_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ========================================================================== Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 63 November 18, 2004 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Bob Bruen, Book Review Editor, cipher-bookrev @ ieee-security.org ========================================================================== The newsletter is also at http://www.ieee-security.org/cipher.html Contents: * Letter from the Editor * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Commentary and Opinion o Terry Benzel's announcement of DETER: A Laboratory for Security Research o Carrie Gate's announcement of the SiLK Suite of Netflow Tools o Sean Turner and Russ Housley's report on IETF Revises Cryptographic Message Syntax and Secure Multipurpose Internet Mail Extensions o Jason Holt's report on The Rise of Pairing-based Cryptography and Identity-Based Encryption o Robert Bruen's review of Steal This File Sharing Book. What They Won't Tell You About File Sharing by Wallace Wang o Robert Bruen's review of Open Source Security Tools. A Practical Guide to Security Applications by Howlett, Tony o Robert Bruen's review of Security Sage's Guide to Hardening the Network Infrastructure by Andres, Steven and Brian Kenyon o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * Reader's guide to recent security and privacy literature, * List of Computer Security Academic Positions, by Cynthia Irvine * Staying in Touch o Information for subscribers and contributors o Recent address changes * Interesting Links and New reports available via FTP and WWW * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: This month Cipher's web version has a new look. We feature a picture by Giandomenico Tiepolo of the Trojans welcoming the Greek's wooden horse. Our previous logo was well-suited to an era of limited bandwidth, but today a smoother and more artistic graphic appearance is possible for almost all of our online readers. I think that wireless networks are the new Trojan Horse of our time. The proliferation of anonymous access points makes it all too easy to connect to someone else's bandwidth and someone else's data. Caveat connector. We have four excellent news articles written expressly for Cipher. They are greatly appreciated and show how Cipher thrives on the generous contributions of security researchers like you. Until next year, Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Conference and Workshop Announcements ==================================================================== ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://home.adelphi.edu/~spock/cipher/cfp.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Date (Month/Day/Year), Event, Locations, web page for more info. * 12/ 1/04: Cluster Security - The Paradigm Shift, Cardiff, UK; submissions are due, http://www.ncassr.org/projects/cluster-sec/ccgrid05/ * 12/ 6/04-12/10/04: 20th Annual Computer Security Applications Conference Tucson, Arizona, http://www.acsac.org * 12/10/04: Workshop on Policies, Stockholm, Sweden; submissions are due; http://www.sics.se/policy2005/ -------------- * 1/ 3/05- 1/ 6/05: HICSS-SSNS, Waikoloa, Hawaii http://www.hicss.hawaii.edu, information sprague@hawaii.edu * 1/ 5/05: Chapter proposals for Digital Crime book, submissions are due; http://cgi.di.uoa.gr/~nkolok/Idea.html * 1/ 7/05: Workshop on Trust, Security and Privacy for Ubiquitous Computing Taormina, Italy, submissions are due, http://www.iit.cnr.it/TSPUC2005/>www.iit.cnr.it/TSPUC2005/ * 1/10/05- 1/11/05: WITS, Long Beach, California; http://chacs.nrl.navy.mil/wits05 wits05chair@itd.nrl.navy.mil * 1/17/05: Information Hiding, Barcelona, Spain; http://kison.uoc.edu/IH05 * 1/26/05: Applied Cryptography and Network Security, New York City, NY http://acns2005.cs.columbia.edu/cfp.html submissions are due * 1/28/05: Computer Security Foundations Workshop, Aix-en-Provence, France http://www.lif.univ-mrs.fr/CSFW18/ submissions are due; amadio@cmi.univ-mrs.fr * 1/31/05- 2/ 3/05: Australasian Information Security Workshop On Digital Rights Management, Newcastle, Australia http://www.cs.newcastle.edu.au/~acsw05 -------------- * 2/ 3/05- 2/ 4/05: Network and Distributed System Security Symposium, San Diego, California; kseo@bbn.com http:// * 2/ 3/05- 2/ 4/05: Workshop on Protocols for Fast Long-distance Networks. Lyon, France, http://www.ens-lyon.fr/LIP/RESO/pfldnet2005 * 2/14/05- 2/18/05: RSA Conference, Cryptographers' Track, San Francisco, CA, http://www.rsasecurity.com/rsalabs/node.asp?id=2015 * 2/25/05: Symposium on Usable Privacy and Security Pittsburgh, PA; http://cups.cs.cmu.edu/soups/ submissions are due * 2/25/05: Workshop on the Economics of Information Security, Cambridge, MA; http://www.infosecon.net/workshop/index.html * 2/28/05- 3/ 3/05: Financial Cryptography and Data Security Roseau, The Commonwealth Of Dominica; http://www.ifca.ai/fc05/ -------------- * 3/13/05- 3/17/05: ACM SAC, Track on Trust, Recommendations, Evidence and other Collaboration Know-how; Santa Fe, NM; http://www.trustcomp.org/treck/, information sac.treck.info@trustcomp.org * 3/17/05- 3/22/05: Verification of Infinite State Systems with Application to Security Timisoara, Romania; http://vissas.ieat.ro/ * 3/31/05- 4/ 1/05: Information Assurance Workshop, Washington, DC; http://iwia.org/2005/CfP_WS2005.html -------------- * 4/ 1/05: IEEE Internet Computing Special Issue on P2P and Ad Hoc Nets, submissions are due http://www.computer.org/internet/call4ppr.htm * 4/10/05- 4/15/05: Usenix Technical Conference. Anaheim, CA http://www.usenix.org/events/usenix05/cfp/general.html * 4/19/05- 4/21/05: 4th Annual PKI R&D Workshop: Multiple Paths to Trust Gaithersburg, MD; http://middleware.internet2.edu/pki05/ * 5/ 8/05- 5/11/05: IEEE Symposium on Security and Privacy Berkeley/Oakland, CA; http://www.ieee-security.org/TC/SP-Index.html srt@cs.unt.edu * 5/10/05: Cluster Security - The Paradigm Shift, ClusterSec, Cardiff, UK, http://www.ncassr.org/projects/cluster-sec/ccgrid05/ ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers Maintained by Sven Dietrich ____________________________________________________________________ IEEE Internet Computing, Special Security for P2P and Ad Hoc Networks Issue, November/December 2005. (Submission due 1 April 2005) Guest editors: Shiuhpyng Shieh (National Chiao Tung University) and Dan Wallach (Rice University) As the number of individual computing devices and the demand for mobility continue to grow, peer-to-peer (P2P) systems and ad hoc networks will become increasingly popular. Indeed, they are likely to become integral to the future computing and networking infrastructure. P2P systems create application-level virtual networks with their own routing mechanisms; they enable large numbers of computers to share information and resources directly, without dedicated central servers. Ad hoc networks allow mobile hosts, mobile devices, and sensor nodes to communicate when no fixed infrastructure is available. Although P2P systems and ad hoc networks make communication and resource sharing more convenient, however, they also introduce new security challenges due to inherent aspects such as dynamic topologies and membership, unreliability, severe resource constrains, and the absence of a trusted infrastructure.
To explore these issues, IC invites contributions for a special issue
on security for P2P and ad hoc networks. Appropriate topics include,
but are not limited to:
- key management,
- authentication,
- access control,
- privacy and anonymity,
- secure routing,
- secure MAC protocols,
- performance and security trade-offs,
- intrusion detection and tolerance, and
- denial of service.
For more information, please see http://www.computer.org/internet/call4ppr.htm
______________________________________________________________________________
Cluster-Sec2005 Cluster Security - The Paradigm Shift - Held in
conjunction with the 5th IEEE/ACM International Symposium on Cluster
Computing and the Grid (CCGrid) 2005,
May 10/11, 2005. (Submissions due 1 December 2004)
Prior to the Spring of 2004, clusters have been protected using
enterprise computer network security techniques where cluster nodes
where treated as a collection of individual computers. After the
successful Internet attacks on HPC centers worldwide in the Spring of
2004, there needs to be a paradigm shift in cluster security
strategies. Clusters can no longer be thought of as just a collection
of individual computers but rather as an integrated single unit in
which any breach may result in a "class break" compromise of the
entire cluster. Furthermore, it has also been shown that clusters
communicating via grids create dependent risks between clusters such
that any cluster compromise may cascade to effect an entire grid.
