Скачать презентацию 1 Security Services 2 Security aspects of Скачать презентацию 1 Security Services 2 Security aspects of

e44f2d1af2a36f52aa9509d3b81028ea.ppt

  • Количество слайдов: 12

1 Security Services 1 Security Services

2 Security aspects of RPC • Mechanisms: – Private-Key-Method (symmetric) • „Data Encryption Standard“ 2 Security aspects of RPC • Mechanisms: – Private-Key-Method (symmetric) • „Data Encryption Standard“ (DES) • Use of a „Key Distribution Center“ with session keys on the base of private keys • Setup of conversation contexts during Binding – Public-Key-Method (asymmetric): RSA • Identification and authentication – Identification during Binding – Authentication: Verification of identity of a called object instance and also of server during distribution of session keys

3 Encryption Key. Request (C, S) Client C (with key K 1) CS {CS} 3 Encryption Key. Request (C, S) Client C (with key K 1) CS {CS} K 2 Response ( {{CS}K 2, {CS}}K 1 ) Key distribution center generates CS(S 1, S 2) Message( {}CS, {CS} K 2 ) Server S (with key K 2) Response ( {}CS ) Message( {}CS) Response ( {}CS ) Example: System „Kerberos“ with DES used in OSF DCE CS

4 Identification and authentication • Identification: – Presentation of a explicit identifier – Assignment 4 Identification and authentication • Identification: – Presentation of a explicit identifier – Assignment and name construction important during Binding (compare with name server) • Authentication: – Verification of identity via presentation of a secret identifier – Using of private keys (for instance, from password) – Authentication of the client and of the server via decryption of the (session) key – Key distribution point: authentication service – Additionally: timestamp for prevention of message repeats

5 Security aspects of RPC • Possible guaranties: – – Bugging, modification, call repeat 5 Security aspects of RPC • Possible guaranties: – – Bugging, modification, call repeat and call initiation prevented Identity of communication partners guaranteed tolerable performance losses Traffic density analysis possible • Security classes of DCE RPC – – – Authentication during Binding Authentication for each call Authentication for each packet Defense against message modification (encrypted control sum) Full-state encryption

Asymmetric crypto-method with public keys • • • KD - secret key for decryption Asymmetric crypto-method with public keys • • • KD - secret key for decryption KE - public key for encryption nonreversible function F(KD) = KE Client C secret: KD_C public: KE_S Calculation and delivery of private keys KE_S(M) Server S secret: KD_S public: KE_C M=KD_S(KE_S(M)) Message M transmission M=KD_C(KE_C(M)) KE_C(M) 6

7 Authorization Awarding and control of access rights: – Capabilities for Client or – 7 Authorization Awarding and control of access rights: – Capabilities for Client or – Access control lists for Server „Subject“ Meier „Object“ Access control lists (ACL) RPC Server File Server Name Server Müller Huber read write read Capabilities

8 Access control list example Call: dynamic rights control Document. Server usr_obj foreign_user group_obj 8 Access control list example Call: dynamic rights control Document. Server usr_obj foreign_user group_obj /. : /sec/principal/Meier /. . . /firm_z. de/sec/principal/Müller /. : /sec/group/Dept_1 : rwid : r--: rwi-

9 Implementation example Security Server Authentication Client (Cash desk) Account Server Encrypted transmission Authorization 9 Implementation example Security Server Authentication Client (Cash desk) Account Server Encrypted transmission Authorization Meier: rx Müller: rwx - Control of identity of communication partners - Defense against bugging, manipulation, illegal access - Conformant to standards (for instance, DES and IDEA-algorithms)

10 Security Service: architecture Client Login-Facility Application client Authentication protocol CORBAruntime-system Security Service Security 10 Security Service: architecture Client Login-Facility Application client Authentication protocol CORBAruntime-system Security Service Security Server Authentication protocol CORBAruntime-system Server ACL Editor Application server ACL Manager Authentication protocol CORBAruntime-system Login-Facility: Password control and generating of a private key Authentication protocol: Processing of distributed authentication ACL Manager: Control of access rights of a client on the server site ACL Editor Definition and manipulation of access rights

11 Security Service: Authentication 1. Phase: Login Client (Login. Components) Authenticate “ticket granting ticket” 11 Security Service: Authentication 1. Phase: Login Client (Login. Components) Authenticate “ticket granting ticket” (TGT) with encrypted Client Key “ticket granting ticket” (TGT) “privilege attribute certificate” (PAC) Security Server (Privilege Server) • Client sends authentication query to the Security Service • Security Service generates TGT and encrypts that with Client Key (from password) • If client identity is correct, then client can encrypt the TGT (inclusive add-on information) • Client sends TGT (newly encrypted) to the Privilege Server (Security Service) • This is a proof for correct identity; client receives PAC and is authenticated

12 Security Service: Authentication 2. Phase: Call of a server Client Requests a Ticket 12 Security Service: Authentication 2. Phase: Call of a server Client Requests a Ticket Call (Ticket) Answer Security Server (Privilege Server) Application server (ACL Manager) • Authenticated Client requests a Ticket for the application server from the Security Service • Security Service controls identity and awards the Ticket • Client carries out a call (internal further steps to mutual authentication) • ACL Manager of the server controls the authorization ( in ACL contained? ) • Server carries out the call and delivers the results • Communication generally encrypted (however compromise: security vs. performance)