DIPARTIMENTO   DI   INFORMATICA
Università di Torino

 

 

 

 

Research Report Year 2003

Computer Science


Computer Systems and Networks

Security and Computer Networks

- People

Last and first name

Position

Email

Bergadano Francesco

Full Professor

bergadan(at)di.unito.it

Sirovich Franco

Full Professor

franco(at)di.unito.it

Gunetti Daniele

Associate Professor

gunetti(at)di.unito.it

Ruffo Giancarlo

Researcher

ruffo(at)di.unito.it

Cavagnino Davide

Researcher

cavagnino(at)di.unito.it

Nesta Andrea

PhD. Student

camerano(at)di.unito.it

Dal Checco Paolo

PhD. Student

dalchecco(at)di.unito.it

Musarra Alessandro Temporary Researcher musarra(at)di.unito.it

 

- Research activity in 2003

The group's work in Security and Computer Network started in 1994, with special interest in public key systems as a basis for applications in secure wide area network communications. Since then, ten students have graduated with a thesis in network security, supervised by Prof. Bergadano. This activities continued until the present day, with significant collaboration with the University of Cambridge. This collaboration has included research on such issues as public key certification, innovative digital signature mechanisms, and WWW security. From 1994 until 1996, research activities in the area of secure agent architectures were investigated, in collaboration with Prof. Vita, at the University of Messina. In 1996, activities in computer security were also started, especially in the areas of password checking, intrusion detection and Web Security. Other undergraduate theses are under completion in this area, also supervised by Prof. Bergadano. On the other hand, in the wider area of computer networks, Prof. Sirovich has investigated the ISO/OSI protocols during the past ten years, with special reference to network management and directory services.
A list of the activities for year 2003 follows.

a) Multicast Authentication
In a multicast transmission context, it may be important to securely determine the origin of data, i.e. authenticate the sender. We worked on some solutions that may be applied to this problem. In particular, we studied the properties of a protocol we previously developed, and we have under development some improvements to that protocol. These improvements are oriented to allow the operation of the protocol in an environment in which there may be data losses, trying to maintain the efficiency characteristic in the generation and exchange of the authentication information.

b) Internet Traffic Certification and Analysis
There are contexts in which accesses to a web site should be controlled and verified, producing statistical data that are reliable and useful for the end user. By reliable we mean that the logged information on the web accesses correctly describes the interaction between the client and the server in terms of IP address and requested resource. We are developing solutions that satisfy the previous requirements, and that, at the same time produce usable information for users needing usage data of a web site.

c) User Identification within biometric analysis
We try to ascertain user identity through the way individuals type on a computer keyboard. Using an original method able to compute the ''distance'' between two typing samples, we were able to reach an accuracy of less than 4% of false alarms and of less than 0.01% of unspotted impostors, for typing samples of fixed text long about 700 characters. We are now working of the extension of our application to completely free text, that is, text chosen and entered by the users because of their normal job. This will allow us to monitor individuals that have already passed the authentication phase and are using a computer. Individual showing typing habits different by those described in the profile of the account they are using will in this way be identified as potential intruders.

d) Proactive Password Checking
The important problem of user password selection is addressed and a proactive password checking technique is proposed. In a training phase, a decision tree is generated based on a given dictionary of weak passwords. Then, the decision tree is used to determine whether a user password should be accepted. Experimental results described here show that the method leads to very high dictionary compression (from 100 to 3 in the average) with low error rates (of the order of 1%). We survey previous approaches to proactive password checking, and provide an in-depth comparison. EnFilter, a tool based on that technique, is also available.

e) Lightweight Security for Internet Polls
We have investigated the security of Polls in an open Internet scenario, where (1) clients cannot be customized or initialized in any way, (2) remote networks have arbitrary architectures including possible proxies and NAT, and (3) it is practically impossible to distribute tokens or passwords. Another requirement is that IP locking cannot be used, because it prevents a large number of legal votes. We have developed a method that is not based on IP-locking and yet is secure against automated attacks, that could massively change the result of the poll.

f) Web Performance
The World Wide Web is one of the most used interfaces to access remote data and commercial and non commercial services and the number of actors involved in these transactions is growing very quickly. Everyone using the Web, experiences how the connection to a popular web site may be very slow during rush hours and it is well known that web users tend to leave a site if the wait time for a page to be served exceeds a given value. Therefore, performance and service quality attributes have gained enormous relevance in service design and deployment. This has led to the development of Web stressing tools largely available in the market. One of the most common critics to this approach, is that synthetic workload produced by web stressing tools is far to be realistic. Moreover, Web sites need to be analysed for discovering commercial rules and user profiles, and models must be extracted from log files and monitored data. We deal with a methodology based on the integrated usage of web mining techniques and standard web monitoring and assessment tools. This is a joint research with CSP S.ca.r.l.

 

 

- 2003 Publications

o F. Bergadano, D. Gunetti and C. Picardi. Identity Verification through Dynamic Keystroke Analysis. (IDA), 7(5), 2003
o G. Ballocca, P. Politi, G. Ruffo Integrated Techniques and Tools for Web Mining, User Profiling and Benchmarking analysis in Proc. of CMG'03 Roma (Italy).

 

- Software Products

a) EnFilter
EnFilter is our password Enforcement and Filter tool, designed for being fully integrated with Windows 2K/XP Operating Systems. It is able to proactively force users to select good passwords against Dictionary based attacks and it can be furhter configured by systems administrators to allow Windows password manager respecting different password filtering policies. The software can be downloaded at the url: http://security.di.unito.it/software/enfilter/index.php

b) CBMG Buider
Customer Behavior Model Graphs (CBMG) are largely use in Capacity Planning when the system under test is a Web Farm. We implemented a tool which gives web analysts the chance to automatically extract CBMGs from log files and other information available at server side.

 

- Research grants

a) WebMinds (FIRB)
We are granted by the Italian Ministry of Education and Research (FIRB research fund). WebMinds is the acronym for Wide-scalE, Broadband, MIddleware for Network Distributed Services.

b) WTLAB (CSP)
CSP S.ca.r.l. granted our research in the field of Web Technolgy.
c) Computer and Network Security
Local University Grant.

 

Department home

[Information] [People] [Research] [Ph.D.] [Education] [Library] [Search]
[WAP Site] [Administration] [Services] [Hostings] [News and events]

 

Administrator: wwwadm[at]di.unito.it

Last update: May 05, 2004