1 Review for Exam 2 Subject matter: Covers topics not included in Exam 1 RBAC and Chinese Wall...
-
Upload
lee-brooks -
Category
Documents
-
view
216 -
download
0
Transcript of 1 Review for Exam 2 Subject matter: Covers topics not included in Exam 1 RBAC and Chinese Wall...
1
Review for Exam 2 Subject matter:
Covers topics not included in Exam 1 RBAC and Chinese Wall Policies Cryptography Network Security and Authentication
Chapters from Bishop’s book: 7, 9, 10, 11, 12
The nature of the exam: 4-5 questions Similar to the homework. Pseudo-code, algorithms, protocols, etc.
2
Review RBAC Policies
Entities: Subjects, roles, role hierarchy, permissions (= object, action pairs) sessions and constraints
Mappings Subject to role
mapping, role to permission mapping
Static Constraints and Dynamic Constraints
user_sessions
(RH)Role Hierarchy
session_rol
es
(UA)User Assign-
ment
(PA)PermissionAssignment
USERS OBSOPS
SESSIONS
ROLES
PRMS
SSD
DSD
Questions: Design roles, permissions, S2R, R2P mapping. Given a set of constraints, and a request, say if the request will be permitted.
3
Chinese Wall Policy (Chapter 7) Conflict of Interest Classes History based access control Prevents information leakage from one
competitor to another CW-simple security property CW-* property
4
Example
Bank of America
Citibank Bank of the West
Bank
Shell Mobil TexacoSunoco
Gasoline
Consider a COI class as an industryCD(object1)=? COI(object1)=?
All Objects
object1 object2 ……
COI
CD
Object
5
Reading & Writing with CW properties
Alice has read Citibank’s CD and Shell’ CD Bob read Bank of America’s CD and Shell’s
CD Bob cannot read Citibank’s CD by CW-Simple
Alice writes what she read from Citibank’s CD to Shell’ CD; Bob can then read what Alice writes Shell’s CD is a bridge; can also use sanitized
objects
Bank of America
Citibank Bank of the West
Bank
Shell Mobil TexacoSunoco
Gasoline
Alice Bob
6
CW-*-Property s can write o iff both of the following hold:
1. The CW-simple condition permits s to read o– No blind write like in BLP
n For all unsanitized objects o, if s can read o, then CD(o) = CD(o)
1. All s can read are either within the same CD, or sanitized
Bank of America
Citibank Bank of the West
Bank
Shell Mobil TexacoSunoco
Gasoline
Alice Bob
Neither Alice nor bob can write
7
How Information Flows Information flows from o to o’ if some s reads o
followed by s writes o’ Theorem 7-3: information in un-sanitized objects
can only flow inside their own CD; information in sanitized objects can flow freely
Bank of America
Citibank Bank of the West
Shell Mobil TexacoSunoco
o1 o2 o3
o3 o1 o2 o3
sanitized
unsanitized
Cryptography Transposition and substitution ciphers Cesar ciphers and Vigenere ciphers Cryptanalysis Statistical analysis Block ciphers and block chaining DES and 3DES CBC mode
9
10
Cryptosystems
SECRET KEY
Symmetric Key
Single Key
Conventional
PUBLIC KEY
Asymmetric Key
Two Keys
11
Secret Key Cryptosystem
EncryptionAlgorithm
DecryptionAlgorithm
Plain-text
Plain-textCiphertext
INSECURE CHANNEL
K KSecret Keyshared byA and B
SECURE CHANNEL
AA BB
12
Public Key Cryptosystem
B's Public Key B's Private Key
RELIABLE CHANNEL
EncryptionAlgorithm
DecryptionAlgorithm
Plain-text
Plain-textCiphertext
INSECURE CHANNEL
AA BB
B's Public Key
13
Cipher Block Chaining
E
current plaintext block
keyD
key
+
+
previous ciphertext block
previousciphertext block
current plaintext block
14
Overview of the DES A product cipher
Both substitution and transposition on the bits A block cipher:
encrypts plaintext blocks of 64 bits using a 56 bit key, and outputs 64 bits of ciphertext
Developed by IBM; in 1977 adopted by NIST, with NSA approval for unclassified information
Also widely used by the public sector E and D are public, but the design
principles are classified
15
Key Management Key exchange protocols Key generation Storing and revoking keys Digital signatures Digital certificates
16
Needham-Schroeder
Alice CathyAlice || Bob || r1
Hey, Cathy, I need to talk to Bob.
