End-to-end security in active networks

Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

Aspects of Modeling and Verifying Secure Procedures

Security protocols are specifications for exchanging messages on a possibly insecure network. They aim at achieving some security goals (eg authenticating the parties involved in a communication, or preserving confidentiality of certain messages) preventing some malicious party to achieve advantages for its own. Goals of security protocols are generally achieved through the use of cryptography, the art of writing in secret characters, not comprehensible to anyone but the sender and the intended recipient. There is however a branch, in the computer science community, that, among its wide field of activities, aims at studying possible attacks on secure procedures without breaking cryptography, eg by manipulating some of the exchanged messages. This is the formal methods community, with an eye for security. This thesis mainly investigates the formal modeling and analysis of security protocols, both with finite and non finite behaviour, both within a process-algebraic and an automata framework. Real life protocols for signing and protecting digital contents and for giving assurance about authentic correspondences will be specified by means of the above cited formalisms, and some of their properties will be verified by means of formal proofs and automated tools. The original contributions of this thesis are the following. Within the framework of a formal modeling and verification of security protocols, we have applied an automated tool to better understand some secure mechanisms for the delivery of electronic documents. This has given us a deep insight on revealing the effects of omitted (or even erroneously implemented) security checks. Furthermore, a formal framework for modeling and analysing secure multicast and wireless communication protocols has been proposed. The analysis is mostly based on some new compositional principles giving sufficient conditions for safely composing an arbitrary number of components within a unique system. Also, steps towards providing the Team Automata formalism (TA) with a framework for security analysis have been taken. Within the framework, we model and analyse integrity and privacy properties, contributing to testify the expressive power and modelling capabilities of TA

Wireless LAN security.

