Philippe A. Janson

Systematic design of a family of attack-resistant authentication protocols

Most existing designs for two-way cryptographic authentication protocols suffer from one or more limitations. Among other things, they require synchronization of local clocks, they are subject to export restrictions because of the way they use cryptographic functions, and they are not amenable to use in lower layers of network protocols because of the size and complexity of messages they use. Designing suitable cryptographic protocols that cater to large and dynamic network communities but do not suffer from these problems presents substantial problems. It is shown how a few simple protocols, including one proposed by ISO, can easily be broken, and properties that authentication protocols should exhibit are derived. A methodology for systematically building and testing the security of a family of cryptographic two-way authentication protocols that are as simple as possible yet resistant to a wide class of attacks, efficient, easy to implement and use, and amenable to many different networking environments is described. Examples of protocols of that family that presents various advantages in specific distributed system scenarios are discussed. >

The KryptoKnight family of light-weight protocols for authentication and key distribution

An essential function for achieving security in computer networks is reliable authentication of communicating parties and network components. Such authentication typically relies on exchanges of cryptographic messages between the involved parties, which in turn implies that these parties be able to acquire shared secret keys or certified public keys. Provision of authentication and key distribution functions in the primitive and resource-constrained environments of low-function networking mechanisms, portable, or wireless devices presents challenges in terms of resource usage, system management, ease of use, efficiency, and flexibility that are beyond the capabilities of previous designs such as Kerberos or X.509. This paper presents a family of light-weight authentication and key distribution protocols suitable for use in the low layers of network architectures. All the protocols are built around a common two-way authentication protocol. The paper argues that key distribution may require substantially different approaches in different network environments and shows that the proposed family of protocols offers a flexible palette of compatible solutions addressing many different networking scenarios. The mechanisms are minimal in cryptographic processing and message size, yet they are strong enough to meet the needs of secure key distribution for network entity authentication. The protocols presented have been implemented as part of comprehensive security subsystem prototype called KryptoKnight. >

Scalability and flexibility in authentication services: the KryptoKnight approach

This paper studies the issues of flexibility and scalability in the context of network security. In particular, it concentrates on authentication and key distribution services suited for a variety of communication paradigms, network environments, and end-devices. We present the design criteria, specification, and step-by-step construction of authentication and key distribution services based on experience in the KryptoKnight project. The central goal of the KryptoKnight project was the construction of basic network security functions in a minimal, flexible (thus, versatile) and scalable manner. Protocol minimality (in terms of resource usage) and flexibility are not merely theoretical goals; they have clear advantages in environments where computational resources are limited and connectivity is restricted. KryptoKnight was aimed at such environments: small and anemic wireless devices, simple network and data-link entities, embedded micro-devices and other special-purpose communication equipment and configurations. Furthermore, scalability of protocols makes their deployment possible in the presence of rapid network growth and inter-domain communication.

Research: Secure and minimal protocols for authenticated key distribution

The problem of secure key distribution has been the subject of much attention in recent years. This paper describes a novel method for authenticated key distribution in the distributed systems environment. In particular, a braiding technique for key distribution is introduced. The underlying protocols are extremely compact in both the number of messages and message sizes, which facilitates their application at any layer (at lower layers, in particular) in the protocol hierarchy. Furthermore, the protocols are shown to be resistant to a wide range of interleaving attacks. All this is achieved with minimal computational requirements, and without the necessity of using traditional encryption (a strong one-way function suffices).

Abstract interdomain security assertions: a basis for extra-grid virtual organizations

One significant challenge in building grids between organizations with heterogeneous security systems is the need to express and enforce security policies that specify the users in one organization (the source domain) who are allowed to access the resources in another organization (the target domain). This requires linking the syntax and semantics of security assertions referring to users and their attributes in the source domain to those referring to resources in the target domain. This paper suggests some basic requirements for solving this problem, in particular, an abstract form of interdomain security assertion (IDSA) relying, for instance, on globally meaningful URIs (Uniform Resource Identifiers) to refer to users, resources, and their attributes. This canonical abstract form of IDSA is, however, used strictly for assertion mapping purposes. It may--but need not-- be visible in any concrete security assertion syntax in any domain. The paper further suggests different scenarios in which URIs for users, resources, and attributes defined in one domain can be mapped to semantically meaningful references--with varying degrees of granularity and accountability--in another domain where they would otherwise be meaningless.