Alice Bob{ Alice || ks } kB,C
Hey, Bob, this is Alice. Cathy wants me to forward you a session key ks with which we can talk
Alice Bob{ r2 } ks
You’re Alice? So you must have ks. Prove it!
Alice Cathy{ Alice || Bob || r1|| ks ||{ Alice || ks } kB,C } kA,C
Hey, Alice, this is Cathy
And tell Bob I got
him a session key ks
this is your
key ks
Alice Bob{ r2 – 1 } ks
Here’s the proof that I have ks
17
Alice’s Point of View Second message
Encrypted with a key kA,C that only Alice and Cathy know, so only Cathy can create the message
Containing a challenge r1, so the message is not a replay
Third message Encrypted with a key kB,C that only Bob and Cathy
know, so only Bob can read it and extract the session key
Alice Bob{ Alice || ks } kB,C
Alice Cathy{ Alice || Bob || r1|| ks ||{ Alice || ks } kB,C } kA,C
18
Bob’s Point of View Third message
Encrypted with a key that only Bob and Cathy know, so the message can only be created by Cathy
The name Alice is in the message, so Cathy says the session key is to be used while talking to Alice
Fourth and fifth message Determine if it is a replay from someone other
than Alice
Alice Bob{ Alice || ks } kB,C
Alice Bob{ r2 } ks
Alice Bob{ r2 – 1 } ks
19
Certificates A token (message) containing
Identity of principal (e.g., Alice) His/her public key Timestamp (when issued) Other information (perhaps identity of issuer)
signed by trusted authority (here, Cathy)CA = { eA || Alice || T } dC
20
Merkle’s Tree Scheme Keep certificates in a
file Define hashes
recursively h is hash function Ci is certificate i
Signature on h(1,4) known to all
Changing any Ci changes the signature
h(1,4)
h(1,2) h(3,4)
h(1,1) h(2,2) h(3,3) h(4,4)
C1 C2 C3 C4
h(1,4)=h(1,2)h(3,4)
21
Validation The signature can be
verified with any Ci To validate C1:
Compute h(1, 1) Obtain h(2, 2) Compute h(1, 2) Obtain h(3, 4) Compute h(1,4), signature Compare to known
signature
Only need to know hashes of child nodes on path
h(1,4)
h(1,2) h(3,4)
h(1,1) h(2,2) h(3,3) h(4,4)
C1 C2 C3 C4
Cipher Techniques Stream ciphers Multiple encryptions SSL and its protocols TLS IPSec
22
23
Diffie-Hellman Key Exchange Scheme
Proposed in 1976 as the first public key algorithm (predates RSA)
Allows users to agree on a secret key over insecure channels with no prior communication
The secret key can thus be used to encrypt or decrypt message (e.g., SSL 3.0, IPsec)
KAA BBInsecure Channel
24
Discrete Logarithm Problem
D-H is based on the discrete logarithm problem Given integers n and g and prime number p,
compute k such that n = g k mod p In general computationally infeasible Choices for g and p are critical
Both p and (p–1)/2 should be prime p should be large (at least 512 bits, possibly 1028 bits) g should be a primitive root mod p
25
Diffie-Hellman Key Exchange Scheme
A Bagree on p and g with 1 < g < p
A BX = gx mod p
Y = gy mod p
Choose x
Choose y
A Bcomputes k = Yx mod p
computes k’ = Xy mod p
k=k’=gxy mod p
knows p, g, X, and Y, but not x or y or k
Authentication Password schemes Challenge response schemes Biometry Other forms of authentication such as
recognizing photographs, solving puzzles etc.
27
28
Lamport’s Scheme How do user and server synchronize on which password to
use? h: one-way hash function (e.g., MD5 or SHA-1) hn(k): h(h(h(...h(k)...)))
Registration
User Server
k ksecure channel
n
hn(k)
1st Authenticationk hn(k
)hn-1(k) hn-
1(k)
hn-
1(k)
2nd Authenticationk hn-1(k)hn-2(k) hn-2(k)