usc-csci530-f08-l04-5

usc-csci530-f08-l04-5 - USC CSci530 Computer Security...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  USC CSci530 Computer Security Systems Lecture notes Fall 2008 Dr. Clifford Neuman University of Southern California Information Sciences Institute
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Administration Assignment 1 on course web page http://ccss.usc.edu/530 Due 24 September 2008
Background image of page 2
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  CSci530: Security Systems Lecture 4 – September 19, 2008 Authentication & Identity Management Dr. Clifford Neuman University of Southern California Information Sciences Institute
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Practical use of keys Email (PEM or S/MIME or PGP) Hashes and message keys to be distributed and signed. Conferencing Group key management ( discussed later) Authentication (next lecture) SSL And other “real time” protocols Key establishment
Background image of page 4
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Recovery from exposed keys Revocation lists (CRL’s) Long lists Hard to propogate Lifetime / Expiration Short life allows assurance of validitiy at time of issue. Realtime validation Online Certificate Status Protocol (OCSP) What about existing messages?
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Key Management Overview Key size vs. data size Affects security and usability Reuse of keys Multiple users, multiple messages Initial exchange The bootstrap/registration problem Confidentiality vs. authentication
Background image of page 6
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Key Management Review KDC’s and Certificate Authorities Generate and distribute keys Bind names to shared keys
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Group Key Management Issues Revoking access Change messages, keys, redistribute Joining and leaving groups Does one see old message on join How to revoke access Performance issues Hierarchy to reduce number of envelopes for very large systems Hot research topic
Background image of page 8
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Group Key Management Approaches Centralized Single entity issues keys Optimization to reduce traffic for large groups May utilize application specific knowledges Decentralized Employs sub managers Distributed Members do key generation May involve group contributions
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 92

usc-csci530-f08-l04-5 - USC CSci530 Computer Security...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online