This workshop focuses on stimulating new ideas in order to reshape
cluster protection strategies. Clearly cluster security is a complex,
multi-dimensional problem with dynamics over time so a large variety
of approaches may be appropriate including prevention, monitoring,
measurements, mitigation, and recovery. Papers with demonstrated
results will be given priority. Two categories of papers will be
considered: Long Paper (12 pages) and Work-In-Progress/Short Paper (6
pages). A list of potential topics includes but is not limited to the
following:
- cluster security as an emergent property
- analysis of cluster attacks
- new techniques to protect clusters
- visualizing cluster security
- commercial grade cluster security
- failover cluster security
- cluster-specific intrusion detection
- the relationship between cluster security and grid security
- cluster security vulnerabilities
- cluster security best practices
- storage security on clusters
- storage survivability on clusters
More information can be found on the workshop web page at
http://www.ncassr.org/projects/cluster-sec/ccgrid05/
____________________________________________________________________
ISH2005 International Workshop on Information Security & Hiding,
Singapore, May 9-12, 2005. (Submissions due 10 December 2004)
The ISH05 Workshop, held in conjunction with the International
Conference on Computational Science & Its Applications (ICCSA '05), is
intended as an international forum for researchers in all areas of
information security and information hiding. Submissions of papers
presenting a high-quality original research are invited for the
Workshop tracks:
- Cryptology (cryptography, cryptanalysis)
- Security engineering (side-channel attacks, crypto implementations)
- Steganology (steganography, steganalysis)
- Digital Watermarking
Topics of interest:
- Side-channel analysis & countermeasures
- Implementation of cryptographic algorithms,
- Cryptographic hardware: factoring, cryptanalysis, random number
generators, reconfigurable, processors,
- Design & analysis of symmetric-key cryptosystems: block ciphers,
stream ciphers, hash functions, MACs, modes of operation, backdoors
- RFID & privacy
- Public-key cryptography, Elliptic curve cryptosystems
- Provable security
- Trusted computing
- Subliminal & covert channels
- Steganography
- Digital watermarking
- Digital rights management
- Links between cryptology and steganology
More information can be found on the workshop web page at
http://www.swinburne.edu.my/rphan/ISH05.htm
____________________________________________________________________
TSPUC2005 International Workshop on Trust, Security and Privacy for
Ubiquitous Computing, Taormina, Sicily, Italy, June 13,
2005. (Submissions due 7 January 2005)
This workshop aims at focusing the attention of the research
community on the increasing complexity and relevance of trust, privacy
and security issues in ubiquitous computing.
Suggested submission topics include, but are not limited to the
following ones in mobile (ad Hoc) networks, sensor networks, P2P
systems, portable/embedded/weareable devices ...
- Key establishment and distribution
- Access control models, policies and mechanisms
- Trust, reputation and recommendation management
- Privacy and identity management
- Digital assets management
- Context/location aware computation
- Self-organizing networks/communities
- Intrusion and anomaly detection
- Secure user-device interfaces
- Distributed consensus in the presence of active adversaries
- Analysis/simulation/validation techniques
- Handling emergent properties
- Phishing - attacks and countermeasures
- Case studies
For more info, see http://www.iit.cnr.it/TSPUC2005/
____________________________________________________________________
IHW2005 7th Information Hiding Workshop, Barcelona, Spain, June 6-8,
2005. (Submissions due 17 January 2005)
Many researchers are interested in hiding information or, conversely,
in preventing others from doing so or detecting and extracting the
hidden data. Although the protection of digital intellectual property
has recently motivated most of the research in this area, there are
many other applications of increasing interest to both the academic
and business communities. Current research topics include:
- anonymous communications,
- covert channels in computer systems,
- detection of hidden information (steganalysis),
- digital forensic,
- information hiding aspects of privacy,
- steganography,
- subliminal channels in cryptographic protocols,
- watermarking for protection of intellectual property,
- other applications of watermarking.
