Takamichi Saito

A technical comparison of IPSec and SSL

IPSec (IP security) and SSL (secure socket layer) have been the most robust and most potential tools available for securing communications over the Internet. Both IPSec and SSL have advantages and shortcomings. Yet no paper has been found comparing the two protocols in terms of characteristic and functionality. Our objective is to present an analysis of security and performance properties for IPSec and SSL.

Privacy enhanced access control by SPKI

In Internet and electronic commerce applications, a user may want to access servers as anonymous with an authorized certificate. In this paper, such privacy-enhanced service scheme is presented by using Simple Public Key Infrastructure (SPKI). A certificate of SPKI carries as few information on clients as possible compared to a certificate of PKIX (Public Key Infrastructure with X.509). After obtaining a certificate issued by an authorized server, a client submits the certificate to the service provider (server) in order to take services associated with the certificate. Then, the provider verifies the submitted certificate and gives permission to the client if verified. A client can delegate a certificate to a third party, so that he/she can access the server instead of the original certificate recipient. The implementation of the proposed certificate-based access control consists of authorized server, issuing agent, client. These are based on SPKI certificate issuer, certificate verifier, access control list management, and delegate mechanism. These subsystems are coded on the basis of SPKI library written in Java.

The secure DHCP system with user authentication

DHCP (dynamic host configuration protocol) makes it easy to access an IP network. However, since the DHCP itself does not have an access control, illegitimate users inside a network segment can easily abuse inside or outside the network. Therefore, we have introduced an authentication scheme and access control into the DHCP system. Using a popular authentication by MAC (media access control) address, a user cannot utilize an IP address except on the MAC address machine. We propose user authentication and access control for the DHCP system and demonstrate its security.

Privacy-enhanced access control by SPKI and its application to Web server

For providing a privacy-enhanced access only for an appropriate user, anonymous access such as anonymous FTP is too weak because a service provider cannot know about a client, while authentication-based access control such as PKIX (Public Key Infrastructure with X.509) is too strong because ID information on a client is exposed to a service-provider. Instead, we present a new access control scheme by using SPKI (Simple Public Key Infrastructure), since an authorization certificate based on SPKI does not carry any ID information. This scheme needs additional mechanism for the server and clients such as issuing, delegating, validating, and revoking certificates. A web-based privacy-enhanced access control is designed on the basis of the proposed scheme and implemented by Java. The resulting system shows that the proposed scheme works well with a small amount of overheads being introduced into a normal web server.

Architectural defects of the secure shell

Although flaws have been found out in SSH, the Secure Shell, there has been little discussion about its architecture or design safety. Therefore, considering SSH architecture, e.g. the key exchange protocol, user authentication protocols and total design of the SSH, we not only discuss SSH architectural safety but show critical flaws for SSH users. For establishing the SSH connection, before user authentication, the SSH server and client exchange a session key, which can communicate securely. Then, over the secret channel encrypted by the session key, the SSH server authenticates a user in the SSH client using a users password or public key. However, owing to defects in the SSH protocols and its design, a user can be deprived of their password in the authentication protocol. Moreover, we show that those who use its public key for authentication are exposed to the same risks as password-oriented users.

A secure wireless LAN system retaining privacy

We propose a secure wireless LAN system for casual users at event sites or Hotspots who want safer and easier access to the networks. It protects users privacy by creating separated SSL sessions for each user, while the WEP shares one encryption key among all users. In the proposed system, in order to access the Internet, a user shows SPKI-based authorization ticket in SSL client-authentication phase instead of an ordinary X.509 certificate. The SPKI-based authorization ticket proves that the user has appropriate rights from the system while not showing his/her ID. A user can also access the Internet in another way that the user does not register his/her ID in contrast with existing secure wireless LAN systems. The proposed system restricts usable protocols and prevents unauthorized user from attacking to the Internet. By hiding user IDs from gateways, a user can retain his/her privacy. Moreover, the proposed system can be easily installed without modifying existing wireless LANs.

Privacy-enhanced SPKI access control on PKIX and its application to Web server

Access control using PKIX (Public Key Infrastructure with X.509) may cause a privacy problem. It is caused mainly by the fact that a server can know a clients ID. To solve this problem, we proposed a restricted anonymous access control scheme using SPKI (Simple Public Key Infrastructure). It can make a server provide service to an authorized client. It still has another problem: SPKI is not so popular as PKIX. PKIX has many efficient technologies such like SSL (Secure Socket Layer), but SPKI cant directly use these technologies. In this paper our implementation utilizes the slightest extension of PKIX, namely, we use an X.509 Certificate as an Authorization Certificate and PKIX technologies, i.e. SSL. Therefore, our approach can make some proposed SPKI schemes practical and useful. In this paper the proposed scheme is applied to access control of the Web server. The system demonstrates that it succeeds in adding privacy-enhanced access control to SSL mutual authentication. We also describe and discuss the details of implementations.

An access control with handling private information

An Internet user may want to provide only necessary information in order to access servers without disclosing his/her personal information, or with disclosing minimal personal information to the server. This requirement on privacy is neither realized by PKIX (Public Key Infrastructure with X.509 certificates) based access control nor by anonymous access. In this paper, we define a privacy-enhanc ed access control as the right of controlling the exposure of personal information and propose a privacy-enhanc ed access control mechanism by using Authorization Certificate of SPKI (Simple Public Key Infrastructure). This implementation shows that the SPKI-based WWW (World Wide Web) access control can easily replace the conventional one and that it also introduces a new service with some regulations such as ages, sex, or other features. We also discuss about the security issues of the proposed access control system.

Verification of authentication protocols based on the binding relation

The correctness of an authentication protocol is based on, among others, the relation between nonces and data that is established in the course of execution of the protocol. In this paper, we formulate an inference system that derives the secrecy of nonces and the relation that binds nonces and data. It is easy to show the correctness of a protocol by directly deriving the binding relation using the inference rules. Depending on situations, it is also possible to extend the inference system by simply adding new inference rules. We give some example protocols whose correctness can only be shown using some conditions on nonces that are formulated as additional inference rules.

Security of Public Key Certificate Based Authentication Protocols

The security of authentication protocols based on public key cryptography depends on the validity of the certificate. It is usually assumed that a well deployed PKI can guarantee the validity of certificates through mechanisms such as CRL or OCSP. In reality, such guarantee is not always assured. This paper describes an attack that exploits this certificate validity weakness and breaks some well-known certificate-based authentication protocols, namely the SSL and the TLS protocol. This attack affects the “named-server” version of both protocols, but is ineffective for the “named-server, named-client” version of both protocols. Along with the attack, we also describe how it was discovered as a result of our ongoing research on analysis of authentication protocols using both logic based and model checking based methods.