Tuomas Aura's Publications
Hide abstracts and BibTeX entries.
|
2008 |
|
|---|---|
| 1. |
Tuomas Aura, Janne Lindqvist, Michael Roe, Anish Mohammed, Chattering laptops, In proceedings of Privacy Enhancing Technologies Symposium (PETS 2008), LNCS ????, Leuven, Belgium, July 2008, Springer. [PS][PDF] Abstract: Mobile computer users often have a false sense of anonymity when they connect to the Internet at cafes, hotels, airports or other public places. In this paper, we analyze information leaked by mobile computers to the local access link when they are outside their home domain. While most application data can be encrypted, there is no similar protection for signaling messages in the lower layers of the protocol stack. We found that all layers of the protocol stack leak various plaintext identifiers of the user, the computer and their affliations to the local link, which a casual attacker can observe. This violates the user's sense of privacy and may make the user or computer vulnerable to further attacks. It is, however, not possible to disable the offending protocols because many of them are critical to the mobile user experience. We argue that the most promising solutions to the information leaks are to filter outbound data, in particular name resolution requests, and to disable unnecessary service discovery depending on the network location. This is because most information leaks result from failed attempts by roaming computers to connect to services that are not available in the current access network. |
|
2007 |
|
| 2. |
Tuomas Aura, Michael Roe, Steven J. Murdoch, Securing network location awareness with authenticated DHCP , In proceedings of IEEE SecureComm 2007, Nice, France, September 2007. [PS][PDF] Abstract: Network location awareness (NLA) enables mobile computers to recognize home, work and public networks and wireless hotspots and to behave differently at different locations. The location information is used to change security settings such as firewall rules. Current NLA mechanisms, however, do not provide authenticated location information on all networks. This paper describes a novel mechanism, based on public-key authentication of DHCP servers, for securing NLA at home networks and wireless hotspots. The main contributions of the paper are the requirements analysis, a naming and authorization scheme for network locations, and the extremely simple protocol design. The mobile computer can remember and recognize previously visited networks securely even when there is no PKI available. This is critical because we do not expect the majority of small networks to obtain public-key certificates. The protocol also allows a network administrator to pool multiple, heterogeneous access links, such as a campus network, to one logical network identity. Another major requirement for the protocol was that it must not leak information about the mobile host's identity or affiliation. The authenticated location information can be used to minimize attack surface on the mobile host by making security-policy exceptions specific to a network location. |
|
|
|
| 3. |
Tuomas Aura, Moritz Becker, Michael Roe, Piotr Zielinski, Reconciling multiple IPsec and firewall policies , In proceedings of Security Protocols Workshop 2007, Brno, Chek Republic, April 2007. To appear in Springer LNCS. [PS][PDF] Abstract: Manually configuring large firewall policies can be a hard and error-prone task. It is even harder in the case of IPsec policies that can specify IP packets not only to be accepted or discarded, but also to be cryptographically protected in various ways. However, in many cases the configuration task can be simplified by writing a set of smaller, independent policies that are then reconciled consistently. Similarly, there is often the need to reconcile policies from multiple sources into a single one. In this paper, we discuss the issues that arise in combining multiple IPsec and firewall policies and present algorithms for policy reconciliation. |
|
2006 |
|
| 4. |
Tuomas Aura and Michael Roe. Designing the Mobile IPv6 Security Protocol. Annales des télécommunications / Annals of telecommunications, special issue on Network and information systems security, volume 61 number 3-4, March-April 2006. Editors Frédéric Cuppens, Hervé Debar, and Elisa Bertino. Hermes Science Publications. Also appeared as Microsoft Research Technical Report MSR-TP-2006-42. [PS][PDF] Abstract: Abstract Mobile IPv6 is a network-layer mobility protocol for the IPv6 Internet. The protocol includes several security mechanisms, such as the return-routability tests for the mobile's home address and care-of addresses. This paper explains the threat model and design principles that motivated the Mobile IPv6 security features. While many of the ideas have become parts of the standard toolkit for designing Internet mobility protocols, some details of the reasoning have not been previously documented. |
|
|
|
| 5. |
Tuomas Aura, Thomas A. Kuhn and Michael Roe. Scanning electronic documents for Personally identifiable information. In proceedings of Workshop on Privacy in the Electronic Society (WPES 2006), Alexandria, VA, USA, October 2006. [PS][PDF] |
|
2005 |
|
| 6. |
Tuomas Aura and Michael Roe. Reducing Reauthentication Delay in Wireless Networks. In proceedings of IEEE SecureComm 2005, Athens, Greece, September 2005. [PS][PDF] Abstract: When a wireless mobile user is moving across a mobile network or between co-operating networks, the network operators often want to verify the user's access rights before granting service. The security protocol causes a delay in the network access, which may be much longer than the typical delays caused by mobility management. An alternative would be to provide so called optimistic service before the user has been authenticated or paid for the access. Thus, there is a trade-off between the security of the access control and the quality of service observed by the user. Our aim is to reduce the authentication delay and to enable optimistic access without opening a window for fraudulent access. We present a protocol for the reauthentication of a mobile node when it repeatedly connects to different access points or co-operating wireless networks. The protocol is based on credentials which the mobile receives from access points as a proof of past honest behavior and which it presents when associating with a new access point. It can be implemented with keyed one-way functions that result in low computation and communication overhead both for the mobile and for the network. |
|
|
|
| 7. |
Tuomas Aura, Aarthi Nagarajan, and Andrei Gurtov. Analysis of the HIP Base Exchange Protocol. In proceedings of 10th Australasian Conference on Information Security and Privacy (ACISP 2005), Brisbane, Australia, July 2005. [PS][PDF] Abstract: The Host Identity Protocol (HIP) is an Internet security and multi-addressing mechanism specified by the IETF. HIP introduces a new layer between the transport and network layers of the TCP/IP stack that maps host identifiers to network locations, thus separating the two conflicting roles that IP addresses have in the current Internet. This paper analyzes the security and functionality of the HIP base exchange, which is a classic key exchange protocol with some novel features for authentication and DoS protection. The base exchange is the most stable part of the HIP specification with multiple existing implementations. We point out several security issues in the current protocol and propose changes that are compatible with the goals of HIP. |
|
|
|
| 8. |
Tuomas Aura, Michael Roe and Anish Mohammed. Experiences with Host-to-Host IPsec Security Protocols, 13th International Workshop, Cambridge, UK, April 2005. To appear. [PS][PDF] Abstract: This paper recounts some lessons that we learned from the deployment of host-to-host IPsec in a large corporate network. Several security issues arise from mismatches between the different identifier spaces used by applications, by the IPsec security policy database, and by the security infrastructure (X.509 certificates or Kerberos). Mobile hosts encounter additional problems because private IP addresses are not globally unique, and because they rely on an untrusted DNS server at the visited network. We also discuss a feature interaction in an enhanced IPsec firewall mechanism. The potential solutions are to relax the transparency of IPsec protection, to put applications directly in charge of their security and, in the long term, to redesign the security protocols not to use IP addresses as host identifiers.
