NDSS Symposium 2002
Network and Distributed System Security Symposium
Catamaran Resort Hotel
San Diego, California
6-8 February 2002
Major IETF Security Standards: PKIX, IPsec, SSL/TLS presented by Steve Kent
This full day tutorial explores several major IETF security standards. It begins with a discussion of security services and the allocation of services to protocol layers. It then progresses to an analysis of X.509 certificate and CRL formats and processing standards, as described in the PKIX RFCs. Version 1,2, and 3 certificates and version 1 and 2 CRLs are examined in detail, including standard certificate and CRL extensions. This section ends with a brief discussion of other PKIX work, past, present, and future. Next the tutorial turns to the IPsec protocols suite. It describes the environments for which IPsec has been developed, examines AH & ESP format and processing, and discusses the how and why of access control in IPsec. Outbound and inbound processing for IPsec traffic in security gateways is examined, with attention to performance enhancement options. A brief discussion of IKE, and the proposed "son-of-IKE" protocols is included. the tutorial complete with a detailed examination of SSL/TLS, the widely used session layer security protocol. This section begins with an analysis of the sub-protocols of SSL and progresses through a detailed examination of each: handshake, change-chipehr-spec, and alert. Key management options and key generation procedures are explained. Differences between SSL and TLS are summarized.
Dr. Stephen Kent Chief Scientist- Information Security BBN Technologies
In his role as Chief Scientist, Dr. Kent oversees information security activities within BBN Technologies, and works with government and commercial clients, consulting on system security architecture issues. In this capacity he has acted as system architect in the design and development of network security systems for the Department of Defense and served as principal investigator on a number of network security R&D projects for almost 20 years. His current work focuses on high speed encryption, high assurance crypto modules, and PKI.
Dr. Kent co-chairs the PKIX WG of the IETF, and is the author of the core IPsec standards: AH, ESP, and the IPsec architecture. The author of two book chapters and numerous technical papers on network security, he has served as a referee, panelist and session chair for a number of conferences. Since 1977 he has lectured on the topic of network security on behalf of government agencies, universities, and private companies throughout the United States, Europe, Australia, and the Far East. Dr. Kent received the B.S. degree in mathematics from Loyola University of New Orleans, and the S.M., E.E., and Ph.D. degrees in computer science from the Massachusetts Institute of Technology. He is a Fellow of the ACM and a member of the Internet Society and Sigma Xi.
Crash Course In SSL and TLS presented by Eric Rescorla
This tutorial is an in-depth look at SSL and TLS. In this tutorial, we'll cram as much SSL/TLS knowledge into your head as possible in a single day. In the morning we'll cover the protocol itself, including some exotic and badly documented details. After, lunch we'll discuss what it's like to use SSL in real applications. Finally, we'll discuss what's coming in future versions.
- The basic SSL handshake (i.e. server-only RSA)
- The major variants: (a) Session resumption (b) client authentication (c) ephemeral RSA (export) (d) SGC/Step-Up (e) DSS/DH (f) Rehandshake
- Known attacks (a) PRNG -- (Wagner/Goldberg) (b) Export ciphers and distributed cracking (c) Million-message attack (d) Some downgrade attacks
- Differences between different versions (a) SSLv2 (b) SSLv3 vs. TLS (b) WTLS
- Integration with HTTP (a) virtual hosting (b) proxies (c) Upgrade and why it doesn't work well (d) Using SSL with your HTTP server (mod_ssl, ApacheSSL, IIS...) (e) Browser issues, especially certificates
- Integration with other protocols (problems with using SSL)
- Performance (a) Algorithm choice (b) Some bad design decisions in SSL (c) Acceleration (d) Implementation issues
- Programming with SSL (a) Where to get an implementation (b) Not as easy as it looks...
- Futures (a) New algorithms (b) Extensions (c) Wireless (not WTLS)
Who Will Benefit From This Tutorial Developers Network Architects Security engineers Anyone who wants to understand SSL/TLS.
Prerequisites Attendees should be familiar with TCP/IP. Familiarity with basic cryptography (encryption, public key, message digests, etc.) is desirable. We'll start with a brief primer on cryptography if a substantial portion of the class needs it.
Mr. Eric Rescorla
Eric Rescorla is Principal Engineer of RTFM, Inc., an independent security consulting firm. He has been working in Internet Security since 1993. He has been a member of the TLS working group from before the beginning and has written several commercial SSL implementations as well as the free Java toolkit PureTLS and the SSL protocol analyzer ssldump. He is the author of "SSL and TLS: Designing and Building Secure Systems" (Addison-Wesley 2000) as well as the RFCs defining Secure-HTTP and HTTP over TLS.
Wireless LAN Security: Problems and Solutions presented by Bill Arbaugh
Wireless local area networks (WLAN) based on the IEEE 802.11b standard are inexpensive and easy to deploy. As a result, a large number of organizations have installed WLAN's or are planning to install them in the near future. While the benefits of a WLAN is clear, the risks associated with them are just now becoming known. In this class, students will learn and see first hand what an attacker can do against a WLAN in both passive and active attacks. Once the student understands the threats against a WLAN, they will learn several approaches that can be implemented to mitigate the threats against deployed WLAN's, as well as how to design and deploy a new WLAN that mitigates the known threats. Next, simple auditing techniques for monitoring the security of a deployed WLAN will be described. Finally, the class will conclude by describing WLAN's next generation security architecture, the Enhaced Security Network (ESN).
Dr. William Arbaugh
Bill Arbaugh joined the Computer Science department at Maryland after spending sixteen years with the U.S. Department of Defense- first as a commissioned officer in the Army and then as a civilian. During the sixteen years, Prof. Arbaugh served in several leadership positions in diverse areas ranging from tactical communications to advanced research in information security and networking. In his last position, Prof. Arbaugh served as a senior technical advisor in an office of several hundred computer scientists, engineers, and mathematicians conducting advanced networking research and engineering. Prof. Arbaugh received a B.S. from the United States Military Academy at West Point, a M.S. in computer science from Columbia University in New York City, and a PhD in computer science from the University of Pennsylvania in Philadelphia.
Prof. Arbaugh's research interests include information systems security and privacy with a focus on embedded systems and configuration management. In his limited spare time, Prof. Arbaugh enjoys spending time with his family and playing an occasional round of golf.