SELS: A Secure E-mail List Service Himanshu Khurana, Adam Slagell, Rafael Bonilla NCSA, University of Illinois Appeared in the ACM Symposium of Applied.

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Digital Signatures and Hash Functions. Digital Signatures.
PGP Overview 2004/11/30 Information-Center meeting peterkim.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Principles of Information Security, 2nd edition1 Cryptography.
Core Web Service Security Patterns
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Security Management.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Guide to Operating System Security Chapter 10 Security.
Computer Science Public Key Management Lecture 5.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Secure Electronic Transaction (SET)
Scalable Security and Accounting Services for Content-based Publish/Subscribe Systems Himanshu Khurana NCSA, University of Illinois.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Cryptography, Authentication and Digital Signatures
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
Network Security David Lazăr.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
SeCol: Secure Collaborative Applications using Group Communication and Publish/Subscribe Systems Himanshu Khurana NCSA.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
Private key
2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.
Network Security Celia Li Computer Science and Engineering York University.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
An electronic phytosanitary certificate. Is NOT a copy of a printed phytosanitary certificate that is ed. Is a secured data set using XML for transmission.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
The Secure Sockets Layer (SSL) Protocol
Key management issues in PGP
Von Welch Emerging NCSA Security R&D NSF CyberSecurity Summit September 28th, 2004 Von Welch
Computer Communication & Networks
Public Key Infrastructure
Secure Electronic Transaction (SET) University of Windsor
The Secure Sockets Layer (SSL) Protocol
Chapter 4 Cryptography / Encryption
Scalable Group Key Management with Partially Trusted Controllers
PGP CSC 492 Presentation May 2, 2007 Brandon Skari Ruby Matejcik.
Presentation transcript:

SELS: A Secure List Service Himanshu Khurana, Adam Slagell, Rafael Bonilla NCSA, University of Illinois Appeared in the ACM Symposium of Applied Computing, Santa Fe, NM, March 2005

Introduction to List Services List Services (ELSs) comprise List Moderator (LM) – user/process that creates lists and controls list membership List Server (LS) – maintains list and membership information, forwards s, and optionally archives them User/subscribers – subscriber to/ unsubscribe from lists with the help of LM, and send/receive s with the help of LS Increasingly popular for exchange of both public and private content  security is an important concern E.g., there are over 300,000 registered lists on LISTSERV but less than 20% of them serve public content Unlike two-party exchange, little or no work in providing security solutions for ELSs We provide solutions for confidentiality, integrity, authentication, and anti-spamming

Contribution: SELS; Solutions for Confidentiality Extending two-party solution would expose plaintext at LS We wish to minimize trust liability in LS Solution using proxy encryption techniques whereby the plaintext is not exposed at LS; instead, LS simply transforms encrypted messages LS archives s in encrypted form and provides access on-demand Integrity and authentication Solution using digital signatures where certificate validation (w.r.t. list membership) is provided by LM Anti-spamming Use digital signatures with LM providing certificate validation Use MACs as a cheaper alternative with LS participating actively

SELS Overview LMLS U1 U2 U3 Send signed, encrypted, and HMACd Verify HMAC, transform and forward Verify HMAC, decrypt and verify signature Assumptions LM is an independent entity not controlled by LS Subscription s between user, LM, and LS can be secured (e.g., PGP, passwords) Create Group Establish List Key K LM Establish Corresponding List Key K LS LM, LS implicitly agree K LK = K LM + K LS is list key Subscribe Establish Private key K U1 HMAC Key H U1 Establish Corresponding Private key K’ U1, HMAC Key H U1 K LK = K U1 + K’ U1

Sending s Base-64 encoded Plaintext m Encrypt (m,Sig(m)) w/ k (AES, 3DES) Encrypt (k) w/ PK A (SELS/El Gamal) Header Sig(m) w/ SK A (RSA, DSA) H(X) w/ H UA (SHA-1) X Base-64 encoded Transform k W/ K’ UA, K’ UB (SELS Proxy Re-encryption) Header Plaintext m Encrypt (m,Sig(m)) w/ k (AES, 3DES) Sig(m) w/ SK A (RSA, DSA) H(Y) w/ H UB (SHA-1) Y Key Store: Members’ corresponding private keys K’ Ui and HMAC Keys H Ui Alice LS Key Store: (SK A, PK A ),H UA Bob LS Key Store: (SK B, PK B ), H UB

Recent Work: Formal Verification and Implementation Formal Verification with Proverif Fully automated protocol verification tool based on pi calculus Verified that SELS provides confidentiality and anti- spamming Implemented SELS Prototype in Java Integrated with Eudora Client via command-line interface Integrated with GnuPG Toolkit for standard Signature and Encryption operations Work in Progress Plugin for Eudora, Thunderbird, GnuPG Integration with Majordomo/Mailman list server software

Paper available at

FAQ’s Why can’t we distribute encryption keys and have users send out s to everyone? More computational burden on user Extremely large encryption headers Cannot have immediate revocation Why can’t we just eliminate digital signatures, aren’t HMACs sufficient? Easier recovery from compromised / misbehaving LS. We want end-to-end authentication, not transitive trust through the LS.