chained and delegable authorization tokens
play

Chained and Delegable Authorization Tokens G. Navarro J. Garca J. - PowerPoint PPT Presentation

Dec 20, 2022 •100 likes •488 views

Chained and Delegable Authorization Tokens G. Navarro J. Garca J. A. Ortega-Ruiz Dept. of Computer Science Universitat Autnoma de Barcelona NordSec 2004 G. Navarro et al. (UAB) CADAT NordSec 2004 1 / 15 Outline Introduction 1

  1. Chained and Delegable Authorization Tokens G. Navarro J. García J. A. Ortega-Ruiz Dept. of Computer Science Universitat Autònoma de Barcelona NordSec 2004 G. Navarro et al. (UAB) CADAT NordSec 2004 1 / 15

  2. Outline Introduction 1 Example 2 Initialization Token delgation Chain delegation 3 Delegation in CADAT Implementation and Applications 4 Implementation SPKI cert without using full tag intersection SPKI cert using full tag intersection 5 Conclusions G. Navarro et al. (UAB) CADAT NordSec 2004 2 / 15

  3. Outline Introduction 1 Example 2 Initialization Token delgation Chain delegation 3 Delegation in CADAT Implementation and Applications 4 Implementation SPKI cert without using full tag intersection SPKI cert using full tag intersection 5 Conclusions G. Navarro et al. (UAB) CADAT NordSec 2004 3 / 15

  4. Introduction Chained And Delegable Authorization Tokens Hash chains as chains of authorization tokens. tokens represent generic authorizations (not just micropayments). Delegation delegation of chains or subchains. Implemented with a trust management infrastructure. CADAT C hained A nd D elegable A uthorization T okens G. Navarro et al. (UAB) CADAT NordSec 2004 4 / 15

  5. Introduction Chained And Delegable Authorization Tokens Hash chains as chains of authorization tokens. tokens represent generic authorizations (not just micropayments). Delegation delegation of chains or subchains. Implemented with a trust management infrastructure. CADAT C hained A nd D elegable A uthorization T okens G. Navarro et al. (UAB) CADAT NordSec 2004 4 / 15

  6. Introduction Chained And Delegable Authorization Tokens Hash chains as chains of authorization tokens. tokens represent generic authorizations (not just micropayments). Delegation delegation of chains or subchains. Implemented with a trust management infrastructure. CADAT C hained A nd D elegable A uthorization T okens G. Navarro et al. (UAB) CADAT NordSec 2004 4 / 15

  7. Introduction Chained And Delegable Authorization Tokens Hash chains as chains of authorization tokens. tokens represent generic authorizations (not just micropayments). Delegation delegation of chains or subchains. Implemented with a trust management infrastructure. CADAT C hained A nd D elegable A uthorization T okens G. Navarro et al. (UAB) CADAT NordSec 2004 4 / 15

  8. Introduction Chained And Delegable Authorization Tokens Hash chains as chains of authorization tokens. tokens represent generic authorizations (not just micropayments). Delegation delegation of chains or subchains. Implemented with a trust management infrastructure. CADAT C hained A nd D elegable A uthorization T okens G. Navarro et al. (UAB) CADAT NordSec 2004 4 / 15

  9. Example Initialization Example: first use AcmeNews Alice { contract(acme,10) } Generate hash chain: h_10, h_9, ..., h_1 G. Navarro et al. (UAB) CADAT NordSec 2004 5 / 15

  10. Example Initialization Example: first use AcmeNews Alice { contract(acme,10) } Generate hash chain: h_10, h_9, ..., h_1 G. Navarro et al. (UAB) CADAT NordSec 2004 5 / 15

  11. Example Initialization Example: first use AcmeNews Alice { contract(acme,10) } Generate hash chain: { contract(h_10) } h_10, h_9, ..., h_1 G. Navarro et al. (UAB) CADAT NordSec 2004 5 / 15

  12. Example Initialization Example: first use AcmeNews Alice { contract(acme,10) } Generate hash chain: { contract(h_10) } h_10, h_9, ..., h_1 h_9 G. Navarro et al. (UAB) CADAT NordSec 2004 5 / 15

  13. Example Initialization Example: first use AcmeNews Alice { contract(acme,10) } Generate hash chain: { contract(h_10) } h_10, h_9, ..., h_1 h_9 h_8 G. Navarro et al. (UAB) CADAT NordSec 2004 5 / 15

  14. Example Token delgation Example: token delegation ScienceNews AcmeNews Alice G. Navarro et al. (UAB) CADAT NordSec 2004 6 / 15

