9th USENIX Security Symposium

Works in Progress Session
August 17, 2000, 4 - 5:30 PM

Peter Honeyman, Chair

editing tcp connections passing by in a lan (even on switched lans)
Felix von Leitner

i will explain the methods, what you can do about it, and how to detect these attacks. i will also talk about the impact on legacy installations out there: say goodbye to sql over networks, one-time passwords, and secure id.

Infrastructure for Cooperative Traceback and Response
Dan Sterne
NAI Labs, Network Associates Inc.

As demonstrated by recent distributed denial of service attacks (DDOS), effective defense requires collection, analysis, and sharing of traffic monitoring data from multiple points along attack pathways. Today, this diagnostic process is expert-labor intensive. Furthermore, it may take days or longer to identify the source of an attack and mitigate it.

Under DARPA funding, NAI Labs and Boeing Phantom Works have developed a research technology that attempts to automate this process so it can proceed more rapidly without relying on the immediate availability of expert administrators. The heart of this technology is the Intruder Detection and Isolation Protocol (IDIP). IDIP allows intrusion detection systems, firewalls, routers, and security management systems to cooperate to trace intrusions across network boundaries and block them as close to their sources as possible. IDIP software libraries have been developed and integrated with a variety of commercial security products and research prototypes. Current efforts focus on 1) testing IDIP's capability to trace and respond to Stacheldraht multi-source DDOS attacks and 2) extending IDIP to support conditional, policy-based trace escalation across organizational boundaries such as those separating ISPs and their customers.

Bridging the Web Authentication Gap with Junk Keys
Olga Kornievskaia
CITI, University of Michigan

Extending the rich Kerberos structure to the web is an unsolved challenge ... until now!

Using a Kerberized X.509 key signer, we issue short term public keys (junk keys) at login and use them for SSL authentication between unmodified browsers and Apache servers. The server records a transcript of the SSL handshake and hands it to a modified Kerberos TGS, which validates the transcript and issues Kerberos tickets to the web server on behalf of the user. This lets us use conventional AFS mechanisms for web space access control.

Correlation Cryptanalysis of SSC2
Greg Rose and Phil Hawkes
QUALCOMM Australia

SSC2 (Zheng, Carroll, Chan, FSE'00) is a fast word-oriented software stream cipher with two components, a nonlinear filter LFSR generator and a Lagged Fibonacci generator. Three streams (two from the LFG) of output words are combined to form the output keystream. Correlations and statistical weaknesses for all three component streams are shown, as well as two related attacks, which focus on the least significant bit of output words, and distinguish the output of SSC2 from random with 2^22 and 2^46 words of output respectively.

Anomaly Detection in Distributed Environments: Variable-Length Behavior Modeling Applied to CORBA Objects
Zakia Marrakchi (Supervisor: Ludovic Me)
Supelec, France

Our research deals with intrusion detection problem applied to CORBA(Common Object Request Broker Architecture). We aim at protecting CORBA application objects from anomalous client behaviors. There are two approaches in intrusion detection: misuse detection and anomaly detection. Misuse detection searches for known attacks in the event logs. It implies preliminary knowledge of CORBA attacks, which is hard to constitute a priori. Then, we decided on the anomaly approach which models the behaviors of CORBA clients involved in a communication, in order to detect further deviations from the reference behaviors.

We consider a client behavior as a sequence of invoked requests between each couple of client-server, during each connection of the observed client. During a training period, we observe each CORBA application client and we construct a client behavior model based on variable-length branches tree representation. The learned behavior is considered as "normal." During the detection period, each client of the CORBA application is observed in order to decide of his behavior legitimacy. For each client, observed and normal behaviors are compared in order to measure the degree of deviation called "similarity degree." The computed degree allows us to decide whether the observed client behavior is normal or not.

Studying Social Engineering: A Work Not Yet in Progress
Tara Whalen
Communications Research Centre Canada

In this talk, I will discuss the need for a formal study of social engineering, and propose a method for approaching this problem. Questions that need to be answered include: what methods are most successful; why do these methods work; and what might we do to prevent them from working? In order to research this problem, I will require information from the security community. This project depends on your help, so please attend and contribute your experiences.

W.W. Kokko (MA, BA Mathematics; Math teacher/writer)

W.W. Kokko introduces an encryption algorithm/system that can provide users with a secure, economical, and easily coached device for field and/or computer work. The necessary software, in HP list processing, mathematical analysis and innovative cryptology based on detailed stochastic can be garnered. Extensive lecture mileage, academic inspiration, and potential profit can be gained from the author's variation on entropy as a measure of cypher hardness.

Secure Internet Smartcards
Peter Honeyman
CITI, University of Michigan

At CITI, we run TCP, UDP, and IP on commercial smartcards. We modified Kerberos and SSH to use Internet smartcards for remote key management and cryptographic functionality.

