The 18th Seminar Artzi | ||
on Computer Systems and Engineering | ||
Time: | April 6, 2000, at 14:30 PM |
Note special time: Thursday afternoon | |
Place: | Lev Hall, Kaplun Bldg., Tel-Aviv University |
Faculty of Exact Sciences (where the School of Physics is) | |
Chair: | Dr. Dahlia Malkhi, Hebrew University |
14:30-15:15 | The Proactive Security Toolkit and Applications Amir Herzberg, IBM abstract |
15:15-16:00 | IP Multicast security Amit Kleinman, NDS abstract |
16:00-16:15 | Break |
16:15-17:00 | Establishing and Managing Proactive Content Security Shimon Gruper, Aladdin abstract |
17:00-17:45 | Data Authentication at Gigabits per Second Speeds Hugo Krawczyk, Technion abstract |
`You can't cheat all people at the same time.` -- (anonymous)
Existing security mechanisms focus on prevention of penetrations, detection of a penetration and (manual) recovery tools. Indeed attackers focus their penetration efforts on breaking into critical modules, and on avoiding detection of the attack. As current security mechanisms are imperfect and existing systems often implement them poorly, it is well recognized that attacker are in fact able to penetrate. Security tools and procedures may cause the attackers to lose control over a specific module (computer, account), since the attacker would rather lose control than risk detection of the attack. However, while controlling the module, attacker may learn critical secret information or modify the module (plant trapdoors) that make it much easier for the attacker to regain control over that module later, or to defeat the overall security goal (even without regaining control of that module).
Recent results in cryptography give some hope of improving this situation. These results show that many fundamental security tasks can be achieved with proactive security. Proactive security does not assume that there is any module completely secure against penetration. Instead, we assume that at any given time period (day, week,...), a sufficient number of the modules in the system are secure (not penetrated). The results obtained so far include some of the most important cryptographic primitives such as signatures, secret sharing, and secure communication. However, there was no usable implementation, and several critical issues (for actual use) were not addressed.
In this work we report on a practical toolkit implementing the key proactive security mechanisms. The toolkit provides secure interfaces to make it easy for applications to recover from penetrations. The toolkit also addresses other critical implementation issues, such as the initialization of the proactive secure system. We describe the toolkit and discuss some of the potential applications. Some applications require minimal enhancements to the existing implementations - e.g. for secure logging (especially for intrusion detection), secure end-to-end communication and timestamping. Other applications require more significant enhancements, mainly distribution over multiple servers; examples are certification authority, key recovery, and secure file system or archive.
Unfortunately, existing reactive anti-virus software products are limited in their ability to deal with Internet-specific vandal threats. Unlike viruses, vandal applications are Internet-aware and they do not linger in the users' computer in order to replicate because they use the Internet as their replication conduit. Vandals can replicate on the Internet, almost at the speed of light. Therefore there is no time for reactive solutions, such as virus definition updates.
Proactive Content Security means identifying all possible points of entry and securing them by inspecting all known threats, enforcing strict corporate content security policies and weeding out the unknown.
This paper will investigate ways to establish Proactive Content Security Policies for various Internet activities and propose effective means to maintain and manage such policies on an enterprise-wide scale.
Due to this new reality we have seen in last years a considerable research effort in developing and analyzing MAC schemes that are at the same time secure and very fast. One particularly effective methodology for building these algorithms is the use of universal hashing, an approach suggested more than 20 years ago by Carter and Wegman but which has been neglected in practical authentication algorithms until very recently. In this talk we will survey some of the principles behind this methodology and provide an overview of the UMAC function which achieves well-analyzed security and is an order of magnitud faster than today's popular MAC algorithms. The core of UMAC is a super-fast universal hash family whose analysis is purely algebraic/combinatorial and which may well find additional non-cryptographic applications in traditional data structure applications, Web search tools, etc.
(The UMAC function has been developed in joint work with John Black, Shai Halevi, Ted Krovetz and Phil Rogaway.)