Internet Society Frontpage

Events Membership
About the Internet Standards
Publications  Public Policy
About ISOC Education


NDSS Symposium 2004

The 11th Annual Network and Distributed System Security Symposium
Catamaran Resort Hotel
San Diego, California
5-6 February 2004-Symposium
4 February 2004-Pre-Conference Tutorials

About San Diego


Network Security Protocols: Today and Tomorrow
Selected topics in information security
Language-based Security
IPsec tutorial

Network Security Protocols: Today and Tomorrow
Overview of the design of network protocols, and specifics about PKI, IPsec, SSL, Kerberos.
-- Radia Perlman and Charlie Kaufman:

This tutorial covers the concepts in network security protocols, describes the current standards and vulnerabilities, and suggests areas that need research. It approaches the problems first from a generic conceptual viewpoint, covering the problems and the types of technical approaches for solutions. For example, how would encrypted email work with distribution lists? What are the performance and security differences in basing authentication on public key technology versus secret key technology? What kinds of mistakes do people generally make when designing protocols? Armed with a conceptual knowledge of the toolkit of tricks that allow authentication, encryption, key distribution, etc., we describe the current standards, including Kerberos, S/MIME, SSL, IPsec, PKI, and web security.

Radia Perlmanis a Distinguished Engineer at Sun Microsystems, doing research on network protocols. Her research includes making PKI-based systems scale to multiple mutually distrustful organizations, analysis and redesign of IKE (the authentication handshake for IPsec), strong password protocols, transparent routing and making data securely unrecoverable. She is known for invention of the spanning tree algorithm used by all bridges/switches, robust and scalable link state routing used by most of the routers in the Internet today, and sabotage-proof routing, perhaps to be used by routers in the Internet someday. She is the author of the textbook "Interconnections: Bridges, Routers, Switches and Internetworking Protocols", and co-author (along with Charlie Kaufman) of "Network Security: Private Communication in a Public World", published by Prentice Hall. She has taught graduate and undergraduate level courses at Harvard and at MIT. She has about 60 issued patents in the fields of routing and security, a PhD in computer science from MIT, and an honorary doctorate from KTH, the Royal Institute of Technology of Sweden.

Charlie Kaufman is the security architect for the Common Language Runtime (CLR) group at Microsoft. Prior to that, he was security architect for Lotus Notes & Domino. He currently serves on the IAB (Internet Architecture Board) of IETF. He is the author of the IKEv2 protocol. Also in IETF, he served as the chair of the Web Transaction Security working group. He served on the National Academy of Sciences expert panel on computer security that produced the book "Trust in Cyberspace". Previously, he was network security architect for Digital Equipment Corporation. He is co-author of "Network Security: Private Communication in a Public World".

Selected topics in information security
-- Steven Kent, Chief Scientist - Information Securit, BBN Technologies

This tutorial consists of a series of lectures on selected topics in information security, presented by the speaker as invited talks at various fora around the world. The lectures include:

  • Biometrics: A System Security View
  • PKI Models: What's Trust Got to Do with It?
  • Improving Certification Authority Security Using Smart Crypto Modules
  • Who Goes There? Authentciation Through the Lens of Privacy
  • IPsec: It's Not Just Encryption
  • Securing the Border Gateway Protocol (BGP)

In his role as Chief Scientist, Dr. Kent oversees information security activities within BBN Technologies, and works with government and commercial clients, consulting on system security architecture issues. In this capacity he has acted as system architect in the design and development of several network security systems for the Department of Defense and served as principal investigator on a number of network security R&D projects for 25 years.

During this period, Dr. Kent's R&D activities have included the design and development of user authentication and access control systems, network layer encryption and access control systems, secure transport layer protocols secure e-mail technology, multi-level secure (X.500) directory systems, public-key certification authority systems, and key recovery (key escrow) systems. His most recent work focuses on public-key certification infrastructures for government and commercial applications, security for Internet routing, very high speed IP encryption, and high assurance cryptographic modules.

The author of two book chapters and numerous technical papers on network security, Dr. Kent has served as a referee, panelist and session chair for a number of conferences. Since 1977 he has lectured on the topic of network security on behalf of government agencies, universities, and private companies throughout the United States, Europe, Australia, and the Far East. Dr. Kent received the B.S. degree in mathematics from Loyola University of New Orleans, and the S.M., E.E., and Ph.D. degrees in computer science from the Massachusetts Institute of Technology. He is a Fellow of the ACM and a member of the Internet Society and Sigma Xi.

IPsec: It's simpler than you think!
--Angelos Keromytis and John Ioannidis:

Who should attend:

Network administrators, system managers, developers of network applications, and anyone interested in network security. Some familiarity with networking principles is required, but cryptography
is not.