Chan Pak To Patrick.Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.Includes bibliographical references (leaves 82-86).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.iiiContents --- p.ivList of Figures --- p.viiList of Tables --- p.viiiChapter 1 --- Introduction --- p.1Chapter 1.1 --- Motivation --- p.1Chapter 1.2 --- The Problems --- p.3Chapter 1.3 --- My Contribution --- p.4Chapter 1.4 --- Thesis Organization --- p.5Chapter 2 --- Wireless LAN Security Model --- p.6Chapter 2.1 --- Preliminary Definitions on WLAN --- p.6Chapter 2.2 --- Security Model --- p.7Chapter 2.2.1 --- Security Attributes --- p.7Chapter 2.2.2 --- Security Threats in WLAN --- p.8Chapter 2.2.3 --- Attacks on Authentication Scheme --- p.10Chapter 2.2.4 --- Attacks on Keys --- p.10Chapter 2.3 --- Desired Properties of WLAN Authentication --- p.11Chapter 2.3.1 --- Security Requirements of WLAN Authentication --- p.11Chapter 2.3.2 --- Security Requirements of Session Keys --- p.12Chapter 2.3.3 --- Other Desired Properties of WLAN Authentication --- p.12Chapter 3 --- Cryptography --- p.14Chapter 3.1 --- Overview on Cryptography --- p.14Chapter 3.2 --- Symmetric-key Encryption --- p.15Chapter 3.2.1 --- Data Encryption Standard (DES) --- p.15Chapter 3.2.2 --- Advanced Encryption Standard (AES) --- p.15Chapter 3.2.3 --- RC4 --- p.16Chapter 3.3 --- Public-key Cryptography --- p.16Chapter 3.3.1 --- RSA Problem and Related Encryption Schemes --- p.17Chapter 3.3.2 --- Discrete Logarithm Problem and Related Encryption Schemes --- p.18Chapter 3.3.3 --- Elliptic Curve Cryptosystems --- p.19Chapter 3.3.4 --- Digital Signature --- p.19Chapter 3.4 --- Public Key Infrastructure --- p.20Chapter 3.5 --- Hash Functions and Message Authentication Code --- p.21Chapter 3.5.1 --- SHA-256 --- p.22Chapter 3.5.2 --- Message Authentication Code --- p.22Chapter 3.6 --- Entity Authentication --- p.23Chapter 3.6.1 --- ISO/IEC 9798-4 Three-pass Mutual --- p.23Chapter 3.6.2 --- ISO/IEC 9798-4 One-pass Unilateral --- p.24Chapter 3.7 --- Key Establishment --- p.24Chapter 3.7.1 --- Diffie-Hellman Key Exchange --- p.24Chapter 3.7.2 --- Station-to-Station Protocol --- p.25Chapter 3.8 --- Identity-Based Cryptography --- p.25Chapter 3.8.1 --- The Boneh-Franklin Encryption Scheme --- p.26Chapter 3.8.2 --- Au and Wei's Identification Scheme and Signature Scheme --- p.27Chapter 4 --- Basics of WLAN Security and WEP --- p.29Chapter 4.1 --- Basics of WLAN Security --- p.29Chapter 4.1.1 --- "Overview on ""Old"" WLAN Security" --- p.29Chapter 4.1.2 --- Some Basic Security Measures --- p.29Chapter 4.1.3 --- Virtual Private Network (VPN) --- p.30Chapter 4.2 --- WEP --- p.31Chapter 4.2.1 --- Overview on Wired Equivalent Privacy (WEP) --- p.31Chapter 4.2.2 --- Security Analysis on WEP --- p.33Chapter 5 --- IEEE 802.11i --- p.38Chapter 5.1 --- Overview on IEEE 802.11i and RSN --- p.38Chapter 5.2 --- IEEE 802.1X Access Control in IEEE 802.11i --- p.39Chapter 5.2.1 --- Participants --- p.39Chapter 5.2.2 --- Port-based Access Control --- p.40Chapter 5.2.3 --- EAP and EAPOL --- p.40Chapter 5.2.4 --- RADIUS --- p.41Chapter 5.2.5 --- Authentication Message Exchange --- p.41Chapter 5.2.6 --- Security Analysis --- p.41Chapter 5.3 --- RSN Key Management --- p.43Chapter 5.3.1 --- RSN Pairwise Key Hierarchy --- p.43Chapter 5.3.2 --- RSN Group Key Hierarchy --- p.43Chapter 5.3.3 --- Four-way Handshake and Group Key Handshake --- p.44Chapter 5.4 --- RSN Encryption and Data Integrity --- p.45Chapter 5.4.1 --- TKIP --- p.45Chapter 5.4.2 --- CCMP --- p.46Chapter 5.5 --- Upper Layer Authentication Protocols --- p.47Chapter 5.5.1 --- Overview on the Upper Layer Authentication --- p.47Chapter 5.5.2 --- EAP-TLS --- p.48Chapter 5.5.3 --- Other Popular ULA Protocols --- p.50Chapter 6 --- Proposed IEEE 802.11i Authentication Scheme --- p.52Chapter 6.1 --- Proposed Protocol --- p.52Chapter 6.1.1 --- Overview --- p.52Chapter 6.1.2 --- The AUTHENTICATE Protocol --- p.56Chapter 6.1.3 --- The RECONNECT Protocol --- p.59Chapter 6.1.4 --- Packet Format --- p.61Chapter 6.1.5 --- Ciphersuites Negotiation --- p.64Chapter 6.1.6 --- Delegation --- p.64Chapter 6.1.7 --- Identity Privacy --- p.68Chapter 6.2 --- Security Considerations --- p.68Chapter 6.2.1 --- Security of the AUTHENTICATE protocol --- p.68Chapter 6.2.2 --- Security of the RECONNECT protocol --- p.69Chapter 6.2.3 --- Security of Key Derivation --- p.70Chapter 6.2.4 --- EAP Security Claims and EAP Methods Requirements --- p.72Chapter 6.3 --- Efficiency Analysis --- p.76Chapter 6.3.1 --- Overview --- p.76Chapter 6.3.2 --- Bandwidth Performance --- p.76Chapter 6.3.3 --- Computation Speed --- p.76Chapter 7 --- Conclusion --- p.79Chapter 7.1 --- Summary --- p.79Chapter 7.2 --- Future Work --- p.80Bibliography --- p.8

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

TLS/PKI Challenges and certificate pinning techniques for IoT and M2M secure communications

Transport Layer Security is becoming the de facto standard to provide end-to-end security in the current Internet. IoT and M2M scenarios are not an exception since TLS is also being adopted there. The ability of TLS for negotiating any security parameter, its flexibility and extensibility are responsible for its wide adoption but also for several attacks. Moreover, as it relies on Public Key Infrastructure (PKI) for authentication, it is also affected by PKI problems. Considering the advent of IoT/M2M scenarios and their particularities, it is necessary to have a closer look at TLS history to evaluate the potential challenges of using TLS and PKI in these scenarios. According to this, the article provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current Certificate Pinning solutions in order to illustrate the potential problems that should be addressed