@InProceedings{Aura05,
author = {Tuomas Aura and Michael Roe and Anish Mohammed},
title = {Experiences with Host-to-Host {IPsec}},
booktitle = {Security Protocols, 13th International Workshop},
year = 2005,
month = apr,
address = {Cambridge, UK},
note = {To appear},
}
|
|
|
|
| 9. |
Tuomas Aura. Cryptographically Generated Addresses (CGA). RFC 3972, IETF, March 2005. [TXT] Abstract: This document describes a method for binding a public signature key to an IPv6 address in the Secure Neighbor Discovery (SEND) protocol. Cryptographically Generated Addresses (CGA) are IPv6 addresses for which the interface identifier is generated by computing a cryptographic one-way hash function from a public key and auxiliary parameters. The binding between the public key and the address can be verified by re-computing the hash value and by comparing the hash with the interface identifier. Messages sent from an IPv6 address can be protected by attaching the public key and auxiliary parameters and by signing the message with the corresponding private key. The protection works without a certification authority or any security infrastructure.
@TechReport{rfc3972,
author = {Tuomas Aura},
title = {Cryptographically Generated Addresses ({CGA})},
institution = {IETF},
year = 2005,
month = mar,
type = {RFC},
number = 3972
}
|
|
2004 |
|
| 10. |
Tuomas Aura and Alf Zugenmaier. Privacy, Control and Internet Mobility. Position paper in Security Protocols, 12th International Workshop, Cambridge, UK, April 2004. To appear. [PS][PDF] |
|
|
|
| 11. |
Tuomas Aura, Pekka Nikander and Gonzalo Camarillo. Effects of Mobility and Multihoming on Transport-Protocol Security. In Proc. 2004 IEEE Symosium on Security and Privacy (SSP'04), Berkeley, CA USA, May 2004. IEEE Computer Society. [PS][PDF] Abstract: The Stream Control Transmission Protocol (SCTP) is a reliable message-based transport protocol developed by the IETF that could replace TCP in some applications. SCTP allows endpoints to have multiple IP addresses for the purposes of fault tolerance. There is on-going work to extend the SCTP multihoming functions to support dynamic addressing and endpoint mobility. This paper explains how the multihoming and mobility features can be exploited for denial-of-service attacks, connection hijacking, and packet flooding. We propose implementation guidelines for SCTP and changes to the mobility extensions that prevent most of the attacks. The same lessons apply to multihomed TCP variants and other transport-layer protocols that incorporate some flavor of dynamic addressing.
@InProceedings{Aura03d,
author = {Tuomas Aura and Pekka Nikander and Gonzalo Camarillo},
title = {Effects of Mobility and Multihoming on
Transport-Protocol Security},
booktitle = {Proc.\ 2004 IEEE Symposium on Security and Privacy (SSP'04)},
year = 2004,
month = may,
address = {Berkeley, CA USA},
publisher = {IEEE Computer Society},
pages = "12--26",
}
|
|
2003 |
|
| 12. |
Tuomas Aura. Cryptographically Generated Addresses (CGA). In Proc. 6th Information Security Conference (ISC'03), volume 2851 of LNCS, pages 29-43, Bristol, UK, October 2003. Springer. [PS][PDF] (Presentatation [PPT][PDF]) Abstract: Cryptographically generated addresses (CGA) are IPv6 addresses some address bits are generated by hashing the address owner's public key. The address owner uses the corresponding private key to assert address ownership and to sign messages sent from the address without a PKI or other security infrastructure. This paper describes a generic CGA format that can be used in multiple applications. Our focus is on removing weaknesses of earlier proposals and on the ease of implementation. A major contribution of this paper is a hash extension technique that increases the effective hash length beyond the 64-bit limit of earlier proposals.