About the tutorial:

The IPsec protocol suite provides network-layer security for the Internet and is an IETF standard. It is already widely used to implement Virtual Private Networks (VPNs), and is beginning to make its way into commercial implementations of desktop operating systems. IPsec offers a remarkable flexibility not possible at higher or lower layer abstractions: security can be configured end-to-end, route-to-route, edge-to-edge, or in any other configuration in which network nodes can be identified as appropriate security endpoints. This flexibility however implies some associated complexity, which tends to obscure the usefulness of IPsec in engineering a secure Internet.

This tutorial covers every feature of IPsec and its key management protocol, IKE. We start with a justification for network-layer security, and a discussion of datagram encapsulation, tunneling, and overlay networks such as VPNs, the MBONE and 6BONE, in order to facilitate the understanding of how IPsec works. We then present the ESP and AH transforms, explaining the applicability of each. Moving on to key management, we discuss the Internet Key Exchange (IKE) protocol, with many configurations examples on popular operating systems. During the tutorial, we also examine the interactions of IPsec with firewalls and NAT boxes.

Interaction between IPsec/IKE and Firewall/NAT boxes: Firewalls and NAT boxes are a fact of life, and we have to address them. We cover how IPsec/IKE interact with these boxes, and how to configure things so that security is maintained and the firewall policies are not circumvented.

We offer many examples of configuration files for a variety of operating systems, including Windows 2000. This can be an interactive presentation if we can carry enough laptops.

Performance considerations (software and hardware): The argument ``IPsec is slow/no it isn't'' keeps getting repeated.
We present actual performance numbers from a variety of
implementations, and show that there is nothing to fear.

Comparison with TLS/SSL:
Why do we need IPsec when SSL/TLS is so widespread? We address the pros and cons and we hope this will not start a religious discussion.

About PKIs:
A lot has been said about the need for PKIs, and many people see their non-existence as a reason not to deploy IPsec. We debunk any
of these myths, and show alternatives to the textbook PKI scenario.

Miscellaneous topics:
This is a catch-all heading for discussing issues such as error management, Path-MTU and tunnel interactions, IPSRA (IP Secure REmote Access), L2TP (Layer 2 Tunneling Protocol), IPv6, and other topics related to IPsec.

Future developments 1: Policy:
Neither ESP/AH nor IKE really address the issue of policy management. While this is still the subject of research and on-going discussion at the IETF, there is a need for negotiating and distributing policy information to IPsec nodes. We present some of the issues and solutions involved, as time permits.

Future developments 2: Additional Key Management protocols: Since its very inception, IPsec was meant to be able to support multiple key management protocols. We discuss KINK, a Kerberos-based protocol, Photuris, a simpler precuror to IKE, and some of the recently suggested replacements for IKE.

John Ioannidis is a researcher at AT\&T Labs -- Research. He has been contributing in the IETF for over 10 years, and has been with the IPsec effort since the very beginning. Among his contributions to IPsec are the first SunOS, BSD and Linux implementations. He has also worked on policy mechanisms for IPsec, and more recently on JFK, a proposed successor to the Internet Key Exchange protocol. His many research interests include security of large distributed systems, distributed denial of service prevention, routing security, wireless and mobile networking, micropayment systems, and high-speed network monitoring.

Angelos Keromytis is an Assistant Professor of Computer Science at Columbia University. He has been working on IPsec since 1995, both in defining and refining the standards in the IETF, and in implementing and measuring its performance. He is currently serving as the IPsec Working Group Secretary. He developed the OpenBSD IPsec stack, and wrote the first free implementations of the Photuris and IKE key management protocols for IPsec. More recently, he has been working on a proposed successor to IKE, named JFK, and has designed and implemented a cryptographic acceleration framework for IPsec (and other cryptography-heavy applications). His other research interests include scalable access control mechanisms, security policy composition and enforcement, and distributed system virtualization.

Language-based Security
-- Dan Wallach, Rice University

This course will discuss the security of language-based runtime systems, increasingly used to support the execution of untrusted programs transmitted across the Internet. We will discuss a variety of problems that have been found in commercial systems, particularly with Java, and will discuss the various techniques that have been adopted in industry as well as more current academic research aimed at addressing the problem. While this course will touch on more theoretical topics such as programming-language type theory, this course will be accessible to general computer science audiences.

Dan Wallach is Assistant Professor of Computer Science at Rice University in Houston, Texas. His research involves computer security and the issues of building secure and robust software systems for the Internet. Wallach's pioneering efforts led to the development and standardization of the "stack inspection" security model, now used by Sun, Microsoft, and many other systems. Wallach has also studied security issues that occur in distributed and peer-to-peer systems, focusing on techniques that can increase the robustness of these systems against malicious nodes that do not necessarily follow protocols correctly. Wallach has also helped expose poor security designs in commercial technologies including "secure" music standards and "secure" electronic voting systems, both of which turned out to be easy to circumvent.