NDSS Symposium 2002
Network and Distributed System Security Symposium
Catamaran Resort Hotel
San Diego, California
6-8 February 2002
List of Accepted Papers
Using
the Fluhrer, Mantin, and Shamir Attack to Break WEP
Authors:
Adam Stubblefield, Rice University
John Ioannidis, AT&T Labs Research
Aviel D. Rubin, AT&T Labs - Research
Abstract:
We implemented an
attack against WEP, the link-layer security protocol for 802.11 networks.
The attack was described in a recent paper by Fluhrer, Mantin, and Shamir.
With our implementation, and permission of the network administrator,
we were able to recover the 128 bit secret key used in a production
network, with a passive attack. The WEP standard uses RC4 IVs improperly,
and the attack exploits this design failure. This paper describes the
attack, how we implemented it, and some optimizations to make the attack
more efficient. We conclude that 802.11 WEP is totally insecure, and
we provide some recommendations.
PAMINA:
A Certificate Based Privilege Management System
Authors:
Zoltan Nochta
Peter Ebinger
Sebastian Abeck
Affiliation:
University of Karlsruhe, Institute for Telematics, Cooperation and Management
IT-Research Group
Abstract:
In this paper we
present PAMINA (Privilege Administration and Management INfrAstructure),
a privilege management system using authorization certificates. Our
system supports distributed environments where autonomous authorities
can manage and delegate privileges in accordance with their own policies.
We introduce Improved Certification Verification Trees (I-CVTs) that
guarantee very efficient and trustworthy certificate management. I-CVTs
can provide undeniable proofs for the non-existence of a given certificate
in contrast to CVTs as proposed in [1]. As a result, each authority
can store its own I-CVT in a central, non-trusted, and replicable database.
This database provides authenticated verifiers with basically only those
certificates that are required to determine whether a user should be
granted access to a resource or not. Since the system implements the
pull model, clients need not to be involved in the access control decision
process. PAMINA handles delegation trees instead of simple delegation
chains because authorities can delegate privileges in one certificate
that were assigned to them by several certificates. In the prototype
that we describe here, PAMINA manages certificates based on X.509.
Distributed
Pattern Detection for Intrusion Detection
Authors:
Christopher Kruegel
Thomas Toth
Affiliation:
Technical University Vienna, Austria
Abstract:
Evidence of attacks
against a network and its resources is often scattered over several
hosts. Intrusion detection systems therefore have to collect and correlate
information from different sources. For this purpose, distributed data
is forwarded to dedicated hosts where it is further processed. Such
a design renders the whole ID system vulnerable to attacks against these
special nodes. As networks and traffic grow, they also become performance
bottlenecks. We propose a completely decentralized approach that models
an intrusion as a pattern of events that occur at different hosts and
which does not rely on dedicated correlation entities to detect them.
We present a specification language for these patterns and a distributed
algorithm to find events that satisfy them. The theoretical properties
of our solution are reviewed and experimental data is provided.
Detecting
Steganographic Content on the Internet
Authors:
Niels Provos
Peter Honeyman
Affiliation:
University of Michigan
Center for Information Technology Integration
Abstract:
Steganography is
used to hide the occurrence of communication. Recent suggestions in
US newspapers indicate that terrorists use steganography to communicate
in secret with their accomplices. In particular, images on the Internet
were mentioned as the communication medium. While the newspaper articles
sounded very dire, none substantiated these rumors.
To determine whether
there is steganographic content on the Internet, this paper presents
a detection framework that includes tools to retrieve images from the
world wide web and automatically detect whether they might contain steganographic
content. To ascertain that hidden messages exist in images, the detection
framework includes a distributed computing framework for launching dictionary
attacks hosted on a cluster of loosely coupled workstations. We have
analyzed two million images downloaded from eBay auctions and one million
images obtained from a USENET archive but have not been able to find
a single hidden message.
BlueBox
: A Policy-Driven, Host-Based Intrusion Detection System
Authors:
Suresh N. Chari
Pau-Chen Cheng
Affiliation:
IBM Thomas J. Watson Research Center
Abstract:
In this paper we
describe our experiences with building BlueBox, a host based intrusion
detection system. Our approach can be viewed as creating an infrastructure
for defining and enforcing very fine grained process capabilities in
the kernel. These capabilities are specified as a set of rules (policies)
for regulating access to system resources on a per executable basis.
The language for expressing the rules is intuitive and sufficiently
expressive to effectively capture security boundaries.
