Authorization and Availability - Aspects of Open Network Security

Reference:

Tuomas Aura. Authorization and availability - aspects of open network security. Research Report A64, Helsinki University of Technology, Department of Computer Science and Engineering, Laboratory for Theoretical Computer Science, Espoo, Finland, November 2000. Doctoral dissertation.

Abstract:

The world is becoming increasingly dependent on secure, reliable access to services on the Internet and in other open communications networks. Since the administration and authority on these networks are completely distributed, it is not possible to set or enforce global security policies. While security and confidentiality of data are still significant concerns, access control and resistance to denial-of-service (DOS) attacks have become at least as significant security goals. Traditional methods for access-right management and resource allocation, which were defined for centrally administered systems, are not applicable on the open networks. Consequently, new techniques for access control and DOS prevention are needed.

This dissertation addresses several aspects of the security of open, distributed systems: decentralized access control, design of key-establishment protocols, and denial-of-service resistance. We suggest technical solutions both for extending the scope of applications that can securely be run on the networks and for improving the reliability of the underlying infrastructure for all applications.

We define a formal model of key-oriented access control and use this model to develop algorithms for access-control decisions from a certificate database. We survey privacy protection in public-key infrastructures, introduce a new kind of threshold certificate, and present novel certificate-based solutions for access control between mutually distrusting software packages on intelligent-network routers and for software license management with smartcards. We also describe novel design principles for cryptographic protocols to improve their robustness against common replay attacks at a low cost and to protect on-line services against denial-of-service attacks that attempt to exhaust server memory and computational resources. Additionally, we develop a method for analyzing the vulnerability of network topologies to denial of service by the destruction of communications links.

Throughout, the emphasis is on security issues critical for the commercial and private use of the Internet and other open communications systems where mutually distrusting entities must share resources and co-operate.

Keywords:

open network security, authorization certificates, cryptographic protocols, denial of service

Suggested BibTeX entry:

@techreport{HUT-TCS-A64,
    address = {Espoo, Finland},
    author = {Tuomas Aura},
    institution = {Helsinki University of Technology, Department of Computer Science and Engineering, Laboratory for Theoretical Computer Science},
    month = {November},
    note = {Doctoral dissertation},
    number = {A64},
    pages = {42},
    title = {Authorization and Availability - Aspects of Open Network Security},
    type = {Research Report},
    year = {2000},
}