T-110.5290 Seminar on Network Security P (4 cr) Prof. Sasu Tarkoma Helsinki University of Technology 16.9.2008 Contents • Overview • The 2008 Course Topic • Carrying out the course • Timetable • Topics Overview • T-110.5290 Seminar on Network Security P (4 cr) • Every participant must prepare a written presentation and present their work during a two day seminar. • Requirements Active participation, preparation of a written presentation, and its presentation during the seminar, and acting as opponent. • Prerequisites T-110.4200 (Information Security Technology) • Assessment – The paper 60% – Presenting 25% – Opponent tasks 15% – (both tasks at the seminar, and the evaluation sheet returned after the conference) Organization • Course staff – Responsible teacher: Sasu Tarkoma – Course assistant: Jani Heikkinen – Email: firstname.lastname@tkk.fi – Course email: t-110.5290@tkk.fi • All course material will be available through the Noppa portal • Optima learning environment used for paper submission and paper commenting 2008 Course Topic I • The original architectural principles for the Internet were the end-to-end and robustness principles. • The former, in its original expression, placed the maintenance of state and overall intelligence at the edges, and assumed the Internet that connected the edges retained no state and concentrated on efficiency and simplicity. • The latter principle stated "be conservative in what you do, be liberal in what you accept from others". 2008 Course Topic II • The end-to-end principle implies that application logic is executed by endpoints of communication. • It is crucial that any application functionality related to the user's activities is executed in a trustworthy manner. • This observation has led to a reformulation of the original End-to-End principle called Trust-to-Trust (T2T). 2008 Course Topic III • T2T gives an opportunity for principals to choose where application logic is executed by trusted points: – "The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at points where it can be trusted to perform its job properly". • The proposal for T2T has created a lot of discussion in the networking community and it remains to be seen how trust is reflected in the future Internet architecture. • New activity in Finland in Future Internet area Course Topic IV • The aim of the Fall 2008 Seminar of Network Security is to examine the implications of trust-to-trust from different viewpoints, including protocols, network design, applications, and services. • David D. Clark, Marjory S. Blumenthal, "The end-to-end argument and application design: the role of trust" Timetable 26.9 Submissions • All the submissions (except sign up) and commenting are done using the Optima learning environment • Latex template is provided • Attending to the English course is compulsory for all students. If you miss some English lecture, you have to make an additional assignment. More information about the course and additional assignments will be published later in the English course web page Draft Paper • The tutor's primary task is to check the content of the outline. Following points of view should be noted: – The outline shows that the article-to-be has a point (a message, a central theme, something to say). – The outline's references are good enough: as relevant, valid and up-to-date – The outline contains a thorough enough analysis of the references – The outline's structure is logical (red line) – The outline and the required one page of text are written in understandable English – At least one page Final Paper I • The full paper submission has two parts. – First, the full paper itself is written before the full paper deadline. – One/two weeks afterwards is another deadline for tutors and opponents to comment the papers. – Based on the full paper submissions, tutors will recommend which of the papers should have full presentation and which poster presentation (if such are needed). – Length: 5-7 pages using the Latex template Final Paper II • The paper is ready: it has all intended content including abstract, introduction, background, "the beef", and conclusions. The text is ready and does not consist of lists only. The PDF file shows that the student has used the correct LaTeX template. • The writing style is scientific enough: the writing style is neutral and objective. • Using the given LaTeX template, article is close enough to final article's length limit i.e. at least four full pages long. • The article makes a contribution: the point, message or the central theme of the article exists. Moreover, the contribution should be: • The article is original work, and it presents student's own combination or analysis of previous information. Final Paper III • The article covers a wide enough area extensively enough or a smaller area in reasonable depth • The structure of the article content is clear and logically related to the "story the author is telling". • The in-text references (citing of sources) are sufficient. All information that has been taken from a source other than the author's own thinking is correctly referred. • The article's reference list is correctly formatted and the bibliographic data of each item is clearly marked: the PDF file shows that the student has used the correct LaTeX and BibTeX templates and the correct class file. Tasks of the Opponent • Each student will be named as an opponent to a fellow student. • In this phase of the course, the opponent's task is to read through the full paper that is assigned to him/her and give comments and constructive criticism. • The opponent (and tutor) should consider the following when commenting the full paper (and consider the list describing full paper itself given above, too): – Language is understandable. If you do not understand something in the paper or something is very unclearly stated, say that in your comments. – There are no mistakes when presenting facts. – There are no missing things that should have been taken in to the paper. – References are adequate and sources are traceable. Opponent and the Conference • After the final paper deadline, the opponent should read through the paper before the conference days and prepare a couple of questions for the author of the paper. • Opponent reads the same paper as during the full paper