PKI/Trust Lab Research Update: February 2005
Last modified: 02/08/05 09:29:25 PM

PKI/Trust Team, Summer 2004

Dartmouth PKI/Trust Lab
S.W. Smith, Principal Investigator


Public key cryptography enables robust expression of non-trivial, compound statements and beliefs, among entities that share no common secrets (something very important to the emerging distributed information world).

The Dartmouth PKI/Trust Lab seeks to examine---both as abstract research as well as concrete proof-of-concept---selected areas where "missing pieces" in the public key infrastructure prevent this tool from fully addressing these trust issues.


S.W. Smith.
Trusted Computing Platforms: Design and Applications.
Springer. To appear, December 2004 or January 2005.

A. Iliev, S.W. Smith.
"Enhancing User Privacy via Trusted Computing at the Server: Two Case Studies."
IEEE Security and Privacy.
Accepted for publication, 2004. (A revised and extended version of our PET2002 and PKI2003 papers.)

S.W. Smith.
"Probing End-User IT Security Practices---via Homework."
The EDUCAUASE Quarterly.
27 (4): 68--71. November 2004.

J. Marchesini, S.W. Smith, O. Wild, A. Barsamian, J. Stabiner.
"Open-Source Applications of TCPA Hardware."
ACSA/ACM Annual Computer Security Applications Conference.
To appear, December 2004.

P. Seligman, S.W. Smith.
"Detecting Unauthorized Use in Online Journal Archives: A Case Study."
Proceedings of the IADIS International Conference WWW/Internet 2004.
Volume 1. 209--217. October 2004.

S. Nazareth, S.W. Smith.
"Using SPKI/SDSI for Distributed Maintenance of Attribute Release Policies in Shibboleth."
Proceedings of the IADIS International Conference WWW/Internet 2004.
Volume 1. 218--226. October 2004.

S.W. Smith.
"Magic Boxes and Boots: Security in Hardware."
IEEE Computer. 37 (10): 106--109. October 2004.

A. Shubina, S.W. Smith.
"Design and Prototype of a Coercion-Resistant, Voter-Verifiable Electronic Voting System."
Proceedings of Second Annual Conference on Privacy, Security and Trust..
29--39. October 2004.

A. Iliev, S.W. Smith.
"Private Information Storage with Logarithmic-space Secure Hardware."
Information Security Management, Education, and Privacy
(containing the proceedings of i-NetSec 04: 3rd Working Conference on Privacy and Anonymity in Networked and Distributed Systems.)
Kluwer. 201--216. 2004.

G. Vanrenen, S.W. Smith.
"Distributing Security-Mediated PKI."
Public Key Insfrastructure: EuroPKI 2004.
Springer-Verlag LNCS 3093. 218--231. June 2004.

Y. Ali, S.W. Smith.
"Flexible and Scalable Public Key Security for SSH."
Public Key Infrastructure: EuroPKI 2004.
Springer-Verlag LNCS 3093. 43--56. June 2004.

N. Goffee, S. Kim, S.W. Smith, P. Taylor, M. Zhao, J. Marchesini.
"Greenpass: Decentralized, PKI-based Authorization for Wireless LANs."
3rd Annual PKI Research and Development Workshop Proceedings.
Internet2/NIST/NIH. NISTIR 7122. 26--41, 2004.
(A preliminary version appears as Technical Report TR2004-484.)

S.W. Smith, E. Spafford.
"Grand Challenges in Information Security: Process and Output."
IEEE Security and Privacy.
2 (1), January/February 2004.

S. Nazareth, S.W. Smith.
Using SPKI/SDSI for Distributed Maintenance of Attribute Release Policies in Shibboleth
Technical Report TR2004-485, Department of Computer Science, Dartmouth College.
January 2004

J. Marchesini, S.W.Smith, O. Wild, R. MacDonald.
Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear.
Technical Report TR2003-476, Department of Computer Science, Dartmouth College.
December 2003.
(Supercedes TR471 from August.)

S.W. Smith (interviewing J. Rosenberg and A. Golodner)
"A Funny Thing Happened on the Way to the Marketplace."
IEEE Security and Privacy.
1 (6), 74-78. November/December 2003.

A. Shubina, S.W. Smith.
"Using Caching for Browsing Anonymity."
ACM SIGEcom Exchanges.
Volume 4.2, pp 11-20, Summer 2003.

S.W. Smith.
"Fairy Dust, Secrets and the Real World"
IEEE Security and Privacy.
1 (1): 89-93. January/February 2003.

Efficiency of SBGP

S-BGP, the standard way to secure BGP, involves tons of digital signatures. It uses DSA. Concerned about performance, people have suggested precomputation and caching.

Using simulations, we show:

  • the crypto does impact performance significantly
  • using unlimited DSA precomputation and extraordinarily aggressive caching of verifications, one can reduce this performance hit
  • but, if we use RSA and a bit of cleverness in amortizing signature costs (and none of this precomp or caching):
    • we do as good or better than DSA/precomp/caching
    • ... and much better than plain old DSA

The results:


Client-side SSL doesn't work out of the box because what gets authenticated is at best an https endpoint.

