Authentication Approaches Phillip Hallam-Baker Veri. Sign Inc.
Why? Authentication + Authorization = Access Control • Authentication – IP Address – Cryptographic • Authorization – Email Address Whitelists – Domain Whitelists – Payment [alice@example. com] [$0. 01 stamp]
How Strong is Enough? • LIST Kiddies – Like a script kiddie but they pay for the mailing list – Actually a spam victim, they get worthless service in return • SPAM Houses – Will adapt to heuristic authentication approaches • But it will cost them
PKI • Infrastructure exists to – Ensure that a party owns the purported domain name – Ensure that legal process can be served on the certificate holder – With a high (but not absolute) degree of confidence SECURITY IS RISK CONTROL NOT RISK ELIMINATION
Deployment Argument • Authentication Compliments Filtering – Network effect, aka Chicken and Egg problem • Avoid false positives – Without creating backdoors • ‘Allow all mail from hotmail. com, they use rate limiting’ • Allows more aggressive criteria • Cryptographic Authentication is robust – Asymmetric work factor – No viable counter-strategies
Problem – Email Insecure by Default • Downgrade attack – I can tell a signed message comes from the sender – I cannot assume an unsigned message is false • Key is to know the security policy of the domain
DNS Based Security Policy • Reverse IP look up – Some Current Use – Only demonstrates that the IP address has been assigned • IPv 4 address exhaustion will make this uninteresting – Configuration problem – servers handling 1000’s of domains – Many ISPs do not delegate reverse DNS as they should • Get a new ISP is an idiotic deployment strategy
![Forward DNS • Address based authentication – RCPT From [Vixie] – Reverse MX –](https://present5.com/presentation/b6e4df208dbe9097be41ea42bc46e352/image-8.jpg "Forward DNS • Address based authentication – RCPT From [Vixie] – Reverse MX –")
Forward DNS • Address based authentication – RCPT From [Vixie] – Reverse MX – – – Pro: Lightweight, almost costless Pro: Obsoletes most existing spamware Con: Could be vulnerable to new spamware Con: Some operational issues Con: Only works if mail from domain is relayed
Generalized Security Policy • Security Policy Advertisement Mechanism – Advertise any form of security policy • • • ALWAYS comes from address X, Y or Z OPTIONAL uses STARTTLS, cert root has SHA 1 P OPTIONAL uses S/MIME, cert root has SHA 1 Q OPTIONAL uses PGP, validate against XKMS R NEVER uses NULL Authentication – Can be generalized to other protocols • IPSEC, SSH, NNTP, POP, IMAP…
This is Just a Bug We Are going to FIX IT
Скачать презентацию Authentication Approaches Phillip Hallam-Baker Veri Sign Inc
b6e4df208dbe9097be41ea42bc46e352.ppt