Lecture 8 identity and authentication

Lecture 8 identity and authentication - Network Security...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Network Security Identity and Authentication Saturday, March 13, 2010
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Identity and Authentication What is identity? A computer’s representation of an unique entity (principal). What is authentication? Binding principal to system’s internal representation of identity. Why do we need identity? Accountability Access control Saturday, March 13, 2010
Background image of page 2
3 Identity for Files and Objects Files and other objects identified by “names” File name – humans use. File descriptor or handle – process use. File allocation table entry – kernel use. Example Unix – inodes, file descriptors, relative and absolute path names. URL’s – Uniform Resource Locator. Saturday, March 13, 2010
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Identity for Users User identity (UID) Identity of a single entity System represents user identity in different ways. Not always human/physical entity. Example – Unix Login name UID - integer. UID 0 is root. Logging done using login name. Same principal may have different identities. Real and effective UID in UNIX. Used by SUID programs. Saved UID – Free BSD and Solaris. Audit or login UID – set at login and never changed. Allows one to track the original UID of a process. Saturday, March 13, 2010
Background image of page 4
5 Groups and Roles Users may need to share resources. Groups allow assignment of rights to multiple principals simultaneously. Group identity is static or can change. Example – UNIX Each user assigned to one or more groups. Each process has user id and group id. Role is a type of group that ties membership to function. Sysadmin role, Backup role, webmaster role etc. Allows finer grained control over access rights. Mimics organizational structure of an enterprise. Saturday, March 13, 2010
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Identity on the internet Host Identity Related to network. Each network “layer” may use a different name. All names point to the same host but within different context. Hostname, IP address, Ethernet (MAC) address. Databases contain mappings between different names. Can be spoofed. Mapping mechanism may not be secure. Static and dynamic identifiers. DHCP, NAT. Local identifiers and global Saturday, March 13, 2010
Background image of page 6
Naming and Certificates Certification authority’s vouch for the identity of an entity - Distinguished Names (DN). /O=Polytechnic University/OU=CS/CN=John Doe Although CN may be same, DN is different. Policies of certification Authentication policy What level of authentication is required to identify the principal. Issuance policy Given the identity of principal will the CA issue a certificate? Saturday, March 13, 2010
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/02/2010 for the course CS 393 taught by Professor Staff during the Spring '08 term at NYU Poly.

Page1 / 57

Lecture 8 identity and authentication - Network Security...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online