Trusted S/MIME Gateways

The utility of Web-based email clients is clear: a user is able to access their email account from any computer anywhere at any time. However, this option is unavailable to users whose security depends on their key pair being stored either on their local computer or in their browser. Our implementation seeks to solve two problems with secure email services. The first that of mobility: users must have access to their key pairs in order to perform the necessary cryptographic operations. The second is one of transition: initially, users would not want to give up their regular email clients. Keeping these two restrictions in mind, we decided on the implementation of a secure gateway system that works in conjunction with an existing mail server and client. Our result is PKIGate, an S/MIME gateway that uses the DigitalNet (formerly Getronics) S/MIME Freeware Library and IBM\u27s 4758 secure coprocessor. This thesis presents motivations for the project, a comparison with similar existing products, software and hardware selection, the design, use case scenarios, a discussion of implementation issues, and suggestions for future work

Privacy-enhanced credential services

The use of credential directories in PKI and authorization systems such as Shibboleth introduces a new privacy risk: an insider at the directory can learn much about otherwise protected interactions by observing who makes queries, and what they ask for. Recent advances in Practical Private Information Retrieval provide promising countermeasures. In this paper, we extend this technology to solve this new privacy problem, and present a design and preliminary prototype for a LDAP-based credential service that can prevent even an insider from learning anything more than the fact a query was made. Our preliminary performance analysis suggests that the complete prototype may be sufficiently robust for academic enterprise settings

Trust Model in Cloud Computing Environment Based on Fuzzy Theory

Recent years have witnessed the development of cloud computing. However,there also come some security concerns in cloud computing environment, suchas emerging network attacks and intrusions, and instable cloud service provision dueto flexible cloud infrastructure and resources. To this end, we research on the trustedcomputing in cloud computing environment. Specifically, in this paper, we proposea trust model based on virtual machines, with two considerations. First, we introducetimeliness strategy to ensure the response time and also minimize the idle timeof servers. Second, we extend the linear trust chain by differentiating the trust ofthe platform domain and user domain. Besides, we develop a fuzzy theory basedmethod to calculate the trust value of cloud service providers. We also conduct someexperiments to evaluate our method

Virtual Container Attestation: Customized trusted containers for on-demand computing.

In today\u27s computing environment, data is moving to central locations and most computers are merely used to access the data. Today is the era of cloud computing and distributed computing, where users have control over neither data nor computation. As this trend continues there is an increasing frequency of mutually distrustful parties being forced to interact and share resources with each other in potentially dangerous situations. Therefore, there is an urgent need for a means of creating trust between two entities, or at the very least providing some means of determining the trust level of a given machine. Current approaches to the trust problem focus on various forms of isolation and attestation, but most have high overheads or are overly rigid in their requirements to users. I propose and implement an alternative solution which provides flexible, on-demand containers for untrusted applications, and enforcement of requested security properties. Together these provide assurance to the remote parties that the machines behave as required or are quickly shut down

Small, Stupid, and Scalable: Secure Computing with Faerieplay *

ABSTRACT How can Agnes trust a computation C occurring at Boris's computer? In particular, how can Agnes can trust that C is occurring without Boris even being able to observe its internal state? One way is for Agnes to house C in a strong tamper-protected secure coprocessor at Boris's site. However, this approach is not scalable: neither in terms of computation-once C gets larger than the coprocessor, it becomes vulnerable to Boris again-nor in terms of cost. In this paper, we report on our Faerieplay project: rather than worrying about the limited size of a secure coprocessor, we try to make it as small as possible, with limited RAM and CPU. We start with the Fairplay work of Malkhi et al on implementing Yao's blinded-circuit solution to secure multiparty computation with software-this permits Agnes to trust C, but is too inefficient for all but small C. We then use our own prior work on using trusted third parties for practical Private Information Retrieval to design and prototype tiny trusted third parties (TTTPs) that substantially reduce the overhead involved in blind circuit evaluation

WebALPS Implementation and Performance Analysis: Using Trusted Co-servers to Enhance Privacy and Security of Web Interactions

