1

Review for Exam 2 Subject matter:

Covers topics not included in Exam 1 RBAC and Chinese Wall Policies Cryptography Network Security and Authentication

Chapters from Bishop’s book: 7, 9, 10, 11, 12

The nature of the exam: 4-5 questions Similar to the homework. Pseudo-code, algorithms, protocols, etc.

          

2

Review RBAC Policies

Entities: Subjects, roles, role hierarchy, permissions (= object, action pairs) sessions and constraints

Mappings Subject to role

mapping, role to permission mapping

Static Constraints and Dynamic Constraints

user_sessions

(RH)Role Hierarchy

session_rol

es

(UA)User Assign-

ment

(PA)PermissionAssignment

USERS OBSOPS

SESSIONS

ROLES

PRMS

SSD

DSD

Questions: Design roles, permissions, S2R, R2P mapping. Given a set of constraints, and a request, say if the request will be permitted.

          

3

Chinese Wall Policy (Chapter 7) Conflict of Interest Classes History based access control Prevents information leakage from one

competitor to another CW-simple security property CW-* property

          

4

Example

Bank of America

Citibank Bank of the West

Bank

Shell Mobil TexacoSunoco

Gasoline

Consider a COI class as an industryCD(object1)=? COI(object1)=?

All Objects

object1 object2 ……

COI

CD

Object

          

5

Reading & Writing with CW properties

Alice has read Citibank’s CD and Shell’ CD Bob read Bank of America’s CD and Shell’s

CD Bob cannot read Citibank’s CD by CW-Simple

Alice writes what she read from Citibank’s CD to Shell’ CD; Bob can then read what Alice writes Shell’s CD is a bridge; can also use sanitized

objects

Bank of America

Citibank Bank of the West

Bank

Shell Mobil TexacoSunoco

Gasoline

Alice Bob

          

6

CW-*-Property s can write o iff both of the following hold:

1. The CW-simple condition permits s to read o– No blind write like in BLP

n For all unsanitized objects o, if s can read o, then CD(o) = CD(o)

1. All s can read are either within the same CD, or sanitized

Bank of America

Citibank Bank of the West

Bank

Shell Mobil TexacoSunoco

Gasoline

Alice Bob

Neither Alice nor bob can write

          

7

How Information Flows Information flows from o to o’ if some s reads o

followed by s writes o’ Theorem 7-3: information in un-sanitized objects

can only flow inside their own CD; information in sanitized objects can flow freely

Bank of America

Citibank Bank of the West

Shell Mobil TexacoSunoco

o1 o2 o3

o3 o1 o2 o3

sanitized

unsanitized

          

Cryptography

8

          

Cryptography Transposition and substitution ciphers Cesar ciphers and Vigenere ciphers Cryptanalysis Statistical analysis Block ciphers and block chaining DES and 3DES CBC mode

9

          

10

Cryptosystems

SECRET KEY

Symmetric Key

Single Key

Conventional

PUBLIC KEY

Asymmetric Key

Two Keys

          

11

Secret Key Cryptosystem

EncryptionAlgorithm

DecryptionAlgorithm

Plain-text

Plain-textCiphertext

INSECURE CHANNEL

K KSecret Keyshared byA and B

SECURE CHANNEL

AA BB

          

12

Public Key Cryptosystem

B's Public Key B's Private Key

RELIABLE CHANNEL

EncryptionAlgorithm

DecryptionAlgorithm

Plain-text

Plain-textCiphertext

INSECURE CHANNEL

AA BB

B's Public Key

          

13

Cipher Block Chaining

E

current plaintext block

keyD

key

+

+

previous ciphertext block

previousciphertext block

current plaintext block

          

14

Overview of the DES A product cipher

Both substitution and transposition on the bits A block cipher:

encrypts plaintext blocks of 64 bits using a 56 bit key, and outputs 64 bits of ciphertext

Developed by IBM; in 1977 adopted by NIST, with NSA approval for unclassified information

Also widely used by the public sector E and D are public, but the design

principles are classified

          

15

Key Management Key exchange protocols Key generation Storing and revoking keys Digital signatures Digital certificates

          

16

Needham-Schroeder

Alice CathyAlice || Bob || r1

Hey, Cathy, I need to talk to Bob.