This paper gives a fuller development of the client-side issues (including some new attacks on medium-security and high-security IE/XP keys).

The user should be aware of what their authentication is being used for. The language of the Web is too slippery to do that based on requests the browser issues.

Private Credential Servers

The use of credential directories in PKI and authorization systems such as Shibboleth introduces a new privacy risk: an insider at the directory can learn much about otherwise protected interactions by observing who makes queries, and what they ask for. In this paper, we extend recent "Practical Private Information Retrieval" results to solve this new privacy problem, and present a design and preliminary prototype for a LDAP-based credential service that can prevent even an insider from learning anything more than the fact a query was made. Our preliminary performance analysis suggests that the complete prototype may be sufficiently robust for academic enterprise settings.

HCI and Security

Using PKI to build secure systems keeps not working because the real semantics of the cryptography does not match human perceptions of those semantics.

We showed:

  • server-side SSL doesn't work out of the box, because a malicious server can spoof all of the UI signals (locked lock, certificate, etc)
  • signing documents doesn't work with standard tools, because there are all sorts of surprising ways the screen can change but the bits are the same
  • client-side SSL doesn't work out of the box because what gets authenticated is at best an https endpoint

Some papers:

Trusted Paths for Browsers

Eileen Ye's presentation of our web spoofing and countermeasures work at USENIX last year went well.

Do current browsers tell you the truth about whether and with whom you have an SSL session? If not, what's the point of the SSL PKI?

  • E. Ye, S.W. Smith, D. Anthony.
    "Trusted Paths and Web Browsers."
    ACM Transactions on Informtion System Security.
    Accepted for publication, 2004. (A revised and extended version of the Usenix Security paper.)

Attestation/Outbound Authentication

How do we bind a keypair to a software entity---particularly given the complexities of sofware update, and of the tendency of relying parties to have diverse and dynamic opinions about what they trust? This is the outbound authentication problem that I solved for the IBM 4758 secure coprocessor.

Virtual Hierarchies

John Marchesini (Ph.D. student) presented his virtual hierarchies work at NORDSEC in November 2002.

Put succinctly, a certificate is the signer's assertion that the keyholder has certain properties. For a certificate to be useful,

  • the relying party must have grounds to believe the signer is telling the truth
  • the relying party must have grounds to believe the signer is in a position to know the claimed binding.
Most contemporary PKI models solve the latter problem by merging the CA and RA, and keeping this pair organizationally close to the users. However, this design creates issues for the first problem:
  • organizing these CAs into hierarchies makes it efficient to find paths, but creates resiliency problems
  • organizing these CAs into meshes gives resiliency, but not efficiency
Using P2P, secure coprocessors, and threshold cryptography, we can build virtual hierarchies that achieve both.

Rights Management for Big Brother's Computer

Large organizations often wish to archive sensitive data. Various stakeholders---including the user population whose data is being archived---might find this archiving acceptable, provided the organization adheres to some specific access policy.

How can these stakeholders have any assurance the archiver will abide by this policy? (History shows that humans tend to exceed authority!)

Using a programmable secure coprocessor provides an interesting solution---the general-purpose computational environment permits flexible policy, and the armor keeps the adversary from bypassing it.

I originally kicked these ideas around with the Armored Vault people at the University of Michigan. In his senior honors thesis, Alex Iliev fleshed out and prototyped this work, the revised and published it.

The code is available here.

This work also received press coverage at Wired and Spiegel

Practical Private Information Retrieval

Suppose we want to set up a server that allows users to select and download one of N records---but we also wanted to assure users that we cannot learn which record they asked for, or even learn statistics such as "whoever asks for record 4 usually asks for record 217 next."

This private information retrieval problem received theoretical study, but did not lend itself to practical solutions appropriate for the Web model, where users want to make a query, then get a response.

We used coprocessors (and careful data structures) to produce a scalable solution with not-too-bad performance.

Dmitri Asonov has then combined our result with the previous theoretical work to produce a really nifty design (initially presented at PET2002).

WebALPS: Hardening Web Servers against Insider Attack

Server-side SSL certificates---possibly the broadest application of PKI yet---only testify to the identity of the server; and as a consequence, SSL gives users the proverbial armored car to a cardboard box. What happens to your privacy and security at the server?

In the WebALPS project, we extend the SSL connection to a co-server resident inside a secure coprocessor, and use this co-server as a trusted third party.

We've built a working, scalable, not-too-bad performing implementation, using Apache, modSSL, and the IBM4758-023.

A Thousandfold Increase in Cryptographic Performance

The hardware engineers carefully made the DES engine fast, theoretically reaching 20 megabytes a second. An external colleague tried (on operations with short data lengths) and got a few kilobytes a second. Can we make things better? You bet we can!

Using Secure Coprocessors for Trustable and Efficient Auctions

Secure coprocessors create safe places for catching auction strategies, playing them against each other, and revealing the results according to pre-established rules.