The client-server model of the Web poses a fundamental trust issue: clients are forced to trust in secrecy and correctness of computation occurring at a remote server of unknown credibility. The current solution for this problem is to use a PKI (Public Key Infrastructure) system and SSL (Secure Sockets Layer) digital certificates to prove the claimed identity of a server and establish an authenticated, encrypted channel between the client and this server. However, this approach does not address the security risks posed by potential malicious server operators or any third parties who may penetrate the server sites. The WebALPS (Web Applications with Lots of Privacy and Security) approach is proposed to address these weaknesses by moving sensitive computations at server side into trusted co-servers running inside high-assurance secure coprocessors. In this report, we examine the foundations of the credibility of WebALPS co-servers. Then we will describe our work of designing and building a prototype WebALPS co-server, which is integrated into the widely-deployed, commercial-grade Apache server. We will also present the performance test results of our system which support the argument that WebALPS approach provides a systematic and practical way to address the remote trust issue

Department of Computer Science Activity 1998-2004

This report summarizes much of the research and teaching activity of the Department of Computer Science at Dartmouth College between late 1998 and late 2004. The material for this report was collected as part of the final report for NSF Institutional Infrastructure award EIA-9802068, which funded equipment and technical staff during that six-year period. This equipment and staff supported essentially all of the department\u27s research activity during that period

Secure Hardware Enhanced MyProxy: A Ph.D. Thesis Proposal

In 1976, Whitfield Diffie and Martin Hellman demonstrated how New Directions In Cryptography could enable secure information exchange between parties that do not share secrets. In order for public key cryptography to work in modern distributed environments, we need an infrastructure for finding and trusting other parties\u27 public keys (i.e., a PKI). A number of useful applications become possible with PKI. While the applications differ in how they use keys (e.g., S/MIME uses the key for message encryption and signing, while client-side SSL uses the key for authentication), all applications share one assumption: users have keypairs. In previous work, we examined the security aspects of some of the standard keystores and the their interaction with the OS. We concluded that desktops are not safe places to store private keys, and we demonstrated the permeability of keystores such as the default Microsoft keystore and the Mozilla keystore. In addition to being unsafe, these desktop keystores have the added disadvantage of being immobile. In other previous work, we examined trusted computing. In industry, a new trusted computing initiative has emerged: the Trusted Computing Platform Alliance (TCPA) (now renamed the Trusted Computing Group (TCG)). The goal of the TCG design is lower-assurance security that protects an entire desktop platform and is cheap enough to be commercially feasible. Last year, we built a trusted computing platform based on the TCG specifications and hardware. The picture painted by these previous projects suggests that common desktops are not secure enough for use as PKI clients, and trusted computing can improve the security of client machines. The question that I propose to investigate is: Can I build a system which applies trusted computing hardware in a reasonable manner in order to make desktops usable for PKI? My design begins with the Grid community\u27s MyProxy credential repository, and enhances it to take advantage of secure hardware on the clients, at the repository, and in the policy framework. The result is called Secure Hardware Enhanced MyProxy

Attestation in Trusted Computing: Challenges and Potential Solutions

This report examines the state of play in TCG attestation. It asks the question: how practical is the attestation specification and does it meet the needs of designs that propose to take advantage of trusted computing functionality? It is shown that, broadly speaking, both specification and implementation falls short of its stated goals. Application designs expect different semantics. Straightforward application of attestation to a running system does not provide adequate assurance nor does it scale. It is argued that extending the TCG architecture and reworking application designs are the most viable routes to making attestation a practical proposition

Outbound Authentication for Programmable Secure Coprocessors

A programmable secure coprocessor platform can help solve many security problems in distributed computing. However, these solutions usually require that coprocessor applications be able to participate as full-fledged parties in distributed cryptographic protocols. Thus, to fully enable these solutions, a generic platform must not only provide programmability, maintenance, and configuration in the hostile field---it must also provide outbound authentication for the entities that result. A particular application on a particular untampered device must be able to prove who it is to a party on the other side of the Internet