modeling strength of security its application in pki
Download
Skip this Video
Download Presentation
Modeling Strength of Security & Its application in PKI

Loading in 2 Seconds...

play fullscreen
1 / 6

Modeling Strength of Security Its application in PKI - PowerPoint PPT Presentation


  • 94 Views
  • Uploaded on

Modeling Strength of Security & Its application in PKI. Ho Chung 1 , Clifford Neuman 2 April 2005. 1 Computer Science Department, University of Southern California 2 Information Sciences Institute, University of Southern California. Introduction to SoS.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Modeling Strength of Security Its application in PKI' - Ava


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
modeling strength of security its application in pki

Modeling Strength of Security& Its application in PKI

Ho Chung1,Clifford Neuman2

April 2005

1 Computer Science Department, University of Southern California

2 Information Sciences Institute, University of Southern California

introduction to sos
Introduction to SoS
  • What is the Strength of Security (SoS) model ?
    • A way of thinking about security such that therelationship of the strength of security is viewed in multiple dimensional way
    • The dimension is defined as a basic attribute (or a set of attributes) for measuring the strength of security
    • SoS model is based on the relation theory
      • E.g. Hasse Diagram, Lattice Structures

2

sos model is based on the relation theory
SoS model is based on the Relation Theory

a

  • Let X={a, b, c, d, e} and a relation R on X is 
  • Assume that the Strength of Authentication on X is shown as the figure on LHS
  • E.g. 1. a  b  c  e
  • E.g. 2. c and d are incomparable
  • E.g. 3. GLB ({c, d}) = e
  • E.g. 4. LUB ({c, d}) = b

b

d

c

e

SoS with Lattice Structure

3

applying sos into the pki world
Applying SoS into the PKI World
  • In PGP, the strength of security depends on:
    • Dimension 1. Strength of protection of the token
    • Dimension2. Strength of name-token binding
    • Dimension 3. Strength of token claimed by the holder
    • Dimension 4. Strength of algorithm

4

traditional model strength of tokens
Traditional model - Strength of Tokens
  • NIST’s security model for cryptographic tokens (e.g. hierarchical and total ordering)

Hard crypto token (e.g. H/W device storing keys)

One-time password device

Soft crypto token (e.g. keys stored on disk)

Password

  • This is a single-dimension based approach.
  • What happens if we extend it to multi-dimensions?

5

developing of soa strength of tokens
Developing of SoA – Strength of Tokens

One-time password device token with PIN or biometric I/F (w/ expiration)

Hard token

with PIN or biometric I/F

(w/ expiration)

One-time password device token without PIN or biometric I/F (w/ expiration)

One-time password device token with PIN or biometric I/F (w/o expiration)

Soft token encrypted

with strong password

(w/ expiration)

Strong password

w/ expiration

Soft token encrypted

with weak password

(w/ expiration)

One-time password device token without PIN or biometric I/F

(w/o expiration)

Soft token encrypted

with weak password

(w/o expiration)

Strong password

w/o expiration

Weak password

w/ expiration

Soft token encrypted

with strong password

(w/o expiration)

Weak password

w/o expiration

Tokens with lattice structures

ad