We have prototyped
our approach on Linux 2.2.14 kernel, and have built rule templates for
popular daemons such as Apache 2.0 and wu-ftpd. We are validating our
design by testing against a comprehensive database of known attacks.
Our system has been designed to minimize the kernel changes and performance
impact and thus can be ported easily to new kernels. We will discuss
the motivation and rationale behind BlueBox, its design, implementation
on Linux, and related work.
Talking
To Strangers: Authentication in Ad-Hoc Wireless Networks
Authors:
Dirk Balfanz
D. K. Smetters
Paul Stewart
H. Chi Wong
Affiliation:
Xerox Palo Alto Research Center
Abstract:
In this paper we
address the problem of secure communication and authentication in ad-hoc
wireless networks. This is a difficult problem, as it involves bootstrapping
trust between strangers. We present a user-friendly solution, which
provides secure authentication using almost any established public-key-based
key exchange protocol, as well as inexpensive hash-based alternatives.
In our approach, devices exchange a limited amount of public information
over a privileged side channel, which will then allow them to complete
an authenticated key exchange protocol over the wireless link. Our solution
does not require a public key infrastructure, is secure against passive
attacks on the privileged side channel and all attacks on the wireless
link, and directly captures users' intuitions that they want to talk
to a {\em particular}\ previously unknown device in their physical proximity.
We have implemented our system in Java for a variety of different devices,
communication media, and key exchange protocols.
Implementing
Pushback: Router-Based Defense Against DDoS Attacks
Authors:
John Ioannidis
Steven M. Bellovin
Affiliation:
AT & T Labs, Research
Abstract:
Pushback is a mechanism
for defending against distributed denial-of-service (DDoS) attacks.
DDoS attacks are treated as a congestion-control problem, but because
most such congestion is caused by malicious hosts not obeying traditional
end-to-end congestion control, the problem must be handled by the routers.
Functionality is added to each router to detect and preferentially drop
packets that probably belong to an attack. Upstream routers are also
notified to drop such packets (hence the term Pushback) in order that
the router's resources be used to route legitimate traffic. In this
paper we present an architecture for Pushback, its implementation under
FreeBSD, and suggestions for how such a system can be implemented in
core routers.
Managing
Interoperability in Non-Hierarchical Public Key Infrastructures
Authors:
Peter Hesse, Gemini Security Solutions, Inc.
David Lemire, A&N Associates, Inc.
Abstract:
This paper discusses
considerations for certificate issuing systems and certificate processing
applications, and directory systems in environments that employ non-hierarchical
public key infrastructures (PKIs). The paper highlights X.509 features
that should be routinely populated by certificate issuing systems, and
expected and processed by certificate processing applications. The observations
and recommendations within this paper, while applicable to almost any
non-hierarchical PKI, are most relevant to situations where the establishment
of interoperability among the PKIs of disparate organizations is a primary
goal. The goal of these recommendations is to promote interoperability
among the PKI relying parties, while still allowing the owning organizations
to maintain security control.
Experimenting
with Server-Aided Signatures
Authors:
Xuhua Ding
Daniele Mazzocchi
Gene Tsudik
Affiliation:
University of California, Irvine
Information and Computer Science Department
Abstract:
This paper explores
practical and conceptual implications of using Server-Aided Signatures
(SAS). SAS is a signature method that relies on partially-trusted servers
for generating public key signatures for regular users. Besides its
two primary goals of 1) aiding small, resource-limited devices in computing
heavy-weight (normally expensive) digital signatures and 2) fast certificate
revocation, SAS also offers signature causality and has some interesting
features such as built-in attack detection for users and DoS resistance
for servers.
Fast-Track
Session Establishment for TLS
Authors: Hovav Shacham
Dan Boneh
Abstract:
We propose a new,
``fast-track'' handshake mechanism for TLS. A fast-track client caches
a server's public parameters and negotiated parameters in the course
of an initial, enabling handshake. These parameters need not be resent
on subsequent handshakes. The new mechanism reduces both network traffic
and the number of round trips, and requires no additional server state.
These savings are most useful in high latency environments such as wireless
networks. We include a rollback mechanism to allow a server to gracefully
revert to an ordinary TLS handshake when needed. Our design is fully
backwards compatible: fast-track clients can interoperate with servers
unaware of fast-track and vise versa. We have implemented our proposal
to demonstrate the savings in network traffic and round trips.