What are the security issues if you buy a Coke with your cellphone? Is it any different if you use your PDA and bluetooth?



Student Theses

Kunal Kain finished up his master's thesis on how to use popular electronic document formats and off-the-shelf PKI packages to produce documents whose contents change in usefully malicious ways without invalidating their digital signatures.

Sidharth Nazareth finished up his master's thesis on using SPKI-SDSI as a means for distributed maintenance of attribute release policies in Shibboleth.

Shibboleth is an Internet2 system to permit users affiliated with an institition (such as a university) to access Web-based resources controlled by another institution, guided by an agreement between the institutions. In this approach, the resource provider asks the user's home institutions for attributes of this user. However:

  • the resource provider will ask for as many attributes as they can get
  • the user---and many other parties at the user's site---may all wish to restrict which resource providers see which attributes.
Sidharth designed a system using lightweight SPKI-SDSI certificates to do this---and then he coded it up with a Shibboleth prototype. It nicely captures the ad hoc organizational hierarchy that occurs "locally" in organizations, without binding users to fixed global hierarhcy.

Dan Kang did his senior honors thesis on using speaker recognition for authentication through untrusted client machines. Speech is nice because:

  • It can reduce the risk of replay attack, because the remote system can challenge the user with a sequence of words that the user has (with high probability) not uttered before.
  • Speaking is within the capability of most users (as opposed to, say, modular exponentiation).
However, a malicious client machine could still record a user's speech, and dissect and splice (at word or phoneme boundaries) to produce things the user never said.

Dan picked a best-of-breed speech recognnition system, managed to spoof it with speech spliced at word boundaries, and then tried using Hany Farid's bispectral techniques to detect this splicing. However, it didn't work:

  • the smoothing required for splicing to fool the speech and speaker recognition system did not require the non-linear techniques that bispectral is good at detecting.
In follow-on work, we're going to look at phoneme-level splicing.

  • B.D. Kang.
    Strengthening Voice Authentication with Splicing Detection for User with Untrusted Clients.
    Senior Honors Thesis, Department of Computer Science, Dartmouth College.
    May 2003.

Mindy Periera, for her senior honors thesis, looked at two problems regarding S/MIME mail:
  • For Web-based mail, how can users keep the "read anywhere" feature, while also keeping their private key private?
  • For institutions like Dartmouth, how can we get users too use S/MIME when no one wants to change their mail client?
She investigated building a trusted S/MIME gateway that would live inside a secure coprocessor (solving the first problem) and participate, via an https channel, with adding S/MIME to the user's ordinary mail stream (solving the second problem).

Open problem: despite many tricks, the S/MIME libraries still don't fit inside the 4758!

(This extends on Evan Knop's thesis from summer 2001.)

  • M. Pereira.
    Trusted S/MIME Gateways.
    Senior Honors Thesis, Department of Computer Science, Dartmouth College.
    May 2003.

Paul Seligman, in his senior honors thesis, looked at fraud suppression in JSTOR.

JSTOR is a system that permits users from participating universities to access archival journals, and uses IP address to determine user authorization. They were suffering from a problem where unauthorized users were exploiting insecure proxies to systematically download large amounts of content. Paul developed some tools that use machine learning and genetic algorithms to help identify such activity.

Gabe Vanrenen, in his senior high honors thesis, looked at using threshold cryptography and strong forward security to extend the SEM Semi-trusted Mediator approach to PKI (developed by Boneh et al) to work in a distributed network of mediators. Gabe's work prevents denial of service when mediators go down, and also mitigates damage should a mediator be compromised.

Gabe then prototypes his extensinos using JXTA.

Besides relating to PKI, this work also relates to our NSF-funded Marianas project, looking at using P2P and secure coprocessors to build survivable trusted third parties.

Yasir Ali, in his master's thesis, looked at enhancing SSH (and open-source tools) to address a man-in-the-middle weakness.

The SSH protocol, commonly used as the "secure" replacement for telnet, uses the public key of the server to establish a protected channel. However, until the recent release of commercial SSH tools, the only way the client could determine whether the public key belonged to the desired server was to compare it against the key used last time for that server.

This situation created the potential for man-in-the-middle attacks, particularly for users of borrowed client machines.

What Yasir designed and coded:

  • Users (or their sysadmins) set up online directories of server public keys. (This could be as simple as a personal service on the user's home page, or as complicated as an enterprise-scale LDAP.)
  • In addition to entering the name of the desired target machine, the travelling user (who trusts the client, but not the DNS) enters the URL of this service, a userid and a password.
  • The client sends the userid and target machine name to the directory, which responds with the key fingerprint---and an HMAC generated with the user's password.
  • The client uses the user's password to verify this HMAC.
  • The client then proceeds with SSH, and uses the key fingerprint to verify what the server sends.


< To PKI/Trust Lab homepage

Maintained by Sean Smith and S. Sinclair, {sws, sinclair} --at-- dartmouth --dot-- edu