phase. • Note: You should prepare more than two questions, since some of the questions might get answered in the presentation. • Try to make questions that require other than yes/no answer. The questions or comments are presented in the discussion following the presentation. Presentations • The presentations are ~20 minutes in length and given in English. More detailed instructions for the presentations will be given in the second course meeting. • You should reserve time for questions at the end of your presentation. Note that the given time may not be exceeded. Your opponent (and the audience) will ask questions and you should try to answer them. • Opponent's comments after the conference • The opponents have to upload her/his comments concerning the final paper after the conference dates together with the comments of the presentation before deadline. Topics • Topics will be made available today on the Web • The following slides do not contain all the details and references but rather give an overview of the topics Xiang Su • 1. Security of UUID (Universally Unique Identifier) in a distributed system. • 2. RFID's security challenge. • 3. Security threats and solutions for resource constrained devices Sasu Tarkoma • Trust in Data-centric Networks • Private Matching – The private matching problem can be stated as follows: two parties each have a database and they wish to determine common entries without revealing any information about entries only found in one database. • OpenID 2.0 and OAuth – OpenID is emerging as a lightweight sign-on protocol for the Web – Present and analyze the OpenID 2.0 and OAuth protocols • Accountable Internet Protocol (AIP) – Sigcomm 2008 paper Tuomas Aura • Sources of latency in wireless roaming – Handoffs between wireless 802.11 access points, networks and wireless access technologies cause a delay in the transfer of application data.The paper should investigate the causes of authentication latency for wireless clients, how it affects different applications, and what can be done to control it. • Wireless ISP security – Wireless Internet access with the WiFi and WiMAX protocols is gaining popularity. The paper should discuss the alternative architectures and protocols for authenticating users and authorizing network access and explain how the choice of security technology may depend on the type of customer and service. Tuomas Aura • The MOBIKE protocol and its applications – The MOBIKE protocol is an extension of the IKEv2 authenticated key-exchange protocol to support mobility and Multihoming. The paper should describe the protocol and some of its applications. • Anti-theft technologies for mobile devices – Mobile devices have become common targets for theft and robbery. The paper should investigate such anti-theft technologies for mobile devices. • Remote wiping of mobile devices • Protecting data stored on a laptop computer Tuomas Aura • Onion routing for location privacy – Onion routing is an anonymity mechanism that can hide either the location (i.e., IP address) of an Internet client from its servers or the location of the server from its clients, or both. The paper should explain the state of art in onion routing, including the Tor protocol. It should also explain how the privacy of mobile users could benefit from the use of such anonymity mechanisms. • Security mechanism in deployed IM protocols – The paper should investigate the security of existing IM products and protocols, including threats against security and privacy, existing protection mechanisms, and trade-offs between security and cost. Jukka Valkonen • Device compromise detection and revocation – Especially in wireless ad-hoc networks, node compromise is a serious threat. For example in military networks, the nodes (sensors) can be spread in the enemy territory. Thus it is essential that the integrity of the nodes can be verified and in case of a compromise the nodes need to be revoked from the network. – The goal of this topic is to provide a literary survey in human readable form on different techniques for node compromise detection and key revocation. Jukka Valkonen • Disk Encryption Protocols and Applications • Huge number of laptops gets lost or stolen yearly (According to [1], 20% of laptops are stolen or damaged due to careless handling). Thus in order to be able to keep confidential data from reaching unauthorized people, encryption on the hard disk is needed. • The goal is to write a literary survey on different methods used in current disk encryption applications. The paper should handle topics such as key management, full-disk encryption, filesystem-level encryption etc. • The student should have some basic knowledge of cryptographic protocols (that is, you should know the difference between stream cipher and block cipher and so on). Jukka Valkonen • Security and biometrics – In biometric identification, the entities are identified based on their physical properties: fingerprints, voice, iris image, facial image and so on. As the reliability of such technologies is continuously increasing continuously while the cost of devices in decreasing, biometric identification is becoming more and more widely deployed. – The goal of this paper is to write a literary survey on current state of biometric identification. Especially the problems and pitfalls of biometrics should be considered. Jukka Valkonen • Authenticated key exchange – Traditional Diffie-Hellman key exchange is vulnerable man-in-the-middle attacks, where an attacker tries to impersonate as a legitimate device of the network. To prevent such attack, the key exchange needs to be authenticated. In the past few years multiple different methods for such authentication have been proposed. – The goal of this paper is to write a literary survey on such authentication protocols. Jani Heikkinen • Run- and Design-Time Dimensions of Trust-to-Trust – The trust-to-trust argument includes a suggestion of user-centric service selection and delegation through unilateral assessment of trust. This implies run-time decisions. Moreover, means to control delegation of functionality raise design-time questions. How run-time decision requirements for function allocation have effected the design of systems in the past? • The Second-Order Effects of Trust-to-Trust – Through the