  15. Example Token delgation Example: token delegation ScienceNews AcmeNews Alice { token-deleg(h_8) } G. Navarro et al. (UAB) CADAT NordSec 2004 6 / 15

  16. Example Token delgation Example: token delegation ScienceNews AcmeNews Alice { token-deleg(h_8) } h_7 G. Navarro et al. (UAB) CADAT NordSec 2004 6 / 15

  17. Example Token delgation Example: token delegation ScienceNews AcmeNews Alice { token-deleg(h_8) } h_7 h_6 G. Navarro et al. (UAB) CADAT NordSec 2004 6 / 15

  18. Example Chain delegation Example: chain delegation AcmeNews Alice Bob G. Navarro et al. (UAB) CADAT NordSec 2004 7 / 15

  19. Example Chain delegation Example: chain delegation AcmeNews Alice Bob { chain-deleg(h_6) } G. Navarro et al. (UAB) CADAT NordSec 2004 7 / 15

  20. Example Chain delegation Example: chain delegation AcmeNews Alice Bob { chain-deleg(h_6) } h_5 G. Navarro et al. (UAB) CADAT NordSec 2004 7 / 15

  21. Example Chain delegation Example: chain delegation AcmeNews Alice Bob { chain-deleg(h_6) } h_5 h_4 G. Navarro et al. (UAB) CADAT NordSec 2004 7 / 15

  22. Delegation in CADAT CADAT & Delegation token-delegation: delegatee is the consumer of tokens, who offers the service (aka server-side delegation). chain-delegation: delegatee is the user of the tokens, who access the service (aka client-side delegation). G. Navarro et al. (UAB) CADAT NordSec 2004 8 / 15

  23. Delegation in CADAT CADAT & Delegation token-delegation: delegatee is the consumer of tokens, who offers the service (aka server-side delegation). chain-delegation: delegatee is the user of the tokens, who access the service (aka client-side delegation). G. Navarro et al. (UAB) CADAT NordSec 2004 8 / 15

  24. Implementation and Applications Implementation Implementation CADAT is implemented in Java. Contracts and delegations encoded as SPKI/SDSI authorization certificates . Basic functionality provided by JSDSI ; Chain discovery algorithm = ⇒ all computations needed by CATAD. Extended to support hash chain verification in the algorithm. G. Navarro et al. (UAB) CADAT NordSec 2004 9 / 15

  25. Implementation and Applications Implementation Implementation CADAT is implemented in Java. Contracts and delegations encoded as SPKI/SDSI authorization certificates . Basic functionality provided by JSDSI ; Chain discovery algorithm = ⇒ all computations needed by CATAD. Extended to support hash chain verification in the algorithm. G. Navarro et al. (UAB) CADAT NordSec 2004 9 / 15

  26. Implementation and Applications Implementation Implementation CADAT is implemented in Java. Contracts and delegations encoded as SPKI/SDSI authorization certificates . Basic functionality provided by JSDSI ; Chain discovery algorithm = ⇒ all computations needed by CATAD. Extended to support hash chain verification in the algorithm. G. Navarro et al. (UAB) CADAT NordSec 2004 9 / 15

  27. Implementation and Applications SPKI cert without using full tag intersection Token as SPKI authorization certificate Partial tag intersection Authorization token: p = ( cid , i , h i ( m )) Token-cert without hash verification (cert (issuer ...) (subject ...) (tag (h-chain-id |123456789|) (h-chain-index (* range numeric ge 7))) (comment (h-val (hash md5 |899b786bf7dfad58aa3844f2489aa5bf|)))) G. Navarro et al. (UAB) CADAT NordSec 2004 10 / 15

  28. Implementation and Applications SPKI cert without using full tag intersection Token as SPKI authorization certificate Partial tag intersection Authorization token: p = ( cid , i , h i ( m )) Token-cert without hash verification (cert (issuer ...) (subject ...) (tag (h-chain-id |123456789|) (h-chain-index (* range numeric ge 7))) (comment (h-val (hash md5 |899b786bf7dfad58aa3844f2489aa5bf|)))) G. Navarro et al. (UAB) CADAT NordSec 2004 10 / 15

  29. Implementation and Applications SPKI cert using full tag intersection Token as SPKI authorization certificate Full tag intersection Authorization token: p = ( cid , i , h i ( m )) Token-cert with hash verification (cert (issuer ...) (subject ...) (tag (hash-auth (hchain-id |lksjfSDFIsdfkj0sndKIShfoMSKJSD|) (hchain-index 15) (hash md5 |d52885e0c4bc097f6ba3b4622e147c30|)))) G. Navarro et al. (UAB) CADAT NordSec 2004 11 / 15

