Pfleeger 9780134093093 Ch02 - ppawar.github.io€¦ · í î l î ò l î ì í õ ñ $ffhvv...

$: Pfleeger 9780134093093 Ch02 - ppawar.github.io€¦ · í î l î ò l î ì í õ ñ $ffhvv 3rolflhv *rdov &khfn hyhu\ dffhvv (qirufh ohdvw sulylohjh 9huli\ dffhswdeoh xvdjh 7udfn$
12/26/2019

1

SECURITY IN COMPUTING,FIFTH EDITIONChapter 2: Toolbox: Authentication, Access Control, and Cryptography

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

1

Objectives for Chapter 2

• Survey authentication mechanisms

• List available access control implementation options

• Explain the problems encryption is designed to solve

• Understand the various categories of encryption tools as well as the strengths, weaknesses, and applications of each

• Learn about certificates and certificate authorities

2


Authentication

• The act of proving that a user is who she says she is

• Methods:• Something the user knows

• Something the user is

• Something user has

3


1

2

3

12/26/2019

2

Something You Know

• Passwords

• Security questions

• Attacks on “something you know”:• Dictionary attacks

• Inferring likely passwords/answers

• Guessing

• Defeating concealment

• Exhaustive or brute-force attack

• Rainbow tables

4


Distribution of Password Types

5

One character0%

Two characters2%

Three characters14%

Four characters,all letters

14%

Five letters,all same case

22%

Six letters,lowercase

19%

Words indictionaries orlists of names

15%

Other goodpasswords

14%


Password Storage

Plaintext Concealed

6


4

5

6

12/26/2019

3

Biometrics: Something You Are

7


Problems with Biometrics

• Intrusive

• Expensive

• Single point of failure

• Sampling error

• False readings

• Speed

• Forgery

8


Tokens: Something You Have

9

Time-Based Token Authentication

PASSCODE PIN TOKENCODE=

Login: mcollings

2468159759Passcode:

+

Clocksynchronized toUCT

Unique seed

Token code:Changes every

60 seconds


7

8

9

12/26/2019

4

Federated Identity Management

10

UserIdentity Manager

(performsauthentication)

AuthenticatedIdentity

Application(no authentication)




Single Sign-On

11

User Single Sign-OnShell

Identification andAuthentication

Credentials

Application

Authentication

Token

AuthenticationAuthentication

ApplicationApplication

Password


Access Control

12


10

11

12

12/26/2019

5

Access Policies

• Goals:• Check every access

• Enforce least privilege

• Verify acceptable usage

• Track users’ access

• Enforce at appropriate granularity

• Use audit logging to track accesses

13


Implementing Access Control

• Reference monitor

• Access control directory

• Access control matrix

• Access control list

• Privilege list

• Capability

• Procedure-oriented access control

• Role-based access control

14


Reference Monitor

15


13

14

15

12/26/2019

6

Access Control Directory

16

PROG1.C

PROG1.EXE

BIBLIOG

HELP.TXT

TEMP

ORW

ORW

ORW

OX

R

BIBLIOG

TEST.TMP

PRIVATE

HELP.TXT

R

ORW

OX

R

File NameFile NameAccessRights

AccessRights

FilePointer

FilePointer

User A Directory User B DirectoryFiles


Access Control Matrix

17


Access Control List

18

F

TEMP

BIBLIOG

HELP.TXT

FileAccess List

Pointer UserAccessRights

USER_S

USER_B

USER_A ORW

RW

R

BIBLIOG

TEMP

F

HELP.TXT

USER_A ORW

USER_S

USER_A ORW

R

USER_S

USER_B

USER_A R

R

R

USER_T R

SYSMGR

USER_SVCS

RW

O

Directory Access Lists Files


16

17

18

12/26/2019

7

Problems Addressed by Encryption

• Suppose a sender wants to send a message to a recipient. An attacker may attempt to• Block the message

• Intercept the message

• Modify the message

• Fabricate an authentic-looking alternate message

19


Encryption Terminology

• Sender

• Recipient

• Transmission medium

• Interceptor/intruder

• Encrypt, encode, or encipher

• Decrypt, decode, or decipher

• Cryptosystem

• Plaintext

• Ciphertext

20


Encryption/Decryption Process

21

Key(Optional)

OriginalPlaintext

Plaintext Ciphertext

Key(Optional)

Encryption Decryption


19

20

21

12/26/2019

8

Symmetric vs. Asymmetric

22

Encryption Decryption OriginalPlaintextPlaintext Ciphertext

(a) Symmetric Cryptosystem

DecryptionKey

Encryption Decryption OriginalPlaintextPlaintext Ciphertext

EncryptionKey

(b) Asymmetric Cryptosystem

Key


Stream Ciphers

23

Encryption

Key(Optional)


…ISSOPMI wdhuw…


Block Ciphers

24

IH

Key(Optional)


.. XN OI TP ES

pobaqckdem..