trust-to-trust argument one discusses a number of reasons why functionality may be positioned freely in a networking domain. However, for each of these reasons there are considerations of second-order effects. What are the most severe effects? Jani Heikkinen • Reputation-based Service Selection – For years, reputation-based assessment is used in variety of systems. What reputation-based approaches there are for service selection? How the reputation-based approaches would support trust-to-trust principle? • Need for Trust Metrics? – The trust-to-trust argument leans toward delegation of application functionality, which is based on a unilateral assessment of trust, the functionality, and reliability. The unilateral assesment of trust implies user centricity. Hence, the user of a system is allowed to decide which service is used. Hence, it is desirable to carry out a survey of trust assessment metrics through a classification scheme. Jani Heikkinen • Service Selection in P2P networks – In P2P networks, nodes request services from each other. However, there is a number of trade-offs which the nodes in P2P networks have to cope with. What selection algorithms are used in P2P networks? What are the common characteristics and differences of the algorithms? • Implications of Trust-to-Trust on Network Congestion – A central issue in computer networking is congestion. TCP is well-known end-to-end protocol that includes a congestion control algorithm. However, trust-to-trust does not mandate end-toend communication in a sense as the original argument. How would the proposed trust-to-trust design principle affect congestion in a network? Jani Heikkinen • A Study on the Trust-to-Trust - IETF Perspective – According to Clark et al. IETF has explored the space of delegated functions. However, there has been controversies on this subject. What is the current IETF assessment of delegated functions? Possible methods: interviews and literature reviews. Petri Savolainen • Security Implications of IPv6 Transition Mechanisms (e.g. Teredo) • Security of P2P Live Streaming Systems • P2P Trust and Reputation Mechanisms • Security Mechanisms of GNUnet • Friend-to-Friend Networks Teemu Rinta-Aho • Trust Management Mechanisms – What mechanisms there are to manage (present, build, measure, compare, ...) trust between entities in networks and how well do those work in practice today? 1. Bertino et al. Trust Negotiation: Concepts, Systems, and Languages. Computing in Science and Engineering (2004) vol. 6 (44) pp. 27–34 2. Bussard et al. Establishing Trust with Privacy. Security Protocols Workshop (2006) Teemu Rinta-Aho • Trusting the Content – How does trusting the (transmitted) content compare (in terms or performance/usability) with trusting of network actors (users/endpoints/middleboxes) • New network architectures (P2P networks, Publish/Subscribe networks) • Mechanisms to validate content Teemu Rinta-Aho • Delegation – What mechanisms there are to delegate networking functions to trusted parties? • How do they perform? • How can the trusted parties prove that they have the right to act on behalf of another node? Sanna Suoranta • Formal descriptions of Trust – What kind of formal means exist for describing trust and trust relationships? Trust is not just identifying the communication endpoints, it is something more. • State of the art in VPN technologies – Employees take contact to services offered by their employer from home, other networks and from the branch offices. What kind of Virtual Private Network technologies are used today and how the users are authenticated and communication protected? Ronja Addams-Moring Samu Varjonen • Exchanging Authorization Data Between Trustred Domains – Write a paper describing an overview of SAML and XKMS. You should also describe what are the differences in these approaches. • Filtering Spoofed Packets in the Internet with Source Address Validation Architecture – Write a paper exmplaining spoofing attacks, CGA as the identifiers and how Source Address Validation tries to alleviate the problem. As a good practise you should check what other approaches are ther in the field and compare Source Address Validation to them. Samu Varjonen • From Hierarchical Certificates to Server-Based Certificate Validation – Simple Certificate Validation Protocol was a new idea on how to delegate certificate path creation and validation to a server. During time the protocol was called Standard Certificate Validation Protocol until recently it changed the name to Server-Based Certificate Validation Protocol and it is published as RFC 5055. – Task: Explain how did we get to SCVP and what SCVP offers. Other Topics • Nie Pin – Trust-to-Trust: Assessment • Sakari Luukkainen – Telecom business topics • Timo Kiravuo – Security topics • You can also propose your own topic Signing Up Signing Up I • Students sign up by sending an application to t110.5290@tkk.fi as plain text in message body (and transcript of completed courses as an attached PDF) after the first meeting but before the deadline given in the schedule. • Deadline 19.9. midday • Before signing up, the student should choose five listed topics he or she is interested in • Notice that you need a tutor for the own topic too. Signing Up II • First name, Last name • Student number • Contact information (e-mail address) • Your cc.hut.fi account username (for the Optima account) • Your major and minor (or the name of your master programme) • Your transcript of completed courses (OODI) as attached file. • Following Agreement: That in writing your paper you agree to follow the guidelines for research and scientific writing ethics presented in Good scientific practise and procedures for handling misconduct and fraud in science by National Advisory Board on Research Ethics Signing Up III • Your 5 topic candidates listed in the way that at first is the topic that you prefer most (primary topic first, then secondary etc.). For each topic include following information: – The topic title (as given on the Introduction to topics page) – The preliminary title of you paper and a short description of the problem setting that you will research. • The accepted students among with the topics they get to research and their personal tutors will be announced by email according to the course schedule. Thanks