Warning:
JavaScript is turned OFF. None of the links on this page will work until it is reactivated.
If you need help turning JavaScript On, click here.
This Concept Map, created with IHMC CmapTools, has information related to: Social Engineering, The Enemy Attacks-on applications that handle financial transactions or other information whose secrecy or integrity is crucial Enemy (or adversary)-Threats-to processes, to communication channels, denial of service is limited Secure channels -Properties Each process is sure of the identity of the other Data is private and protected against tampering Protection against repetition and reordering of data -Employs cryptography Secrecy based on cryptographic concealment Authentication based on proof of ownership of secrets, Objects and Principles Object-(or resource)Mailbox, system file, part of a commercial web site Principal-User or process that has authority (rights) to perform actions Identity of principal is important and The Enemy Attacks-on applications that handle financial transactions or other information whose secrecy or integrity is crucial Enemy (or adversary)-Threats-to processes, to communication channels, denial of service, Delegation Consider the example of a print server that accepts requests to print files. It would be wasteful of resources to copy the file, so the name of the file is passed to the print server and it is accessed by the print server on behalf of the user making the request. If the file is read-protected, this does not work unless the print server can acquire temporary rights to read the file. Delegation is a mechanism designed to solve problems such as this. Delegation can be achieved using a delegation certificate or a capability. The certificate is signed by the requesting principal and it authorizes another principal (the print server in our example) to access a named resource (the file to be printed). In systems that support them, capabilities can achieve the same result without the need to identify the principals – a capability to access a resource can be passed in a request to a server. The capability is an unforgeable, encoded set of rights to access the resource.When rights are delegated, it is common to restrict them to a subset of the rights held by the issuing principal, so that the delegated principal cannot misuse them. In our example, the certificate could be time-limited to reduce the risk that the print server’s code is subsequently compromised and the file disclosed to third parties. The CORBA SecurityService includes a mechanism for the delegation of rights based on certificates, with support for the restriction of the rights carried. ???? Secure digest functions Encrypted text of document makes an impractically long signature so we encrypt a secure digest instead A secure digest function computes a fixed-length hash H(M) that characterizes the document M H(M) should be: fast to compute hard to invert - hard to compute M given H(M) hard to defeat in any variant of the Birthday Attack MD5: Developed by Rivest (1992). Computes a 128-bit digest. Speed 1740 kbytes/sec.SHA: (1995) based on Rivest's MD4 but made more secure by producing a 160-bit digest, speed 750 kbytes/second Any symmetric encryption algorithm can be used in CBC (cipher block chaining) mode. The last block in the chain is H(M), Social Engineering -use of persuasion or deception to gain access to information systems. -Usually a telephone or e-mail message. -Attacker usually pretends to be a director or manager in company traveling on business with a deadline to get some important data left on their network drive. -They pressure the help desk to give them the toll-free number of the RAS server to dial and sometimes get their password reset. and Objects and Principles Object-(or resource)Mailbox, system file, part of a commercial web site Principal-User or process that has authority (rights) to perform actions Identity of principal is important, It is essential to protect the resources, communication channels and interfaces of distributed systems and applications against attacks. This is achieved by the use of access control mechanisms and secure channels. Public-key and secret-key cryptography provide the basis for authentication and for secure communication.Kerberos and SSL are widely-used system components that support secure and authenticated communication. ???? Digital Signatures Requirement: To authenticate stored document files as well as messages To protect against forgery To prevent the signer from repudiating a signed document (denying their responsibility) Encryption of a document in a secret key constitutes a signature impossible for others to perform without knowledge of the key strong authentication of document strong protection against forgery weak against repudiation (signer could claim key was compromised), It is essential to protect the resources, communication channels and interfaces of distributed systems and applications against attacks. This is achieved by the use of access control mechanisms and secure channels. Public-key and secret-key cryptography provide the basis for authentication and for secure communication.Kerberos and SSL are widely-used system components that support secure and authenticated communication. ???? Worst case assumptions and design guidelines Interfaces are exposed Networks are insecure Limit the lifetime and scope of each secret Algorithms and program code are available to attackers Attackers may have access to large resources Minimize the trusted base, History of DES IBM develops Lucifer for banking systems (1970’s ) NIST and NSA evaluate and modify Lucifer (1974) Modified Lucifer adopted as federal standard (1976) Name changed to Data Encryption Standard (DES) Defined in FIPS (46-3) and ANSI standard X9.32 NIST defines Triple DES (3DES) (1999) Single DES use deprecated - only legacy systems. NIST approves Advanced Encryption Std. (AES) (2001) AES which will replaces DES and 3DES. also Encryption Basics Encryption involves encoding data using a key. Original data is referred to as plaintext or cleartext Encrypted data is referred to as ciphertext A computationally secure algorithm cannot be broken by systematic analysis with available resources, Delegation Consider the example of a print server that accepts requests to print files. It would be wasteful of resources to copy the file, so the name of the file is passed to the print server and it is accessed by the print server on behalf of the user making the request. If the file is read-protected, this does not work unless the print server can acquire temporary rights to read the file. Delegation is a mechanism designed to solve problems such as this. Delegation can be achieved using a delegation certificate or a capability. The certificate is signed by the requesting principal and it authorizes another principal (the print server in our example) to access a named resource (the file to be printed). In systems that support them, capabilities can achieve the same result without the need to identify the principals – a capability to access a resource can be passed in a request to a server. The capability is an unforgeable, encoded set of rights to access the resource.When rights are delegated, it is common to restrict them to a subset of the rights held by the issuing principal, so that the delegated principal cannot misuse them. In our example, the certificate could be time-limited to reduce the risk that the print server’s code is subsequently compromised and the file disclosed to third parties. The CORBA SecurityService includes a mechanism for the delegation of rights based on certificates, with support for the restriction of the rights carried. ???? Digital Signatures Requirement: To authenticate stored document files as well as messages To protect against forgery To prevent the signer from repudiating a signed document (denying their responsibility) Encryption of a document in a secret key constitutes a signature impossible for others to perform without knowledge of the key strong authentication of document strong protection against forgery weak against repudiation (signer could claim key was compromised)