Encryption


22

23

24

12/26/2019

9

Stream vs. Block

Stream Block

Advantages Speed of transformation

Low error propagation

High diffusion Immunity to

insertion of symbol

Disadvantages Low diffusion Susceptibility to

malicious insertions and modifications

Slowness of encryption

Padding Error

propagation

25


DES: The Data Encryption Standard• Symmetric block cipher

• Developed in 1976 by IBM for the US National Institute of Standards and Technology (NIST)

26


AES: Advanced Encryption System

• Symmetric block cipher

• Developed in 1999 by independent Dutch cryptographers

• Still in common use

27


25

26

27

12/26/2019

10

DES vs. AES

28


Public Key (Asymmetric) Cryptography

• Instead of two users sharing one secret key, each user has two keys: one public and one private

• Messages encrypted using the user’s public key can only be decrypted using the user’s private key, and vice versa

29


Secret Key vs. Public Key Encryption

30


28

29

30

12/26/2019

11

Public Key to Exchange Secret Keys

31

4. , 5

a bc 6de f

9wx yz

8tuv

7pq rs

Bill, give me your public key

Here is my key, Amy

1

2

3 Here is a symmetric key we can use

6 m no

5 jkl

1 .,

2a b

c

3d e

f

9w x

y z

8tu

v

7 pqr s

4g

hi


Key Exchange Man in the Middle

32

Bill, give meyour public key

1

Here is my key, Amy 2

3a Here is another symmetric k ey

No, give it to me1a

Here is the middle’s key 2a

Here is the symmetric key3

4

.,

5

ab c

6

d

e

f

9

wxy z

8

t uv

7

pqr s

6m

no5j

kl1

.

,

2ab

c

3d

ef

9wx

yz8tuv7

pqrs 4ghi


Error Detecting Codes

• Demonstrates that a block of data has been modified

• Simple error detecting codes:• Parity checks

• Cyclic redundancy checks

• Cryptographic error detecting codes:• One-way hash functions

• Cryptographic checksums

• Digital signatures

33


31

32

33

12/26/2019

12

Parity Check

34


One-Way Hash Function

35

Encrypted forauthenticity

M

Hashfunction

Messagedigest


Digital Signature

36

Mark onlythe sendercan make

Authentic Unforgeable

Mark fixedto

document


34

35

36

12/26/2019

13

Certificates: Trustable Identities and Public Keys

• A certificate is a public key and an identity bound together and signed by a certificate authority.

• A certificate authority is an authority that users trust to accurately verify identities before generating certificates that bind those identities to keys.

37


Certificate Signing and Hierarchy

38

Name: DianaPosition: Division ManagerPublic key: 17EF83CA .. .

Diana creates and delivers to Edward:

Edward adds:

Edward signs with his private key:


hash value128C4

Name: DianaPosition: Division ManagerPublic key: 17EF83CA ...

hash value128C4

Which is Diana’s ce rtificate.

Name: DelwynPosition: Dept ManagerPublic key: 3AB3882C .. .

Delwyn creates and delivers to Diana:

Diana adds:

Diana signs with her private key:


hash value48CFA

And appends her certificate:

Which is Delwyn’s certificate.


hash value128C4

To create Diana’s certificate: To create Delwyn’s certificate:


hash value48CFA


hash value48CFA


Cryptographic Tool Summary

39


37

38

39

12/26/2019

14

Summary

• Users can authenticate using something they know, something they are, or something they have

• Systems may use a variety of mechanisms to implement access control

• Encryption helps prevent attackers from revealing, modifying, or fabricating messages

• Symmetric and asymmetric encryption have complementary strengths and weaknesses

• Certificates bind identities to digital signatures

40


40

Pfleeger 9780134093093 Ch02 - ppawar.github.io€¦ · í î l î ò l î ì í õ ñ $ffhvv...

Documents

Transcript of Pfleeger 9780134093093 Ch02 - ppawar.github.io€¦ · í î l î ò l î ì í õ ñ $ffhvv...