Lecture 24 Outline (May 22, 2015)
Reading: §11.4.1, 12, 15
Assignment: Homework 4, due June 3, 2015 (no late assignments accepted)
- Greetings and felicitations!
- Anonymous mailings
- Cypherpunk remailer
- Mixmaster remailer
- Validating client (user) identity
- Validating server (system) identity
- Validating both (mutual authentication)
- Basis: what you know/have/are, where you are
- Selection techniques
- Storage techniques such as hashing
- Password sniffing
- Challenge-response techniques
- One-time passwords
- Encrypted key exchange
- Hardware support
- Depend on physical characteristics
- Examples: pattern of typing (remarkably effective), retinal scans, etc.
- Bind user to some location detection device (human, GPS)
- Authenticate by location of the device
- Access Control Lists
- UNIX method
- ACLs: describe, revocation issue
- Capability-based addressing
- Inheritance of C-Lists
- Revocation: use of a global descriptor table
Discussion Problem. Last fall, in the wake of the Snowden revelations of widespread NSA snooping, Google, Apple, and a number of other technology companies announced plans to encrypt user data. FBI Director James Comey demanded that technology companies build in “backdoors”. That way, if law enforcement needed access to the data, would be able to obtain the data even if the data were encrypted.
What technical problems might such a wiretap “back door” create?