Denial of Service Attacks Unlike other forms of computer attacks goal isnt access or theft of information or services The goal is to stop the service from operating To deny service to legitimate users ID: 168507
Download Presentation The PPT/PDF document "Denial of Service" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Authentication (cont’d)Slide2
Password Authentication
Someone sniffing on the network can learn the password
Host keeps a file of every user’s public key
Users keep their private keys
When Alice attempts to log on,
host sends her a random number
R
Alice encrypts
R
with her private key
and sends to host
Host can now verify her identity by
decrypting the message and retrieving
RSlide3
Authentication With Symmetric Key
Server sends random number R
Client encrypts with symmetric key, sends back
or
Server sends random number R, encrypted with symmetric key
Client decrypts, sends back
or
Client decrypts, sends back R-1, encrypted with symmetric keySlide4
Authentication With Public Key
Server sends random number R
Client encrypts with private key, sends backor
Server sends random number R, encrypted with public key of client
Client decrypts, sends backSlide5
Key Distribution
Confidentiality not needed for public key
Can be obtained ahead of time
Performance
Slower than conventional cryptography
Implementations used for key distribution, then use conventional crypto for data encryption
Trusted third party still needed
To certify public key
To manage revocation
Authentication With Public KeySlide6
Passport
Shibboleth
Single Sign-OnSlide7
Goal is single
sign-on
Solves problem of weak or repeated user/pass combinationsImplemented via
redirections
Users authenticate themselves to a common server, which gives them tickets
Widely deployed by Microsoft
Designed to use existing technologies in servers/browsers (HTTP redirect, SSL, cookies,
Javascript
)
PassportSlide8
Client (browser), merchant (Web server), Passport login server
Passport server maintains authentication info for client
Gives merchant access when permitted by client
How Passport Works
David P. Kormann and Aviel D. Rubin,
Risks of the Passport Single Signon Protocol,
Computer Networks, Elsevier Science Press, volume 33, pages 51-58, 2000. Slide9
How Passport Works
David P.
Kormann
and
Aviel
D. Rubin,
Risks of the Passport Single
Signon
Protocol,
Computer Networks, Elsevier Science Press, volume 33, pages 51-58, 2000.
SSL
Token =
encrypted
authentication info
using key merchant shares with passport server
Also set cookie at browser
(passport)Slide10
Placed into browser cache by servers to store state about this particular user
Contain any information that server wants to remember about the user as name/value pairs
May contain expiration time
May persist across browser instances
Returned to server in clear on new access
Only those cookies created for the server’s domain are sent to the server
May not be created by this server
Usually used for persistent sign in, shopping cart, user preferences
How Cookies WorkSlide11
User logs in using her user/pass
Server sets a cookie with some info – username, password, session ID …
Any future accesses return this info to the server who uses it for authentication (equivalent to user/pass)
Once user signs out the cookie is deleted and the session closed at the server
Problems
Cookies can be sniffed, remain on the browser because user did not sign out, be stolen by cross-site scripting or via DNS poisoning
Solutions:
Send cookies over SSL, use timed cookies, secure code, bind cookies to IP address of the client, encrypt cookies …
Cookies for Authentication
Learn more at:
http://cookies.lcs.mit.edu/pubs/webauth:tr.pdf
Slide12
Service Provider
Browser goes to Resource Manager who uses WAYF, and user’s Attribute Requester, and decides whether to grant access.
“Where are you from” (WAYF) serviceRedirects to correct serversFederation to form trusted relationships between providers
Federated Identity - ShibbolethSlide13
6. I know you now. Redirect to SP, with a handle for user
8. Based on attribute values, allow access to resource
Identity Provider
(IdP)
Web Site
Service Provider (SP)
Web Site
1. User requests resource
2. I don’t know you, or where you are from
LDAP
WAYF
3. Where are you from?
4. Redirect to IdP for your org
5. I don’t know you. Authenticate using your org’s web login
1
2
3
4
5
7
7. I don’t know your attributes. Ask the IdP (peer to peer)
6
Client
Web Browser
8
Source: Kathryn Huxtable
khuxtable@ku.edu
10 June 2005
Shibboleth - ProtocolSlide14
Cards
Mag stripe (= password)
Smart card, USB keyTime-varying passwordIssuesHow to validateHow to read (i.e. infrastructure)
Something
You
HaveSlide15
Biometrics
Measures some physical attribute
Iris scanFingerprint
Picture
Voice
Issues
How to prevent spoofing
What if spoofing is possible? No way to obtain new credentials
Something
About YouSlide16
Require at least two of the classes we mentioned, e.g.