  30. Implementation and Applications SPKI cert using full tag intersection Token as SPKI authorization certificate Full tag intersection Authorization token: p = ( cid , i , h i ( m )) Token-cert with hash verification (cert (issuer ...) (subject ...) (tag (hash-auth (hchain-id |lksjfSDFIsdfkj0sndKIShfoMSKJSD|) (hchain-index 15) (hash md5 |d52885e0c4bc097f6ba3b4622e147c30|)))) G. Navarro et al. (UAB) CADAT NordSec 2004 11 / 15

  31. Implementation and Applications SPKI cert using full tag intersection Applications Generic token-based access control system. Micropayment schemes. Current application: Token-based access control for mobile agents . G. Navarro et al. (UAB) CADAT NordSec 2004 12 / 15

  32. Implementation and Applications SPKI cert using full tag intersection Applications Generic token-based access control system. Micropayment schemes. Current application: Token-based access control for mobile agents . G. Navarro et al. (UAB) CADAT NordSec 2004 12 / 15

  33. Implementation and Applications SPKI cert using full tag intersection Applications Generic token-based access control system. Micropayment schemes. Current application: Token-based access control for mobile agents . G. Navarro et al. (UAB) CADAT NordSec 2004 12 / 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney <jbasney@ncsa.Illinois.edu> Brian Bockelman <bbockelm@cse.unl.edu> This material is based upon work supported by the National S cience Foundation under Grant

379 views • 20 slides
OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios

OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios

OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos Resource sharing Authorization Client Resource owner Resource storage Resource access Resource

1.11k views • 18 slides
1 Research Goal Proposed tool: Chained clone detection tool Detection of clone sets connected

1 Research Goal Proposed tool: Chained clone detection tool Detection of clone sets connected

Overview of my presentation Introduction of chained clone detection Detection of Chained Clone and Its Application N.Yoshida, et al.: "On Refactoring Support Based on Code Clone Dependency Relation", Proc. of METRICS 2005.

316 views • 4 slides
SRM Space Tokens SRM Space Tokens SRM Space Tokens SRM Space Tokens Scalla/xrootd Andrew

SRM Space Tokens SRM Space Tokens SRM Space Tokens SRM Space Tokens Scalla/xrootd Andrew

SRM Space Tokens SRM Space Tokens SRM Space Tokens SRM Space Tokens Scalla/xrootd Andrew Hanushevsky Stanford Linear Accelerator Center Stanford University Stanford University 27-May-08 http://xrootd slac stanford edu

550 views • 23 slides
Chained to the drawing board By Carolyn Okom o SHARE E-MAIL RETURN TO FULL STORY Published May

Chained to the drawing board By Carolyn Okom o SHARE E-MAIL RETURN TO FULL STORY Published May

Chained to the drawing board - Printer Friendly Version (The Deal Magazine) Page 1 of 5 Chained to the drawing board By Carolyn Okom o SHARE E-MAIL RETURN TO FULL STORY Published May 1, 2009 at 10:29 AM The heyday of asbestos bankruptcies is

323 views • 5 slides
Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing

70 views • 6 slides
Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work with Ben Kreuter, Tancrde Lepoint, Mariana Raykova ia.cr/2020/072 1 Definition Anonymous tokens are lightweight, single-use anonymous credentials.

657 views • 61 slides
Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably Authorization answers the question who is allowed to do what ? A first step in the development of an access control system is the

651 views • 53 slides
1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel Expense 4. Travel Regulations 2 Travel Authorization (See Next Slide for Detailed Steps) 2. Trip Information goes here 1. Budgetary Coding goes

319 views • 11 slides
CISC101 Reminders & Notes Today Finish up chained if statements Assignment 2 is

CISC101 Reminders & Notes Today Finish up chained if statements Assignment 2 is

CISC101 Reminders & Notes Today Finish up chained if statements Assignment 2 is posted Due on Sunday, February 20 th at 11:59AM Continue from slide 23 last time Introduce loops Tests are being marked while

290 views • 5 slides
Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It

Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It

Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It is designed to : Assist in benefit determination Prevent unanticipated denials of coverage Create a collaborative approach to

187 views • 18 slides
The Reinforcing Effects of Houselight Illumination During Chained Schedules of Food Presentation

The Reinforcing Effects of Houselight Illumination During Chained Schedules of Food Presentation

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/23295756 The Reinforcing Effects of Houselight Illumination During Chained Schedules of Food Presentation Article in Journal of the

386 views • 20 slides
Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents https://cametoolbox.fnal.gov/Project/WADReports?ProjectName=HL-L... Work Authorization Documents Work Authorization Document Control Account Information Control Account Manager: 10629N Nobrega, Fred Control

