We study various aspects of security related to computer systems. This includes the design and analysis of cryptographic protocols (especially authentication), the design of secure systems, the usability, evaluation and certification of security products, the robustness of digital watermarking algorithms, and the relation between security and privacy.

Primary Contact: Luca Cardelli
Aura, Tuomas	Becker, Moritz	Photo Not Available Roe, Michael
Affiliate Members
Benaloh, Josh	Bhargavan, Karthik	Cai, Xiongfei	Gordon, Andy
Photo Not Available Jakubowski, Mariusz	Kirovski, Darko	Petitcolas, Fabien	Zhang, Ye
Zhu, Bin

Cryptographically Generated Addresses

Cryptographically generated addresses (CGA) are IPv6 addresses where up to 64 address bits are generated by hashing the address owner's public key. The address owner uses the corresponding private key to assert address ownership and to sign messages sent from the address without a PKI or other security infrastructure. The CGA-based authentication can be used to protect IP-layer signaling protocols including neighbor discovery and mobility protocols. It can also be used for key exchange in opportunistic IPSec.

Foundations of Security

A narrow focus on technology often ignores fundamental changes in the environments where we are striving for security. For example, familiar security concepts originate from enterprise security where user identities are useful security parameters because users can be physically apprehended and authentication (checking who is making a request) is an integral part of access control. However, a stereotype in todays security discussions is global e-business dealing with unknown parties from any part of the globe. Authenticating a person we cannot apprehend may buy little security and other access control parameters (e.g. code based permissions) may be more appropriate.

Mobile IPv6 Security

In the Mobile IPv6 protocol, the mobile node sends binding updates to its correspondents to inform them about its current location. This location information must be authenticated but traditional authentication mechanisms, such as PKI, do not work well between arbitrary Internet nodes. We have studied "infrastructureless" protection mechanisms that do not need any new security infrastructure. We also identified previously unknown threats created by location management that go beyond unauthentic location data. In particular, the attacker can redirect data to bomb third parties and induce unnecessary authentication. Our threat analysis and assessment of the defense mechanisms formed the basis for the design of a secure location management protocol for the standard Mobile IPv6 protocol. Many of the same threats should be considered when designing any location management mechanism for open networks.

Public Key Infrastructures

We have been helping Microsoft's legal department to understand the implications of the recent government legislation in this area, such as the EU Digital Signature Directive, the German Signaturgesetz, and the UK Electronic Commerce Bill.

Security of Mobility Protocols

When IPv6 Neighbor and Router Discovery functions were defined, it was assumed that the local link would consist of mutually trusting nodes. However, the recent developments in public wireless networks, such as WLANs, have radically changed the situation. The nodes on a local link cannot necessarily trust each other any more, but they must become mutually suspicious even when the nodes have completed an authentication exchange with the network. This creates a number of operational difficulties and new security threats.

Computational Number Theory

Number Theory is the study of the mathematical properties of, and relationships between, integers and some of their close relatives such as rational numbers (i.e., fractions) and algebraic numbers (roots of polynomials). Computational Number Theory (CNT) is the use of computational techniques to solve problems which arise in number theory, to gain insights into how such problems may be solved theoretically, and to explore unknown territory in the expectation that new understanding will be gained thereby. Number theory, computational or otherwise, was once thought to be completely useless. Today it is an important part of many fields including cryptography, theoretical physics and economics. The need for very large amounts of computation to solve some problems in CNT has driven developments in high performance computing which are valuable in other fields; some CNT algorithms are widely used for reliability testing of computer hardware.

NFSNET

The NFSNET project was set up in 2002 to factor large integers by the Number Field Sieve (NFS), in part through the efforts of many contributors around the world. The NFS is currently the best large-integer factoring algorithm which does not depend on the size of the prime factors. An important sub-algorithm is fairly easy to distribute over many computers, thereby sharing the computational load albeit at the cost of having to coordinate and communicate with the contributing machines. The other parts of the NFS algorithm perform large-scale computations on large data sets and need to run either on very large single machines or on parallel computers, such as the cluster at Microsoft Research Cambridge. More information on the NFSNET project can be found at http://www.nfsnet.org.

Access Enabling Wallets on User Controlled Devices

We want to support a wallet of access enabling instruments based on devices users own (e.g., PDAs, mobile phones, smartcard readers). To this end, we implemented an HTTP server on a SIM based on Microsoft Windows for SmartCard. A SIM is currently a security module (smart card) fitted into a GSM mobile phone. So by putting an HTTP server in the SIM, the phone and SIM become a personal security server in the Internet. Contact: Kai Rannenberg.

Automated Evaluation of Digital Watermarking Systems

Digital watermarking has been presented as a solution to copy protection of multimedia objects and dozens of schemes and algorithms have been proposed. However, the requirements, tools and methodologies to assess the current technologies are almost non-existent. Together with researchers at INRIA and GMD we are addressed this problem by having a public benchmarking service. More information is provided on the StirMark Benchmark web page. Contact: Fabien Petitcolas.

Mobile IPv6 Implementation

A working implementation of Mobile IPv6 for Windows 2000 was produced in collaboration with researchers at Lancaster University. Contact: Michael Roe.

WiTness - Wireless Trust for Mobile Business

Witness contributes application-level security for Mobile Business to 3rd Generation Wireless Networks. The projects focus is security platforms and security services in mobile devices and smart cards; suitable interfaces to applications will allow integrating application-level security to wireless applications like mobile business. The projects focus is enterprise applications, which lay the technological foundation for maintaining Europes leadership in Mobile Commerce. Contact: Kai Rannenberg.