Continuing a series of successful workshops that brought together
these closely-linked research areas, the 7th International Workshop on
Information Hiding will be held in Barcelona, Spain. Authors can
submit their papers online at http://kison.uoc.edu/IH05 where detailed
instructions are provided.
____________________________________________________________________
DIMVA2005 Second GI SIG SIDAR Conference on Detection of Intrusions &
Malware, and Vulnerability Assessment, Vienna, Austria, July 6-8,
2005. (Submissions due 21 January 2005)
The special interest group Security - Intrusion Detection and Response
(SIDAR) of the German Informatics Society (GI) organizes DIMVA as an
annual conference that brings together experts from throughout Europe
to discuss the state of the art in the areas of intrusion detection,
detection of malware, and assessment of vulnerabilities. DIMVA
emphasizes the collaboration and exchange of ideas between industry,
academia, law enforcement and government, and invites four types of
submissions: full papers, industry papers, panel proposals, and
tutorial proposals.
For more info, please see http://www.dimva.org/dimva2005
____________________________________________________________________
CSFW18 18th IEEE Computer Security Foundations Workshop,
Aix-en-Provence, France, June 20-22, 2005. (Submission due 25 January
2005)
This workshop series brings together
researchers in computer science to examine foundational issues in
computer security. For background information about the workshop, and
an html version of this Call for Papers, see the CSFW home page
www.csl.sri.com/csfw/index.html
We are interested both in new results
in theories of computer security and also in more exploratory
presentations that examine open questions and raise fundamental
concerns about existing theories. Both papers and panel proposals are
welcome.
Possible topics include, but are not limited to:
Access control
Authentication
Data and system integrity
Database security
Network security
Distributed systems security
Anonymity
Intrusion detection
Security for mobile computing
Security protocols
Security models
Decidability issues
Privacy
Executable content
Formal methods for security
Information flow
Language-based security
This year's workshop will be held in Aix-en-Provence,
France. Proceedings published by the IEEE Computer Society Press will
be available at the workshop. Selected papers will be invited for
submission to the Journal of Computer Security.
____________________________________________________________________
ACNS2005 3rd Applied Cryptography and Network Security Conference,
Columbia University, New York, NY, USA, June 7-10, 2005. (Submission
due 26 January 2005)
Original research papers on all technical aspects of cryptology are
solicited for submission to ACNS '05, the Third annual conference on
Applied Cryptography and Network Security. There are two tracks for
ACNS: a research track and an industrial track. The latter has an
emphasis on practical applications. In addition, submissions to the
industrial track may be talk proposals (rather than full papers). The
PC will consider moving submissions between tracks if the PC feels
that a submission is more appropriate for that track (with author
permission). Topics of relevance include but are not limited to:
- Applied Cryptography, cryptographic constructions
- Cryptographic applications: e.g., payments, fair exchange,
time-stamping, auctions, voting, polling, location services.
- Economic incentives for collaboration
- Security modeling and protocol design in the context of rational and
malicious adversaries
- Security of limited devices: e.g., adversarial modeling,
light-weight cryptography, efficient protocols and implementations.
- Integrating security in Internet protocols: routing, naming, TCP/IP,
multicast, network management, and the Web.
- Intrusion avoidance, detection, and response: systems, experiences
and architectures.
- Network perimeter controls: firewalls, packet filters, application gateways.
- Virtual private networks.
- Web security and supporting systems security, such as databases,
operating systems, etc.
- Denial of Service: attacks and countermeasures.
- Securing critical infrastructure: e.g., routing protocols, the power
grid, and emergency communication.
- Public key infrastructure, key management, certification, and revocation.
- Implementation, deployment and management of network security policies.
- Intellectual property protection: protocols, implementations,
metering, watermarking, digital rights management.
