Readings in Network Security

1. T.Y.C. Woo and S.S. Lam, "Authentication for Distributed Systems", Computer, 25(1), 1992. See also "Authentication" revisited, Computer, 25(3), 1992.

2. R. Needham and M. Schroeder, "Using Encryption for Authentication in Large Networks of Computers", Communications of ACM, 21(12), 1978.

3. L. Lamport, "Password Authentication with Insecure Communication", Communications of ACM, Vol. 24, 1981.

4. R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, and M. Yung, "The KryptoKnight Family of Light-Weight Protocols for Authentication and Key Distribution", IEEE/ACM Trans. on Networking, 3(1), 1995.

5. M. Abadi and R. Needham, "Prudent Engineering Practice for Cryptographic Protocols", IEEE Transaction on Software Engineering, 21(1), 1996.

6. L. Gong, M. Lomas, R. Needham, and J. Saltzer, "Protecting Poorly Chosen Secrets from Guessing Attacks", IEEE Journal on Selected Areas in Communications, 11(5), 1993.

7. S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical Network Support for IP Traceback", in Proceedings of ACM SIGCOMM, 2000.

8. J. Millen, "A resource allocation model for denial of service", in Proceedings of the 1992 IEEE Symposium on Security and Privacy, 1992.

9. S. Bellovin, "Security Problems in the TCP/IP Protocol Suite", Computer Communication Review, 19(2), 1989.

10. D. Denning, "An Intrusion-Detection Model", in Proceedings of the 1986 IEEE Computer Society Symposium on Research in Security and Privacy, 1986.

11. S. Axelsson, "The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection", in Proceedings of the 6th ACM Conference on Computer and Communications Security, 1999.

12. V. Paxson, "Bro: A System for Detecting Network Intruders in Real-Time", Computer Networks, 31(23-24), 1999.

1. G. S. Vernam. Cipher printing telegraph systems for secret wire and radio telegraphic communications. Journal of the American Institute for Electrical Engineers 22: 109-115, 1926. (Note: This is the one-time pad paper. The paper may not be easy to find. However, it is easy to have a write-up of the one-time pad scheme, its provable perfect secrecy, and its limitations).

2. R. L. Rivest, A. Shamir, and L. M. Adleman. A Method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21,2 (Feb. 1978), 120-126.

3. M. O. Rabin. Digitalized signatures as intractable as factorization. Technical Report MIT/LCS/TR-212, MIT LCS, 1979.

4. T. El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31:469-472, 1985.

5. U. Feige, A. Fiat and A. Shamir, Zero-knowledge proofs of identity, Journal of Cryptography 1 (1988), 66-94.

6. M. Bellare, R. Canetti and H. Krawczyk, Keying hash functions for message authentication, Advances in Cryptology - CRYPTO '96, Lecture Notes in Computer Science, vol. 1109, Springer-Verlag, 1996, pp. 1-15. http://www-cse.ucsd.edu/users/mihir/crypto-research-papers.html

7. Electronic Frontier Fountain. Cracking DES. http://www.eff.org/descracker/

8. The AES (Rijndael) encryption scheme. http://csrc.nist.gov/encryption/aes/rijndael/

9. D. Chaum, Blind signatures for untraceable payments, Advances in Cryptology - Crypto '82, Springer-Verlag (1983), 199-203.

10. D. Boneh. Twenty years of attacks on the RSA cryptosystem. In Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203--213, 1999. http://crypto.stanford.edu/~dabo/pubs.html

Papers that refer to the following topics are available from the CS6238 class web page, Fall 2001.

Design principles of secure systems

• The protection of information in computer systems
• More recent work on memory protection.. Intra-Address Space Protection Using Segmentation Hardware

• Passwords, pin protected cards, one time passwords, biometrics etc.
• Password Security: A Case History
• Unix Password Security: 10 Years Later
• The Design and Analysis of Graphical Passwords
• The S/Key One-time Password System
• Password Hardening Based on Keystroke Dynamics

• Discretionary access control
  • Access control lists (ACLs) and capabilities, implementation of access control (Multics, Unix, Java), capabilities in Hydra, confinement and revocation.
  • Protection
  • Going Beyond the Sanbox: New Security Architectures in JDK 1.2
  • Improving the Granularity of Access Control in Windows NT, ACM SACMAT, 2001.
  • Multics Home Page
  • EROS: A Fast Capability System
• Mandatory access control
  • MAC models and their implementation
  • Bell and La Padula Report -- Secure Computer Systems
  • Providing Policy Control Over Object Operations in a Mach Based System
  • Role-based Access Control (RBAC)
• Other Models
  • Information Flow Models
  • A Decentralized Model for Information Flow
  • Clark-Wilson and Chinese Wall security policies

• A note on the confinement problem
• Authentication for Distributed Systems
• A Global Authentication Service without Global Trust