@InProceedings{Aura03a,
author = {Tuomas Aura},
title = {Cryptographically Generated Addresses {(CGA)}},
booktitle = {Proc.\ 6th Information Security Conference (ISC'03)},
year = 2003,
month = oct,
address = {Bristol, UK},
publisher = {Springer},
volume = 2851,
series = "LNCS",
pages = "29--43",
}
|
|
|
|
| 13. |
Tuomas Aura. Mobile IPv6 Security. In Proc. Security Protocols, 10th International Workshop, volume 2845 of LNCS, pages 215-228, Cambridge, UK, April 2002. Springer 2003. [PS][PDF] Abstract: This paper presents a case study of security protocol design: authentication of binding updates in Mobile IPv6.We go step by step through the threat analysis and show how each threat is addressed in the protocol design. The goal is to solve any new security issues caused by the introduction of mobility without requiring any new security infrastructure.
@InProceedings{Aur02a,
author = {Tuomas Aura},
title = {Mobile {IPv6} Security},
booktitle = {Proc.\ Security Protocols, 10th International Workshop},
year = 2002,
month = apr,
address = {Cambridge, UK},
publisher = {Springer},
volume = 2845,
series = "LNCS",
pages = "215--228",
}
|
|
|
|
| 14. |
Pekka Nikander, Tuomas Aura, Jari Arkko and Gabriel Montenegro. Mobile IP version 6 (MIPv6) Route Optimization Security Design . In Proc. IEEE Vehicular Technology Conference Fall 2003, Orlando, FL USA, October 2003. IEEE Press. [PS][PDF] Abstract: Mobile IPv6 (MIPv6) allows a Mobile Node to talk directly to its peers while retaining the ability to move around and change the currently used IP address. This mode of operation is called Route Optimization (RO), as it allows the packets to traverse a shorter route than the default one through the Home Agent. In Route Optimization, the peer node learns a binding between the Mobile Node's permanent Home Address and its current temporary Care-of-Address. Once such a binding is in place, the peer node will send all packets whose destination is the Home Address to the Care-of-Address. This is potentially dangerous, since a malicious host might be able to establish false bindings, thereby preventing some packets from reaching their intended destination, diverting some traffic to the attacker, or flooding third parties with unwanted traffic. In this paper we discuss the design rationale behind the MIPv6 Route Optimization Security Design.
@InProceedings{NAAMN03a,
author = {Pekka Nikander and Tuomas Aura and Jari Arkko
and Gabrial Montenegro},
title = {Mobile IP version 6 (MIPv6) Route Optimization Security Design},
booktitle = {In Proc.\ IEEE Vehicular Technology Conference Fall 2003},
address = {Orlando, FL USA},
year = 2003,
publisher = {IEEE Press},
month = oct
}
|
|
2002 |
|
| 15. |
Tuomas Aura, Michael Roe, and Jari Arkko. Security of internet location management . In Proc. 18th Annual Computer Security Applications Conference (ACSAC), pages 78-87, Las Vegas, NV USA, December 2002. IEEE Press. [PS][PDF] (Presentation [PPT][PDF]) Abstract: IPv6 protocol, the mobile node sends binding updates to its correspondents to inform them about its current location. It is well-known that the origin of this location information must be authenticated. This paper discusses several threats created by location management that go beyond unauthentic location data. In particular, the attacker can redirect data to bomb third parties and induce unnecessary authentication. We introduce and analyze protection mechanisms with focus on ones that work for all Internet nodes and do not need a PKI or other new security infrastructure. Our threat analysis and assessment of the defense mechanisms formed the basis for the design of a secure location management protocol for Mobile IPv6. Many of the same threats should be considered when designing any location management mechanism for open networks.
@InProceedings{AuRoAr02,
author = {Tuomas Aura and Michael Roe and Jari Arkko},
title = {Security of Internet Location Management},
booktitle = {Proc.\ 18th Annual Computer Security Applications
Conference},
pages = {78--87},
year = 2002,
address = {Las Vegas, NV USA},
month = dec,
publisher = {IEEE Press},
}
|
|
|
|
| 16. |
Jari Arkko, Tuomas Aura, James Kempf, Vesa-Matti Mäntylä, Pekka Nikander, and Michael Roe. Securing IPv6 neighbor discovery and router discovery . In Proc. 2002 ACM Workshop on Wireless Security (WiSe), pages 77-86, Atlanta, GA USA, September 2002. ACM Press. [PS][PDF] Abstract: When IPv6 Neighbor and Router Discovery functions were defined, it was assumed that the local link would consist of mutually trusting nodes. However, the recent developments in public wireless networks, such as WLANs, have radically changed the situation. The nodes on a local link cannot necessarily trust each other any more, but they must become mutually suspicious even when the nodes have completed an authentication exchange with the network. This creates a number of operational difficulties and new security threats. In this paper we provide a taxonomy for the IPv6 Neighbor and Router Discovery threats, describe two new cryptographic methods, Cryptographically Generated Addresses (CGA) and Address Based Keys (ABK), and discuss how these new methods can be used to secure the Neighbor and Router discovery mechanisms.
@InProceedings{AAKMNR02,
author = {Jari Arkko and Tuomas Aura and James Kempf and
Vesa-Matti M{\"a}ntylä and Pekka Nikander
and Michael Roe},
title = {Securing {IP}v6 neighbor discovery and router discovery},
booktitle = {Proc.\ 2002 ACM Workshop on Wireless Security (WiSe)},
pages = {77--86},
year = 2002,
address = {Atlanta, GA USA},
month = sep,
publisher = {ACM Press}
}
|
|
2001 |
|
| 17. |
Tuomas Aura and Dieter Gollmann. Communications security on the internet . Software Focus, 2(3):104-111, Autumn 2001. Abstract: The Internet is an open network where all traffic is subject to interception by malicious outsiders. This article overviews the current major threats and security solutions for communication over the Internet. We note that the lack of satisfactory authentication infrastructures and guaranteed quality of service remain the main impediments for secure communication. Continuous evolution of the protection mechanisms, developer skills, and user culture are necessary to stay on track with the progress in communication technology.
