this article, is such an online CA

Denial of serviceisbecoming a growing concern. As our systems communicate more and more with others that we know less and less, they become increasingly vulnerable to hostile intruders who may take advantage of the very protocols intended for the establishment and authentication of communication to tie up our resources and disable our servers. Since these attacks occur beforeparties are authenticatedtoeach other, we cannot rely upon enforcement of the appropriate access control policy to protect us #as is recommended in the classic work of Gligor and Millen in #5, 18, 19##. Instead we must build our defenses, as much as possible, into the protocols themselves. This paper shows how some principles that have already been used to make protocols moreresistant to denial of servicecan be formalized, and indicates the ways in which existing cryptographic protocol analysis tools could be modi#ed to operate within this formal framework. 1 Introduction Denial of service is becoming a growing c...

In this paper we show how the NRL Protocol Analyzer, a special-purpose formal methods tool designed for the verification of cryptographic protocols, was used in the analysis of the Internet Key Exchange (IKE) protocol. We describe some of the challenges we faced in analyzing IKE, which specifies a set of closely related subprotocols, and we show how this led to a number of improvements to the Analyzer. We also describe the results of our analysis, which uncovered several ambiguities and omissions in the specification which would have made possible attacks on some implementations that conformed to the letter, if not necessarily the intentions, of the specifications. 1 Introduction The Internet Key Exchange protocol (IKE) is a key exchange protocol being developed by the IP Security Protocol (IPSEC) Working Group of the Internet Engineering Task Force (IETF). It is intended to provide the security support for client protocols of the Internet Protocol. As such, it does much more than sim...

Active Networks is a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping with these security risks represents the most fundamental contribution of Active Network research. The security concerns can be divided into those which affect the network as a whole and those which affect individual elements. It is clear that the element problems must be solved first, as the integrity of networklevel solutions will be based on trust of the network elements. In this

The history of the application of formal methods to cryptographic protocol analysis spans over 20 years and recently has been showing signs of new maturity and consolidation. Not only have a number of specialized tools been developed, and generalpurpose ones been adapted, but people have begun applying these tools to realistic protocols, in many cases supplying feedback to designers that can be used to improve the protocol’s security. In this paper, we will describe some of the ongoing work in this area, as well as describe some of the new challenges and the ways in which they are being met.

There are many cases in the literature in which reuse of the same key material for different functions can open up security holes. In this paper, we discuss such interactions between protocols, and present a new attack, called the chosen protocol attack, in which an attacker may write a new protocol using the same key material as a target protocol, which is individually very strong, but which interacts with the target protocol in a security-relevant way. We finish with a brief discussion of design principles to resist this class of attack.

The history of the application of formal methods to cryptographic protocol analysis spans nearly twenty years, and recently has been showing signs of new maturity and consolidation. A number of specialized tools have been developed, and others have effectively demonstrated that existing general-purpose tools can also be applied to these problems with good results. However, with this better understanding of the field comes new problems that strain against the limits of the existing tools. In this paper we will outline some of these new problem areas, and describe what new research needs to be done to to meet the challenges posed.

One protocol (called the primary protocol) is independent of other protocols (jointly called the secondary protocol) if the question whether the primary protocol achieves a security goal never depends on whether the secondary protocol is in use.

Abstract not found

The rapid expansion of the Internet means that users increasingly want to interact with each other. Due to the openness and unsecure nature of the net, users often have to rely on firewalls to protect their connections. Firewalls, however, make real-time interaction and collaboration more difficult. Firewalls are also complicated to configure and expensive to install and maintain, and are inaccessible to small home offices and mobile users. The Enclaves approach is to transform user machines into "enclaves," which are protected from outside interference and attacks. Using Enclaves, a group of collaborators can dynamically form a secure virtual subnet within which to conduct their joint business. This paper describes the design and implementation of the Enclaves toolkit, and some applications we have built using the toolkit. 1 Motivation Most user interaction and collaboration over the Internet have been primarily via electronic mail. More recently, groupware applications including tel...