PPT - Department of Computer Science and Engineering

advertisement
T-110.5290 Seminar on Network
Security P (4 cr)
Prof. Sasu Tarkoma
Helsinki University of Technology
16.9.2008
Contents
• Overview
• The 2008 Course Topic
• Carrying out the course
• Timetable
• Topics
Overview
• T-110.5290 Seminar on Network Security P (4 cr)
• Every participant must prepare a written presentation
and present their work during a two day seminar.
• Requirements Active participation, preparation of a
written presentation, and its presentation during the
seminar, and acting as opponent.
• Prerequisites T-110.4200 (Information Security
Technology)
• Assessment
– The paper 60%
– Presenting 25%
– Opponent tasks 15%
– (both tasks at the seminar, and the evaluation sheet
returned after the conference)
Organization
• Course staff
– Responsible teacher: Sasu Tarkoma
– Course assistant: Jani Heikkinen
– Email: firstname.lastname@tkk.fi
– Course email: t-110.5290@tkk.fi
• All course material will be available through the Noppa
portal
• Optima learning environment used for paper
submission and paper commenting
2008 Course Topic I
• The original architectural principles for the Internet were
the end-to-end and robustness principles.
• The former, in its original expression, placed the
maintenance of state and overall intelligence at the
edges, and assumed the Internet that connected the
edges retained no state and concentrated on efficiency
and simplicity.
• The latter principle stated "be conservative in what you
do, be liberal in what you accept from others".
2008 Course Topic II
• The end-to-end principle implies that application logic is
executed by endpoints of communication.
• It is crucial that any application functionality related to
the user's activities is executed in a trustworthy manner.
• This observation has led to a reformulation of the
original End-to-End principle called Trust-to-Trust (T2T).
2008 Course Topic III
• T2T gives an opportunity for principals to choose
where application logic is executed by trusted points:
– "The function in question can completely and
correctly be implemented only with the knowledge
and help of the application standing at points where
it can be trusted to perform its job properly".
• The proposal for T2T has created a lot of discussion in
the networking community and it remains to be seen
how trust is reflected in the future Internet architecture.
• New activity in Finland in Future Internet area
Course Topic IV
• The aim of the Fall 2008 Seminar of Network Security is
to examine the implications of trust-to-trust from
different viewpoints, including protocols, network
design, applications, and services.
• David D. Clark, Marjory S. Blumenthal, "The end-to-end
argument and application design: the role of trust"
Timetable
26.9
Submissions
• All the submissions (except sign up) and commenting
are done using the Optima learning environment
• Latex template is provided
• Attending to the English course is compulsory for all
students. If you miss some English lecture, you have to
make an additional assignment. More information about
the course and additional assignments will be published
later in the English course web page
Draft Paper
• The tutor's primary task is to check the content of the
outline. Following points of view should be noted:
– The outline shows that the article-to-be has a point
(a message, a central theme, something to say).
– The outline's references are good enough: as
relevant, valid and up-to-date
– The outline contains a thorough enough analysis of
the references
– The outline's structure is logical (red line)
– The outline and the required one page of text are
written in understandable English
– At least one page
Final Paper I
• The full paper submission has two parts.
– First, the full paper itself is written before the full
paper deadline.
– One/two weeks afterwards is another deadline for
tutors and opponents to comment the papers.
– Based on the full paper submissions, tutors will
recommend which of the papers should have full
presentation and which poster presentation (if such
are needed).
– Length: 5-7 pages using the Latex template
Final Paper II
• The paper is ready: it has all intended content including
abstract, introduction, background, "the beef", and
conclusions. The text is ready and does not consist of
lists only. The PDF file shows that the student has used
the correct LaTeX template.
• The writing style is scientific enough: the writing style is
neutral and objective.
• Using the given LaTeX template, article is close enough
to final article's length limit i.e. at least four full pages
long.
• The article makes a contribution: the point, message or
the central theme of the article exists. Moreover, the
contribution should be:
• The article is original work, and it presents student's
own combination or analysis of previous information.
