Re: embedded keys - there has to be a less vulnerable approach

From: Peter Van Epp (vanepp_at_sfu.ca)
Date: 06/25/03

  • Next message: mr_chips: "Re: browsing the web privately - how??" 
    Date: Wed, 25 Jun 2003 19:20:18 +0000 (UTC)

    ajmayo@my-deja.com (Andrew Mayo) writes:

    >A problem that seems to be increasingly common these days involves the
    >idea of protecting information in a source such as a relational
    >database, which by its nature is intended to facilitate the sharing
    >and retrieval of information.
    <description of problem snipped, basically that this is a hard problem which
    it is.>

            What you want to look at is Kerberos. Somewhere along the line there
    is an authorized user (possibly many of them) that are allowed to decrypt the
    data. While this probably isn't standard, one of the things that kerberos can
    do is provide authentication and (if you write it) access control. The obvious
    thing is that the authorized user creates a ticket (see Peter Honeyman's
    paper on a kerberosized "at" command from a LISA conference a number of years
    ago for one of example of something like this applied to batch jobs, which
    sounds like what you need) which authorizes the decryption of the data on the
    users behalf. The KDC thus controls user access (i.e. an ex employees
    credentials will be removed invalidating any ticket that they may attempt to
    generate) and your custom access control (built on top of the kerberos
    authentication) controls access.
            Of course then you have to make sure that the machine where the
    encrypted data is decrypted is kept secure (because the obvious attack is
    after the decryption has happened), but you need to do that anyway.

    Peter Van Epp / Operations and Technical Support
    Simon Fraser University, Burnaby, B.C. Canada

  • Next message: mr_chips: "Re: browsing the web privately - how??"