spki sdsi 2 0 a simple distributed security infrastructure
play

SPKI/SDSI 2.0 A Simple Distributed Security Infrastructure by - PowerPoint PPT Presentation

Nov 22, 2023 •574 likes •973 views

SPKI/SDSI 2.0 A Simple Distributed Security Infrastructure by Ronald L. Rivest MIT Lab for Computer Science (Joint work with Butler Lampson and Carl Ellison) 1 1 1 Outline context and history motivation and goals syntax

  1. SPKI/SDSI 2.0 A Simple Distributed Security Infrastructure by Ronald L. Rivest MIT Lab for Computer Science (Joint work with Butler Lampson and Carl Ellison) 1 1 1

  2. Outline  context and history  motivation and goals  syntax  public keys (principals)  naming and certificates  groups and access control 2 2 2

  3. The Context  Public-key cryptography invented in 1976 by Diffie, Hellman, and Merkle, enabling: – Digital signatures: private key signs, public key verifies. – Privacy: public key encyrpts, private key decrypts.  But: Are you using the “right” public key? Public keys must be authentic , even though they need not be secret . 3 3 3

  4. How to Obtain the “Right’’ PK?  Directly from its owner  Indirectly, in a signed message from a trusted certification agent (CA): – A certificate (Kohnfelder, 1978) is a digitally signed message from a CA binding a public key to a name: “The public key of Bob Smith is 4321025713765534220867 (signed: CA)’’ – Certificates can be passed around, or managed in directories. 4 4 4

  5. Scaling-Up Problems  How do I find out the CA’s public-key (in an authentic manner)?  How can everyone have a unique name ?  Will these unique names actually be useful to me in identifying the correct public key?  Will these names be easy to use? 5 5 5

  6. Hierarchical “Solution” Hierarchical “Solution”  (PEM, X.509): Use a global hierarchy with one (or few) top-level roots: A B C D  Use certificate chains (root to leaf): A B C D  Names are also hierarchical: A/B/C/D . 6 6 6

  7. Scaling-Up Problems (continued)  Global name spaces are politically and technically difficult to implement.  Lawyers must get involved if one wants certificates to support commerce or binding contracts. Standards of due care for issuing certificates must be created.  Nonetheless, a global hierarchical PK infrastructure is slowly beginning to appear (e.g. VeriSign). 7 7 7

  8. PGP “Solution”  User chooses name (userid) for his public key: Robert E. Smith <res@xyz.com>  Bottom-up approach where anyone can “certify” a key (and its attached userid).  “Web of trust” algorithm for determining when a key/userid is trusted. 8 8 8

  9. Is There a Better Way?  Reconsider goals...  Standard problem is to implement name key maps : – Given a public key, identify its owner by name – Find public key of a party with given name  But often the “real’’ problem is to build secure distributed computing systems: – Access control is paradigmatic application: should a digitally signed request (e.g. http request for a Web page) be honored? 9 9 9

  10. SPKI/SDSI (“spooky”?/“sudsy”)  S imple P ublic K ey I nfrastructure  S imple D istributed S ecurity I nfrastructure  SDSI is effort by Butler Lampson and myself to rethink what’s needed for distributed systems’ security. It attempts to be fresh design (start with a clean slate).  SPKI is effort by Carl Ellison and others to design public-key infrastructure for IETF.  SPKI/SDSI is a merger of these designs. 10 10 10

  11. Motivations:  Incredibly slow development of PK infrastructure  Sense that existing PK infrastructure proposals are: – too complex (e.g. ASN.1 encodings ) – an inadequate foundation for developing secure distributed systems  A sensed need within W3C security working group for a better PK infrastructure 11 11 11

  12. Related Work  Blaze, Feigenbaum, and Lacy’s work on “decentralized trust management” (Policy-Maker)  W3C (world wide web consortium) work on security and on PICS  Evolution of X.509 standards 12 12 12

  13. Simple Syntax (S-expressions) Byte-strings: abc (token) “Bob Dole” (quoted string) (hexadecimal) &4A5B70 (base-64) =TRa5 #3:def (length:verbatim) [unicode] &3415AB8C (display hint) abc~ def = abcdef (fragmentation) Lists: (certificate (issuer bob) (subject alice)) 13 13 13

  14. Principals are Keys  Our active agents (principals) are keys : specifically, the private keys that sign statements. We identify a principal with the corresponding verification (public) key: (public-key (rsa-md5-verify object signature (const &03) (const &435affd1…)))  In practice, keys are often represented by their hash values. 14 14 14

