Areas of Concern:

privacy: legal, social
security: external vs. internal
protection: mechanisms

Topics:

authentication: verifying a claim of identity
authorization: verifying a claim of permission

Models:

discretionary vs. non-discretionary
access control vs. flow control

<...many graphics missing...>

• primitve operation: the atomic actions of the protection model
• commands: useful. commonly used collections of primitive operations
• mono-operational: all commands are primitive operations
• "leaks": a command leaks a given right if its execution can cause the right to be propogated to a subject not previously possessing that right
• safety: an initial state/configuration is safe for a given right if there does not exist a reachable state within which a command leaks that right
• decidability: safety is decidable for a mono-operational system.
  safety is not decidable for an arbitrary configuration of an arbitrary protection system
  however, safety may be decidable for specific protection systems

<...several graphics missing...>

Lattice Model

subjects
objects
security classes (SC) (object x is in security class x)

Flow Policy:

(SC, -->)
--> is a reflexive, antisymmetric, transitive relation over SC
information is allowed to flow from object x to object y iff x --> y.

Lattice Flow Policy:

A flow policy is a lattice if there exists least upper bound and greatest lower bounds on SC

<...one graphic missing...>

For:
       b := f(a1,...,an)

verify that:
       a1 + ... + an --> b


For:
       if e then S1 else S2

verify that:
       e --> S1 x S2 

where:
       S1 = x { b | b is a target of an assignment in S1}
       S2 = x { b | b is a target of an assignment in S2}

<...cryptography graphic here...>

Forms of attack:

ciphertext-only
known-plaintext
chosen-plaintext

Private Key:

A single key is used for both encryption and decryption.
Key distribution problem - a secure channel is needed to transmit the key before secure communication can take place over an unsecure channel.

Public Key:

The encryption procedure (key) is public while the decryption procedure (key) is private.
Requirements:

1. For every message M, D(E(M)) = M
2. E and D can be efficiently applied to M
3. It is impractical to derive D from E.

<...smiley graphic here...>

<...RSA graphic here...>

Secure Communication in a Public Key System
1. Choose two large (100 digit) prime numbers, p 
and q, and set
						n = p x q
2.	Choose any large integer, d, so that:
			GCD( d, ((p-1)x(q-1)) = 1
3.	Find e so that:
			e x d = 1 (modulo (p-1)x(q-1))
Example:
1.		p = 5, q = 11 and n = 55.
		(p-1)x(q-1) = 4 x 10 = 40
2.		A valid d is 23 since GCD(40, 23) = 1
3.		Then e = 7 since:
		23 x 7 = 161 modula 40 = 1

Authentication Services:

digital signatures
interactive communication (client-server)
one-way communication (electronic mail)

Forms of Attack:

replay of messages
interference (inserting bogus messages)

Authentication Servers:

maintain a list of (user, key) pairs
securely distributes conversation keys

Requirements:

unforgable and unique

receiver: knows that a message came from the sender
sender: cannot deny authorship

message integrity

message signature unchangable
(e.g., cannot cut-and-paste a signature into a message)

Public Key System:

   sender, A:   (EA: public, DA: private)
   receiver, B:	(EB: public, DB: private)

   sender(A) ---- C= EB(DA(M)) ---> receiver(B)
   receiver(B) -- M = EA(DB(C)) ---> M

Handshaking:

<...Handshaking graphic here...>

Obtaining a Public Key:

An authentication server (AS) with a public key (PKAS) and a private, or secret, key (SKAS) is used as follows:

	A --> AS:					(A, B)
	AS --> A:					ESKAS(PKB, B)

• The original message need not be encrypted
• A can decrypt the response from AS using PKAS
• A knows that the response can only have come from AS
• A knows that the response contains the key for B