Lecture 24, May 24

Reading: §12, 15
Due: Homework #4, due May 24, 2013 at 11:55pm

Discussion Problem. The U. S. government has proposed expanding wiretap design laws to include Internet services and software such as voice-over-IP (VoIP), instant messaging, Xbox Live, and other services.1 What technical problems might such a wiretap “back door” create?

Lecture outline.

  1. Challenge-response systems
    1. Computer issues challenge, user presents response to verify secret information known/item possessed
    2. Example operations: f(x) = x+1, random, string (for users without computers), time of day, computer sends E(x), you answer E(D(E(x))+1)
    3. Note: password never sent on wire or network
  2. Biometrics
    1. Depend on physical characteristics
    2. Examples: pattern of typing (remarkably effective), retinal scans, etc.
  3. Location
    1. Bind user to some location detection device (human, GPS)
    2. Authenticate by location of the device
  4. Access Control Lists
    1. UNIX method
    2. ACLs: describe, revocation issue
  5. Capabilities
    1. Capability-based addressing
    2. Inheritance of C-Lists
    3. Revocation: use of a global descriptor table
  6. Lock and Key
    1. Associate with each object a lock; associate with each process that has access to object a key (it’s a cross between ACLs and C-Lists)
    2. Example: use crypto (Gifford). X object enciphered with key K. Associate an opener R with X. Then:
      OR-Access: K can be recovered with any Di in a list of n deciphering transformations, so R = (E1(K), E2(K), …, En(K)) and any process with access to any of the Di’s can access the file
      AND-Access: need all n deciphering functions to get K: R = E1(E2(… En(K) …))
    3. Types and locks
  7. MULTICS ring mechanism
    1. Rings, gates, ring-crossing faults
    2. Used for both data and procedures; rights are REWA
    3. (b1, b2) access bracket—can access freely; (b3, b4) call bracket—can call segment through gate; so if a’s access bracket is (32, 35) and its call bracket is (36, 39), then assuming permission mode (REWA) allows access, a procedure in:
      rings 0–31: can access a, but ring-crossing fault occurs
      rings 32–35: can access a, no ring-crossing fault
      rings 36–39: can access a, provided a valid gate is used as an entry point
      rings 40–63: cannot access a
    4. If the procedure is accessing a data segment d, no call bracket allowed; given the above, assuming permission mode (REWA) allows access, a procedure in:
      rings 0–32: can access d
      rings 33–35: can access d, but cannot write to it (W or A)
      rings 36–63: cannot access d
Footnote:
1Charlie Savage, “U.S. Weighs Wide Overhaul of Wiretap Laws,” New York Times (May 7, 2013); available at http://www.nytimes.com/2013/05/08/us/politics/obama-may-back-fbi-plan-to-wiretap-web-users.html?_r=0.
You can also obtain a PDF version of this. Version of May 23, 2013 at 8:05PM