Final Paper III
• The article covers a wide enough area extensively
enough or a smaller area in reasonable depth
• The structure of the article content is clear and logically
related to the "story the author is telling".
• The in-text references (citing of sources) are sufficient.
All information that has been taken from a source other
than the author's own thinking is correctly referred.
• The article's reference list is correctly formatted and the
bibliographic data of each item is clearly marked: the
PDF file shows that the student has used the correct
LaTeX and BibTeX templates and the correct class file.
Tasks of the Opponent
• Each student will be named as an opponent to a fellow
student.
• In this phase of the course, the opponent's task is to read
through the full paper that is assigned to him/her and give
comments and constructive criticism.
• The opponent (and tutor) should consider the following when
commenting the full paper (and consider the list describing
full paper itself given above, too):
– Language is understandable. If you do not understand
something in the paper or something is very unclearly
stated, say that in your comments.
– There are no mistakes when presenting facts.
– There are no missing things that should have been
taken in to the paper.
– References are adequate and sources are traceable.
Opponent and the Conference
• After the final paper deadline, the opponent should read
through the paper before the conference days and
prepare a couple of questions for the author of the
paper.
• Opponent reads the same paper as during the full
paper phase.
• Note: You should prepare more than two questions,
since some of the questions might get answered in the
presentation.
• Try to make questions that require other than yes/no
answer. The questions or comments are presented in
the discussion following the presentation.
Presentations
• The presentations are ~20 minutes in length and given
in English. More detailed instructions for the
presentations will be given in the second course
meeting.
• You should reserve time for questions at the end of your
presentation. Note that the given time may not be
exceeded. Your opponent (and the audience) will ask
questions and you should try to answer them.
• Opponent's comments after the conference
• The opponents have to upload her/his comments
concerning the final paper after the conference dates
together with the comments of the presentation before
deadline.
Topics
• Topics will be made available today on the Web
• The following slides do not contain all the details and
references but rather give an overview of the topics
Xiang Su
• 1. Security of UUID (Universally Unique Identifier) in a
distributed system.
• 2. RFID's security challenge.
• 3. Security threats and solutions for resource
constrained devices
Sasu Tarkoma
• Trust in Data-centric Networks
• Private Matching
– The private matching problem can be stated as
follows: two parties each have a database and they
wish to determine common entries without
revealing any information about entries only found
in one database.
• OpenID 2.0 and OAuth
– OpenID is emerging as a lightweight sign-on
protocol for the Web
– Present and analyze the OpenID 2.0 and OAuth
protocols
• Accountable Internet Protocol (AIP)
– Sigcomm 2008 paper
Tuomas Aura
• Sources of latency in wireless roaming
– Handoffs between wireless 802.11 access points,
networks and wireless access technologies cause a
delay in the transfer of application data.The paper
should investigate the causes of authentication
latency for wireless clients, how it affects different
applications, and what can be done to control it.
• Wireless ISP security
– Wireless Internet access with the WiFi and WiMAX
protocols is gaining popularity. The paper should
discuss the alternative architectures and protocols
for authenticating users and authorizing network
access and explain how the choice of security
technology may depend on the type of customer
and service.
Tuomas Aura
• The MOBIKE protocol and its applications
– The MOBIKE protocol is an extension of the IKEv2
authenticated key-exchange protocol to support
mobility and Multihoming. The paper should
describe the protocol and some of its applications.
• Anti-theft technologies for mobile devices
– Mobile devices have become common targets for
theft and robbery. The paper should investigate
such anti-theft technologies for mobile devices.
• Remote wiping of mobile devices
• Protecting data stored on a laptop computer
Tuomas Aura
• Onion routing for location privacy
– Onion routing is an anonymity mechanism that can hide
either the location (i.e., IP address) of an Internet client
from its servers or the location of the server from its
clients, or both. The paper should explain the state of art
in onion routing, including the Tor protocol. It should also
explain how the privacy of mobile users could benefit
from the use of such anonymity mechanisms.
