Outline for May 5, 2005

Reading: §12.3-12.6, §22.2, §15


It has often been said tha the only way to decipher a message that has been enciphered using RSA is to factor the modulus n used by the cipher. If you were told that an enciphered message was on a computer that you controlled, and that the message was enciphered using RSA with an n of 1024 bits (about 309 decimal digits), how would you find the encrypter's private key?


  1. Challenge-response systems
    1. Computer issues challenge, user presents response to verify secret information known/item possessed
    2. Example operations: f(x) = x+1, random, string (for users without computers), time of day, computer sends E(x), you answer E(D(E(x))+1)
    3. Note: password never sent on wire or network
    4. Attack: man-in-the-middle
    5. Defense: mutual authentication
  2. Biometrics
    1. Depend on physical characteristics
    2. Examples: pattern of typing (remarkably effective), retinal scans, etc.
  3. Location
    1. Bind user to some location detection device (human, GPS)
    2. Authenticate by location of the device
  4. Combinations: PAM
  5. Access Control Lists
    1. UNIX method
    2. ACLs: describe, revocation issue
  6. Capabilities
    1. Capability-based addressing: show picture of accessing object
    2. Show process limiting access by not inheriting all parent's capabilities
    3. Revocation: use of a global descriptor table
  7. Privilege in Languages
    1. Nesting program units
    2. Temporary upgrading of privileges
  8. Lock and Key
    1. Associate with each object a lock; associate with each process that has access to object a key (it's a cross between ACLs and C-Lists)
    2. Example: use crypto (Gifford). X object enciphered with key K. Associate an opener R with X. Then:
      OR-Access: K can be recovered with any Di in a list of n deciphering transformations, so
      R = (E1(K), E2(K), ..., En(K)) and any process with access to any of the Di's can access the file
      AND-Access: need all n deciphering functions to get K: R = E1(E2(...En(K)...))
    3. Types and locks
  9. MULTICS ring mechanism
    1. MULTICS rings: used for both data and procedures; rights are REWA
    2. (b1, b2) access bracket - can access freely; (b3, b4) call bracket - can call segment through gate; so if a's access bracket is (32,35) and its call bracket is (36,39), then assuming permission mode (REWA) allows access, a procedure in:
      rings 0-31: can access a, but ring-crossing fault occurs
      rings 32-35: can access a, no ring-crossing fault
      rings 36-39: can access a, provided a valid gate is used as an entry point
      rings 40-63: cannot access a
    3. If the procedure is accessing a data segment d, no call bracket allowed; given the above, assuming permission mode (REWA) allows access, a procedure in:
      rings 0-32: can access d
      rings 33-35: can access d, but cannot write to it (W or A)
      rings 36-63: cannot access d

Here is a PDF version of this document.