  15. Keys may be simple programs  (public-key (let object-hash (md5 object)) (equal object-hash (rsa signature (const &03) (const &435affd1…))))  Programming language has only two statement types: – assignment statements – equality tests. 15 15 15

  16. All Keys are Equal  Each principal can make signed statements, just like any other principal.  These signed statements may be certificates, requests, or arbitrary S-expressions.  This egalitarian design facilitates rapid “bottom-up” deployment of SPKI/SDSI. 16 16 16

  17. Signed Objects  Signing creates a separate object, containing the hash of object being signed.  (signed (object-hash (hash sha1 &84…)) (signer (public-key …)) (signature &5632…)) 17 17 17

  18. Encrypted Objects  (encrypted (key (hash sha1 &DA…)) (ciphertext =AZrG…))  One can indicate the key: – by its hash value – in encrypted form – using its name 18 18 18

  19. Users Deal with Names, not Keys  The point of having names is to allow a convenient understandable user interface.  To make it workable, the user must be allowed to choose names for keys he refers to in ACL’s.  The binding between names and keys is necessarily a careful manual process. (The evidence used may include credentials such as VeriSign or PGP certificates...) 19 19 19

  20. Names in SDSI are local  All names are local to some principal; there is no global name space. Each principal has its own local name space.  Syntax: (ref <key> name) (or just (ref name) if key is understood)  A principal can use arbitrary local names; two principals might use the same name differently, or name another key differently.  Linking of name spaces allows principals to use definitions another principal has made. 20 20 20

  21. Linking of name spaces  A principal can export name/value bindings by issuing corresponding certificates.  Name spaces are linked; I can refer to keys named: (ref bob) (ref bob alice) (ref bob alice mother) if I have defined bob , bob has defined alice , and alice has defined mother . 21 21 21

  22. Certificates in SPKI/SDSI 2.0  These take a single unified form, but are used for many purposes: – binding a local name to a value – defining membership in a group – delegating rights to others – specifying attributes of documents and of key- holders 22 22 22

  23. Certificate Parts  issuer: <key> or (ref <key> name)  subject: <key> or (ref <key> name 1 … name k ) or a document (or its hash)  validity period (not-before …) (not-after …) Note: no revocation of certificates!  tag: specifying rights or attributes  propagation-control: a boolean flag 23 23 23

  24. Sample Certificate (certificate (issuer (ref <my-key> “Bob Smith”)) (subject <bob’s-key>) (not-after 1996-03-19_07:00 ) (tag (*))) This defines <bob’s-key> as the value of the name “Bob Smith” in my key’s name space . The tag (*) means that <bob’s-key> inherits all the rights of my name “Bob Smith” . 24 24 24

  25. Certificate Chains  A sequence of certificates can form a chain , where definitions cascade and rights flow.  {K1} ==> {K1 mit rivest} (tag (read foo)) {K1 mit} ==> {K2} (tag (read (*))) {K2 rivest} ==> {K3} (tag (read (*))) is equivalent to: {K1} ==> {K3} (tag (read foo))  Validity periods and tags intersect.  A request may be accompanied by a chain. 25 25 25

  26. Generalized tags and *-forms  There are a set of “*-forms” for writing tags that represent a set of *-free tags. The system can automatically intersect these sets, even though tag semantics is application-dependent.  (tag (spend-money (account (* set 1234 5678)) (date (* range date 1997 1998)) (amount (* range numeric 1 1000)))) 26 26 26

  27. Propagation Control  A certificate may turn on propagation control, in which case rewriting of issuer’s name in a certificate chain can not proceed past the point where it is rewritten to be a single key.  Examples: – Subscribers to on-line journal – Group of individuals who are “adults”. 27 27 27

  28. Cert can also describe keyholder (certificate (issuer <rons-key>) (subject (keyholder <rons-key>) ) (not-after 1998-01-01_00:00) (tag (name “Ronald L. Rivest”) (postal-Address ... ) (phone 617-555-1212) (photo [image/gif] ... ) (email rivest@mit.edu ) (server “http://aol.com/~rlr” ))) 28 28 28

  29. On-line orientation  We assume that each principal can provide on-line service directly, or indirectly through a server.  A server provides: – access to certificates issued by the principal – access to other objects owned by principal 29 29 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On Public-Key Infrastructures by Ronald L. Rivest MIT Lab for Computer Science (SDSI is joint

