Copyright Statement Copyright Robert J. Brentrup 2005. This work is the intellectual property of the...

Copyright Statement

• Copyright Robert J. Brentrup 2005. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Delegated Guest Access to Secure Networks

Robert Brentrup

Educause Poster Session

October 19, 2005

Network Security• Wireless networks are inherently more vulnerable

– No longer need to be inside a building– Anyone in range can listen– Have to expect uninvited “guests”

• Wired Equivalent Privacy (WEP) intended to protect traffic between the supplicant and access point.

– WEP has encryption flaws which diminish its effectiveness.

• WiFi Protected Access (WPA2) provides a stronger encryption scheme

– and supports a wider range of authentication techniques.

Problem

• If authenticated access is implemented– to limit use to members of the community– and to enable strong data encryption

• How do guests access the network conveniently?– Visitors are a daily occurence– Don’t want multi-day process to get a guest

account approved and created

Motivation for System

• Visitors are given access to labs by host

• Already allow sponsored accounts for longer time periods– But overheard is too high for short visit

• Why not allow local users to delegate privileges to guests?– Would give immediate access– Delegation allows decentralized authorization

Design Goals• Provide access to authorized guests• Guests may use comprehensive services granted to

local users• Require strong access control• Use standard protocols• Timeframe of authorization limited• Do not require central control• Provide audit trail• Prefer to use PKI authentication

Greenpass Solution• Use 802.1x protocol for authentication

– Works for Wireless or VPN

• Use EAP/TLS to identify users• Use RADIUS server for authorization decision

– Recognize some X.509 certificate issuers– Allow local users to delegate network access permission– SPKI certificate delegation chain– Recognized by small RADIUS modification– HTTP Cookies simplify use

• No user software install required• Client Java tool for delegation

Design: Information Flow

Hybrid PKI

Why SPKI/SDSI?

• Focuses specifically on the problem of authorization that we are trying to solve.

• Provisions for delegation of authority naturally gives rise to the distributed model of delegated access that we envisioned.

• Simple and lightweight, easy to work with.

• Guest access is tied directly to the guest’s public key rather than indirectly through the guest’s name.

Block Diagram

Guest Unauthorized

QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture.

Guest Introduction

Guest Fingerprint

Authorized Delegator

Select Guest

Guest Lookup

Delegation Tool

Delegation Complete

Guest Authorized

Authorized User

Results

• Greenpass incorporates SPKI/SDSI with existing PKI standards to create an authentication scheme that is decentralized and not cumbersome to users.

• Published Open Source Components:

– Delegation Server, Introduction Cache

– Delegation Signing Tool

– Authorization Certificate Cache

– Radius modifications

Future Work

• Finer grained definition of authorization.

• Alternatives to SDSI/SPKI

• No X.509 PKI ? – everyone is a guest.

• Support for other devices (PDAs, VoIP devices).

Credits, Contacts and Links• Primarily designed by Nicholas Goffee and Sung Kim as their Master's degree

thesis projects advised by Prof. Sean Smith.

– Other contributors to the Greenpass project are: Kwang-Hyun Baek, Meiyuan Zhao, John Marchesini, Chris Masone, Punch Taylor, Robert Brentrup and Nick Santos.

• For Further Information

– Sean Smith - sws@dartmouth.edu

– Robert Brentrup - Robert.J.Brentrup@dartmouth.edu

• www.dartmouth.edu/~pkilab/greenpass/

• www.cs.dartmouth.edu/reports/abstracts/TR2004-484/

Copyright Statement Copyright Robert J. Brentrup 2005. This work is the intellectual property of the...

Documents

Copyright Notice Copyright STEP 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-

ADAPTATION AND COPYRIGHT IN THE …...THE ADAPTATION RIGHT AND ITS LIMITS Under UK copyright law, authors are granted a bundle of different economic rights in their work. All authors

The GrantEd Group About The GrantEd Group 2021

IEEE COPYRIGHT TRANSFER & PUBLICATION RIGHTS GRM€¦ · Web viewIEEE COPYRIGHT AND CONSENT FORM. To ensure uniformity of treatment among all contributors, ... The permission granted

Copyright Notice Copyright Cortney Wanca, Gregory Fierro, Feng Hou 2006. This work is the intellectual property of the authors. Permission is granted for

Copyright Policy Copyright Cathy O’Bryan 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared

twinklemistry.files.wordpress.com · Solution Copyright: Copyright would not be an issue as much, because "Copyright is statutory protection granted to 'original works of authorship.'"(Perkins)

COPYRIGHT BILL, 2014 ARRANGEMENT OF SECTIONS … · 4 [Draft Copyright Bill ... “rights” means legal rights granted with the aim to protect ... “work” means any literary or

COPYRIGHT LAW€¦ · operation of law, will or a contract. The prerogatives granted to the author by this Law shall belong to a copyright owner other than the author within such

Copyright Transfer Agreement › sites › default › files › Copyright... · distribute, exhibit and license the same. Where this agreement refers to a license granted to the

Plagiarism and Copyright Pamela Dear EDU 566 – Summer 2002 Professor Persson Permission Granted for Educational Non-profit Uses

Copyright "Copyright Eugene L. Spencer, Kelly Stover, and Jean Zappe, 2004. This work is the intellectual property of the author. Permission is granted

Copyright Permissions: Tips for Authors · Both reproduction and adaptation of previously published work require copyright permission to have been granted. Reproduction of a figure

By Jordan Davenport. Identifying the Problem Legal Protections Software granted copyright protection as a “literary work” in 1980 by Copyright Act

1 Copyright © 2009 M. E. Kabay. All rights reserved. Permission granted to Trustees of Norwich University or use in MSIA program. Copyright © 2009 M. E

A Musical VOCAL SCORE - playscriptsplace.com · COPYRIGHT WARNING Copyright is a form of protection grounded in the U.S. Constitution and granted by law for original works of authorship

Copyright Information Copyright David Ernst 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared

Copyright 1995 Daniel G€¦ · Web viewOriginal text copyright 1945 Carson A. Axtell. Permission is hereby granted to copy and distribute this GEDCOM file so long as no charge

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005

Copyright Notice Copyright Christopher G. Phillips, 2001. This work is the intellectual property of the author. Permission is granted for this material