- Fundamental services on network and distributed systems:
authentication, data integrity, confidentiality, authorization,
non-repudiation, and availability.
- Integrating security services with system and application security
facilities and protocols: e.g., message handling, file
transport/access, directories, time synchronization, database
management, boot services, mobile computing.
- Security and privacy for emerging technologies: sensor networks,
wireless/mobile (and ad hoc) networks, Bluetooth, 802.11, and
peer-to-peer systems.
- Usable security.
- Deployment incentives for security technology.
- Web, chat, and email security, including topics such as spam prevention.
For more info, please see: http://acns2005.cs.columbia.edu/cfp.html
____________________________________________________________________
Security-05 14th USENIX Security Symposium, Baltimore, MD, USA, August
1-5, 2005. (Submissions due 4 February 2005)
The USENIX Security Symposium brings together researchers,
practitioners, system administrators, system programmers, and others
interested in the latest advances in security of computer systems. The
14th USENIX Security Symposium will be held August 1-5, 2005, in
Baltimore, MD.
All researchers are encouraged to submit papers covering novel and
scientifically significant practical works in security or applied
cryptography. Submissions are due on February 4, 2005, 11:59
p.m. PST. The Symposium will span five days: a two-day training
program will be followed by a two and one-half day technical program,
which will include refereed papers, invited talks, Work-in-Progress
reports, panel discussions, and Birds-of-a-Feather sessions.
For further info, see http://www.usenix.org/events/sec05/cfp/
____________________________________________________________________
CRYPTO2005 Twenty-Fifth Annual International Cryptology Conference,
Santa Barbara, CA, USA, August 14-18, 2005. (Submissions due 14
February 2005)
The 25th International Cryptology Conference will be held at the
University of California, Santa Barbara. The academic program covers
all aspects of cryptology. Formal proceedings, published by
Springer-Verlag, will be provided to registered attendees at the
conference. Technical sessions will run from Monday morning to
Thursday noon, with a non-technical activities half-day on Tuesday
afternoon.
For further info, see http://www.iacr.org/conferences/c2005/index.html
____________________________________________________________________
WEIS2005 Workshop on Economics and Information Security, Harvard
University, Cambridge, MA, USA, June 2-4, 2005. (Submissions due 25
February 2005)
Original Research Papers on all aspects of the Economics of
Information Security are solicited for submission to the Fourth
Workshop on the Economics of Information Security. Topics of interest
include
liability and other legal incentives,
game theoretic models,
economics of digital rights management,
security in open source and free software,
cyber-insurance,
disaster recovery,
trusted computing,
reputation economics
network effects in security and privacy,
security in grid computing,
return on security investment,
security and privacy in pervasive computing,
risk management,
risk perception,
economics of trust,n
virus models,
vulnerabilities and incentives,
economics of malicious code,
identity including PKI,
access control,
economics of electronic voting security,
and economic perspectives on spam.
We invite talks emphasizing economic theory, mathematical modeling, or
legal theory. Past notable work used the tools of economics to offer
insights into computer security; offered mathematical models of
computer security or economics; detailed potential regulatory
solutions to computer security; or clarified the challenges of
improving security as implemented in practice.
For more information, please see
http://www.infosecon.net/workshop/cfp.html
____________________________________________________________________
SOUPS2005 Symposium on Usable Privacy and Security, Carnegie Mellon
University, Pittsburgh, PA, USA, July 6-8, 2005. (Submissions due 25
February 2005)
The Symposium on Usable Privacy and Security (SOUPS) will be held
July 6-8, 2004 at Carnegie Mellon University in Pittsburgh, PA. This
symposium will bring together an interdisciplinary group of
researchers and practitioners in human computer interaction, security,
and privacy. The program will feature refereed papers, tutorials, a
poster session, panels and invited talks, and discussion sessions. We
seek original papers describing research or experience in all areas of
usable privacy and security. Topics include, but are not limited to,
breakthrough models, innovative functionality and design, new
applications of existing models or technology, usability testing of
security features or security testing of usability features, and
lessons learned from deploying and using usable privacy and security
features. Papers should properly place the work within the field, cite
related work, and clearly indicate the innovative aspects of the work
or lessons learned as well as the contribution of the work to the
field. Suggestions or proposals for panels, tutorials, or invited
speakers should be sent to the general chair, lorrie AT acm.org, by
February 25.
