Network Security Protocols: Today and Tomorrow
Radia Perlman and Charlie Kaufmann
This tutorial covers the concepts in network security protocols, describes the current standards and vulnerabilities, and suggests areas
that need research. It approaches the problems first from a generic conceptual viewpoint, covering the problems and the types of technical approaches for
solutions. For example, how would encrypted email work with distribution lists? What are the performance and security differences in basing
authentication on public key technology versus secret key technology? What kinds of mistakes do people generally make when designing
protocols? Armed with a conceptual knowledge of the toolkit of tricks that allow authentication, encryption, key distribution, etc., we
describe the current standards, including Kerberos, S/MIME, SSL, IPsec, PKI, and web security.
||Tutorial Outline (Table of Content):|
- What are the types of problems to be solved ?
- What can attackers do?
- Secret keys, public keys, message digests
- How they are generally used together for encryption, authentication, and integrity checks
- Intuition behind RSA, Diffie-Hellman
- Key distribution
- Secret key schemes (e.g., Kerberos) vs public key schemes (PKI)
- Building a hierarchy
- Who are the trust anchors
- What chains should be trusted? How are they found?
- Getting the private key to the human
- Cryptographic handshakes
- Pitfalls (reflection, replay, etc)
- Extra features (e.g., identity hiding, perfect forward secrecy)
- Distributed authorization and PKI
- Attributes, groups, cross-organizational issues
- Real-time protocols (SSL, IPsec (including IKEv1 and IKEv2))
- Email security
- Web security (URLs, cookies, pitfalls)
- Thoughts for the future
||Expected Audience and Prerequisites:|
This tutorial is for anyone wants to understand cryptography,
network security protocols, and the system issues that make
creating a truly secure system challenging, even if the
underlying cryptography and protocols are secure. There are
no prerequisites other than intellectual curiosity and
a good night's sleep in the recent past.
Radia Perlman is a Distinguished Engineer at Sun Microsystems. She is
also currently teaching a course on network security protocols at
Harvard University. She is known for her contributions to bridging
(spanning tree algorithm) and routing (link state routing) as well as
security (sabotage-proof networks). She is the author of
"Interconnections: Bridges, Routers, Switches, and Internetworking
Protocols", and co-author of "Network Security: Private Communication in
a Public World". She is one of the 25 people whose work has most
influenced the networking industry, according to Data Communications
Magazine. She has an S.B. and S.M in mathematics and a Ph.D. in computer
science from MIT, about 50 issued patents, and an honorary doctorate
from KTH, the Royal Institute of Technology in Sweden.
Charlie Kaufman, security architect for Lotus Notes & Domino, is a
Distinguished Engineer at IBM. In IETF, he served as the chair of the
Web Transaction Security working group, and is currently on the IAB
(Internet Architecture Board) and editor of the IKEv2 document in the
IPsec working group. He served on the National Academy of Sciences
expert panel on computer security that produced the book "Trust in
Cyberspace". Previously, he was network security architect for Digital
Equipment Corporation. He is co-author of "Network Security: Private
Communication in a Public World".