A basic function of all signatures, digital or not, is to express trust and authority, explicit or implied. This is especially the case with digital signatures used in certificates. In this paper, we study the trust relationships expressed by the certificates used in X.509, PGP and SPKI. Especially, we present and revise the idea of a certificate loop, or a loop of certificates from the verifying party to the communicating peer, requesting access or acceptance. We also show how that kind of certificate loops can be used to explicitly express security policy decisions. In the end of the paper, we briefly describe our own SPKI implementation that is specially tailored towards policy management. The implementation is based on Java and build using Design Patterns. It functions as a separate process, providing security services to the local kernel and applications.

Sharing global remote data over large networks poses two major problems: firstly, the data must be discovered; and secondly, the data must be made accessible to the application. Our aim is to provide a single unified interface to both local and remote data, removing location dependence and improving performance. Our solution incorporates shared memory and caching techniques. A location server provides a location transparent addressing scheme which is used to provide failure tolerant retrieval. Access is provided via the "native" system interfaces. We include a brief discussion of other protocols and systems for distribution and sharing of data. 1 Introduction The amount of globally available data is increasing dramatically every year and with the rising number of multi-media applications, the types of data are changing. The ratio of direct information content to overall data size is decreasing steadily. For example, an audio file may only contain 10 spoken words but be hundreds of kil...

OF THE MASTER'S THESIS Author and name of the thesis: Timo Aalto: A UNIX STREAMS Implementation of the Internet Protocol Security Date: 17.09.1996 Number of pages: 75 Faculty: Professorship: Department of Computer Science Computer Networks (Tik-110) Supervisor: Prof. Arto Karila Instructor: M.Sc. Pekka Nikander Current Internet Protocol (IP) implementations provide no protection against eavesdropping of connections, spoofing of IP datagrams and TCP connection hijacking. Rapid advances in communication technology and expanding use of the Internet have accentuated the need for security in the Internet. Internet Protocol Security (IPSEC) is the Internet Engineering Task Force (IETF) standard for the network layer security. IPSEC provides cryptographic security services that support combinations of authentication, integrity and confidentiality. It provides security services to protect client protocols of IP and supports host-to-host, subnet-to-subnet and host-to-subnet security topologies....

A Protocol Reference Model is an abstraction of the communication subsystem of a system. Thus, it is appropriate to focus on the protocol reference model when examining the issue of secure communications. In this paper, we discuss some issues in incorporating security services into a protocol reference model. The security services considered are authentication, confidentiality, integrity and access control. We adopt a functional definition for a protocol reference model in terms of the communication services it provides at various layers. We then present two perspectives towards reasoning about the incorporation of security services into a protocol reference model: a perspective that centers on the security requirements, and another that centers on the communication services already present in the protocol reference model. Existing work focuses on the first approach. We focus on the second approach, that is, on the issue of how well a security service slated for incorporation meshes i...

OF THE MASTER'S THESIS Author and name of the thesis: Sahlin, Bengt: A Conduits+ and Java Implementation of the Internet Protocol Security and Internet Protocol, version 6 Date: 18.11.1997 Number of pages: 66 Faculty: Professorship: Department of Computer Science Computer Networks (Tik-110) Supervisor: Prof. Arto Karila Instructor: M.Sc. Pekka Nikander As computer network technology advanced and the use of distributed systems became more common, new security problems arouse. Internet Protocol Security (IPSEC) is a proposal for providing security services in Internet. It offers authentication, integrity and confidentiality for IP datagrams. Internet Protocol, version 6 (IPv6) is the new version of the Internet Protocol. IPv6 offers expanded addressing capabilities, header format simplification, improved support for extensions and options, flow labelling capabilities and network security services. These security services are being offered through IPSEC. Conduits+ is a framework for build...

this report we give an overview of the IT security and smart card standards. We mainly consider the work of the International Organization for Standardization

This paper presents a model of a secure collaborative application for conducting real-time electronic meetings from remote locations. The application consists of a set of tools, enabling common meeting tasks to be accomplished. The tools can be enhanced with security services at will. The security architecture comprises the standardized communication security services [14], as well as the "group oriented" security services which we defined in [13]. Such security architecture is especially suitable for enterprises with a defined internal organizational policy, which has to be supported and enforced by adequate security mechanisms. Keywords: computer conferencing, electronic meetings, network security, security policies 1 Introduction Computer Supported Cooperative Work (CSCW), computer conferencing and computer security were, in the last few years, very often topics of many feature articles and special computer magazines, as well as being the subject of lively discussions and softwa...