On Public-Key Infrastructures by Ronald L. Rivest MIT Lab for Computer Science (SDSI is joint

On Public-Key Infrastructures by Ronald L. Rivest MIT Lab for Computer Science (SDSI is joint work with Butler Lampson) 1 1 1 Outline Context and history Motivation and goals SDSI (Simple Distributed Security

549 views • 36 slides
A Component Security Infrastructure Y. David Liu Scott Smith http://www.jcells.org 9/24/15

A Component Security Infrastructure Y. David Liu Scott Smith http://www.jcells.org 9/24/15

A Component Security Infrastructure Y. David Liu Scott Smith http://www.jcells.org 9/24/15 Cells @ FCS 2002 1 Motivation Build software systems Secure software using components systems SDSI/SPKI Cells Secure software systems at the

833 views • 38 slides
Subordinate CA Disclosure CA Operator CA Private Key CA Private Key CA Private Key CA (SPKI +

Subordinate CA Disclosure CA Operator CA Private Key CA Private Key CA Private Key CA (SPKI +

Subordinate CA Disclosure CA Operator CA Private Key CA Private Key CA Private Key CA (SPKI + DN) CA (SPKI + DN) CA (SPKI + DN) also SKID also SKID also SKID Root CA (SPKI + DN) CA (SPKI + DN) CA (SPKI + DN) CA (SPKI + DN) CA (SPKI +

316 views • 5 slides
SDSI -- A S imple D istributed S ecurity I nfrastructure by Ronald L. Rivest MIT Lab for Computer

SDSI -- A S imple D istributed S ecurity I nfrastructure by Ronald L. Rivest MIT Lab for Computer

SDSI -- A S imple D istributed S ecurity I nfrastructure by Ronald L. Rivest MIT Lab for Computer Science (joint work with Butler Lampson) Outline Context and history Motivation and goals SDSI: syntax public keys (principals)

717 views • 32 slides
SDSI -- A S imple D istributed S ecurity I nfrastructure by Ronald L. Rivest MIT Lab for Computer

SDSI -- A S imple D istributed S ecurity I nfrastructure by Ronald L. Rivest MIT Lab for Computer

SDSI -- A S imple D istributed S ecurity I nfrastructure by Ronald L. Rivest MIT Lab for Computer Science (joint work with Butler Lampson) 1 1 1 Outline Context and history Motivation and goals SDSI: syntax public keys

576 views • 34 slides
Distributed Security Infrastructure Makan.Pouzandi@Ericsson.ca Ericsson Research Open Systems

Distributed Security Infrastructure Makan.Pouzandi@Ericsson.ca Ericsson Research Open Systems

Distributed Security Infrastructure Makan.Pouzandi@Ericsson.ca Ericsson Research Open Systems Lab Montral Canada June 26 , 2002 Rev PA1 2002-07-05 1 Ericsson Canada Agenda Context Security in Telecom business Current

1.34k views • 60 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Compiler Infrastructure Systems and Internet Infrastructure Security

603 views • 23 slides
Sancus: A Low-Cost Security Architecture for Distributed IoT Applications on a Shared

Sancus: A Low-Cost Security Architecture for Distributed IoT Applications on a Shared

Sancus: A Low-Cost Security Architecture for Distributed IoT Applications on a Shared Infrastructure Job Noorman Public PhD Defence 19 Apr 2017 Safety considerations when lodging in a hotel Untrusted guests Locked room Unknown personnel

1.16k views • 79 slides
Poster 158 1 / 4 Poster 158 Security in Distributed ML Zeno: distributed synchronous SGD that

Poster 158 1 / 4 Poster 158 Security in Distributed ML Zeno: distributed synchronous SGD that

Zeno: Distributed Stochastic Gradient Descent with Suspicion-based Fault-tolerance Cong Xie, Oluwasanmi Koyejo, Indranil Gupta June 12, 2019 Poster 158 1 / 4 Poster 158 Security in Distributed ML Zeno: distributed synchronous SGD that

211 views • 4 slides
A Distributed X.509 Public Key Infrastructure Backed by a Blockchain A public key infrastructure

A Distributed X.509 Public Key Infrastructure Backed by a Blockchain A public key infrastructure

A Distributed X.509 Public Key Infrastructure Backed by a Blockchain A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage

248 views • 23 slides
Internet Infrastructure Security Internet Infrastructure Security Simon Fraser University Scott

Internet Infrastructure Security Internet Infrastructure Security Simon Fraser University Scott