Interhack Internet Privacy Project
Matt Curtin

Recent highlights of the project:
  • Release of "Getting To Know You (Intimately): Surreptitious Privacy Invasion on the E-Commerce Web", exposing privacy problems in the web monitoring system eLuminte from Coremetrics.
  • Exposure of how Lucy.com, Fusion.com, ToysRUs.com, and BabiesRUs.com sent detailed, personally-identifiable information to a third party in violation of their privacy policies.
  • Discovered failure of TRUSTe to provide adequate protections to the consumers they claim to protect.
  • Lucy.com and Fusion.com updated their policies to disclose what they were doing and Toys/BabiesRUs stopped using Coremetrics altogether.
  • This has been widely reported in the press in the last two weeks (AP, CNN, CNBC, CNNfn, many others), so I just want to mention what we did in that case and give pointers to the details. The real focus is on the motivation of the project, why we think the work is important, and some discussion of the techniques we have employed.

    Janus: A practical tool for sandboxing network services in Linux
    Tal Garfinkel

    Janus is a tool for confining network services in an application sandbox under Linux.

    In this talk, we will present the basic model that Janus provides for defining an application sandbox. We will discuss the need for a tool like Janus, some of the challenges we have faced in taking Janus from a research prototype to a deployable tool, and report on the current status of the tool (which is currently in early alpha release). Finally, we will discuss some future research directions in application sandboxing.

    A secure mobile agent platform
    Mark Slagell
    Iowa State University

    Several kinds of intrusion detection that are currently being researched are expensive in terms of network resources. Mobile agents promise to facilitate the most practical implementations of such systems, but mobile agent technology itself has unsolved security problems. "Cricket" is a low-level mobile agent platform under development at ISU. It supports only those aspects of mobile agent technology that we have deemed essential for security tasks, and operates under a closed-network assumption, which allows solution of at least the multi-hop authentication problem.

    Cricket's design is motivated by the goals of efficiency, invisibility to attackers, and fail-closure. A remote Cricket host does not run a daemon to receive and execute agents. Rather this is done below the user level: a remote agency has no process ID of its own and cannot be killed by an attacker without bringing the remote system down entirely. There is furthermore no name server, which eliminates a central point of attack or general failure. Cricket is being developed on Linux and should be adaptable to [Free]BSD and other UNIX-based systems.

    Key Agility Requirements for IPsec
    Steven M. Bellovin

    NIST is now in the process of selecting the Advanced Encryption Standards (AES) as a replacement for DES. One differentiator between the five finalists is their key setup time. But how important is this? IPsec is a fairly challenging (and important) environment. Under the assumption that a suitable cache can (in some circumstances) substitute for fast key setup times, I instrumented the plaintext side of our IPsec gateway. I concluded that downstream, a cache size of five is needed for 80% hit rate; 11 for 95% hit rate. Upstream, there is less load, and hence more free time for key setup, but cache sizes of 8 and 17 are needed.

    Extending Snoop to Handle IPsec Packets
    Steven M. Bellovin

    In a wireless LAN environment, TCP can misinterpret the high link-level packet loss as congestion, and slow down its transmissions much too much. Balakrishnan's Snoop protocol addresses this by having the base station examine some TCP header fields and performing necessary retransmissions itself. But that scheme fails in the presence of IPsec, which encrypts those fields. We've devised an over-the-wire compatible version of IPsec that, in conjunction with a quasi-reliable link layer, overloads the IV to signal acknowledgments to the base station. Under certain conditions, performance is far better than that of standard TCP, and close to that of Snoop.

    Active Certificates: A Flexible Delegation Model
    Nikita Borisov, University of California, Berkeley

    Everyday, tasks are performed on our behalf, either by a program running on our desktops, by some service running remotely, or by some other person. With the growing use of network services, this is becoming even more common. In systems, which employ strong authentication primitives to authorize some set of rights, there is a need to be able to delegate these rights to other entities. We examine the problem of delegation in the context of network services, which use public key authentication. We propose a new certificate format, which enables powerful, secure, and flexible delegation model.

    These new "active certificates" consist of a signed mobile code capsule, which is interposed between a network service and the third party trying to access it. The capsule, written by the original owner of the rights, monitors the accesses to the service and limits the extent of delegation. The use of a powerful language and the availability of application knowledge allow active certificates to specify rich and highly restrictive delegation policy, without requiring a complex certificate parsing engine at the service. In fact, because most PKIs rely on delegation as their underlying structure, they can be implemented using active certificates. Further, active certificates allow experimentation with and deployment of completely new PKI designs, without updating the services. We are in the process of implementing active certificates in the Ninja project at Berkeley, which aims to provide a software infrastructure for building internet services.

    Dietrich's Discourse on Shaft (DDoS)
    Sven Dietrich, NASA GSFC

    We take a brief look at the impact of Shaft (1), a third generation tool, muse about possible countermeasures, and analyze recent DDoS trend developments.

    (1) Dietrich, S., N. Long and D. Dittrich, "Analyzing Distributed Denial of Service Tools: The Shaft Case", in Proceedings of USENIX LISA 2000, to appear.