>
Computer Security
463.4 Representing Identity
Fall 2007
Based on slides provided by Matt Bishop
for use with Computer Security: Art and Science
2
Overview
What is identity
Files and objects
Users, groups, and roles
Certificates and names
Hosts and
domains
State and
cookies
Anonymity
3
Required
Reading: All of Chapter 14
Exercises: All of the
exercises in Section 14.10
4
Identity
Subject: actor
Object: acted upon
Security decisions made in
terms of subjects and objects
Identity: naming subjects
and objects
5
File identity
Path names
/foo/bar/file
Unique?
Two names for same file
Symbolic links
Relative paths (../bar/file)
Two files with the same
name
cd foo
mv bar baz
mv quux bar
6
Race condition
Temp cleaner
for each file in /tmp
stat(file)
if file older
than 1 week
then
delete(file)
rm file
ln -s /etc/passwd
file
7
File descriptor
A numeric reference to a file
Returned from a call to
open
Never changes
fd = open(file1)
mv file2 file1
fstat(fd) still returns
stats about file1
Inconsistency with naming
File stays around even
if deleted from directory
8
Remote names
Nikita Borisov the professor or Nikita
Borisov the tailor?
15
Disambiguating Identity
Include ancillary information
in names
Enough to identify principal
uniquely
X.509v3 Distinguished Names
do this
Example: X.509v3 Distinguished
Names
/O=University of Illinois/OU=UIUC/OU=ECE
Dept/CN=Nikita Borisov/
Certificate associates DN
with public key
Public key used to sign email,
for example
16
Certification Authorities
Each CA responsible for a
namespace
In X.509, a CA00 distinguished
name must be 00uperior00to the principal
00O=University
of Illinois/OU=UIUC/OU=ECE Dept/00might be my CA
CAs themselves may be certified
00O=University
of Illinois/OU=UIUC/00/font>
00O=University of
Illinois/00/font>
17
Certificate Roots
The dream:
Root is Internet Policy
Registration Authority, or IPRA
Certifies subordinate CAs
(called policy certification authorities, or PCAs
PCAs issue certificates to
ordinary CAs
CAs issue certificates to
organizations or individuals
The reality:
No single root
Each organization manually
distributes its certificate to members
Cross-certification helps
across org boundaries
18
Types of Certificates
Organizational certificate
Issued based on principal00
affiliation with organization
Example Distinguished Name
/O=University
of Valmont/OU=Computer Science Department/CN=Marsha Merteuille/
Residential certificate
Issued based on where principal
lives
No affiliation with organization
implied
Example Distinguished Name
/C=US/SP=Louisiana/L=Valmont/PA=1
Express Way/CN=Marsha Merteuille/
19
Certificates for Roles
Certificate tied to a role
Example
UValmont wants comptroller
to have a certificate
This way, she can sign
contracts and documents digitally
Distinguished Name
/O=University
of Valmont/OU=Office of the Big Bucks/RN=Comptroller
where 00N00
is role name; note the individual using the certificate is not
named, so no CN
20
PGP Comparison
No CAs, web of trust signatures
Names are self-assigned
Include email address by
convention
Roles possible
UIUC Treasurer <treasurer@uiuc.edu>
Example (keyserver query):
Nikita Borisov <nikitab@cs.berkeley.edu>
Nikita Borisov <nborisov@UWATERLOO.CA>
Nikita V. Borisov <nikita.borisov@p2.f51.n243.z1.fidonet.org>
21
CAs and Policies
Matt Bishop wants a certificate
from Certs-from-Us
How does Certs-from-Us
know this is 00att Bishop00
CA00 authentication
policy says what type and strength of authentication is needed to
identify Matt Bishop to satisfy the CA that this is, in fact, Matt Bishop
Will Certs-from-Us issue
this 00att Bishop00a certificate once he is suitably authenticated?
CA00 issuance policy
says to which principals the CA will issue certificates
22
Example: Verisign CAs
Class 1 CA issued certificates
to individuals
Authenticated principal
by email address
Idea: certificate used
for sending, receiving email with various security services at that
address
Class 2 CA issued certificates
to individuals
Authenticated by verifying
user-supplied real name and address through an online database
Idea: certificate used
for online purchasing
23
Example: Verisign CAs
Class 3 CA issued certificates
to individuals
Authenticated by background
check from investigative service
Idea: higher level of assurance
of identity than Class 1 and Class 2 CAs
Fourth CA issued certificates
to web servers
Same authentication policy
as Class 3 CA
Idea: consumers using these
sites had high degree of assurance the web site was not spoofed
24
Trust
Goal of certificate:
bind correct identity to DN
Question: what is degree of
assurance?
