Research activity in 1997
a) Public key systems and certification [2,3,5]
This research is concerned with public key certification in distributed environments, proposing a certification scheme to exchange documents that are digitally signed. Certification is the weakest point of cryptographic and authentication systems based on public keys. Thus, it is the real condition for security in every kind of network transaction that has to be private and associated in an unambiguous way to a unique user. In fact, if the public key is associated to a person different from the legitimate owner, the system is compromised, and it is possible to read reserved messages and to prepare false digital signatures. Certification avoids wrong associations of public keys. However, certification brings about a complex set of problems, made even more difficult by the possibility that the legitimate key pair owner loses his private key. For this reason the certification is at the base of almost all computer network security systems, and is treated explicitly by standards such as X.509. Our system, proposed in collaboration with the University of Cambridge, includes the implementation of a separate authority dedicated to delete the public key certificates that are no longer valid. Log file records are bound in a chain of hash values, so that they may not be deleted by the authority in an undetected way. The system has been implemented and a series of experiments is starting to integrate the above certification system with a few browser and mail services available on the market, both in Unix and Windows NT environments. Through this structure it will be possible to obtain a number of secure services that require signed and/or encrypted documents to be sent.
a.1) Secure Mailtools
In this research we studied PGP (Pretty Good Privacy), the most popular mail encryption and signature tool available worldwide. Within the context of two undergraduate theses, that were supervised by the security group, a public domain program, named "ACT", was implemented. This tool is compatible with PGP (versions prior to 5.0), but solves some of its weaknesses.
a.2) Digital Signatures [5]
The research was about the study of the mechanism to generate digital signatures based on public key algorithms. In collaboration with the University of Cambridge we made a new and alternative proposal to generate digital signatures based only on hash function chains. This mechanism turns out to be more efficient than the traditional approaches, and moreover it does not involve all the problems connected to the restrictions imposed by some countries about the export of encryption software.
b) Secure WWW [2]
The research is concerned with authentication and privacy in the World Wide Web. The security of the transactions is guaranteed using public key systems, together with the certification scheme described above. The implementation is based on the original HTTP protocol and on commercial browsers. It is obtained through Java applets associated to the client, that silently transform the base HTTP transaction into an exchange of encrypted and authenticated information. The actual communication is not carried out at the HTTP level, but between application processes that are added for this task, both on the client host and on the server. The idea is an alternative w.r.t. the SHTTP protocol, that modifies the standard HTTP format, and also w.r.t. SSL, that works at the level of the communication software. The advantage is a quicker integration with the pre-existent tools. We are finishing the implementation of a prototype that will be also used to address some of the aspects we study in the context of public key certification.
c) Password systems [4] and access control [6]
Another aspect of our research is related to the important problem of password checking. User passwords tend to be weak, and checking at the time of password creation or change is highly recommended. Although there are more sophisticated authentication systems - like those based on dedicated hardware (for instance a smartcard) or those asking for an answer to a "challenge" – the most common systems are based on passwords. This as a consequence of their semplicity: they can be integrated in every environment without dedicated hardware and with well known user interfaces. In order to prevent bad password choices, the user passwrod is usually confronted with a dictionary, with implementation difficulties that are related to checking time and especially space to store the dictionary. We have developed a proactive password checking method that can lead to very high dictionary compression, with low error rates, under one per cent. On the basis of the classification alghorithm, the password checker ProCheck has been implemented as a patch for the Unix command passwd. ProCheck is freely distributed from http://maga.di.unito.it, and versions for SunOS, Ultrix and OSF1 are available. The research is described in [4].
Within the same context, the research group is carrying out an extensive research to detect unauthorized accesses through the observation of user behavior. For several months, a few volunteers were monitored during their normal work at the computer. Parameters such as log-in time, typing speed, executed commands, and so on, were gathered and stored for every user. A model of each user was then built from these parameters and used to classify further connections as "legal" or "illegal" (i.e. not originated by the owner of the account used in the connection). A 90% accuracy was achieved, on the average, in the classification of new connections within the first ten minutes of the log-in session [6].
d) The X.500 protocol Directory (Franco Sirovich)
The X.500 protocol directory allows to realize a sophisticated distributed database with a partial reproduction of the database. Substantially, it is a free scheme with research functions for the database content. In the 1992 standard from ISO and CCITT, the functionality of the X.500 service was extended introducing access control. Basic Access Control functionalities have been studied, and an algorithm was developed to verify at runtime the access control for a generic X.500 database. Search functionalities of the database require a sophisticated access to the data, even more complicated by the free scheme of the database. Prefix B*Tree techniques have been applied to obtain such functionalities.
X.500 is particularly interesting to obtain uniform external accesses to a particular subset of the database. In this case, X.500 must not be realized from scratch, but simply as a front-end of an exisisting database, such as a SQL. A first implementation of the service on a projection of a generic database SQL was realized. The implementation allows to define which part of the database must be accessed from the outside through X.500, and in which way the database model of the data must be `published' in the X.500 data model.
With the development of applications on computer networks, the problem of managing complex network systems became more and more important. Both within ISO/ITU and Internet, specific protocols and informative models have been developed to realize a distributed system to handle both network elements and distributed network applications. The two network management models are not equivalent, even if a comparative study of them points out interesting analogies. Cryptographic key management in a security system for telecommunications is an interesting area to apply the management model and the corresponding OSI protocols.
Within ITU/CCITT, managing standard of OSI have been profiled following a particular structure known as TMN (Telecommunication Management Network), that allows to implement large managing network for telecommunication systems. This architecture was chosen by all of the European service providers, and Extra-European providers are conforming. This TMN architecture was applied to the implementation of managing agents for ATM switches for X.400 electronic mail systems.
1997 Publications
[1] F. Bergadano, A. Giallombardo, A. Puliafito, G. Ruffo, and L. Vita. Security Agents for Information Retrieval in Distributed Systems. Parallel Computing, 4(22): 1719-1731, 1997.
[2] F. Bergadano, B. Crispo, and M. Lomas. Strong Authentication and Privacy with Standard Browsers. Journal of Computer Security, 1997.
[3] B. Crispo and M. Lomas. A Certification Scheme for Electronic Commerce. In Proc. Security Protocols Int. Workshop. LNCS 1189, pages 19-32, Springer-Verlag, 1997.
[4] F.Bergadano, B.Crispo, and G.Ruffo. Proactive Password Checking with Decision Trees. In Proc. od ACM Computer and Communication Security Conference, pages 67-76, 1997.
[5] R. Anderson, F. Bergadano, B. Crispo, J. Lee, C. Manifavas, and R. Needham. A New Family of Authentication Protocols. Technical Report, 1997. (Submitted for publication).
[6] F. Bergadano, D. Gunetti and G. Ruffo. Online Anomaly Detection in a Real Network Environment. Technical Report, 1997. (Submitted for publication).
Software Products (distributed from http://maga.di.unito.it)
ProCheck – a public domain implementation of a proactive password checker, for several Unix platforms. An implementation for Windows NT and Linux is under way. ProCheck will reject, with high probability, weak user passwords that occur in a large 28Mbyte dictionary. However, ProCheck only requires 24Kbytes of disk space.
ACT – a cryptographic tool developed as part of two undergraduate theses, in collaboration with the security group. ACT uses PGP2.6.3i, with the possibility of using TripleDES instead of the IDEA symmetric cipher, and SHA-1 instead of the MD5 message digest. ACT is compatible with every PGP file (versions prior to 5.0).
