CSC 382: Computer Security Slide #1

CSC 382: Computer Security

Identity

CSC 382: Computer Security Slide #2

Identity

1. What is Identity?

2. Files and Objects

3. Users

4. Groups and Roles

5. Naming and Certificates

6. Internet Identity and Anonymity

CSC 382: Computer Security Slide #3

What is Identity?

Computer’s representation of an entity– Entities can be subjects or objects.

Authentication binds a principal to an identity.

Example:– username expresses your identity.– password binds the person typing to that

particular identity (username).

CSC 382: Computer Security Slide #4

Purpose of Identity

Access Control– Most systems base access rights on identity of

principal executing the process.

Accountability– Logging and auditing functions.– Need to track identity across account/role

changes (e.g., su, sudo).

CSC 382: Computer Security Slide #5

Files and Objects

Objects are identified by assigning names

Example: UNIX filenames– inode: unique identifier, contains file metadata and

location of disk blocks.

– file descriptor: abstracts inode on a per-process basis for file reading and writing.

– absolute pathnames: describe location in filesystem.

– relative pathnames: describe locations of file with respect to current working directory.

CSC 382: Computer Security Slide #6

Remote Objects

Remote objects require more complex names.

Example: URLs– Identifies objects by location and protocol

required to access it.– <scheme>://<authority><path>?<query>

– example: ftp://abcorp.com/pub/README

CSC 382: Computer Security Slide #7

Users

Identity tied to a single entity.

Example: UNIX UIDs– UNIX identifies user with 15- to 32-bit user ID.– Also provides login names for convenience

• Each login name corresponds to a single UID.• A UID may have multiple login names.

– UID=0 is superuser regardless of login name.– Real UID is actual user.– Effective UID (EUID) used for access control.– SetUID programs allow EUID to differ from UID.

CSC 382: Computer Security Slide #8

Groups and Roles

An “entity” may be a set of entities referred to by a single identifier.

Principals often need to share access to files, and thus are taken as groups.– static: alias for a group of principles.– dynamic: principal changes from one group to another

as different privileges are needed.

role: a group that ties membership to functionexample: UNIX groups

CSC 382: Computer Security Slide #9

Certificates

Bind a cryptographic key to a principal.

How to identify the principal?– Distinguished Names provide unique names

despite people sharing first and last names.– Certification Authorities (CAs) link DNs to a

particular person.

CSC 382: Computer Security Slide #10

Distinguished Names

Hierarchical naming system – Used by X509.3 certificates, LDAP

String representation:– Series of key value pairs, separated by /’s

Example:

/O=University of Toledo/OU=Dept. of EECS/CN=James Walden

CSC 382: Computer Security Slide #11

Certification Authorities

CA Authentication Policy: Describes level of authentication required to identify a principle to whom a certificate is issued

CA Issuance Policy: Describes principals to whom CA will issue certificates

CSC 382: Computer Security Slide #12

CA Example: Verisign

Authentication Policies1. Authenticates email address2. Authenticates real name and address3. Authenticates legal identity via a background

check from investigative service

Issuance Policies– Issue to individuals– Issue to web servers (organizations)

CSC 382: Computer Security Slide #13

CA Hierarchy

Hierarchical tree of CAs– Identify CAs by DNs– Root = Internet Policy Registration Authority– Policy Certification Authorities (PCAs)

• Each has public authentication and issuance policies.• Issue certificates to ordinary CA.

– Subordinate nodes must follow policies of parents, but can add more restrictions.

– Make trust decisions by walking up tree.

CSC 382: Computer Security Slide #14

Host IdentityEthernet (MAC) Address

– 48-bit data link level identifier– example: 00:0B:DB:78:39:8A

IP Address– 32-bit network level identifier– ex: 10.17.0.101

IPv6 Address– 128-bit network level identifier– ex: fe80::2a0:c9ff:fe97:153d/64

Hostname (DNS name)– string application level identifier– ex: www.nku.edu

CSC 382: Computer Security Slide #15

Anonymity

Internet connections are associated with a particular host.

What if you don’t want your identity associated with a connection?

Solution: anonymizer– A proxy server that performs connection on

your behalf.– Internet connection associated with

anonymizer, not your IP address.

CSC 382: Computer Security Slide #16

Pseudo-anonymous Remailer

1. Maps anonymous ID to sender.2. Replaces sender’s email addresses and

other identifying information.3. Forwards message to destination host.4. Replies are also anonymized and

forwarded to original sender.

Caveat: sender and recipient both known to pseudo-anonymous remailer.

CSC 382: Computer Security Slide #17

Cypherpunk Remailer

1. Encipher message with recipient’s public key.

2. No mapping between originator/remailer address.

3. Delete header.

4. Decipher one layer of PGP encryption (using remailer’s private key).

5. Encipher with PGP public key of next remailer.

6. Forward to next remailer or destination.

CSC 382: Computer Security Slide #18

Traffic Analysis

Attacker can still obtain association if remailer immediately forwards messages– Delay messages for random time interval.– Randomize processing order of messages.

• Keep pool of incoming messages.• Send random message once n messages in pool.• What if attacker sends messages to fill pool?

Attacker can obtain associations by watching message size.– Message size decreases with each remailing.

CSC 382: Computer Security Slide #19

Mixmaster Remailer

Cypherpunk remailer that handles only enciphered messages and pads or fragments all messages to a fixed size before sending.– All messages uniquely numbered to avoid

replay attacks.– Messages not re-assembled until last remailer.

CSC 382: Computer Security Slide #20

Key Points

1. All access control is based on identity.2. Identity may have multiple representations.3. Identities are bound to principals.4. Anonymity allows interaction without

knowledge of true identity.psuedo-anonymity: intermediary knows identity.true anonymity: no one knows true identity.

CSC 382: Computer Security Slide #21

References1. Phil Agre. “Your Face is not a Bar Code,”

http://polaris.gseis.ucla.edu/pagre/bar-code.html, 2003.2. Ross Anderson, Security Engineering, Wiley, 2001.3. Matt Bishop, Introduction to Computer Security, Addison-

Wesley, 2005.4. Bruce Schneier, “Biometrics: Truths and Fictions,” Cryptogram,

http://www.schneier.com/crypto-gram-9808.html#biometrics, 1998.

5. John Viega and Gary McGraw, Building Secure Software, Addison-Wesley, 2002.

6. David Wheeler, Secure Programming for UNIX and Linux HOWTO, http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html, 2003.