X.509v3, certificate hierarchy
Depends on policy of CA
issuing certificate
Depends on how well CA follows
that policy
Depends on how easily the
required authentication can be spoofed
Really, estimate based on
the above factors
25
Example: Passport Required
DN has name on passport, number
and issuer of passport
What are points of trust?
Passport not forged and
name on it not altered
Passport issued to person
named in passport
Person presenting passport
is person to whom it was issued
CA has checked passport and
individual using passport
26
PGP authentication policies
Each signature includes verification
level
1: no verification
2: casual verification
3: substantial verification
0: undefined verification
00asual00and 00ubstantial00
undefined
00lease note that the vagueness
of these certification claims is not a flaw, but a feature of the system.00
- RFC2440
27
Naming Conflicts
Can two principals share the
same name?
X.509v3: Assume CAs will prevent
name conflicts as follows
No two distinct CAs have
the same Distinguished Name
No two principals have certificates
issued containing the same Distinguished Name by a single CA
PGP: Hope that no two people
have the same email address
28
Residential Certificates
John Smith, John Smith Jr.
live at same address
John Smith Jr. applies for
residential certificate from Certs-from-Us, getting the DN of:
/C=US/SP=Maine/L=Portland/PA=1
First Ave./CN=John Smith/
Now his father applies for
residential certificate from Quick-Certs, getting DN of:
/C=US/SP=Maine/L=Portland/PA=1
First Ave./CN=John Smith/
because Quick-Certs
has no way of knowing that DN is taken
29
Organizational Certificates
Confusion still possible:
DN1: /O=University of Illinois/OU=UIUC/CN=John
Smith/
DN2: /O=University of Illinois/OU=UIUC/CN=John
J. Smith/
Uniqueness assured, but someone
who sees DN1 still can00 tell which John Smith it is
30
Human errors
DN needs to be verified by
a person
Some email clients 00elpfully00
shorten DN to CN only
What00 wrong with this DN:
/O=University of Illinois/OU=UIC/OU=ECE
Dept/CN=Nikita Borisov/
Paypal.com or paypai.com?
31
SDSI/SPKI
Use local instead of
global names
Incorporate relationships
into names
E.g.
John00 mother
Brian00 advisor00 assistant
Bob00 sue
Verification captures real-life
connections
Multiple names possible, use
dependent on context
32
Relative namespaces
Each 000s00is a certificate
E.g. 00rian00 advisor00
assistant00/font>
Brian certifies key 0x1234
as 00dvisor00/font>
Brian00 advisor certifies
key 0x5678 as 00ssistant00/font>
Each name has locally defined
semantics
00rian00is a local name
associated with some public key
00dvisor00is a name in
Brian00 namespace
Insert names into namespace
when establishing relationships
Brian00 advisor => Prof-smith
33
SPKI/SDSI Comparison
Supports grass roots PKI,
like PGP
Can also implement: hierarchy
Uiuc00 ECE00 nikita-borisov
And roles: Uiuc00 ECE00
dept-chair
Challenge: finding a trust
path given a key
34
Identity on the Web
SSL
IP addresses and DNS
Cookies
Anonymity
35
SSL/TLS
Secure Socket Layer / Transport
Layer Security
Provides data encryption
Uses certificates to authenticate
websites
Optional client certificates
36
SSL
Uses X.509 certificates to
authenticate websites
Multiple trusted roots
Verisign, RSA, AOL, 00
(dozens)
Distributed with browsers
Mostly works
37
SSL certificates
38
SSL Issues
Verification problems
Microsoft.com incident
a few years back
(perhaps isolated)
Root certificate distribution
E.g. download Firefox over
insecure connection
Difficult to remove or add
roots
Too slow to protect most requests
39
User interface issues
How many of you...
Check the certificate before
typing in a password?
Look for a lock icon before
typing in a password?
Look at the URL before typing
in a password?
Can tell the difference between
paypaI.com and paypal.com?