For more information, please see http://cups.cs.cmu.edu/soups/
____________________________________________________________________
DIMACS Workshop on Security of Web Services and E-Commerce, Rutgers
University, Piscataway, NJ, USA, May 5-6, 2005. (Optional submission
due Spring 2005)
The growth of Web Services, and in particular electronic commerce
activities based on them, is quickly being followed by work on Web
Services security protocols. While core XML security standards like
XMLDSIG, XMLENC and WS-Security have been completed, they only provide
the basic building blocks of authentication, integrity protection and
confidentiality for Web Services. Additional Web Services standards
and protocols are required to provide higher-order operations such as
trust management, delegation, and federation. At the same time, the
sharp rise in "phishing" attacks and other forms of on-line fraud
simply confirms that all our work on security protocols is for naught
if we cannot make it both possible and easy for the average user to
discover when a security property has failed during a
transaction. This workshop aims to explore these areas as well as
other current and future security and privacy challenges for Web
Services applications and e-commerce.
The workshop will be open to the public (no submission is necessary to
attend). If you'd like to give a presentation please send a title and
abstract to commerce2005@farcaster.com as soon as
possible. Submissions may describe ongoing or planned work related to
the security of Web Services and electronic commerce, or they may
discuss important research problems or propose a research agenda in
this area. Also, we intend this to be a participatory and interactive
meeting so we hope you will be able to contribute to the meeting even
without giving an announced talk.
Presented under the auspices of the Special Focus on Communication
Security and Information Privacy.
____________________________________________________________________
CMS2005 9th IFIP Conference on Communications and Multimedia Security,
Salzburg, Austria,September 19-21, 2005. (Submissions due 10 April
2005)
The CMS conference attempts to be a forum for researchers working on
all aspects of communications and multimedia security. This year the
organizers especially encourage submissions on topics such as security
of information hiding, combined encryption and watermarking schemes,
XML security and network security. Papers should have practical
relevance to the construction or evaluation of secure systems;
theoretical papers should demonstrate their practical
significance. The proceedings will be published by Springer in their
Lecture Notes in Computer Science (LNCS) series.
For details and submission instructions please refer to:
http://cms2005.sbg.ac.at
____________________________________________________________________
CCS 2005 12th ACM Conference on Computer and Communications Security,
Alexandria, VA, USA, November 7-11, 2004. (Submission due 8 May 2005)
Papers offering novel research contributions to any aspect of computer
security are solicited for submission to the 12th ACM conference. The
primary focus is on high-quality original unpublished research, case
studies, and implementation experiences. Papers should have practical
relevance to the construction, evaluation, application, or operation
of secure systems. Theoretical papers must make convincing arguments
for the practical significance of the results. Theory must be
justified by compelling examples illustrating its application.
Topics of interest include:
- access control
- authentication
- accounting and audit
- database and system security
- security for mobile code
- applied cryptography
- data/system integrity
- smart-cards and secure PDAs
- cryptographic protocols
- e-business/e-commerce
- intrusion detection
- inference/controlled disclosure
- key management
- privacy and anonymity
- security management
- intellectual property protection
- information warfare
- secure networking
- security verification
- commercial and industry security
See http:///www.acm.org/sigsac/ccs/ for details.
