Rolf Oppliger

Research note: Security issues related to mobile code and agent-based systems

This article elaborates on security issues related to mobile code and agent-based systems. In particular, it addresses the problems of (a) how to protect an execution environment against potentially malicious mobile code, and (b) how to protect the mobile code against potentially malicious hosts and execution environments. The article overviews and discusses some technical approaches to address the problems. It concludes with the insight that possible solutions for the problems are not independent, and that some solutions for problem (b) make it more difficult to find appropriate solutions for problem (a).

SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle

Man-in-the-middle attacks pose a serious threat to SSL/TLS-based electronic commerce applications, such as Internet banking. In this paper, we argue that most deployed user authentication mechanisms fail to provide protection against this type of attack, even when they run on top of SSL/TLS. As a possible countermeasure, we introduce the notion of SSL/TLS session-aware user authentication, and present different possibilities for implementing it. We start with a basic implementation that employs impersonal authentication tokens. Afterwards, we address extensions and enhancements and discuss possibilities for implementing SSL/TLS session-aware user authentication in software.

Security at the Internet layer

The Internet Engineering Task Force is standardizing security protocols (IPsec protocols) that are compatible with IPv6 and can be retrofitted into IPv4. The protocols are transparent to both applications and users and can be implemented without modifying application programs. The current protocol versions were published as Internet drafts in March 1998. The article overviews the proposed security architecture and the two main protocols-the IP Security Protocol and the Internet Key Management Protocol-describes the risks they address, and touches on some implementation requirements. IPsecs major advantage is that it can provide security services transparently to both applications and users. Also, the application programs using IPsec need not be modified in any way. This is particularly important when securing application programs that are not available in source code, which is common today. This transparency sets IPsec apart from security protocols that operate above the Internet layer. At present, IPsec is likely to be used in conjunction with and complemented by other security technologies, mechanisms, and protocols. Examples include firewalls and strong authentication mechanisms for access control, and higher layer security protocols for end-to-end communication security. In the near future, however, as virtual private networking and corporate intranets and extranets mature, IPsec is likely to be deployed on a larger scale.

Microsoft .Net Passport: a security analysis

.NET Passport is a password-based single sign-in service that lets users visit multiple Web sites without having to authenticate at each site. Despite its widespread deployment, several open issues remain.

SSL/TLS Session-Aware User Authentication

Overall, transport layer security with session-aware user authentication offers a promising approach to solving man-in-the-middle attack problems by leveraging the legacy authentication mechanisms and systems that the general public has become accustomed to using.

Internet Banking: Client-Side Attacks and Protection Mechanisms

Although current mechanisms protect against offline credential-stealing attacks, effective protection against online channel-breaking attacks requires technologies to defeat man-in-the-middle (MITM) attacks, and practical protection against content-manipulation attacks requires transaction-authentication technologies.

SSL/TLS session-aware user authentication revisited

Man-in-the-middle (MITM) attacks pose a serious threat to SSL/TLS-based e-commerce applications. In Oppliger R, Hauser R, Basin D [SSL/TLS session-aware user authentication - or how to effectively thwart the man-in-the-middle. Computer Communications August 2006;29(12):2238-46] and Oppliger R, Hauser R, Basin D [SSL/TLS session-aware user authentication. IEEE Computer March 2008;41(3) 59-65], we introduced the notion of SSL/TLS session-aware user authentication to protect SSL/TLS-based e-commerce applications against MITM attacks and we proposed an implementation based on impersonal authentication tokens. In this paper, we present a number of extensions of the basic idea. These include multi-institution tokens, possibilities for changing the PIN, and different ways of making several popular and widely deployed user authentication systems SSL/TLS session-aware.

A certified mail system (CMS) for the Internet

It is commonly agreed that the widespread and more professional use of electronic mail on the Internet would gain a lot from certified mail services. In this article, we propose and describe a system that can be used to provide these services. The corresponding certified mail system for the Internet employs an online trusted third party and uses dual signatures to cryptographically link the message keys to the messages that are certified.

A Proof of Concept Implementation of SSL/TLS Session-Aware User Authentication (TLS-SA)

Most SSL/TLS-based e-commerce applications employ conventional mechanisms for user authentication. These mechanisms—if decoupled from SSL/TLS session establishment—are vulnerable to man-in-the-middle (MITM) attacks. In this paper, we elaborate on the feasibility of MITM attacks, survey countermeasures, introduce the notion of SSL/TLS session-aware user authentication (TLS-SA), and present a proof of concept implementation of TLS-SA. We think that TLS-SA fills a gap between the use of public key certificates on the client side and currently deployed user authentication mechanisms. Most importantly, it allows for the continued use of legacy two-factor authentication devices while still providing high levels of protection against MITM attacks.

Internet security enters the Middle Ages

The Internet continues its triumphant advance. It is commonly seen as the first incarnation of an information superhighway, or a national information infrastructure (NII). Because the Internet is dynamic, it has already changed significantly. The initial, research-oriented Internet and its protocol suite were designed for a benign environment best described as collegial, where users and hosts were mutually trusting and interested in a free, open exchange of information. These days, the Internet environment is less collegial and trustworthy; it encompasses all the risks, dangerous situations, and human vices found in society as a whole. The Internet has just entered the Middle Ages. The simple security model of the Stone Age still works for single hosts and LANs. But it no longer works for WANs in general and the Internet in particular. As a first step, firewalls have been erected at the Internet gateways. Because they are capable of selectively dropping or forwarding IP datagrams, firewalls also restrict the connectivity of the Internet as a whole. The Internets firewalls are thus comparable to the town walls and front gates of the Middle Ages. Screening routers correspond to general-purpose gates, while proxy servers and application-layer gateways correspond to specialized gates. >