Know that s182.lanxtra.com
is your bank?
40
User Interface Issues
41
Unauthenticated Names
Most requests are at the mercy
of unauthenticated name resolution and routing protocols
DNS: www.uiuc.edu
IP: 128.174.254.29
MAC: a7:5b:18:f7:25:1c
Attack can occur at any point
42
Domain Name Server
Maps transport identifiers
(host names) to network identifiers (host addresses)
Forward records: host names 00/font> IP addresses
Reverse records: IP addresses 00/font> host
names
Weak authentication
Not cryptographically based
Various techniques used, such
as reverse domain name lookup
43
Reverse Domain Name Lookup
Validate identity of peer
(host) name
Get IP address of peer
Get associated host name via
DNS
Get IP addresses associated
with host name from DNS
If first IP address in this
set, accept name as correct; otherwise, reject as spoofed
If DNS corrupted, this won00
work
44
DNS Security Issues
Trust is that name/IP address
binding is correct
Goal of attacker: associate
incorrectly an IP address with a host name
Assume attacker controls
name server, or can intercept queries and send responses
45
DNS Performance Optimization
DNS servers cache information
returned
Otherwise, root servers
would be swamped
DNS packets contain extra
information
% dig @a.gtld-servers.net www.uiuc.edu
;; AUTHORITY SECTION
uiuc.edu NS DNS1.CSO.uiuc.edu
;; ADDITIONAL SECTION
DNS1.CSO.uiuc.edu A 128.174.5.103
Extra information saves one
round-trip
46
Cache Poisoning
CS DNS Server
Rogue server for
foobar.com
1: resolve
www.foobar.com
2: resolve
www.foobar.com
3:
Add header for remailer 2
Hi, Alice,
It00 SQUEAMISH
OSSIFRIGE
Bob
send to Alice
send to remailer 2
send to remailer 1
65
Weaknesses
Attacker monitoring entire
network
Observes in, out flows
of remailers
Goal is to associate incoming,
outgoing messages
If messages are cleartext,
trivial
So assume all messages enciphered
So use traffic analysis!
Used to determine information
based simply on movement of messages (traffic) around the network
66
Attacks
If remailer forwards message
before next message arrives, attacker can match them up
Hold messages for some period
of time, greater than the message interarrival time
Randomize order of sending
messages, waiting until at least n messages are ready to be forwarded
Note: attacker can force
this by sending n00 messages into queue
67
Attacks
As messages forwarded, headers
stripped so message size decreases
Pad message with garbage at
each step, instructing next remailer to discard it
Replay message, watch for
spikes in outgoing traffic
Remailer can00 forward same
message more than once
68
Mixmaster Remailer
Cypherpunk remailer that handles
only enciphered mail and pads (or fragments) messages to fixed size
before sending them
Also called Type II Remailer
Designed to hinder attacks
on Cypherpunk remailers
Messages uniquely numbered
Fragments reassembled only
at last remailer for sending to recipient
69
Cypherpunk Remailer Message
recipent00 address
any mail headers to add
message
padding if needed
enciphered with Triple DES key #2
final hop address
packet ID: 168
message ID: 7839
Triple DES key: 2
random garbage
enciphered with Triple DES key #1
remailer #2 address
packet ID: 135
Triple DES key: 1
enciphered with RSA for remailer #2
enciphered with RSA for remailer #1
70
Anonymity Purposes
Dissidents, journalists, whistle-blowers
Socially sensitive communications
E.g. abuse chat rooms
Law enforcement
Anonymous tips
Undercover operations
Corporation - Secrecy of negotiations
Ordinary people
Governments
DoD undercover operatives
Intelligence gathering
71
Privacy
Anonymity protects privacy
by obstructing amalgamation of individual records
Important, because amalgamation
poses 3 risks:
Incorrect conclusions from
misinterpreted data
Harm from erroneous information
Not being let alone
Also hinders monitoring to
deter or prevent crime
Conclusion: anonymity can
be used for good or ill
Right to remain anonymous
entails responsibility to use that right wisely
72
Key Points
Identity specifies a principal
(unique entity)
Names vary with context
Different names at each
network layer, for example
Unique naming a difficult
problem
Globally verifiable naming
schemes are difficult to implement
Anonymity desirable; may or
may not be possible
Computer Security 463.4 Representing Identity
783k 