Advanced
Client/Server Authentication in TLS
Authors:
Adam Hess
Jared Jacobson
Hyrum Mills
Ryan Wamsley
Kent E. Seamons
Bryan Smith
Affiliation:
Brigham Young University
Computer Science Department
Abstract:
Many business transactions
on the Internet occur between strangers, that is, between entities with
no prior relationship and no common security domain. Traditional security
approaches based on identity or capabilities do not solve the problem
of establishing trust between strangers. New approaches to trust establishment
are required that are secure, scalable, and portable. One new approach
to mutual trust establishment is trust negotiation, the bilateral exchange
of digital credentials to establish trust gradually. This paper describes
the Trust Negotiation in TLS (TNT) protocol, an extension to the TLS
handshake protocol that incorporates recent advances in trust negotiation
into TLS to provide advanced client/server authentication in TLS. In
this paper we describe the current limitations in TLS client/server
authentication with respect to trust establishment, and show how the
TNT protocol overcomes them. We also describe our implementation of
TNT, built using PureTLS, a Java TLS package that is freely available.
This implementation is the first to provide confidential trust negotiation,
verification of private keys during trust negotiation, and a single
trust negotiation protocol supporting interoperable trust negotiation
strategies.
Active
Certificates: A Framework for Delegation
Authors:
Nikita Borisov
Eric Brewer
Affiliation:
UC Berkeley
Abstract:
In this paper, we
present a novel approach to delegation in computer systems. We exploit
mobile code capabilities of today's systems to build active certificates:
cryptographically signed mobile agents that implement delegation policy.
Active certificates arrive at a new combination of properties, including
expressivity, transparency, and offline operation, that is not available
in existing systems. These properties make active certificates powerful
tools to express delegation. Active certificates can also be used as
a mechanism to implement complex policy systems, such as public key
infrastructures; systems built in this way are easily extensible and
interoperable. A prototype implementation of active certificates has
been built as part of the Ninja project.
Statistically
Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses
Authors:
Gabriel Montenegro, SUN Labs, Europe
Claude Castelluccia, INRIA Rhone Alpes
Abstract:
This paper addresses
the identifier ownership problem. It does so by using characteristics
of Statistic Uniqueness and Cryptographic Verifiability (SUCV) of certain
entities which this document calls SUCV Identifiers and Addresses. Their
characteristics allow them to severely limit certain classes of denial
of service attacks and hijacking attacks. SUCV addresses are particularly
applicable to solve the address ownership problem that hinders mechanisms
like Binding Updates in Mobile IPv6.
An
Analysis of the Degradation of Anonymous Protocols
Authors:
Matthew Wright, Dept. of Computer Science, University of Massachusetts
Micah Adler, Dept. of Computer Science, University of Massachusetts
Brian Neil Levine, Dept. of Computer Science, University of Massachusetts
Clay Shields, Dept. of Computer Science, Georgetown University
Abstract:
There have been
a number of protocols proposed for anonymous network communication.
In this paper we investigate attacks by corrupt group members that degrade
the anonymity of each protocol over time. We prove that when a particular
initiator continues communication with a particular responder across
path reformations, existing protocols are subject to the attack. We
use this result to place an upper bound on how long existing protocols,
including Crowds, Onion Routing, Hordes, and DC-Net, can maintain anonymity
in the face of the attacks described. Our results show that fully-connected
DC-Net is the most resilient to these attacks, but it suffers from scalability
issues that keep anonymity group sizes small. Additionally, we show
how violating an assumption of the attack allows malicious users to
setup other participants to falsely appear to be the initiator of a
connection.
Performance
Analysis of TLS Web Servers
Authors:
Cristian Coarfa
Peter Druschel
Dan S. Wallach
Affiliation:
Rice University
Abstract:
TLS is the protocol
of choice for securing today's e-commerce and online transactions, but
adding TLS to a web server imposes a significant overhead relative to
an insecure web server on the same platform. We did a comprehensive
study of the performance costs of TLS. Our methodology was to profile
TLS web servers with trace-driven workloads, replacing individual components
inside TLS with no-ops, and measuring the observed increase in server
throughput. From this, we estimated the relative costs of each component
within TLS, predicting the areas for which future optimizations would
be worthwhile. Among our results we show that RSA accelerators are effective
for e-commerce site workloads , because they experience low TLS session
reuse. Accelerators appear to be less effective for sites where all
the requests are handled by a TLS server, thus having higher session
reuse rate; investing in a faster CPU might prove more effective.
|