Internet Infrastructure Security Internet Infrastructure Security Simon Fraser University Scott Wakelin 4/27/2004 1 Road Map Road Map Project Goals and Overview Project Status Network Infrastructure ISP Topology ISP

554 views • 30 slides
` James R. Wilcox Zach Tatlock Ilya Sergey Distributed Systems Distributed Infrastructure

` James R. Wilcox Zach Tatlock Ilya Sergey Distributed Systems Distributed Infrastructure

Programming Language Abstractions for Modularly Verified Distributed Systems { P } c { Q } ` James R. Wilcox Zach Tatlock Ilya Sergey Distributed Systems Distributed Infrastructure Distributed Applications Verified Distributed Systems

794 views • 64 slides
A Simple and Small Distributed File System Based on article TidyFS: A Simple and Small

A Simple and Small Distributed File System Based on article TidyFS: A Simple and Small

A Simple and Small Distributed File System Based on article TidyFS: A Simple and Small Distriburted File System by Dennis Fetterly, Maya Haridasan, Michael Isard, Swaminathan Sundararaman. 1. Parallel computations on clusters 2. Shared

373 views • 21 slides
Hacking (with) a TPM Dont ask what you can do for TPMs, ask what TPMs can do for you

Hacking (with) a TPM Dont ask what you can do for TPMs, ask what TPMs can do for you

Hacking (with) a TPM Dont ask what you can do for TPMs, ask what TPMs can do for you AndreasFuchsSIT (@Github) tpm2-software.github.io $ whoami / Full Disclosure Working on TPMs for Fraunhofer-SIT, some sponsored by Infjneon with

1.06k views • 18 slides
Investigation of the environment influence for the underground and cryogenic gravitational wave

Investigation of the environment influence for the underground and cryogenic gravitational wave

Investigation of the environment influence for the underground and cryogenic gravitational wave detector, KAGRA 16th International Conference on TAUP 2019 2019/09/10, Toyama International Conference Center, Toyama, Japan Takaaki Yokozawa(ICRR)

475 views • 15 slides
CSE 344 Introduc/on to Data Management Sec/on 9: AWS, Hadoop, Pig La/n Yuyin Sun Homework 8

CSE 344 Introduc/on to Data Management Sec/on 9: AWS, Hadoop, Pig La/n Yuyin Sun Homework 8

CSE 344 Introduc/on to Data Management Sec/on 9: AWS, Hadoop, Pig La/n Yuyin Sun Homework 8 (Last hw J ) 0.5 TB (yes, TeraBytes!) of data 251 files of ~ 2GB each btc-2010-chunk-000 to btc-2010-chunk-317 You will write pig queries

351 views • 31 slides
OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by

OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by

OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by Paul Wouters, RHEL Security THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec based VPN solution

736 views • 32 slides
Webinar European Fuel Cell micro-CHP Market Fuel cells in buildings: an easy plug-and-play

Webinar European Fuel Cell micro-CHP Market Fuel cells in buildings: an easy plug-and-play

PACE Pathway to a Competitive Webinar European Fuel Cell micro-CHP Market Fuel cells in buildings: an easy plug-and-play solution to reduce energy costs and emissions 16 June 2020 What and why fuel cell micro-Cogeneration? Heating and

197 views • 6 slides
Giuseppe Giordano and Jonas Sj oberg Department of Signals and Systems Maximum Likelihood

Giuseppe Giordano and Jonas Sj oberg Department of Signals and Systems Maximum Likelihood

Giuseppe Giordano and Jonas Sj oberg Department of Signals and Systems Maximum Likelihood identification of Wiener-Hammerstein model in presence of process noise Chalmers University of Technology Outline 2 / 16 Motivation 1

1.62k views • 50 slides
Email Security Guevara Noubir Network Security Northeastern

Email Security Guevara Noubir Network Security Northeastern

Email Security Guevara Noubir Network Security Northeastern University Email Security 1 Email One of the most widely used applica&gt;ons of the

360 views • 14 slides
Models for LTI systems LTI system stands for linear time invariant system Model describing LTI

Models for LTI systems LTI system stands for linear time invariant system Model describing LTI

Models for LTI systems LTI system stands for linear time invariant system Model describing LTI system using an input-output relation y k = G ( q ) u k + H ( q ) e k with output (time) series y = { y k : k = 0 , 1 , . . . , N } input (time) series

1.28k views • 91 slides

More recommend