Jussipekka Leiwo

DOS-Resistant Authentication with Client Puzzles

Denial of service by server resource exhaustion has become a major security threat in open communications networks. Public-key authentication does not completely protect against the attacks because the authentication protocols often leave ways for an unauthenticated client to consume a servers memory space and computational resources by initiating a large number of protocol runs and inducing the server to perform expensive cryptographic computations. We show how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent such attacks.

Towards Network Denial of Service Resistant Protocols

Networked and distributed systems have introduced a new significant threat to the availability of data and services: network denial of service attacks. A well known example is the TCP SYN flooding. In general, any statefull handshake protocol is vulnerable to similar attacks. This paper examines the network denial of service in detail and surveys and compares different approaches towards preventing the attacks. As a conclusion, a number of protocol design principles are identified essential in designing network denial of service resistant protocols, and examples provided on applying the principles.

Encrypted Message Authentication by Firewalls

Firewalls typically filter network traffic at several different layers. At application layer, filtering is based on various security relevant information encapsulated into protocol messages. The major obstacle for efficient verification of authenticity of messages at application layer is the difficulty of verifying digital signatures without disclosure of content protected by encryption. This is due to a traditional paradigm of generating a digital signature of a message and then encrypting the signature together with the message to preserve confidentiality, integrity, non-repudiation and authenticity. To overcome this limitation, a scheme shall be proposed for enabling signature verification without disclosing the content of messages. To provide maximum efficiency, the scheme is based on digital signcryption.

Disallowing Unauthorized State Changes of Distributed Shared Objects

Attaching digital signatures to state update messages in global distributed shared object (DSO) systems is not trivial. If the DSO consists of a number of autonomous local representative that use open, public networks for maintaining the state consistency, allowing a local representative to sign state update messages is not appropriate. More sophisticated schemes are required to prevent unauthorized state updates by malicious local representative or external parties. This paper examines the problem in detail, compares a number of possible solutions, and identifies the most suitable one and demonstrates how the state update messages can be signed using the identified solution.

A Method to Implement a Denial of Service Protection Base

Denial of service attack is an attempt from any authorized or unauthorized entity to allocate resources excessively to prevent normal operation of the system. A method will be presented to specify and enforce a resource allocation policy to prevent denial of service attacks. Resource allocation policy can be formally derived from a waiting time policy where maximum acceptable response times for different processes are specified.

An analysis of ethics as foundation of information security in distributed systems

Security of distributed systems requires both technical and administrative foundations. Technical foundation is based on cryptographic measures and access control models, and is well understood. Administrative foundation is based on several non-technical layers added on top of technical communication protocols. Several models for secure interconnection of information systems suggest common ethics to be the uppermost layer and base for legal, managerial and operational procedures. Ethics as a foundation of secure interconnection of systems is critically analysed and several problems of ethical layer are identified. Considering this analysis, a new group and social contract layer is suggested on top of ethical layer. The new approach can be enforced within current technology, supports social behaviour of human beings, and is iterative allowing forming of larger secure communities by interconnecting existing secure groups.

Organizational Modeling for Efficient Specification of Information Security Requirements

Functional security requirements of information systems can roughly be classified into two: computer security requirements and communications security requirements. Challenges for developing notations for expressing these requirements are numerous, most importantly the difficulty of dealing with layers of abstraction, flexibility to adapt into many types of requirements, groupings of requirements, and requirement dependencies. Many frameworks for dealing with information security highlight the importance of a properly defined organization of security but fail to establish models to support the specification. This paper establishes one such model and demonstrates how the above difficulties can be overcome through extensive application of organizational modeling of information security.

A Security Design for a Wide-Area Distributed System

Designing security of wide-area distributed systems is a highly complicated task. The complexity of underlying distribution and replication infrastructures together with the diversity of application scenarios increases the number of security requirements that must be addressed. High assurance requires the security enforcement to be isolated from non-security relevant functions and limited in the size of implementation. The major challenge in the is to find a balance between the diversity of security requirements and the need for high assurance. This paper addresses this conflict using Globe system as a reference framework, and establishes a security design that provides a flexible means of addressing the variety of security requirements of different application domains.

A Framework for the Management of Information Security

Information security is strongly dependent on access control models and cryptographic techniques. These are well established areas of research and practice in the enforcement of technical information security policies but are not capable of supporting development of comprehensive information security within organizations. Therefore, there is a need to study upper level issues to establish organizational models for specifying security enforcement mechanisms and coordinating policies. This paper proposes a model for dealing with high level information security policies. The core is to enforce a continuous refinement of information security requirements aiming at formally deriving technical security policies from high level security objectives. This refinement is carried out by in formation security harmonization functions. Contribution of this paper is on the specification of a notation for expressing information security requirements and on the specification of a mechanism to formulate harmonization functions.

A formal model to aid documenting and harmonizing of information security requirements

A formal top down model shall be presented to aid documentation and harmonization of information security requirements. The model formalizes layered development of information security, where top level abstract objectives, strategies and policies are step by step refined into concrete protection measure specifications. The model consists of static and dynamic parts, where static part refers to the organization, and dynamic part to the refinement of requirements. Major functions are horizontal and vertical harmonization functions used to transfer requirement into lower levels of abstraction, and to identify requirements of secure inter-operation of systems on each layer. Application of the model then consists of two parts: specification of the organization and specification of requirement harmonization functions.