Alice Bob{ Alice || ks } kB,C

Hey, Bob, this is Alice. Cathy wants me to forward you a session key ks with which we can talk

Alice Bob{ r2 } ks

You’re Alice? So you must have ks. Prove it!

Alice Cathy{ Alice || Bob || r1|| ks ||{ Alice || ks } kB,C } kA,C

Hey, Alice, this is Cathy

And tell Bob I got

him a session key ks

this is your

key ks

Alice Bob{ r2 – 1 } ks

Here’s the proof that I have ks

          

17

Alice’s Point of View Second message

Encrypted with a key kA,C that only Alice and Cathy know, so only Cathy can create the message

Containing a challenge r1, so the message is not a replay

Third message Encrypted with a key kB,C that only Bob and Cathy

know, so only Bob can read it and extract the session key

Alice Bob{ Alice || ks } kB,C

Alice Cathy{ Alice || Bob || r1|| ks ||{ Alice || ks } kB,C } kA,C

          

18

Bob’s Point of View Third message

Encrypted with a key that only Bob and Cathy know, so the message can only be created by Cathy

The name Alice is in the message, so Cathy says the session key is to be used while talking to Alice

Fourth and fifth message Determine if it is a replay from someone other

than Alice

Alice Bob{ Alice || ks } kB,C

Alice Bob{ r2 } ks

Alice Bob{ r2 – 1 } ks

          

19

Certificates A token (message) containing

Identity of principal (e.g., Alice) His/her public key Timestamp (when issued) Other information (perhaps identity of issuer)

signed by trusted authority (here, Cathy)CA = { eA || Alice || T } dC

          

20

Merkle’s Tree Scheme Keep certificates in a

file Define hashes

recursively h is hash function Ci is certificate i

Signature on h(1,4) known to all

Changing any Ci changes the signature

h(1,4)

h(1,2) h(3,4)

h(1,1) h(2,2) h(3,3) h(4,4)

C1 C2 C3 C4

h(1,4)=h(1,2)h(3,4)

          

21

Validation The signature can be

verified with any Ci To validate C1:

Compute h(1, 1) Obtain h(2, 2) Compute h(1, 2) Obtain h(3, 4) Compute h(1,4), signature Compare to known

signature

Only need to know hashes of child nodes on path

h(1,4)

h(1,2) h(3,4)

h(1,1) h(2,2) h(3,3) h(4,4)

C1 C2 C3 C4

          

Cipher Techniques Stream ciphers Multiple encryptions SSL and its protocols TLS IPSec

22

          

23

Diffie-Hellman Key Exchange Scheme

Proposed in 1976 as the first public key algorithm (predates RSA)

Allows users to agree on a secret key over insecure channels with no prior communication

The secret key can thus be used to encrypt or decrypt message (e.g., SSL 3.0, IPsec)

KAA BBInsecure Channel

          

24

Discrete Logarithm Problem

D-H is based on the discrete logarithm problem Given integers n and g and prime number p,

compute k such that n = g k mod p In general computationally infeasible Choices for g and p are critical

Both p and (p–1)/2 should be prime p should be large (at least 512 bits, possibly 1028 bits) g should be a primitive root mod p

          

25

Diffie-Hellman Key Exchange Scheme

A Bagree on p and g with 1 < g < p

A BX = gx mod p

Y = gy mod p

Choose x

Choose y

A Bcomputes k = Yx mod p

computes k’ = Xy mod p

k=k’=gxy mod p

knows p, g, X, and Y, but not x or y or k

          

26

Man-in-the-middle Attack

A BCactive intruder

K1 K2

A BK1

A BK2

          

Authentication Password schemes Challenge response schemes Biometry Other forms of authentication such as

recognizing photographs, solving puzzles etc.

27

          

28

Lamport’s Scheme How do user and server synchronize on which password to

use? h: one-way hash function (e.g., MD5 or SHA-1) hn(k): h(h(h(...h(k)...)))

Registration

User Server

k ksecure channel

n

hn(k)

1st Authenticationk hn(k

)hn-1(k) hn-

1(k)

hn-

1(k)

2nd Authenticationk hn-1(k)hn-2(k) hn-2(k)