Supporting distributed computation over wide area gigabit networks

The advent of high bandwidth fibre optic links that may be used over very large distances has lead to much research and development in the field of wide area gigabit networking. One problem that needs to be addressed is how loosely coupled distributed systems may be built over these links, allowing many computers worldwide to take part in complex calculations in order to solve "Grand Challenge" problems. The research conducted as part of this PhD has looked at the practicality of implementing a communication mechanism proposed by Craig Partridge called Late-binding Remote Procedure Calls (LbRPC). LbRPC is intended to export both code and data over the network to remote machines for evaluation, as opposed to traditional RPC mechanisms that only send parameters to pre-existing remote procedures. The ability to send code as well as data means that LbRPC requests can overcome one of the biggest problems in Wide Area Distributed Computer Systems (WADCS): the fixed latency due to the speed of light. As machines get faster, the fixed multi-millisecond round trip delay equates to ever increasing numbers of CPU cycles. For a WADCS to be efficient, programs should minimise the number of network transits they incur. By allowing the application programmer to export arbitrary code to the remote machine, this may be achieved. This research has looked at the feasibility of supporting secure exportation of arbitrary code and data in heterogeneous, loosely coupled, distributed computing environments. It has investigated techniques for making placement decisions for the code in cases where there are a large number of widely dispersed remote servers that could be used. The latter has resulted in the development of a novel prototype LbRPC using multicast IP for implicit placement and a sequenced, multi-packet saturation multicast transport protocol. These prototypes show that it is possible to export code and data to multiple remote hosts, thereby removing the need to perform complex and error prone explicit process placement decisions

Internet Authentication for Remote Access

It is expected that future IP devices will employ a variety of different network access technologies to gain ubiquitous connectivity. Currently there are no authentication protocols available that are lightweight, can be carried over arbitrary access networks, and are flexible enough to be re-used in the many different contexts that are likely to arise in future Internet remote access. Furthermore, existing access procedures need to be enhanced to offer protection against Denial-of-Service (DoS) attacks, and do not provide non-repudiation. In addition to being limited to specific access media, some of these protocols are limited to specific network topologies and are not scalable. This thesis reviews the authentication infrastructure challenges for future Internet remote access supporting ubiquitous client mobility, and proposes a series of solutions obtained by adapting and reinforcing security techniques arising from a variety of different sources. The focus is on entity authentication protocols that can be carried both by the IETF PANA authentication carrier and by the EAP mechanisms, and possibly making use of an AAA infrastructure. The core idea is to adapt authentication protocols arising from the mobile telecommunications sphere to Internet remote access. A proposal is also given for Internet access using a public key based authentication protocol. The subsequent security analysis of the proposed authentication protocols covers a variety of aspects, including: key freshness, DoS-resistance, and "false-entity-in-the-middle" attacks, in addition to identity privacy of users accessing the Internet via mobile devices. This work aims primarily at contributing to ongoing research on the authentication infrastructure for the Internet remote access environment, and at reviewing and adapting authentication solutions implemented in other spheres, for instance in mobile telecommunications systems, for use in Internet remote access networks supporting ubiquitous mobilit

A framework for IPSec functional architecture.

In today\u27s network, various stand-alone security services and/or proxies are used to provide different security services. These individual security systems implementing one single security function cannot address security needs of evolving networks that require secure protocol such as IPSec. In this paper, we provide a framework for implementing IPSec security functions in a well structured functional architecture. The proposed architecture is modular and allows for composing software applications from products commercially available and developed by different suppliers to implement the entire security requirements of IPSec protocol. In addition the proposed architecture is robust in the sense that it supports open standards and interfaces, and implements security functions of IPSec as an integrated solution under a unified security management system.Dept. of Electrical and Computer Engineering. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2005 .F34. Source: Masters Abstracts International, Volume: 44-03, page: 1451. Thesis (M.Sc.)--University of Windsor (Canada), 2005

Security and privacy for large ad-hoc networks

Ph.DDOCTOR OF PHILOSOPH