Tuomas Aura

DOS-Resistant Authentication with Client Puzzles

Denial of service by server resource exhaustion has become a major security threat in open communications networks. Public-key authentication does not completely protect against the attacks because the authentication protocols often leave ways for an unauthenticated client to consume a servers memory space and computational resources by initiating a large number of protocol runs and inducing the server to perform expensive cryptographic computations. We show how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent such attacks.

Scanning electronic documents for personally identifiable information

Sometimes, it is necessary to remove author names and other personally identifiable information (PII) from documents before publication. We have implemented a novel defensive tool for detecting such data automatically. By using the detection tool, we have learned about where PII may be stored in documents and how it is put there. A key observation is that, contrary to common belief, user and machine identifiers and other metadata are not embedded in documents only by a single piece of software, such as a word processor, but by various tools used at different stages of the document authoring process.

Towards Network Denial of Service Resistant Protocols

Networked and distributed systems have introduced a new significant threat to the availability of data and services: network denial of service attacks. A well known example is the TCP SYN flooding. In general, any statefull handshake protocol is vulnerable to similar attacks. This paper examines the network denial of service in detail and surveys and compares different approaches towards preventing the attacks. As a conclusion, a number of protocol design principles are identified essential in designing network denial of service resistant protocols, and examples provided on applying the principles.

Distributed access-rights management with delegation certificates

New key-oriented discretionary access control systems are based on delegation of access rights with public-key certificates. This paper explains the basic idea of delegation certificates in abstract terms and discusses their advantages and limitations. We emphasize decentralization of authority and operations. The discussion is based mostly on the SPKI certificates but we avoid touching implementation details. We also describe how threshold and conditional certificates can add flexibility to the system. Examples are given of access control between intelligent networks services.

Strategies against replay attacks

The goal of the paper is to present a set of design principles for avoiding replay attacks in cryptographic protocols. The principles are easily applied to real protocols and they do not consume excessive computing power or communications bandwidth. In particular we describe how to type-tag messages with unique cryptographic functions, how to inexpensively implement the full information principle with hashes, and how to produce unique session keys without assuming mutual trust between the principals. The techniques do not guarantee security of protocols, but they are concrete ways for improving the robustness of the protocol design with relatively low cost.

Practical Invisibility in Digital Communication

This paper gives an overview of cryptographically strong mass application invisibility in digital communication. It summarizes principles and methodology, clarifies terminology, and defines some new concepts. A new algorithm for hiding bit selection in digital images is proposed and an experimental implementation of the algorithm is described. Finally, the paper closes with a discussion of the implications of the availability of invisible communication.

Forwarding anomalies in Bloom filter-based multicast

Several recently proposed multicast protocols use in-packet Bloom filters to encode multicast trees. These mechanisms are in principle highly scalable because no per-flow state is required in the routers and because routing decisions can be made efficiently by simply checking for the presence of outbound links in the filter. Yet, the viability of previous approaches is limited by the possibility of forwarding anomalies caused by false positives inherent in Bloom filters. This paper explores such anomalies, namely (1) packets storms, (2) forwarding loops and (3) flow duplication. We propose stateless solutions that increase the robustness and the scalability of Bloom filter-based multicast protocols. In particular, we show that the parameters of the filter need to be varied to guarantee the stability of the packet forwarding, and we present a bit permutation technique that effectively prevents both accidental and maliciously created anomalies. We evaluate our solutions in the context of BloomCast, a source-specific inter-domain multicast protocol, using analytical methods and simulations.

On the structure of delegation networks

In new distributed key-oriented access control systems such as SPKI, access rights are delegated by a freely formed network of certificates. The author formalizes the concept of a delegation network and presents a formal semantics for the delegation of access rights with certificates. The certificates can have multiple subjects who must co-operate to use the authority. Some fundamental properties of the system are proven, alternative techniques for authorization decisions are compared and their equivalence is shown rigorously. In particular he proves that certificate reduction is a sound and complete decision technique. He also suggests a new type of threshold certificate and proves its properties.

Reducing Reauthentication Delay in Wireless Networks

When a wireless mobile user is moving across a mobile network or between co-operating networks, the network operators often want to verify the user’s access rights before granting service. The security protocol causes a delay in the network access, which may be much longer than the typical delays caused by mobility management. An alternative would be to provide so called optimistic service before the user has been authenticated or paid for the access. Thus, there is a trade-off between the security of the access control and the quality of service observed by the user. Our aim is to reduce the authentication delay and to enable optimistic access without opening a window for fraudulent access. We present a protocol for the reauthentication of a mobile node when it repeatedly connects to different access points or cooperating wireless networks. The protocol is based on credentials which the mobile receives from access points as a proof of past honest behavior and which it presents when associating with a new access point. It can be implemented with keyed one-way functions that result in low computation and communication overhead both for the mobile and for the network.

Using conservation of flow as a security mechanism in network protocols

The law of conservation of flow, which states that an input must either be absorbed or sent on as an output (possibly with modification), is an attractive tool with which to analyze network protocols for security properties. One of its uses is to detect disruptive network elements that launch denial of service attacks by absorbing or discarding packets. Its use requires several assumptions about the protocols being analyzed. We examine the WATCHERS algorithm to detect misbehaving routers. We show that it uses conservation of flow without sufficient verification of its assumptions, and can consequently be defeated. We suggest improvements to make the use of conservation of flow valid.