@Article{AurGol01,
author = {Tuomas Aura and Dieter Gollmann},
title = {Communications Security on the Internet},
journal = {Software Focus},
year = 2001,
volume = 2,
number = 3,
pages = {104--111},
month = {Autumn}
}
|
|
|
|
| 18. |
Tuomas Aura and Silja Mäki. Towards a survivable security architecture for ad-hoc networks . In Proc. Security Protocols, 9th International Workshop, volume 2467 of LNCS, pages 63-79, Cambridge, UK, April 2001. Springer. [PS][PDF] Abstract: We present a security architecture for access control in ad-hoc networks of mobile electronic devices. Ad-hoc networks are formed on demand without support from pre-existing infrastructure such as central servers, security associations or CAs. Our architecture is fully distributed and based on groups and public-key certification. The goal is a survivable system that functions well even when network nodes fail and connections are only occasional. We identify some open problems in the optimal use of unreliable communications for security management.
@InProceedings{AurMak01,
author = {Tuomas Aura and Silja M{\"a}ki},
title = {Towards a survivable security architecture for
ad-hoc networks},
booktitle = {Proc.\ Security Protocols, 9th International Workshop},
year = 2001,
month = apr,
address = {Cambridge, UK},
publisher = {Springer},
volume = 2467,
series = "LNCS",
pages = "63--79",
}
|
|
2000 |
|
| 19. |
Tuomas Aura. Authorization and Availability - Aspects of Open Network Security . Doctoral Thesis, appeared as HUT TCS Research Report A64, November 2000. [PS][PDF] (introduction only).
Abstract:
The world is becoming increasingly dependent on secure, reliable
access to services on the Internet and in other open communications
networks. Since the administration and authority on these networks
are completely distributed, it is not possible to set or enforce
global security policies. While security and confidentiality of data
are still significant concerns, access control and resistance to
denial-of-service (DOS) attacks have become at least as significant
security goals. Traditional methods for access-right management and
resource allocation, which were defined for centrally administered
systems, are not applicable on the open networks. Consequently, new
techniques for access control and DOS prevention are needed.
@PhdThesis{Aura00,
author = {Tuomas Aura},
title = {Authorization and Availability ---
Aspects of Open Network Security},
school = {Helsinki University of Technology},
year = 2000,
month = nov,
note = {Appeared as HUT TCS Research Report A64}
}
|
|
|
|
| 20. |
Tuomas Aura, Johan Lilius. A causal semantics for time Petri nets . in Theoretical Computer Science, volume 243, issue 1-2, July 2000, pp. 409-447, Elsevier 2000.
@Article{AurLil00,
author = {Tuomas Aura and Johan Lilius},
title = {A causal semantics for time Petri nets},
journal = {Theoretical Computer Science},
year = 2000,
volume = 243,
number = {1--2},
pages = {409--447},
month = jul,
url = {http://www.elsevier.nl/PII/S0304397599001140}
}
|
|
|
|
| 21. |
Silja Mäki, Tuomas Aura, Maarit Hietalahti. Group management protocol with digital personal appliances. Laboratory for Theoretical Computer Science, Helsinki University of Technology, Project report, December 2000, Espoo, Finland.
@TechReport{MakAurHie00b,
author = {Silja M{\"a}ki and Tuomas Aura and Maarit Hietalahti},
title = {Group management protocol with digital personal appliances},
institution = {Laboratory for Theoretical Computer Science,
Helsinki University of Technology},
year = 2000,
type = {Project report},
address = {Espoo, Finland},
month = dec
}
|
|
|
|
| 22. |
Silja Mäki, Maarit Hietalahti, Tuomas Aura. A Survey of Ad-hoc Network Security. Laboratory for Theoretical Computer Science, Helsinki University of Technology, Interim project report, May-December 2000, Espoo, Finland,
@TechReport{MakHieAUr00,
author = {Silja M{\"a}ki and Maarit Hietalahti and Tuomas Aura},
title = {A Survey of Ad-hoc Network Security},
institution = {Laboratory for Theoretical Computer Science,
Helsinki University of Technology},
year = 2000,
type = {Interim project report},
address = {Espoo, Finland},
month = {May, September, December}
}
|
|
|
|
| 23. |
Silja Mäki, Tuomas Aura, Maarit Hietalahti. Robust Membership Management for Ad-hoc Groups . In Proc. 5th Nordic Workshop on Secure IT Systems (NORDSEC 2000). [PS][PDF]. Abstract: In ad-hoc networks, the network nodes or users often form peer groups. The members of a group may share an application, a physical location, or administrative tasks. Defining who is a member of the group is also the first step towards establishing a shared secret key for secure communications. Group membership management involves adding and removing nodes in the group, as well as a method for authenticating the group members. In this paper, we present a fully distributed, certificate-based system for group membership management. It is designed to suit highly dynamic ad-hoc networks where communications is sporadic and nodes often fail unexpectedly.
