Last modified: Monday, 16-Feb-2004 11:27:17 EST
|
|
Research
|
www.cs.dartmouth.edu/~sws/research/index.shtml Last modified: Monday, 16-Feb-2004 11:27:17 EST |
[Papers | Patents | Advising | FIPS validations ]
This thread gained focus during my time "in the trenches" doing vulnerability work at Los Alamos (this link should take you to right place in the pubs list) and product development at IBM Research. Here at Dartmouth, I've been carrying out this work as PI of the Dartmouth PKI Lab, partially supported by Dartmouth's Institute for Security Technology Studies. Recently, I also joined Dartmouth's Center for Mobile Computing.
My narrative CV has more details on my pre-Dartmouth work, and the PKI Lab Research Update has more details on recent work.
In contrast, this page tries give a concise summary of the big picture:
My work has examined both the underlying technology as well as applications of secure coprocessors.
(This work also led to a number of patents.)
Security Architecture. This (long) journal paper presents the security architecture that I developed with hardware guru Steve Weingart. This paper explores some of the design space on the way.
Validation. To establish the trustworthiness of the 4758, we took it through the FIPS 140-1 validation process, and earned the world's first certificate at Level 4 (the highest security level). This paper tells the trials and tribulations of that process; this paper gives a preliminary sketch of the formal model I developed with Vernon Austel, as part of that validation. In all, I ended up leading the software and formal modeling work for six different FIPS 140-1 validations at levels 3 and 4.
Product. To succeed as a product, the device needs to do something. This paper looks at what we put in the higher level of software; this later journal paper gives a retrospective of the product effort.
Other Platforms. I've also looked at other potential platforms for secure coprocessing. This early paper considers security and user interface issues for smart cards. This recent journal essay surveys the broader set of issues in keeping and using secrets in physical devices.
TCPA/TCG. This recent tech report presents some work that I've done with students in turning a TCPA-equipped desktop platform into an open-source "virtual" secure coprocessor.
Subsequently, I had a chance to develop (and often prototype) many such applications.
Web servers. One application area is moving the server end of a Web SSL channel into a secure coprocessor, thus providing a trusted third party co-located at the server. Shan Jiang's thesis prototyped this idea. This paper summarizes his results; this paper surveys potential applications of this idea. This technical report gives a preliminary sketch of the whole idea.
Auctions. This paper uses secure coprocessors for on-line auctions.
DRM for Big Brother's Computer. Alex Iliev's senior thesis prototyped using a secure coprocessor to enforce access policy on archived sensitive data. This thesis generated a conference paper.
Practical Private Information Retrieval. This journal paper explores (and disucsses a limited prototype) using secure coprocessors as a practical approach to private information retrieval. Subsequent work by others improved this result. This paper discusses our recent work in using coprocessor-based practical private information retrieval to build private credential servers, for X.509 directories and Shibboleth attributes. (We are currently exploring how to shrink the memory size, and to further integrate older, theoretical work in oblivious RAM.)
PKI and Web-based Mail. Web-based mailers make life easy for mobile users---but where does one keep the private keys? Evan Knop's senior thesis explored some approaches to using a secure coprocessor at the server. Subsequently, Mindy Pereira's senior thesis explored and prototyped such an "trusted S/MIME gateway" that has the additional advantage of not requiring users to change mail clients. The downside: the code did not quite fit inside the current generation 4758.
Crypto Acceleration. Sometimes, a secure coprocessor really is just a crypto accelerator. This paper describes how we managed to get a 1000x improvement in DES encryption speed.
Digital Signatures. This paper discusses many ways in which the apparent contents of signed electronic documents can change in usefully malicious ways without invalidating their signatures---even without using macros. Kunal Kain's thesis has more detail and screenshots.
Server-side SSL. This paper presents our work showing how a malicious server can trick browsers into appearing to display arbitrary SSL information---and how we designed, implemented (in open-source Mozilla) and tested a trusted path that solves this problem. Eileen Zishuang Ye's thesis has more detail; this tech report has more detail on the spoofing techniques.
Client-side SSL. Many folks considering Web applications assume that client-side SSL suffices for authenticating users; many other PKI-enabled applications expect to use the same browser/OS keystores. This paper discusses "authjacking"---ways a malicious server can trick a browser into initiating arbitrary client-side authenticated requests---and "keyjacking": how to steal the private keys themselves (even a Windows "high security" key, even if the browser user tries to do all the right things).
Word Hacking. We've also had a bit of fun with subverting password security in Word.
SSH. Yasir Ali's thesis developed a decentralized way to address the man-in-the-middle problem in SSH. Here is a shorter paper.
HCI and Security. Many of the above problems arise because what computers are actually doing doesn't match the mental model that humans have. This position paper explores that topic; this journal essay develops the topic further.
Delegated Authorization in Wireless Networks. This technical report describes an ongoing project to graft SDSI/SPKI onto X509, in order to secure a wireless network while still allowing an institution's insiders to delegate access to authorized guests, without changing standard laptop software.
Efficiency of S-BGP. This tech report examines the cost of using PKI to secure the BGP routing protocol. We design a new approach---using RSA and some ammortization tricks---that is much more efficient than standard S-BGP, and comparable to S-BGP with difficult (and apparently unimplemented) optimizations of DSA precomputation and massive caching. Furthermore, we validated all of these results with simulation. (A revised version will be appearing as a journal paper this year.)
DRM, Fair Use, and Shibboleth. Digital rights management (DRM) lets a content provider restrict the actions a user can take with a digital object. Fair use doctrine legally allows users to take additional actions, under certain conditions. Shibboleth is a system that lets users at educational institutions access electronic resources at other institutions. Sanket Agrawal's thesis looks how to provide both DRM and Fair Use, in the setting of Shibboleth.
SPKI/SDSI and Shibboleth. This technical report uses SPKI/SDSI (a lightweight authorization PKI) to construct and maintain distributed, decentralized attribute release policies in Shibboleth.
PKI for Machines. Sean Richardson's senior thesis examined some issues in using PKI to express properties of machines.
Detecting Forged Biometrics. How can a trusted server authenticate ordinary human users via untrusted clients? We might use speech and speaker recognition---challenging the human with a unique phrase each time---but then what about an adversary that splices together what appears to be that speaker saying that phrase? Dan Kang's senior thesis explored using Hany Farid's signal tamper detection techniques to address this problem.
Anonymous Surfing. This recent tech report describes a design to use a proxy cache to provide better anonymity than many currently deployed schemes---and also describes the prototype we built using Google.
Virtual Hierarchies. This paper presents some work in using P2P and secure hardware to build up a PKI structure that combines the resilience of meshes with the path efficiency of hierarchies.
Distributed SEM. As an application of Marianas, Gabe Vanrenen's senior thesis used threshold cryptography and forward security to extend the SEM PKI approach of Boneh et al to multiple mediators, while mitigating the damage caused by compromise of a given mediator. Gabe also prototyped this work with JXTA.
Behavior. This paper explores some other issues in getting electronic objects to behave in sensible ways.
Security Taxonomies. This paper develops a methodology for vulnerability analyses in electronic services (inspired by my real-world work in this area).
This work generated some spinoff papers in security: a technical report and conference paper on security and privacy for partial order time.
This work also generated some spinoff papers on fault tolerance. This FTCS paper uses my time structures to solve a long-standing problem, and this subsequent SRDS paper improves the result and proves a lower bound.
More recently, Marco Barreno's senior thesis explored the implications for cryptography, depending on where BQP (the class of problems feasible for quantum computers) lands in the complexity hierarchy.
|
Back home | Maintained by Sean Smith, sws@cs.dartmouth.edu |