1 / 6

Modeling Strength of Security & Its application in PKI

Modeling Strength of Security & Its application in PKI. Ho Chung 1 , Clifford Neuman 2 April 2005. 1 Computer Science Department, University of Southern California 2 Information Sciences Institute, University of Southern California. Introduction to SoS.

Ava
Download Presentation

Modeling Strength of Security & Its application in PKI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Modeling Strength of Security& Its application in PKI Ho Chung1,Clifford Neuman2 April 2005 1 Computer Science Department, University of Southern California 2 Information Sciences Institute, University of Southern California

  2. Introduction to SoS • What is the Strength of Security (SoS) model ? • A way of thinking about security such that therelationship of the strength of security is viewed in multiple dimensional way • The dimension is defined as a basic attribute (or a set of attributes) for measuring the strength of security • SoS model is based on the relation theory • E.g. Hasse Diagram, Lattice Structures 2

  3. SoS model is based on the Relation Theory a • Let X={a, b, c, d, e} and a relation R on X is  • Assume that the Strength of Authentication on X is shown as the figure on LHS • E.g. 1. a  b  c  e • E.g. 2. c and d are incomparable • E.g. 3. GLB ({c, d}) = e • E.g. 4. LUB ({c, d}) = b b d c e SoS with Lattice Structure 3

  4. Applying SoS into the PKI World • In PGP, the strength of security depends on: • Dimension 1. Strength of protection of the token • Dimension2. Strength of name-token binding • Dimension 3. Strength of token claimed by the holder • Dimension 4. Strength of algorithm 4

  5. Traditional model - Strength of Tokens • NIST’s security model for cryptographic tokens (e.g. hierarchical and total ordering) Hard crypto token (e.g. H/W device storing keys) One-time password device Soft crypto token (e.g. keys stored on disk) Password • This is a single-dimension based approach. • What happens if we extend it to multi-dimensions? 5

  6. Developing of SoA – Strength of Tokens One-time password device token with PIN or biometric I/F (w/ expiration) Hard token with PIN or biometric I/F (w/ expiration) One-time password device token without PIN or biometric I/F (w/ expiration) One-time password device token with PIN or biometric I/F (w/o expiration) Soft token encrypted with strong password (w/ expiration) Strong password w/ expiration Soft token encrypted with weak password (w/ expiration) One-time password device token without PIN or biometric I/F (w/o expiration) Soft token encrypted with weak password (w/o expiration) Strong password w/o expiration Weak password w/ expiration Soft token encrypted with strong password (w/o expiration) Weak password w/o expiration Tokens with lattice structures

More Related