Download Presentation
Modeling Strength of Security & Its application in PKI

Loading in 2 Seconds...

1 / 6

# Modeling Strength of Security & Its application in PKI - PowerPoint PPT Presentation

Modeling Strength of Security &amp; Its application in PKI. Ho Chung 1 , Clifford Neuman 2 April 2005. 1 Computer Science Department, University of Southern California 2 Information Sciences Institute, University of Southern California. Introduction to SoS.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

## PowerPoint Slideshow about 'Modeling Strength of Security & Its application in PKI' - Ava

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Modeling Strength of Security& Its application in PKI

Ho Chung1,Clifford Neuman2

April 2005

1 Computer Science Department, University of Southern California

2 Information Sciences Institute, University of Southern California

Introduction to SoS
• What is the Strength of Security (SoS) model ?
• A way of thinking about security such that therelationship of the strength of security is viewed in multiple dimensional way
• The dimension is defined as a basic attribute (or a set of attributes) for measuring the strength of security
• SoS model is based on the relation theory
• E.g. Hasse Diagram, Lattice Structures

2

SoS model is based on the Relation Theory

a

• Let X={a, b, c, d, e} and a relation R on X is 
• Assume that the Strength of Authentication on X is shown as the figure on LHS
• E.g. 1. a  b  c  e
• E.g. 2. c and d are incomparable
• E.g. 3. GLB ({c, d}) = e
• E.g. 4. LUB ({c, d}) = b

b

d

c

e

SoS with Lattice Structure

3

Applying SoS into the PKI World
• In PGP, the strength of security depends on:
• Dimension 1. Strength of protection of the token
• Dimension2. Strength of name-token binding
• Dimension 3. Strength of token claimed by the holder
• Dimension 4. Strength of algorithm

4

Traditional model - Strength of Tokens
• NIST’s security model for cryptographic tokens (e.g. hierarchical and total ordering)

Hard crypto token (e.g. H/W device storing keys)

One-time password device

Soft crypto token (e.g. keys stored on disk)

Password

• This is a single-dimension based approach.
• What happens if we extend it to multi-dimensions?

5

Developing of SoA – Strength of Tokens

One-time password device token with PIN or biometric I/F (w/ expiration)

Hard token

with PIN or biometric I/F

(w/ expiration)

One-time password device token without PIN or biometric I/F (w/ expiration)

One-time password device token with PIN or biometric I/F (w/o expiration)

Soft token encrypted

with strong password

(w/ expiration)

Strong password

w/ expiration

Soft token encrypted

with weak password

(w/ expiration)

One-time password device token without PIN or biometric I/F

(w/o expiration)

Soft token encrypted

with weak password

(w/o expiration)

Strong password

w/o expiration

Weak password

w/ expiration

Soft token encrypted

with strong password

(w/o expiration)

Weak password

w/o expiration

Tokens with lattice structures