User:Sqying
Introduction
[edit]The rapid expansion of internet in its scope and capabilities makes it possible for a single computer to be connected to a vast number of others. It is expected to lead to a qualitative change in the nature of computing and information sharing processes. The previous localized nature of the said process can now be spread all over the internet, instantaneously and automatically.
Such an increase in connectivity brings new problems that are neither considered significant nor even relevant when the computers are left alone. Although the current status of the internet is still far from such a stage. Its early symptoms have manifested in various internet application domains, like the online identity theft, internet spam, the hard to be balanced rights management between the producer and consumer of digital products, and mutual exclusive nature between the technical advances in the peer-to-peer networks and commercial interests, legitimate concerns regarding their security weakness, etc.. The worry of technocal impossiblity make some to take extreme stands. Proper security technology are considered one of the important cures of most of these problems.
This article is about a brief survey of some current implementations of cryptographic security systems at the protocol level. And how some of the difficult problems are solved by a declarative one.
The goals of a modern internet security system are to provide unified solutions to a maximum set of the following problems [1] (see also here)
- Identification: The allocation of an unique name space position for each entity.
- Authentication: The verification of whether or not a given entity has indeed the claimed name space value and the associated quality.
- Authorization: The assignment of possible actions that a given named entity can perform in a given context.
- Integrity: Traditionally this refers to the integrity of the data been exchanged. Here it is generalized to also include the integrity of any meta information relevant to a context.
- Confidentiality: Or information security. The encryption of data, the safeguard of private keys, etc.
- Non-repudiation: The ability to guarantee that no one entity in one to one or one to many entity interaction can deny actions done by the said entity that is against a pre-established agreement between the entities involved.
- Impersonation: The act of one agent performing actions on behalf of another one provided 1) the second one has the authorization 2) whose identity is authenticated by a third entity trusted by the first one and 3) the first agent can not initiate the Impersonation without explicity authorization of the second entity.
Explanation
[edit]- Identification: A secured identity management system guarantee the proper operation of collective work of a group at macroscopic levels and also at the microscopic level (see identity crisis). It also prevents unauthorized Impersonation called Identity theft.
- Non-repudiation: Provided Identification and Authentication are properly handled, this is automatically satisfied. Some security solutions also has the plausible deniability characteristics when the entities involved are either not equal in power (e.g. the voters and votees in election processes) or it is agreed upon implicitly or explicitly before such an act is expected to take place. As long as the Identification component is properly handled, Non-repudiation does not logically exclude the plausible deniability.
- Impersonation: The first agent must be trustable and authenticated by the second one before the act. It is most likely a none stranger entity that has a tested integrity in the relationship and intelligency, like a machine, trusted human entity, or a dog (if the second requirement is low). This is more of implementation details compared to the above goals.
Among the best methods developed use a combination of public key and symmetric key algorithm to faciliate strong end point authentication and block data cryptographic processing efficiency.
Current Implementations
[edit]A Conversation Between Alice and Bob
[edit]To ourselves: Who do I trust? This is already a hard question even in real life, let along on the internet. But things can become better with a stateful declarative solution.
To others: Who are you? This is generally considered not a welcome question to many. It tends to drive curious potential associates (friends,users, etc.) away. Authentication nevertheless has to ask this question. The question is how to make it more acceptable. A stateful declarative, just in time security system has the following merits
- It is more secure against spoofing.
- It protects a user's privacy.
- It makes the reply of the above question more acceptable
What do you mean by 'Declarative' or 'Imperative', don't play word game with me! It is surely not of that kind. The term 'Declarative' here means essentially declare first and substantiate the claim when needed base both on the credential supplied for the proof and on the past experiences about the claimed entity. The term 'Imperative' here means proof it now and forget about it afterward. They differ in the sequence or order of operations performed in the authentication process and in credit building process. For example, Bob and Alice talk over a dedicated telephone line for important issues. One day the sleepy Bob was not sure who was on the other end when it rang, a conversation could proceeded like the following
- Alice: Hello Bob.
- Bob: I am sorry, you are ...
- Alice: I am Alice.
- Bob: Oh, hi, Alice.
- Alice: It's nice today.
- Bob: Yeah, indeed.
- ......
- Alice: Could you send me $10,000 to the following address?
- Bob: !!?? (awakened)
- Alice: Because our department ...
- Bob: Sure, right away!
- Alice: Thanks!
- Bob: Good bye.
In declarative authentication process, Bob will check the credential he kept for the real Alice he know about and ask this Alice to proof herself when she ask him to send the money and then send the money to a pre-established account between them, which he know it is sure to send, directly, to the real Alice from previous experience and resulting trust with the account. There will be no direct benefit for a fake Alice to trick Bob to send the money. But in imperative authentication process Bob will ask her to identify herself when he say Who is it and, if he want to be absolutely sure, he need to ask her to meet him somewhere in order to see her and hand the money to her in person. So in fact the above conversation never continue beyond the fourth line. If he becomes lazy, there could various holes on the implementation of the process to transfer the money to Alice by a series of third parties or middle men (servers, the potential holes). At least two weak points are opened
- Since Bob's message is decrypted at each server, stored or re-encrypted (if it is done at all) and transfer to the next one. Question arises: how does anybody know who can access those plain messages while they stay on a server? As the internet becomes more and more complex and diverse, these intermediate relay stations will become more and more and they are also changing dynamically, there is simply no effective way of controlling all of them by anybody. If there is one, does anybody trust it or welcome it? If not, repudiation becomes possible.
- Since Bob authenticated the identity of Alice at the beginning of the conversation and send the money after exchange a few casual conversations with Alice. There is time for a skilled eavesdropper to manipulate the authenticated connection by, e.g., IP or DNS spoofing to redirect the authenticated line to his/her server...
Such explorations, if occurred, can continue without the person behind it been caught since it is stateless. Of course the imperative solutions can incorporate some of the later features about the state, there are still other benefits that a declarative solution can be a merit.
Another benefit of the declarative authentication process is that if Alice never asked for the money, they could both have a nice chat on weathers, politics, and other casual stuffs without any interruption of the conversation. But in imperative one, the dedicated line could never be used for less serious conversations, it is indeed dedicated. The web is not a dedicated private net, it is public one on which most of the stuffs are of the causal types. Some people even want to be anonymous when surfing it. Getting serious or getting real is only infrequent events. Therefore, it is better to have a stateful declarative security system.
References
[edit]- A. Nash, W. Duane, C. Joseph, and D. Brink in PKI Implementation and Managing E-Security RSA Press (Osborne/McGraw-Hill, New York, 2001).