8.7 Summary of Distributed Computer Security

sunflowerplateAI and Robotics

Nov 21, 2013 (3 years and 7 months ago)

82 views

Haidong

Xue


Part One: Review of the Knowledge in Textbook


goals, issues, solutions



Part Two: Current Application


X509.V3



Part Three: Future Work


goals

Issues

solutions

Goals:


Secrecy


Integrity


Availability


Reliability


Safety



Issues:


Access authorization


discretionary access control


mandatory access control


Message Security


cryptography


Mutual Authentication


cryptography




Cryptography:


private key system


public key system


protocol: Kerberos, X.509


DES

RSA

MD5

X.509 V3


Certificate


Version


Serial Number


Signature Algorithm


Issuer


Validity Subject


Subject Public Key Info


Public Key Algorithm


Subject Public Key


Issuer Unique Identifier (Optional)


Subject Unique Identifier (Optional)


Extensions (Optional)


Certificate Signature Algorithm


Certificate Signature

(http://en.wikipedia.org/wiki/X.509)


Customer

Kc
-
private

Kb
-
public

Bank

Kb
-
private

Kc
-
public



1. A = RSA(Information, Kb
-
public)

2. B = RSA(A,
Kc
-
private)

3. Send A,B


Customer

Kc
-
private

Kb
-
public

Bank

Kb
-
private

Kc
-
public

1.Signature:

(1). A = MD5(information)

(2). B = RSA(A,
Kc
-
private)


2. Encrypt:

(1). Generate 128bits DES Key

(2). C = DES(information, K
-
des)

(3). D = RSA(K
-
des, Kb
-
public)


3. Send B, C, D

Customer

Kc
-
private

Kb
-
public

Kca
-
public

Bank

Kb
-
private

Kc
-
public

Certificate Authority:

Kca
-
private

Kb
-
public

RSA( MD5(Kb
-
public),
Kca
-
private)

A new kind of private key


Randy Chow, Theodore Johnson. Distributed Operating
Systems& Algorithms. Addison Wesley, 1997


X.509.
http://en.wikipedia.org/wiki/X.509


Public key certificate.
http://en.wikipedia.org/wiki/Digital_Certificate


Introduction to the digital certificates.
http://hi.baidu.com/chenxu321/blog/item/783d100834aa50
d862d986ca.html


Principles of digital certificates.
http://blog.csdn.net/liukeforever/archive/2009/07/31/4396
521.aspx