Transcript CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz

CMSC 414
Computer and Network Security
Lecture 21
Jonathan Katz
Revocation
 Revocation is a key component of a PKI
– Secret keys stolen/compromised, user leaves
organization, etc.
 This is in addition to expiration dates
included in certificates
– Certificate might need to be revoked before
expiration date
– Expiration dates improve efficiency
Cert. revocation lists (CRLs)
 CA issues signed list of (un-expired)
revoked keys
– Must be updated and released periodically
– Must include timestamp
– Verifier must obtain most recent CRLs before
verifying a certificate
 Using “delta CRLs” improves efficiency
OLRS
 “On-line revocation server”
 Verifier queries an OLRS to find out if a
certificate is still valid
 If OLRS has its own key, it can certify that
a certificate is valid at a certain time
“Good lists”
 The previous approaches basically use lists
of “bad” certificates
 Also possible to use a list containing only
“good” certificates
– Likely to be less efficient
Directories
 PKIs do not require directories
– Users can store and present their own certificate
chains to a trust anchor
 Directories can make things easier, and
enable non-interactive setup
Finding certificate chains
 Two approaches: work “forward” from
target toward a trust anchor, or “backward”
from trust anchor to target
 The better approach depends on
implementation details
– For example, in system with name constraints,
easier to work “backward”
Anonymity
Anonymity vs. pseudonymity
 Anonymity
– No one can identify the source of any messages
– Can be achieved via the use of “persona”
certificates (with “meaningless” DNs)
 Pseudonymity
– No one can identify the source of a set of
messages…
– …but they can tell that they all came from the
same person
Levels of anonymity
 There is a scale of anonymity
– Ranges from no anonymity (complete
identification), to partial anonymity (e.g.,
crowds),to complete anonymity
– Pseudonymity is an orthogonal issue…
Anonymizers
 Proxies that clients can connect to, and use
to forward their communication
– Primarily used for email, http
 Can also provide pseudonymity
– This may lead to potential security flaws if
mapping is compromised
 Must trust the anonymizer…
– Can limit this by using multiple anonymizers
Traffic analysis
 If messages sent to remailers are not
encrypted, it is easy to trace the sender
 Even if encrypted, may be possible to
perform traffic analysis
– Timing
– Message sizes
– Replay attacks
Http anonymizers
 Two approaches
– Centralized proxy/proxies
– “Crowds…”
Implications of anonymity?
 Is anonymity good or bad?
– Unclear…
– Can pseudonymity help?
“Cookies”
 Cookies are tokens containing state
information about a transaction
 May contain (for example):
– Name/value; expiration time
– Intended domain (cookie is sent to any server in
that domain)
• No requirement that cookie is sent by that domain
Security violations?
 Cookies potentially violate privacy
– E.g., connecting to one server results in a
cookie that will be transmitted to another
 Storing authentication information in a
cookie is also potentially dangerous (unless
cookie is kept confidential, or other
methods are used)