Dirk Balfanz

Extensible security architectures for Java

Mobile code technologies such as Java, JavaScript, and ActiveX generally limit all programs to a single restrictive security policy. However, software-based protection can allow for more extensible security models, with potentially significant performance improvements over traditional hardware-based solutions. An extensible security system should be able to protect subsystems and implement policies that are created after the initial system is shipped. We describe and analyze three implementation strategies for interposing such security policies in software-based security systems. Implementations exist for all three strategies: several vendors have adapted capabilities to Java, Netscape and Microsoft have extensions to Javas stack introspection, and we built a name space management system as an add-on to Microsoft Internet Explorer. Theoretically, all these systems are equivalently secure, but many practical issues and implementation details favor some aspects of each system.

Secret handshakes from pairing-based key agreements

Consider a CIA agent who wants to authenticate herself to a server but does not want to reveal her CIA credentials unless the server is a genuine CIA outlet. Consider also that the CIA server does not want to reveal its CIA credentials to anyone but CIA agents - not even to other CIA servers. We first show how pairing-based cryptography can be used to implement such secret handshakes. We then propose a formal definition for secure secret handshakes, and prove that our pairing-based schemes are secure under the Bilinear Diffie-Hellman assumption. Our protocols support role-based group membership authentication, traceability, indistinguishability to eavesdroppers, unbounded collusion resistance, and forward repudiability. Our secret-handshake scheme can be implemented as a TLS cipher suite. We report on the performance of our preliminary Java implementation.

Self-healing key distribution with revocation

We address the problem of establishing a group key amongst a dynamic group of users over an unreliable, or lossy, network. We term our key distribution mechanisms self-healing because users are capable of recovering lost group keys on their own, without requesting additional transmissions from the group manager thus cutting back on network traffic, decreasing the load on the group manager and reducing the risk of user exposure through traffic analysis. A user must be a member both before and after the session in which a particular key is sent in order to be able to recover the key through self-healing. Binding the ability to recover keys to membership status enables the group manager to use short broadcasts to establish group keys, independent of the group size. In addition, the self-healing approach to key distribution is stateless, meaning that a group member who has been off-line for some time is able to recover new session keys immediately after coming back on-line.

In search of usable security: five lessons from the field

A new system reduces the time to enroll in a secure wireless network by two orders of magnitude, and it also gets high marks for usability and user satisfaction. This article provides a real-world example revealing five general lessons for usable, secure system design.

Using speakeasy for ad hoc peer-to-peer collaboration

Peer-to-peer systems appear promising in terms of their ability to support ad hoc, spontaneous collaboration. However, current peer-to-peer systems suffer from several deficiencies that diminish their ability to support this domain, such as inflexibility in terms of discovery protocols, network usage, and data transports. We have developed the Speakeasy framework, which addresses these issues, and supports these types of applications. We show how Speakeasy addresses the shortcomings of current peer-to-peer systems, and describe a demonstration application, called Casca, that supports ad hoc peer-to-peer collaboration by taking advantages of the mechanisms provided by Speakeasy.

Securing a remote terminal application with a mobile trusted device

Many real-world applications use credentials such as passwords as means of user authentication. When accessed from untrusted public terminals, such applications are vulnerable to credential sniffing attacks, as shown by recent highly publicized compromises. In this paper, we describe a secure remote terminal application that allows users possessing a trusted device to delegate their credentials for performing a task to a public terminal without being in danger of disclosing any long-term secrets. Instead, the user gives the terminal the capability of performing a task temporarily (as long as the user is in its proximity). Our model is intuitive in the sense that the user exposes to the untrusted terminal only what he sees on the display, and nothing else. We present the design and implementation of such a system. The overhead - in terms of additional network traffic - created by introducing a trusted third party is a moderate 12%.

Experience with secure multi-processing in Java

As the Java/sup TM/ platform is the preferred environment for the deployment of network computers, it is appealing to run multiple applications on a single Java enabled desktop. We experimented with using the Java platform as a multiprocessing, multi user environment. Although the Java Virtual Machine (JVM) is not inherently a single application design, we have found that the implementation of the Java Development Kit (JDK) often implicitly assumes that the JVM runs exactly one application at any one time. We report on the limitations we encountered and propose improvements to several aspects of the Java technology architecture, including its security features. We have implemented all the proposed changes in a prototype based on an in-house beta version of JDK 1.2. Our prototype uses a Bourne shell like command line tool to launch multiple applications (such as Appletviewer) within one JVM.

Strengthening user authentication through opportunistic cryptographic identity assertions

User authentication systems are at an impasse. The most ubiquitous method -- the password -- has numerous problems, including susceptibility to unintentional exposure via phishing and cross-site password reuse. Second-factor authentication schemes have the potential to increase security but face usability and deployability challenges. For example, conventional second-factor schemes change the user authentication experience. Furthermore, while more secure than passwords, second-factor schemes still fail to provide sufficient protection against (single-use) phishing attacks. We present PhoneAuth, a system intended to provide security assurances comparable to or greater than that of conventional two-factor authentication systems while offering the same authentication experience as traditional passwords alone. Our work leverages the following key insights. First, a users personal device (eg a phone) can communicate directly with the users computer (and hence the remote web server) without any interaction with the user. Second, it is possible to provide a layered approach to security, whereby a web server can enact different policies depending on whether or not the users personal device is present. We describe and evaluate our server-side, Chromium web browser, and Android phone implementations of PhoneAuth.

Usable access control for the World Wide Web

While publishing content on the World Wide Web has moved within reach of the nontechnical mainstream, controlling access to published content still requires expertise in Web server configuration, public-key certification, and a variety of access control mechanisms. Lack of such expertise results in unnecessary exposure of content published by nonexperts, or force cautious nonexperts to leave their content off-line. Recent research has focused on making access control systems more flexible and powerful, but not on making them easier to use. We propose a usable access control systems for the World Wide Web, i.e., a system that is easy to use both for content providers (who want to protect their content from unauthorized access) and (authorized) content consumers (who want hassle-free access to such protected content). Our system is constructed with judicious use of conventional building blocks, such as access control lists and public-key certificates. We point out peculiarities in existing software that make it unnecessarily hard to achieve our goal of usable access control, and assess the security provided by our usable system.

A reference architecture supporting hypervideo content for ITV and the internet domain

Abstract Today, people are well-accustomed to broadcasted information as provided by TV, as well as the interactive Web-based retrieval and use of electronic multimedia information. Evolution in technology has also led to the cross-integration of formerly completely separate transmission channels. The Internet, wired and wireless telecommunication, TV and even satellite transmission have become areas of convergence. This is the setting for new types of media to become applicable for a broader public base. Although the components are well-known, the composition of video content transmission with interaction and communication facilities shapes new ways of interacting with information and people. Media as Interactive TV, Interactive Video or collaborative Hypervideo present challenges to content design and the design of usable applications. In this article, we elaborate on a generic view of these new media based on the key concepts of combining video content, interactivity and support for communities. One side of the discussion displays the potential of hypervideo applications, while the other derives their basic functional building blocks. As a core part of this work, a reference architecture for hypervideo systems is derived from the generic hypervideo concept. Finally, the theoretical groundwork is supported by a specific implementation example of the reference architecture for the area of TV-based Web content.