Security in open networks and distributed systems

Abstract With the ever increasing pervasiveness of computer networks, security of information stored in or transported through networks, as well as security of network components and resources themselves are becoming the focus of intense concern on the part of network users and operators. This paper discusses a selection of the most popular state-of-the-art mechanisms designed to protect information, objects and other resources found in networks and distributed systems. The various techniques discussed are introduced in a bottom-up order, starting with basic cryptographic tools, then explaining how these can be exploited to achieve various forms of authentication services, and finally sketching very briefly more recent, mostly experimental developments in the area of access controls for networks and network resources. The paper is addressed to readers with a background in networks and distributed systems but little or no understanding of security issues in general, system security in networking and distributed environments in particular.

Connection-oriented versus connectionless protocols: A performance study

The impact of various implementations of an end-to-end transport service on the performance of high-volume data transfers in a local-area network is investigated. The impact of using a connection-oriented logical-link control (LLC) protocol below a connection-oriented transport protocol is of particular interest. The performance measure is the throughput which can be achieved between two stations either from memory to memory or from disk to disk. The throughput was determined by simulation for various combinations of differing LLC protocols, disk models and processor speeds. The parameters for the simulation model were determined partially by measurements of an implemented file server. The results show that the performance penalty of a connection-oriented LLC protocol can be substantial, but can be significantly lowered when an acknowledgment accumulation strategy is applied.

Using type-extension to organize virtual-memory mechanisms

Much effort is currently being devoted to producing computer systems that are easy to understand, to verify and to develop. The general methodology for designing such a system consists of decomposing it into a structured set of modules so that the modules can be understood, verified and developed individually, and so that the understanding/verification of the system can be derived from the understanding/verification of its modules. While many of the mechanisms in a computer system have been decomposed successfully into a structured set of modules, no technique has been proposed to organize the virtual memory mechanism of a system in such a way.The present paper proposes using type extension for that purpose. The virtaul memory mechanism consists of a set of type manager modules implementing abstract information containers. The structure of the mechanism reflects the structure of the containers that are implemented. While using type extension to organize a virtual memory mechanism is conceptually simple, it is hard to achieve in practice. All existing or proposed uses of type extension assume the existence of information containers that are uniformly accessible, can always be grown and are protected. Using type extension inside a virtual memory mechanism raises implementation problems since such containers are not implemented. Their implementation is precisely the objective of the virtual memory mechanism. In addition to explaining how type extension can be supported inside a virtual memory mechanism, the paper briefly discusses some aspects of its application to the reorganization of the kernal of a commercial, general-purpose, time-sharing system. It concludes by presenting some results of that case study concerning the organization of operating systems.

Heterogeneity and OSI

A review is presented of the different aspects of heterogeneity that need to be resolved to achieve global interoperability, and specifically, to provide global transport service. The authors concentrate on the problems of interconnecting computer networks and systems that use different protocols, either different subsets of OSI (open systems interconnection) standards or OSI and non-OSI protocols. The issues of protocol conversion are discussed, and integrated naming, addressing, and directory mechanisms for interconnecting OSI and non-OSI domains are outlined. More subtle aspects of interoperability are examined for the case of the OSI transport protocol class 4 in mixed LAN/WAN (local-area-network/wide-area network) environments. >

Interconnecting OSI and non-OSI networks using an integrated directory

The emergence of OSI as an international standard is fostering a desire to interconnect existing networks and network architectures to OSI. In order to achieve this, a global scheme is necessary to provide object identification, and specific solutions are needed to provide internetwork addressibility between applcations. A structured naming level can be built on top of existing application program interfaces, and the necessary internetwork addressing and directory query capabilities can be provided by an application-level gateway. The address mechanism on the gateway maps local proxies into foreign addresses; the originality of the scheme is that proxies are built dynamically during internetwork directory calls, thus overcoming the typical problems of proxy schemes. The functions at the gateway can be organized into a base and option set structure, and be implemented up to the desired level of sophistication. The design presented is modular, and provides hooks for possible future evolutions of network architectures.