Smart card plus PIN
RSA SecurID plus password
Biometric and password
Multi-factor AuthenticationSlide17
Authorization and PolicySlide18
Is principal P permitted to perform action A on object
O?
Authorization system will provide yes/no answer
AuthorizationSlide19
Who is permitted to perform which actions on what objects?
Access Control Matrix (ACM)
Columns indexed by principal
Rows indexed by objects
Elements are arrays of permissions indexed by action
In practice,
ACMs
are abstract objects
Huge and sparse
Possibly distributed
Access ControlSlide20
Example ACM
File/User
Tom
Dick
Harry
Readme.txt
read
read
read, write
passwords
write
Term.exe
read, write, executeSlide21
Access Control Lists (
ACLs
)For each object, list principals and actions permitted on that objectCorresponds to rows of ACM
Instantiations of ACMs
File
Readme.txt
Tom: read, Dick: read, Harry: read, write
passwords
Harry: write
Term.exe
Tom: read, write, executeSlide22
Capabilities
For each principal, list objects and actions permitted for that principal
Corresponds to columns of ACMThe Unix file system is an example of…?
Instantiations of ACMs
User
Tom
Readme.txt
: read,
Term.exe
: read, write, execute
Dick
Readme.txt
: read
Harry
Readme.txt
: read, write; passwords: writeSlide23
Discretionary
Mandatory
Role-based
Types of Access ControlSlide24
Owners control access to objects
Access permissions based on identity of subject/object
E.g., access to health information
Discretionary Access ControlSlide25
Rules set by the system, cannot be
overriden
by ownersEach object has a classification and each subject has a clearance (unclassified, classified, secret, top-secret)
Rules speak about how to match categories and classifications
Access is granted on a match
Mandatory Access Control
19:59
19:59 Slide26
Focuses on controlled access to classified information and on confidentiality
No concern about integrity
The model is a formal state transition model of computer security policy
Describes a set of access control rules which use security classification on objects and clearances for subjects
To determine if a subject can access an object
Combine mandatory and discretionary AC (ACM)
Compare object’s classification with subject’s clearance (Top Secret, Secret,
Confid
.,
Unclass
.)
Allow access if ACM
and
level check say it’s OK
Policy models: Bell-
LaPadulaSlide27
Mandatory access control rules:
a subject at a given clearance may not read an object at a higher classification (
no read-up)a subject at a given clearance must not write to any object at a lower classification (
no write-down
).
Trusted subjects – the “no write-down” rule does not apply to them
Transfer info from high clearance to low clearance
Policy models: Bell-
LaPadulaSlide28
Ability to access objects depends on one’s role in the organization
Roles
of a user can change
Restrictions may limit holding multiple roles simultaneously or within a session, or over longer periods.
Supports separation of roles
Maps to
organization structure
Role-Based Access ControlSlide29
Ability to access objects depends on attributes assigned to user and object, environment attributes, etc.
Attributes can have single value (clearance) or multiple values (project membership)
Example:
students can view their grades only during weekdays and for courses that they took less than 3 years ago
Attribute-Based Access ControlSlide30
Final goal of security
Determine whether to allow an
operationDepends uponPolicy
Authentication
AuthorizationSlide31
Policy defines what is allowed and how the system and security mechanisms should act
Policy is enforced by mechanism which interprets it, e.g.
Firewalls
IDS
Access control lists
Implemented as
Software (which must be implemented correctly and without vulnerabilities)
Policy