@InProceedings{MakAurHie00,
author = {Silja M{\"a}ki and Tuomas Aura and Maarit Hietalahti},
title = {Robust Membership Management for Ad-hoc Groups},
booktitle = "Proc. 5th Nordic Workshop on Secure IT Systems
(NORDSEC 2000)",
address = {Reykjavik, Iceland},
year = 2000,
month = oct
}
|
|
|
|
| 24. |
Tuomas Aura, Pekka Nikander, Jussipekka Leiwo. DOS-resistant authentication with client puzzles . Proc. Security Protocols Workshop 2000, Lecture Notes in Computer Science, volume 2133, pages 170-181, Cambridge, UK, April 2000, Springer 2001. [PS][PDF]. Abstract: Denial of service by server resource exhaustion has become a major security threat in open communications networks. Public-key authentication does not completely protect against the attacks because the authentication protocols often leave ways for an unauthenticated client to consume a server's memory space and computational resources by initiating a large number of protocol runs and inducing the server to perform expensive cryptographic computations. We show how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent such attacks.
@InProceedings{AurNikLei00,
author = {Tuomas Aura and Pekka Nikander and Jussipekka Leiwo},
title = {{DOS}-resistant authentication with client puzzles},
booktitle = {Proc.\ Security Protocols Workshop 2000},
year = 2000,
month = apr,
address = {Cambridge, UK},
publisher = {Springer},
volume = 2133,
series = "LNCS",
pages = "170--181"
}
|
|
|
|
| 25. |
Tuomas Aura, Carl Ellison. Privacy and Accountability in Certificate Systems. Research Report A61, Laboratory for Theoretical Computer Science, Helsinki University of Technology, Espoo, Finland, April 2000. [PS][PDF]. Abstract: Discretionary access right management on the Internet and in other distributed communications systems is increasingly based on public-key identity and authorization certificates. The certificates pose a threat to privacy because they identify the owners and reveal the authorization relations between them. This paper overviews the privacy concerns and describes techniques for minimizing the amount of confidential information leaked about individuals and organizations. We also show how identity escrow certificates can ensure individual accountability without identity authentication. All the techniques can be implemented with SPKI certificates.
@TechReport{AurEll00,
author = {Tuomas Aura and Carl Ellison},
title = {Privacy and accountability in certificate systems},
institution = {Helsinki University of Technology,
Laboratory for Theoretical Computer Science},
year = 2000,
number = {A61},
type = {Reseach Report},
address = {Espoo, Finland},
month = apr
}
|
|
|
|
| 26. |
Jussipekka Leiwo, Pekka Nikander, Tuomas Aura. Towards network denial of service resistant protocols. in Proc. Sixteenth Annual Working Conference on Information Security (SEC2000), IFIP Series, Vol. 175, Beijing, China, August 2000, Kluwer Academic Publishers. [PS][PDF]. (See the Protocols workshop paper above for actual solutions.) Abstract: Networked and distributed systems have introduced a new significant threat to the availability of data and services: network denial of service attacks. A well known example is the TCP SYN flooding. In general, any statefull handshake protocol is vulnerable to similar attacks. This paper examines the network denial of service in detail and surveys and compares di erent approaches towards preventing the attacks. As a conclusion, a number of protocol design principles are identi ed essential in designing network denial of service resistant protocols, and examples provided on applying the principles.
@InProceedings{LeiNikAur00,
author = {Jussipekka Leiwo and Pekka Nikander and Tuomas Aura},
title = {Towards network denial of service resistant protocols},
booktitle = {Proc. IFIP SEC 2000},
???pages = {},
year = 2000,
???editor = {},
month = aug,
???publisher = {}
}
|
|
|
|
| 27. |
John R. Hughes, Tuomas Aura, Matt Bishop. Using conservation of flow as a security mechanism in network protocols . in Proc. 2000 IEEE Symposium on Security and Privacy, Oakland, CA USA, May 2000, pp.132-141, IEEE Computer Society Press 2000. [PS][PDF] Abstract: The law of Conservation of Flow, which states that an input must either be absorbed or sent on as an output (possibly with modification), is an attractive tool with which to analyze network protocols for security p roperties. One of its uses is to detect disruptive network elements that launch Denial of Service attacks by absorbing or discarding packets. Its use requires several assumptions about the protocols being analyzed. In this paper, we examine the WATCHERS algorithm to detect misbehaving routers. We show that it uses Conservation of Flow without sufficient verification of its assumptions, and can consequently be defeated. We suggest improvements to make the use of Conservation of Flow valid. |
|
|
|
| 28. |
Tuomas Aura, Matt Bishop, Dean Sniegowski. Analyzing single-server network inhibition. in Proc. 2000 IEEE Computer Security Foundations Workshop, Cambridge, UK, July 2000, pp. 108-117,IEEE Computer Society Press 2000. [PS][PDF][slides PS]. Abstract: Network inhibition is a denial-of-service attack where the adversary attempts to disconnect network elements by disabling a limited number of communication links or nodes. We analyze a common variation of network inhibition where the links have infinite capacity and the goal of the attacker is to deny connections from a single server to as many clients as possible. The problem is defined formally and shown to be NP complete. Nevertheless, we develop a practical technique for network-inhibition analysis based on logic programming with stable-model semantics. The analysis scales well up to moderate-size networks. The results are a step towards quantitative analysis of denial of service and they can be applied to the design of robust network topologies.
