7
Certificates Trust
  • A certificate is the binding of an external
    identity to a cryptographic key and a
    Distinguished Name.
  • If the certificate issuer can be fooled, all who
    rely on that certificate may also be fooled.
  • The authentication policy defines the way in
    which principals prove their identities, relying
    on nonelectronic proofs of identity such as
    biometrics, documents, or personal knowledge.

8
Certificates Trust
  • The goal of certificates is to bind a correct
    pair of identity and public key.
  • PGP certificates include a series of signature
    fields, each of which contains a level of trust.
  • The OpenPGP specification defines 4 levels of
    trusts
  • Generic no assertions
  • Persona (i.e., anonymous) no verification of the
    binding between the user name and the principal
  • Casual some verification
  • Positive substantial verification

9
Certificates Trust
  • Issues with the OpenPGPs levels of trusts
  • The trust is not quantifiable.
  • The same terms (such as substantial
    verification) can imply different levels of
    assurance to different signers.
  • The interpretations are left to the verifiers.
  • The point
  • Knowing the policy or the trust level with which
    the certificate is signed is not enough to
    evaluate how likely it is that the identity
    identifies the correct principal.
  • Other knowledge is needed e.g., how the CA or
    signer interprets the policy and enforces its
    requirements

10
Identity on the Internet
11
Summary
  • Naming of identities Certificates
  • Identity on the web
  • Anonymity

12
Next
  • Chapter 27 system security
Write a Comment
User Comments (0)
About PowerShow.com