• Security mechanism in deployed IM protocols
– The paper should investigate the security of existing IM
products and protocols, including threats against
security and privacy, existing protection mechanisms,
and trade-offs between security and cost.
Jukka Valkonen
• Device compromise detection and revocation
– Especially in wireless ad-hoc networks, node
compromise is a serious threat. For example in
military networks, the nodes (sensors) can be
spread in the enemy territory. Thus it is essential
that the integrity of the nodes can be verified and in
case of a compromise the nodes need to be
revoked from the network.
– The goal of this topic is to provide a literary survey
in human readable form on different techniques for
node compromise detection and key revocation.
Jukka Valkonen
• Disk Encryption Protocols and Applications
• Huge number of laptops gets lost or stolen yearly
(According to [1], 20% of laptops are stolen or damaged
due to careless handling). Thus in order to be able to
keep confidential data from reaching unauthorized
people, encryption on the hard disk is needed.
• The goal is to write a literary survey on different
methods used in current disk encryption applications.
The paper should handle topics such as key
management, full-disk encryption, filesystem-level
encryption etc.
• The student should have some basic knowledge of
cryptographic protocols (that is, you should know the
difference between stream cipher and block cipher and
so on).
Jukka Valkonen
• Security and biometrics
– In biometric identification, the entities are identified
based on their physical properties: fingerprints,
voice, iris image, facial image and so on. As the
reliability of such technologies is continuously
increasing continuously while the cost of devices in
decreasing, biometric identification is becoming
more and more widely deployed.
– The goal of this paper is to write a literary survey on
current state of biometric identification. Especially
the problems and pitfalls of biometrics should be
considered.
Jukka Valkonen
• Authenticated key exchange
– Traditional Diffie-Hellman key exchange is
vulnerable man-in-the-middle attacks, where an
attacker tries to impersonate as a legitimate device
of the network. To prevent such attack, the key
exchange needs to be authenticated. In the past
few years multiple different methods for such
authentication have been proposed.
– The goal of this paper is to write a literary survey on
such authentication protocols.
Jani Heikkinen
• Run- and Design-Time Dimensions of Trust-to-Trust
– The trust-to-trust argument includes a suggestion of
user-centric service selection and delegation
through unilateral assessment of trust. This implies
run-time decisions. Moreover, means to control
delegation of functionality raise design-time
questions. How run-time decision requirements for
function allocation have effected the design of
systems in the past?
• The Second-Order Effects of Trust-to-Trust
– Through the trust-to-trust argument one discusses
a number of reasons why functionality may be
positioned freely in a networking domain. However,
for each of these reasons there are considerations
of second-order effects. What are the most severe
effects?
Jani Heikkinen
• Reputation-based Service Selection
– For years, reputation-based assessment is used in
variety of systems. What reputation-based
approaches there are for service selection? How
the reputation-based approaches would support
trust-to-trust principle?
• Need for Trust Metrics?
– The trust-to-trust argument leans toward delegation
of application functionality, which is based on a
unilateral assessment of trust, the functionality, and
reliability. The unilateral assesment of trust implies
user centricity. Hence, the user of a system is
allowed to decide which service is used. Hence, it
is desirable to carry out a survey of trust
assessment metrics through a classification
scheme.
Jani Heikkinen
• Service Selection in P2P networks
– In P2P networks, nodes request services from each
other. However, there is a number of trade-offs
which the nodes in P2P networks have to cope
with. What selection algorithms are used in P2P
networks? What are the common characteristics
and differences of the algorithms?
• Implications of Trust-to-Trust on Network Congestion
– A central issue in computer networking is
congestion. TCP is well-known end-to-end protocol
that includes a congestion control algorithm.
However, trust-to-trust does not mandate end-toend communication in a sense as the original
argument. How would the proposed trust-to-trust
design principle affect congestion in a network?
Jani Heikkinen
• A Study on the Trust-to-Trust - IETF Perspective
– According to Clark et al. IETF has explored the
space of delegated functions. However, there has
been controversies on this subject. What is the
current IETF assessment of delegated functions?