@inproceedings{AurBisSni00,
author = {Tuomas Aura and Matt Bishop and Dean Sniegowski},
title = {Analyzing single-server network inhibition},
month = jun,
year = 2000,
booktitle = {Proc.\ 13th IEEE Computer Security Foundations Workshop},
pages = "108--117",
address = {Cambridge, UK},
publisher = {IEEE Computer Society Press},
}
|
|
1999 |
|
| 29. |
Tuomas Aura, Dieter Gollmann. Software license management with smart cards. in Proc. USENIX Workshop on Smartcard Technology, Chicago, May 1999, pp. 75-85, USENIX Association 1999. [PS][PDF] Abstract: This paper describes public-key protocols for binding software licenses to tamper-resistant smart cards, for transferring licenses between cards, and for purchasing them on-line. The protocols support software distribution both through retail stores and over the Internet. The user can transfer licenses from several cards onto a single card to avoid juggling between several cards in the reader. The protocols are based on signed delegation certificates that are mostly stored outside the smart card. A smart card reader and cards capable of public-key signatures are the only new hardware needed. The protocols are easy for the user and simple to implement and analyze. We prove the security of the transfer protocol.
@InProceedings{AurGol99,
author = "Tuomas Aura and Dieter Gollmann",
title = "Software license management with smart cards",
booktitle = "Proc. USENIX Workshop on Smartcard Technology",
month = may,
year = 1999,
publisher = {USENIX Association},
address = {Chicago, IL USA},
pages = "75--85"
}
|
|
|
|
| 30. |
Tuomas Aura, Distributed access-rights management with delegation certificates , Secure Internet Programming: Security Issues for Distributed and Mobile Objects, J. Vitek and C. Jensen (Eds.), LNCS 1603, pp. 211-235, Springer 1999. [PS][PDF]. (Copyright 1999 Springer ) Abstract: New key-oriented discretionary access control systems are based on delegation of access rights with public-key certificates. This paper explains the basic idea of delegation certificates in abstract terms and discusses their advantages and limitations. We emphasize decentralization of authority and operations. The discussion is based mostly on the SPKI certificates but we avoid touching implementation details. We also describe how threshold and conditional certificates can add flexibility to the system. Examples are given of access control between intelligent networks services.
@InCollection{Aura99a,
author = "Tuomas Aura",
title = "Distributed access-rights management with delegation
certificates",
booktitle = "Secure Internet Programming -- Security Issues for
Distributed and Mobile Objects",
publisher = "Springer",
year = 1999,
HIDEeditor = "J. Vitek and C. Jensen",
volume = 1603,
series = "LNCS",
pages = "211--235"
}
|
|
1998 |
|
| 31. |
Tuomas Aura, Petteri Koponen, Juhana Räsänen, Delegation-based access control for intelligent network services , in proceedings of ECOOP Workshop on Distributed Object Security, Brussels, Belgium, July 1998. [PS][PDF]. Abstract: Delegation with public-key certificates appears to be a natural technique for access control between intelligent network (IN) service providers. It supports strongly the IN business model and fits well to an object-oriented design. In the Calypso project, we are implementing access control to Java-based IN services with SPKI delegation certificates.
@InProceedings{AurKopRas98,
author = {Tuomas Aura and Petteri Koponen and Juhana R {\"as\"a}nen},
title = {Delegation-based access control for intelligent
network services},
booktitle = {Proc. ECOOP Workshop on Distributed Object Security},
year = 1998,
address = {Brussels, Belgium},
month = jul
}
|
|
|
|
| 32. |
Tuomas Aura, Fast access control decisions from delegation certificate databases , in proceedings of 3rd Australasian Conference on Information Security and Privacy ACISP '98, Brisbane, Australia, July 1998, pp. 284-295, Lecture Notes in Computer Science 1438, Springer 1998. [PS][PDF]. Abstract: In new key-oriented access control systems, access rights are delegated from key to key with chains of signed certificates. This paper describes an efficient graph-search technique for making authorization decisions from certificate databases. The design of the algorithm is based on conceptual analysis of typical delegation network structure and it works well with threshold certificates. Experiments with generated certificate data confirm that it is feasible to find paths of delegation in large certificate sets. The algorithm is an essential step towards efficient implementation of key-oriented access control.
@InProceedings{Aura98b,
author = {Tuomas Aura},
title = {Fast access control decisions from
delegation certificate databases},
booktitle = {Proc. 3rd Australasian Conference on Information
Security and Privacy (ACISP '98)},
volume = {1438},
series = {LNCS},
year = 1998,
publisher = {Springer},
HIDEeditors = {Colin Boyd and Ed Dawson},
month = jul,
address = {Brisbane, Australia},
pages = {284--295}
}
|
|
|
|
| 33. |
Tuomas Aura, On the structure of delegation networks, in proceedings of 11th IEEE Computer Security Foundations Workshop, Rockport, Massachusetts, June 1998, pp. 14-26, IEEE Computer Society Press 1998. [PS][PDF]. Abstract: In new distributed, key-oriented access control systems such as SPKI, access right are delegated by a freely formed network of certificates. We formalize the concept of a delegation network and present a formal semantics for the delegation of access rights with certificates. The certificates can have multiple subjects who must jointly use the authority. Some fundamental properties of the system are proven, alternative techniques for authorization decisions are compared and their equivalence is shown rigorously. In particular, we prove that certificate reduction is a sound and complete decision technique. We also suggest a new type of threshold certificates and prove its properties.
