KeyNote Presentation

KeyNoteKeyNote

Vishwas Patil, TIFR. 2/10KeyNote Presentation

KeyNote: “?”KeyNote: “?”

Aim:- A notation for specifying local security policies and security credentials that can be sent over an untrusted network.

Vishwas Patil, TIFR. 3/10KeyNote Presentation

KeyNote: versus PolicyMakerKeyNote: versus PolicyMaker

KeyNote predicate notations are based on C-like expressions and regular expressions.

KeyNote assertions always return a boolean. It has built-in credential signature verification. Human-readable assertion syntax (RFC 822). Trusted actions are described by simple

attribute/value pair.

But it is similar in spirit to that of PolicyMaker!

Vishwas Patil, TIFR. 4/10KeyNote Presentation

KeyNote: ApproachKeyNote: Approach

KeyNote accepts as input a set of local policy assertions, a collection of credential assertions, and a collection of attributes (action environment) that describes a proposed trusted action associated with a set of public-keys.

By applying assertion predicates to the environment it decides consistency of actions with local policy.

Vishwas Patil, TIFR. 5/10KeyNote Presentation

KeyNote: ArchitectureKeyNote: Architecture

KeyNote is monotonic; adding an assertion to a query can never result in a query's having a lower compliance value that it would have had without the assertion.

Removing an assertion never results in increasing the compliance value returned by KeyNote for a given query.

The monotonicity property can simplify the design and analysis of complex network- based security protocols.

Vishwas Patil, TIFR. 6/10KeyNote Presentation

KeyNote: Architecture KeyNote: Architecture ContinuedContinued

KeyNote does not itself provide credential revocation services.

KeyNote compliance checker helps in verifying (signature) the credentials received from untrusted requestor.

Vishwas Patil, TIFR. 7/10KeyNote Presentation

Vishwas Patil, TIFR. 8/10KeyNote Presentation

Keynote: Basic Syntax structureKeynote: Basic Syntax structure A KeyNote assertion contains a sequence of sections, called fields, each of which

specifies one aspect of the assertion's semantics. Fields start with an identifier at the beginning of a line and continue until the next field

is encountered.<Assertion>:: <VersionField>? <AuthField> <LicenseesField>? <LocalConstantsField>? <ConditionsField>? <CommentField>? <SignatureField>? ;

[X]* means zero or more repetitions of character string X.[X]+ means one or more repetitions of X.<X>* means zero or more repetitions of non-terminal <X>.<X>+ means one or more repetitions of X.<X>? means zero or one repetitions of X. Nonterminal grammar symbols are enclosed in angle brackets. Quoted strings in grammar productions represent terminals. All KeyNote assertions are encoded in ASCII.

Vishwas Patil, TIFR. 9/10KeyNote Presentation

KeyNote: SemanticsKeyNote: Semantics

Informally, the semantics of KeyNote evaluation can be thought of as involving the construction of a directed graph of KeyNote assertions rooted at a POLICY assertion that connects with at least one of the principals that requested the action.

Semantics are almost similar to PolicyMaker. RFC 2704 gives detailed description of the

semantics.

Vishwas Patil, TIFR. 10/10KeyNote Presentation

KeyNote: DiscussionKeyNote: Discussion

Advantages / Disadvantages Evaluation: simplicity, expressiveness, generality,

extensibility Open-Source implementations available. OpenBSD uses it in IPSEC implementation. $ man keynote