130 likes | 296 Views
SPKI/SDSI (Simple Public Key Infrastructure/Simple Distributed Security Infrastructure ).
E N D
SPKI/SDSI(Simple Public Key Infrastructure/Simple Distributed Security Infrastructure) • Given an Access-Control List (ACL) for a protected resource, and a collection of SPKI/SDSI certificates, our programs should determine whether a given principal(Public-Key) is authorized to access the protected resource. • The heart of the system is the closure program running on SDSI servers for deciding whether a Public-Key is a member of the Group it’s claiming. For the sake of simplicity we are using simple short symbols for denoting the keys and the groups.
A Simple Example • Lets take an example of a FTP server as a restricted resource I.e. to get access of documents or software residing in /pub/ of the FTP server the requester must produce a proof of membership of ftp-users group defined in the ACL. • I will illustrate the problem with two cases. • In first case the principal is a direct member of a group. Hence the problem is very trivial. • In Second case, the principal is not the dirct member. So let’s see what’s the mechanism that let’s the principal to get the access of the resource.
Vishwas’s groups Vishwas’s Group BARC’s Group TIFR Friends Friends ----------------------- BARC Emp Raja Basant Mesfin ------ ------ ------ ------ Mehul Siddharth Manish Samir ------ ----- ----- Siddharth TIFR ------ ------ Dave -----------------------
Vishwas’s Servers Case 1 :- A SDSI Server B Mehul • A-Membership Query Vishwas {Principal, Group Name} FTP Server C B - Reply : TRUE Certificate C - Produce this certificate to gain the access of resouyrce BARC’s SDSI Server
Vishwas’s Servers Case 2 :- SDSI Server • A-Membership Query Vishwas {Principal, Group Name} Siddharth FTP Server BARC’s SDSI Server I - Produce this TOKEN to get access of the resource E - Membership.Query.BARC { Principal Groupo Name F - Reply : TRUE Cert H - Reply : TRUE Cert B - Fail {Return Group Name} E.g. BARC’s EMP C - Get .Query.Vishwas {Ask Name binding Certs} D - Reply {Certs} E.g. BARC’s Employees G - Produce this Cert to show BARC’s membership
SPKI/SDSI Certs :- • Name Certs { K, A, S, V } • Auth Certs { K, S, D, T, V } Certs as Rewrite rules :- K A S K S • K - issuers Public Key • A - local name of K • S - subject -a term in T • D - delegation bit • T - authorization specification Tag • V - validity specification
Composition of Certs :- C = L R Let, C1 = L1 R1 C2 = L2 R2 for example, KA friends KA Bob myfriends KA Bob KB If L2 is a prefix of R1 Here its true in above example i.e. R1=L2X for some string X(possibly empty) Then the Computation of rules C3 = C1 ° C2 as C3 = C1 ° C2 = L1 (R1 ° C2) = L1 R2X If L2 is not a prefix of R1 then C1° C2 is undefined. Otherwise they can be said compatible.
Examples :- KA Ted KB CarlJones Ted - 5 Since, KB CarlJones KC - 11 so KA Ted KC Ted (5 ° 11) KA friends KA Bob myfriends - 9 Since, KB Bob KB - 3 so KA friends KB myfriends (9 ° 3)
Closure of a set of certs • The notion of the closure of a set of certificates is fundamental. • The closure contains all certificates that can be delivered by composition from the given set of certificates. • It is denoted by C+ • It can be potentially infinite, even if the input set of rules is finite. • But what is useful to us is a finite subsets of the closure, called the “name -reduction closure” C#
How to compute C# ? • C = (L R) is said to be reducing if | L | > | R | where | X | denotes the length of sequence X. • Important Definition for Convergence in C# If C1 = (L1 R1) any arbitrary certificate and C2 = (L2 R2) compatible reducing certificate then C3 = C1° C2 = (L1 R3) satisfies |R1| > |R3| Example :- K Alice K Verisign MIT AliceSmith compatible reducing certificate is K Verisign KV K Alice KV MIT AliceSmith
Thus to compute the name reduction closure, we only perform rewritings that cause a reduction in the length of the right-hand side, until no more such re-writings can be done.
Whole algorithm in 3 steps 1. Initialize C’ to be the input set C of certificates. 2. As long as C’ contains two compatible certificates C1 and C2 such that C2 is a reducing certificate and C1 ° C2 is not yet in C’, add C3 to C’. 3. Return C’ as the computed value of C#.