Possible methods: interviews and literature
reviews.
Petri Savolainen
• Security Implications of IPv6 Transition Mechanisms
(e.g. Teredo)
• Security of P2P Live Streaming Systems
• P2P Trust and Reputation Mechanisms
• Security Mechanisms of GNUnet
• Friend-to-Friend Networks
Teemu Rinta-Aho
• Trust Management Mechanisms
– What mechanisms there are to manage (present,
build, measure, compare, ...) trust between entities
in networks and how well do those work in practice
today?
1. Bertino et al. Trust Negotiation: Concepts, Systems, and Languages.
Computing in Science and Engineering (2004) vol. 6 (44) pp. 27–34
2. Bussard et al. Establishing Trust with Privacy. Security Protocols Workshop
(2006)
Teemu Rinta-Aho
• Trusting the Content
– How does trusting the (transmitted) content
compare (in terms or performance/usability) with
trusting of network actors (users/endpoints/middleboxes)
• New network architectures (P2P networks,
Publish/Subscribe networks)
• Mechanisms to validate content
Teemu Rinta-Aho
• Delegation
– What mechanisms there are to delegate networking
functions to trusted parties?
• How do they perform?
• How can the trusted parties prove that they have
the right to act on behalf of another node?
Sanna Suoranta
• Formal descriptions of Trust
– What kind of formal means exist for describing trust
and trust relationships? Trust is not just identifying
the communication endpoints, it is something
more.
• State of the art in VPN technologies
– Employees take contact to services offered by their
employer from home, other networks and from the
branch offices. What kind of Virtual Private
Network technologies are used today and how the
users are authenticated and communication
protected?
Ronja Addams-Moring
Samu Varjonen
• Exchanging Authorization Data Between Trustred
Domains
– Write a paper describing an overview of SAML and
XKMS. You should also describe what are the
differences in these approaches.
• Filtering Spoofed Packets in the Internet with Source
Address Validation Architecture
– Write a paper exmplaining spoofing attacks, CGA
as the identifiers and how Source Address
Validation tries to alleviate the problem. As a good
practise you should check what other approaches
are ther in the field and compare Source Address
Validation to them.
Samu Varjonen
• From Hierarchical Certificates to Server-Based
Certificate Validation
– Simple Certificate Validation Protocol was a new
idea on how to delegate certificate path creation
and validation to a server. During time the protocol
was called Standard Certificate Validation Protocol
until recently it changed the name to Server-Based
Certificate Validation Protocol and it is published as
RFC 5055.
– Task: Explain how did we get to SCVP and what
SCVP offers.
Other Topics
• Nie Pin
– Trust-to-Trust: Assessment
• Sakari Luukkainen
– Telecom business topics
• Timo Kiravuo
– Security topics
• You can also propose your own topic
Signing Up
Signing Up I
• Students sign up by sending an application to t110.5290@tkk.fi as plain text in message body (and
transcript of completed courses as an attached PDF)
after the first meeting but before the deadline given in
the schedule.
• Deadline 19.9. midday
• Before signing up, the student should choose five listed
topics he or she is interested in
• Notice that you need a tutor for the own topic too.
Signing Up II
• First name, Last name
• Student number
• Contact information (e-mail address)
• Your cc.hut.fi account username (for the Optima
account)
• Your major and minor (or the name of your master
programme)
• Your transcript of completed courses (OODI) as
attached file.
• Following Agreement: That in writing your paper you
agree to follow the guidelines for research and scientific
writing ethics presented in Good scientific practise and
procedures for handling misconduct and fraud in
science by National Advisory Board on Research Ethics
Signing Up III
• Your 5 topic candidates listed in the way that at first is
the topic that you prefer most (primary topic first, then
secondary etc.). For each topic include following
information:
– The topic title (as given on the Introduction to topics
page)
– The preliminary title of you paper and a short
description of the problem setting that you will
research.
• The accepted students among with the topics they get
to research and their personal tutors will be announced
by email according to the course schedule.
Thanks
Download