@InProceedings{Aura98a,
author = {Tuomas Aura},
title = {On the structure of delegation networks},
booktitle = {Proc.\ 11th IEEE Computer Security Foundations Workshop},
year = 1998,
pages = "14--26",
address = {Rockport, MA USA},
publisher = {IEEE Computer Society Press},
month = jun,
url = "ftp://saturn.hut.fi/pub/aaura/aura-csfws98.ps"}
}
|
|
1997 |
|
| 34. |
Tuomas Aura, On the structure of delegation networks, Licentiate's thesis, December 1997, appeared as HUT Digital Systems Laboratory Report A48, December 1997. [PS][PDF],. (See also the CSFW'98 paper above.)
Abstract:
In new distributed, key-oriented access control systems access rights
are delegated by a freely formed network of certificates. For example,
the SPKI public-key infrastructure is being designed for this kind
of distributed trust management on the Internet.
@TechReport{Aura97c,
author = {Tuomas Aura},
title = {On the structure of delegation networks,
{L}icentiate's thesis},
institution = {Helsinki University of Technology,
Digital Systems laboratory},
number = "A48",
address = {Espoo, Finland},
month = dec,
year = 1997,
url = "file://saturn.hut.fi/pub/reports/A48.ps.Z"
}
|
|
|
|
| 35. |
Antti Huima and Tuomas Aura. Using multimodal logic to express conflicting interests in security protocols . In Proc. DIMACS Workshop on Design and Formal Verification of Security Protocols, NJ USA, September 1997.
@InProceedings{HuiAur97,
author = {Antti Huima and Tuomas Aura},
title = {Using multimodal logic to express
conflicting interests in security protocols},
booktitle = {Proc. DIMACS Workshop on Design and Formal
Verification of Security Protocols},
year = 1997,
address = {New Jersey, USA},
month = sep
}
|
|
|
|
| 36. |
Tuomas Aura, Pekka Nikander, Stateless connections, in proceedings of International Conference on Information and Communications Security ICICS'97, Beijing, November 1997, pp. 87-97, Lecture Notes in Computer Science 1334, Springer 1997. [PS][PDF]. Abstract: We describe a secure transformation of stateful connections or parts of them into stateless ones by attaching the state information to the messages. Secret-key cryptography is used for protection of integrity and confidentiality of the state data and the connections. The stateless protocols created in this way are more robust against denial of service resulting from high loads and resource exhausting attacks than their stateful counterparts. In particular, stateless authentication resists attacks that leave connections in a half-open state.
@InProceedings{AurNik97b,
author = {Tuomas Aura and Pekka Nikander},
title = {Stateless connections},
booktitle = "Proc. International Conference on Information
and Communications Security (ICICS'97)",
volume = 1334,
HIDEeditors = {Yongfai Han and Tatsuaki Okamoto and Sihan Qing},
pages = "87--97",
year = 1997,
address = "Beijing, China",
series = {LNCS},
publisher = {Springer},
month = nov
}
|
|
|
|
| 37. |
Tuomas Aura, Comparison of graph-search algorithms for authorization verification in delegation networks , in the proceedings of 2nd Nordic Workshop on Secure Computer Systems NORDSEC'97, Espoo, Finland, November 1997. [PS][PDF]. (See the ACISP'98 paper above.) Abstract: We describe and compare several algorithms for authorization decisions from a database of certificates. The algorithms are based on well-known graph-search techniques that we enhance to handle joint-delegation certificates. Experiments on generated certificate data were done to compare the efficiency of the algorithms.
@InProceedings{Aura97b,
author = {Tuomas Aura},
title = {Comparison of graph-search algorithms for authorization
verification in delegation networks},
booktitle = "Proc. 2nd Nordic Workshop on Secure Computer Systems
NORDSEC'97",
address = {Espoo, Finland},
year = 1997,
month = nov
}
|
|
|
|
| 38. |
Tuomas Aura, Johan Lilius, Time processes of time Petri nets, proceedings of 18th Int. Conf. on Application and Theory of Petri Nets (ATPN), Toulouse, June 1997, pp. 136-155, Lecture Notes in Computer Science 1248, Springer 1997. [PS][PDF]. Abstract: Time Petri nets are Petri nets extended with a notion of time, where the occurrence time of a transition is constrained by a static interval. The objective of this work is to give time Petri nets a partial order semantics based on the nonsequential processes semantics for untimed net systems. A time process of a time Petri net is defined as a traditionally constructed causal process that has a valid timing. This means that the events of the process are labeled with occurrence times which must satisfy specific validness criteria. These criteria are obtained by analyzing how the timing constraints interact with the causal ordering of the events in the net. An efficient algorithm for checking then validness of a given timing is sketched. Interleavings of the time processes are defined as linearizations of the causal partial order of events where also the temporal ordering of events is preserved. The relationship between the firing schedules of a time Petri net and the interleavings of the time processes of the net is shown to be bijective. Also, a sufficient condition is given for when the invalidity of timings for a process can be inferred from an initial subprocess. An alternative characterization for the validness of timings then results in an algorithm for constructing the set of all valid timings for a process. This set of all valid timings is presented as sets of alternative linear constraints from which the existence of a valid timing can be decided.
@InProceedings{AurLil97,
author = {Tuomas Aura and Johan Lilius},
title = {Time processes of time Petri nets},
booktitle = {Proc.\ 18th Int.\ Conf.\ on Application and
Theory of Petri nets (ATPN'97)},
volume = 1248,
series = {LNCS},
pages = "136--155",
year = 1997,
publisher = {Springer},
month = jun
}
|
|
|
|
| 39. |
Tuomas Aura, Strategies against replay attacks, in proceedings of 10th IEEE Computer Security Foundations Workshop, Rockport MA, June 1997, pp. 59-68, IEEE Computer Society Press 1997. (Copyright 1997 IEEE) [PS][PDF]. Abstract: The goal of this paper is to present a set of design principles for avoiding replay attacks in cryptographic protocols. The principles are easily applied to real protocols and they do not consume excessive computing power or communications bandwidth. In particular, we describe how to type-tag messages with unique cryptographic functions, how to inexpensively implement the full information principle with hashes, and how to produce unique session keys without assuming mutual trust between the principals. The techniques do not guarantee security of protocols, but they are concrete ways for improving the robustness of the protocol design with relatively low cost.