56 views • 5 slides
Systems Good for People Chained to the Rhythm Learning Analogies Analogies Run Amok What

Systems Good for People Chained to the Rhythm Learning Analogies Analogies Run Amok What

Making Information Systems Good for People Chained to the Rhythm Learning Analogies Analogies Run Amok What Happened? What We Do How Do They Work? Finding Patterns Recommender Vocabulary

773 views • 59 slides
Stateful Chained Network Functions Junaid Khalid W,G and Aditya Akella W 1 *This work does not

Stateful Chained Network Functions Junaid Khalid W,G and Aditya Akella W 1 *This work does not

Correctness and Performance for Stateful Chained Network Functions Junaid Khalid W,G and Aditya Akella W 1 *This work does not have any affiliation with Google Network Function Virtualization (NFV) Hardware NF software NF over commodity

1.76k views • 120 slides
Remote File Access: Problems and Solutions Authentication and authorization Performance

Remote File Access: Problems and Solutions Authentication and authorization Performance

Remote File Access: Problems and Solutions Authentication and authorization Performance Synchronization Robustness Lecture 13 CS 111 Page 1 Summer 2013 Authorization and Authentication Authorization is determined if someone

886 views • 41 slides
Security and digital rights management Kati Tuomainen khtuomai@cc.hut.fi Agenda

Security and digital rights management Kati Tuomainen khtuomai@cc.hut.fi Agenda

Security and digital rights management Kati Tuomainen khtuomai@cc.hut.fi Agenda Introduction Content based media security What is DRM? How do DRM systems work? DRM models Mobile DRM Concluding remarks Introduction

1.39k views • 13 slides
3-509

3-509

3-509 liuzhen@sjtu.edu.cn 1 Introduction to Bitcoin SSL and IPSec 2 2. Transaction in Bitcoin A Transaction 2. Transaction in Bitcoin A

727 views • 25 slides
A Theory of Pricing Private Data Dan Suciu U. of Washington Joint work with: Chao Li,

A Theory of Pricing Private Data Dan Suciu U. of Washington Joint work with: Chao Li,

A Theory of Pricing Private Data Dan Suciu U. of Washington Joint work with: Chao Li, Daniel Yang Li, Gerome Miklau DIMACS - 10/2012 1 Motivation Private data has value A unique user: $4 at FB, $24 at Google [JPMorgan]

350 views • 24 slides
Tor performance problems ...and how to solve them Roger Dingledine The Tor Project

Tor performance problems ...and how to solve them Roger Dingledine The Tor Project

Tor performance problems ...and how to solve them Roger Dingledine The Tor Project https://www.torproject.org/ 1 Tor: Big Picture Freely available (Open Source), unencumbered. Comes with a spec and full documentation: Dresden and

856 views • 50 slides
Content Pricing in Peer-to-Peer Networks Jaeok Park and Mihaela van der Schaar Electrical

Content Pricing in Peer-to-Peer Networks Jaeok Park and Mihaela van der Schaar Electrical

Content Pricing in Peer-to-Peer Networks Jaeok Park and Mihaela van der Schaar Electrical Engineering Department, UCLA 2010 Workshop on the Economics of Networks, Systems, and Computation (NetEcon 10) October 3, 2010 Park and van der Schaar

653 views • 37 slides
Social Networks and Security Checkpoint Sep 7, 2009 Joseph Bonneau, Computer Laboratory Hack

Social Networks and Security Checkpoint Sep 7, 2009 Joseph Bonneau, Computer Laboratory Hack

Social Networks and Security Checkpoint Sep 7, 2009 Joseph Bonneau, Computer Laboratory Hack #1: Photo URL Forging Photo Exploits: PHP parameter fiddling (Ng, 2008) Hack #1: Photo URL Forging Photo Exploits: Content Delivery Network URL

1.53k views • 123 slides
The Energy Innovation Platform Overview Personalised Customer Centric Digital Engagement

The Energy Innovation Platform Overview Personalised Customer Centric Digital Engagement

The Energy Innovation Platform Overview Personalised Customer Centric Digital Engagement Platforms Over 250,000 customers currently using Platform Tier 1, Tier 2 and new entrant energy retailer market in Australia Varying

98 views • 7 slides
Memory of Master and Techniques of Tunis Realised by : Nesrine KHOUZAMI Introduction

Memory of Master and Techniques of Tunis Realised by : Nesrine KHOUZAMI Introduction

Higher School of Sciences Memory of Master and Techniques of Tunis Realised by : Nesrine KHOUZAMI Introduction Problematic Existing approaches BonjourGrid Proposed approach Implementations Experimentations Conclusion and perspectives 2

784 views • 50 slides

More recommend