====================================================================
Conferences and Workshops
(the call for papers deadline has passed)
====================================================================
====================================================================
News Briefs
====================================================================
News briefs from past issues of Cipher are archived at
http://www.ieee-security.org/Cipher/NewsBriefs.html
____________________________________________________________________
Announcement by Terry Benzel, USC ISI
November 17, 2004
DETER: A Laboratory for Security Research
____________________________________________________________________
The goal of the DETER laboratory effort is to create, maintain, and
support a collaborative and vendor-neutral experimental environment
for cyber-security research. It is intended to provide a center for
interchange and collaboration among security researchers and testbed
builders. The DETER effort includes:
Deter testbed: a shared testbed infrastructure that is
specifically designed for medium-scale (e.g., 100 node) repeatable
experiments, and especially for experiments that may involve
"risky" code.
DETER research community: a community of academic,
industry, and government researchers working toward better defenses
against malicious attacks on our networking infrastructure, especially
critical infrastructure.
The nucleus of the DETER laboratory effort is formed of two research
projects, funded by the National Science Foundation (NSF) and the U.S.
Department of Homeland Security Advanced Research Projects Agency
(HSARPA):
DETER -- Cyber Defense Technology Experimental Research project
The DETER project designs, builds, and operates the
(http://www.isi.edu/deter/docs/testbed.overview.htm) DETER testbed, to
provide experimental infrastructure and tools for security
research. The partners in DETER are UC Berkeley, USC's Information
Sciences Institute (USC-ISI), and McAfee Research.
EMIST -- (http://www.isi.edu/deter/emist.temp.html) Evaluation
Methods for Internet Security Technology network,
EMIST is developing scientifically rigorous testing
frameworks and methodologies for representative classes of network attacks
and defense mechanisms. It currently includes research efforts in
DDoS defense, worm propagation, and BGP routing attacks.
Partners in the EMIST effort include Penn State, McAfee
Research, ICSI, Purdue, SPARTA Inc., SRI International, and UC Davis.
The DETER testbed is designed to provide an experimental environment
in which
* government, academic, and industry cyber-security researchers can
safely analyze and measure attacks and develop attack mitigation and
confinement strategies. In addition,
* the DETER project will provide tools and resources to enable
repeatable experiment methodologies, allowing different
researchers to duplicate and analyze the same
experiments.
DETER is constructed using the "cluster testbed" technology developed
by the University of Utah and known as "Emulab" (see
http://www.emulab.net/). Much of the online documentation for DETER is
taken from Emulab, since much of the control and administrative
software is the same. However, there are some differences between
DETER and Emulab, primarily to assure greater safety for malevolent
code in DETER.
For example, a DETER experiment does not have a direct IP path to the
Internet, unlike an Emulab experiment.
There will be no charge for the use of the DETER testbed. Acceptable
use policies are approved by the sponsoring agencies
The DETER testbed is targeted, at least initially, at support for open
and publishable research projects, typically academic research..
An initial version of the DETER testbed has been in operation since
March 2004.
DETER has been used by three research teams under the EMIST project to
perform experiments on DDoS attacks, worm propagation, and BGP attacks
using the initial testbed.
The DETER and EMIST teams held a workshop in late October to invite
additional members of the research community to join the DETER
experimenters community. We invite interested researchers to visit the
DETER web site at http://www.isi.edu/deter and to request access to
the testbed by sending a request to deterinfo @ isi.edu
____________________________________________________________________
Announcement by Carrie Gates, CERT/CC
November 12, 2004
The SiLK Suite of Netflow Tools
____________________________________________________________________
CERT/NetSA (Network Situational Awareness) has been developing a set
of tools for the analysis of large amounts of NetFlow data. The SiLK
(System for Internet-Level Knowledge) Suite was developed with two primary
considerations: performance and security analysis. Performance has been a
key consideration as the tools are intended for sites that receive large
numbers of NetFlow records (such as ISPs and large organizations), and
this has guided the format used for collection and storage.
Security analysis has been the driving motivation behind the
development of this suite of tools. A number of summarization and
statistical analysis tools are provided, along with tools to
efficiently create, retrieve, and manipulate arbitrary sets of IP
addresses and related information. These tools have been in
operational use at a large site for the past two years, and have been
used to do network analysis of DoS attacks, scan activity, worm
tracking, and backdoor detection.
