Blocking Java Applets at the Firewall

This paper explores the problem of protecting a site on the Internet against hostile external Java applets while allowing trusted internal applets to run. With careful implementation, a site can be made resistant to current Java security weaknesses as well as those yet to be discovered. In addition, we describe a new attack on certain sophisticated firewalls that is most effectively realized as a Java applet

Classifying Network Protocol Implementation Versions: An OpenSSL Case Study

A new technique is presented for identifying the implementation version number of software that is used for Internet communications. While many programs may exchange version numbers, oftentimes only a small subset of them send any information at all. Furthermore, they usually do not provide accurate details about which implementation is used. We use machine learning techniques to build a feature database and then apply this to network traffic to try to identify specific implementations on servers. We apply our technique to OpenSSL and report our results.National Science Foundation CT-071614

Sok: Security and privacy in implantable medical devices and body area networks.

Abstract-Balancing security, privacy, safety, and utility is a necessity in the health care domain, in which implantable medical devices (IMDs) and body area networks (BANs) have made it possible to continuously and automatically manage and treat a number of health conditions. In this work, we survey publications aimed at improving security and privacy in IMDs and health-related BANs, providing clear definitions and a comprehensive overview of the problem space. We analyze common themes, categorize relevant results, and identify trends and directions for future research. We present a visual illustration of this analysis that shows the progression of IMD/BAN research and highlights emerging threats. We identify three broad research categories aimed at ensuring the security and privacy of the telemetry interface, software, and sensor interface layers and discuss challenges researchers face with respect to ensuring reproducibility of results. We find that while the security of the telemetry interface has received much attention in academia, the threat of software exploitation and the sensor interface layer deserve further attention. In addition, we observe that while the use of physiological values as a source of entropy for cryptographic keys holds some promise, a more rigorous assessment of the security and practicality of these schemes is required

An Experience Teaching a Graduate Course in Cryptography

This article describes an experience of teaching a graduate-level course in cryptography and computer security at New York University. The course content as well as lessons learned and plans for the future are discussed. 1 Introduction This paper describes a course titled "Cryptography and Computer Security" that was taught at New York University in the Fall of 1995. The department head at NYU requested a course for practitioners, with an emphasis on applications and real-world problems. Thus, there were four phases to the course, classical cryptography, conventional cipher systems, applications of cryptography, and number theory. Grading was based on five homework sets and a semester project. The course used Bruce Schneier's book, Applied Cryptography [38] as the primary text, which was supplemented by a course pack of selected publications. In addition, materials were used from the following books: Doug Stinson's, Cryptography: Theory and Practice [41], Dorothy Denning's Cryptograph..

Trusted Distribution of Software Over the Internet

This paper offers a solution to a problem of software distribution on the Internet. The problem is that malicious software can be posted to the public with no accountability. When this software is run, it inherits the privileges of the user who runs it. Unfortunately, it is very common for users to execute software obtained on the Internet with no assurance that it is genuine. The solution offered here utilizes a trusted third party that signs certificates to identify the author of a program and to secure its integrity. A detailed design is provided. Finally, Bellcore's Trusted Software Integrity (Betsi) System, an implementation of the design, is presented. 1 Introduction The Internet is a dangerous place to live. Consider that there are thousands of people with unprecedented computational resources and unbounded time and patience making every effort to attack the estimated 2.2 million hosts on the Internet [2]. The susceptibility to attack is a major drawback to the wealth of servic..