@InProceedings{Aura97a,
author = {Tuomas Aura},
title = {Strategies against replay attacks},
booktitle = {Proc.\ 10th IEEE Computer Security Foundations Workshop},
year = 1997,
address = {Rockport, MA USA},
pages = "59--68",
publisher = {IEEE Computer Society Press},
month = jun
}
|
|
|
|
| 40. |
Tuomas Aura, Pekka Nikander Stateless connections, HUT Digital Systems Laboratory Report A46, May 1997. [PS][PDF],. (See also the more concise ICICS'97 paper above.) Abstract: We describe a transformation of stateful connections or parts of them into stateless ones by attaching the state information to the messages. Message authentication codes are used for checking integrity of the state data and the connections. The stateless server protocols created in this way are more robust against denial of service resulting from high loads and resource exhausting attacks than their stateful counterparts. In particular, stateless authentication resists attacks that leave connections in a half-open state. Examples of problems related to statefulness and solutions to them shown for the X.509, ISAKMP, TCP and HTTP protocols.
@TechReport{AurNik97a,
author = {Tuomas Aura and Pekka Nikander},
title = {Stateless connections},
institution = {Helsinki University of Technology,
Digital Systems laboratory},
year = 1997,
address = {Espoo, Finland},
number = "A46",
month = May,
url = "file://saturn.hut.fi/pub/reports/A46.ps.Z"
}
|
|
1996 |
|
| 41. |
Tuomas Aura, Practical invisibility in digital communication, in proceedings of the Workshop on Information Hiding, Cambridge, England, May 1996, pp. 265-278, volume 1174 of Lecture Notes in Computer Science, Springer 1996. [PS][PDF]. Abstract: This paper gives an overview of cryptographically strong mass application invisibility in digital communication. It summarizes principles and methodology, clarifies terminology, and defines some new concepts. A new algorithm for hiding bit selection in digital images is proposed and an experimental implementation of the algorithm is described. Finally, the paper closes with a discussion of the implications of the availability of invisible communication.
@InProceedings{Aura96b,
author = {Tuomas Aura},
title = {Practical invisibility in digital communication},
booktitle = {Proc. First Int.\ Workshop on Information Hiding},
volume = 1174,
series = {LNCS},
year = 1996,
pages = "265--278",
publisher = {Springer}
}
|
|
|
|
| 42. |
Tuomas Aura, Time processes of time Petri nets, Master's thesis, February 1996, appeared as HUT Digital Systems Laboratory Report A38, August 1996. [PS][PDF]. (See also the more concise ATPN paper and the TCS article above.) Abstract: The objective of this thesis is to give time Petri nets a partial order semantics, like the nonsequential processes of untimed net systems. A time process of a time Petri net is defined as a traditionally constructed causal process with a valid timing. This means that the events of the process are labeled with occurrence times which must satisfy specific validness criteria. An efficient algorithm for checking validness of known timings is presented. Interleavings of the time processes are defined as linearizations of the causal partial order of events where also the time order of events is preserved. The relationship between firing schedules of a time Petri net and the interleavings of the time processes of the net is shown to be bijective. Also, a sufficient condition is given for when the invalidity of timings for a process can be inferred from its initial subprocess. An alternative characterization for the validness of timings results in an algorithm for constructing the set of all valid timings for a process. The set of all valid timings is presented as sets of alternative linear constraints, which can be used in optimization problems. The techniques developed can be used to compute, for example, the maximum time separation of two events in a process. The existence of a valid timing for a given process can be decided in NP time.
@MastersThesis{Aura96a,
author = {Tuomas Aura},
title = {Time processes of time Petri nets, Master's Thesis},
school = "Helsinki University of Technology,
Digital Systems Labratory",
year = 1996,
month = feb,
note = {appeared as HUT Digital Systems Lab. Technical Report A38,
August 1996},
annote = {Received the annual Pro Gradu award of the The Finnish
Society for Computer Science for a distinguished
Master's thesis in computer science in 1995-96.}
}
|
|
1995 |
|
| 43. |
Tuomas Aura, Modelling the Needham-Schröder authentication protocol with high level Petri nets , Digital Systems Laboratory Report B14, September 1995. [PS][PDF],. Abstract: This paper gives an overview of cryptographically strong mass application invisibility in digital communication. It summarizes principles and methodology, clarifies terminology, and defines some new concepts. A new algorithm for hiding bit selection in digital images is proposed and an experimental implementation of the algorithm is described. Finally, the paper closes with a discussion of the implications of the availability of invisible communication.
@TechReport{Aura95,
author = "Tuomas Aura",
title = "Modelling the {Needham-Schr{\"o}der} authentication protocol
with high level {P}etri nets",
institution = "Helsinki University of Technology,
Digital Systems Labratory",
year = 1995,
address = {Espoo, Finland},
number = "B14",
month = sep,
url = "file://saturn.hut.fi/pub/reports/B14.ps.Z"
}
|
|
|
|