This suite has been released under the GPL and is available at:
http://silktools.sourceforge.net
A paper - ``More Netflow Tools: For Performance and Security'' by
Carrie Gates, Michael Collins, Michael Duggan, Andrew Kompanek and
Mark Thomas - on the tools with some sample security uses will be
presented at the 18th Large Installation System Administration (LISA)
conference on Thursday, 18 November 2004. After the conference, the
paper will be available at:
http://www.usenix.org/events/lisa04/tech/gates.html.
John McHugh will also be presenting a tutorial at the Annual Computer
Security Applications Conference (ACSAC) on Tuesday, 7 December 2004, that
uses these tools. See http://www.acsac.org/ for more information.
____________________________________________________________________
Report by By Sean Turner and Russ Housley
September 23, 2004
IETF Revises Cryptographic Message Syntax and Secure Multipurpose
Internet Mail Extensions
____________________________________________________________________
Numerous protocols such as the Simple Mail Transport Protocol (SMTP,
RFC 2821), the Session Initiation Protocol (SIP, RFC 3261), and the
Electronic Data Interchange (EDI) protocols, and some of the Public
Key Information (PKI) certificate management protocols employ the CMS
(Cryptographic Message Syntax) to protect their payloads.
The IETF has revised the CMS and Secure Mail Internet Mail Extensions
(S/MIME) specifications to address protocol implementation issues and
to support additional protocols:
CMS has been revised twice since it was initially published as PKCS #7
Version 1.5 (RFC 2315). RFC 2630 was the first standards-track
version of CMS. The first standards-track revision, RFC 3369, adds an
optional password based key management scheme, adds an extension
mechanism to support new key management schemes, clarifies RFC 2315
signature compatibility issues, and moves algorithm information to CMS
Algorithms (RFC 3230). The second standards-track version, RFC 3852,
adds an extension mechanism that supports additional certificate
formats for the verification of digital signatures. All updates
retain backwards compatibility with RFC 2630 and RFC 3369.
CMS Algorithms (RFC 3370) provides algorithm information. It
separates the algorithm specification from the protocol specification
allowing both specifications to be updated without impacting one
another.
S/MIME Version 3.1 Message Specification (RFC 3851) replaces S/MIME
Version 3.0 Message Specification (RFC 2633). Diffie-Hellman key
agreement is no longer required; instead, support for RSA key
transport is required. This change aligns the standard with actual
use in the Internet. Optional support for AES symmetric encryption
algorithm was also added, but Triple-DES remains the
mandatory-to-implement symmetric encryption algorithm. The digital
signature algorithm requirements were also changed. Support for both
RSA and DSS is required on reception; however, and either RSA or DSS
can be used on origination. Also, several implementation issues
were clarified.
S/MIME Version 3.1 Certificate Handling (RFC 3850) replaces
S/MIME Version 3.0 Certificate Handling (RFC 2632) by including
support for both Version 1 and 2 Certificate Revocation Lists (CRLs),
making permitting the use of Version 2 attribute certificates optional
to support, but prohibiting the use of Version 1 attribute
certificates. Also, several other implementation
issues were clarified.
Securing X.400 Content With S/MIME (RFC 3854) specifies how to apply
CMS constructs to sign and encrypt X.400 content.
Transporting S/MIME Object in X.400 (RFC 3855) specifies how to convey
CMS signed and encrypted contents over an X.400 message transfer
system.
S/MIME Examples (approved, but not yet published) provides detailed
technical examples of message bodies formatted using CMS and S/MIME.
The hope is that the test data will help with product development and
testing, helping to ensure cross-vendor interoperability.
Ongoing work in the area includes mechanisms to exchange S/MIME
capabilities between end users, and algorithm specifications. The
S/MIME working group is also working on the necessary documentation to
progress the CMS and S/MIME documents to Draft standard, which
requires two interoperable implementations of each protocol feature.
For more information, contact Sean Turner (turners @ ieca.com), Blake
Ramsdell (ramsdell @ sendmail.com), or Russ Housley
(housley @ vigilsec.com).
____________________________________________________________________
Report by Jason Holt