List Watch. IEEE Cipher Issue E69, E69.Nov-2005

Items from security-related news (E69.Nov-2005)

Special to Cipher, IETF Revises TLS Protocol Specification, by Eric Rescorla and Russ Housley

Transport Layer Security (TLS) [1] is probably the most widely used Internet security protocol. TLS provides a generic secure channel abstraction for use by upper layer application protocols. While originally designed for use with HyperText Transfer Protocol (HTTP) [2], it is also used to secure a wide variety of protocols ranging from the Simple Mail Transport Protocol (SMTP) [3] to the Session Initiation Protocol (SIP) [4].

The IETF has revised TLS, creating TLS 1.1 [5], to address some vulnerabilities and to add new functionality:

The initial IETF version of TLS, TLS 1.0, was a revision of the Secure Sockets Layer (SSL) version 3. TLS 1.0 was published in January 1999. TLS 1.1 was approved by the IESG last July, and it is currently in the IETF RFC Editor Queue. TLS 1.1 contains minor improvements to address some recent attacks [6,7] on the Cipher-Block Chaining (CBC) encryption modes used with DES, 3DES, and AES. TLS 1.1 also clarifies a number of interoperability issues.

Addition of Camellia Cipher Suites to Transport Layer Security [8] adds support for the Camellia algorithm, which has been standardized by the NESSIE initiative.

Addition of SEED Cipher Suites to Transport Layer Security [9] adds support for the SEED algorithm, which is a Korean national standard developed by KISA (Korean Information Security Agency).

Pre-Shared Key Ciphersuites for Transport Layer Security [10] allows clients and servers to use a shared symmetric key to authenticate the creation of a TLS connection. This mode is expected to be useful by itself as well as for integration with other authentication protocols. This document is also in the RFC Editor Queue.

The TLS Working Group has finished the specification for the use of Elliptic Curve Cryptography (ECC) with TLS [11]. IETF Last Call of this document will complete on November 22nd, and then the IESG will begin its review. The document might be in the RFC Editor queue before the end of the year.

In the wake of the recent attacks on MD5 and SHA-1, the TLS Working Group is begining work on TLS 1.2, which will start the transition away from those one-way hash functions. In addition, the TLS Working Group has recently adopted a work item to develop counter mode (CTR) cipher suites for AES. These cipher suites will allow the security of AES with the same low packet space overhead of the RC4 stream cipher.

[1] T. Dierks and C. Allen. "The TLS Protocol Version 1.0." RFC 2246. January 1999.

[2] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. "Hypertext Transfer Protocol -- HTTP/1.1." RFC 2616. June 1999.

[3] J. Klensin, Ed. "Simple Mail Transfer Protocol." RFC 2821. April 2001.

[4] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler. "SIP: Session Initiation Protocol." RFC 3261. June 2002.

[5] http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-13.txt

[6] S. Vaudenay, "Security Flaws Induced by CBC Padding - Applications to SSL, IPsec, WTLS, ...", In Advances in Cryptology - EUROCRYPT'02, Amsterdam, Netherland, LNCS 2332, pp. 534-545, Springer Verlag, 2002.

[7] B. Mueller, "Security of CBC Ciphersuites in SSL/TLS: Problems and Countermeasures." [http://www.openssl.org/~bodo/tls-cbc.txt,2002]

[8] S. Moriai, A. Kato, and M. Kanda. "Addition of Camellia Cipher Suites to Transport Layer Security (TLS)." RFC 4132. July 2005.

[9] H.J. Lee, J.H. Yoon, and J.I. Lee. "Addition of SEED Cipher Suites to Transport Layer Security (TLS)." RFC 4162. August 2005.

[10] http://www.ietf.org/internet-drafts/draft-ietf-tls-psk-09.txt

[11] http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-12.txt

Elisa Bertino Receives Computer Society Award; article contributed by Gene Spafford

Professor Elisa Bertino, CERIAS's Director of Research, has been named as the 2005 recipient of the Computer Society's Tsutomu Kanai Award. The Computer Society of the IEEE makes this award each year. The Tsutomu Kanai Award was created by a generous endowment from Hitachi, Ltd. It recognizes major contributions to state-of-the- art distributed computing systems and their applications. The award consists of a certificate, crystal memento, and a $10,000 honorarium.

Previous winners of the award are listed at http://tinyurl.com/74ehv

This is a major award for outstanding contributions, and it is very well deserved.

Virgil Gligor to Receive NIST/NSA Security Award; article contributed by Gene Spafford

Dr. Virgil Gligor, one of the country's pioneering figures in computer security, will be presented with the 2006 National Information Systems Security Award by the National Institute of Standards and Technology and the National Security Agency in a ceremony at the 26th Annual Computer Security Applications Conference in Tucson, AZ On Dec. 6, 2005.

The award recognizes individuals for scientific or technological breakthroughs, outstanding leadership, highly distinguished authorship, or significant long-term contributions in the computer security field.

Gligor, a professor of electrical and computer engineering at the University of Maryland, College Park, MD, will receive the prestigious award for his outstanding contributions to advance computer security technology. Gligor has been a leader in computer security research and education for 30 years in a broad range of areas including access control mechanisms, penetration analysis, denial-of-service protection, cryptographic protocols, and applied cryptography.

Previous winners of this award:

1988 Steve Walker
1989 Willis Ware
1990 Jim Anderson
1991 Roger Schell
1992 Walter Tuckman
1993 Robert Courtney
1994 Donn Parker
1995 Dennis Branstad
1996 Whit Diffie, Martin Hellman, & Ron Rivest
1997 David Clark
1998 Butler Lampson
1999 Dorothy Denning
2000 Eugene H. Spafford
2002 Peter G. Neumann
2005 Virgil Gligor

Homeland Security's ARPA Stretches Budget for Internet Security, contributed by Richard Schroeppel Original article from InformationWeek, J. Nicholas Hoover
Nov. 8, 2005

"With a shrinking budget, the Advanced Research Projects Agency's cyber-security arm has to leverage internal expertise with that of academia and industry to get research done and have products commercialized."

The article mentions the agency's commercialization focus and its ongoing research projects for security-awareness, discovering botnets, secure information repositories about Internet traffic patterns, adding security to the Domain Naming System, and secure Internet routing. Concerns about thin clients for Internet access are also surfaced.

ThePrivacyPlace.Org 2005 Privacy Survey is Underway, by Annie Anton

Researchers at ThePrivacyPlace.Org are conducting an online survey about privacy policies and user values. The survey is supported by an NSF ITR grant (National Science Foundation Information Technology Research) and will help us with our investigations of privacy policy expression and user comprehension.

The URL is: http://survey.theprivacyplace.org/

We need to attract several thousand respondents, and would be most appreciative if you would consider helping us get the word out about the survey which takes about 5 to 10 minutes to complete. The results will be made available in 2006 via our project website http://www.theprivacyplace.org/

There are prizes and IBM sponsored giveaways.

NIST Hash Workshop, October 31 - November 1, 2005

The recent NIST workshop on cryptographic hashes was an interesting event with several good talks. NIST is focusing on determining what to use for a hashing standard in place of SHA-1, how fast to move to the next standard, and whether or not the SHA-2 family is sufficiently secure for the future. The discover of the MD5 collisions, Xiaoyun Wang, spoke about progress towards similar attacks on SHA-1, indicating that the work factor may now be as low as 2^64. Cryptographic hash functions age quickly. The papers are online at http://www.csrc.nist.gov/pki/HashWorkshop/program.htm