[ Tutorial I || Tutorial II || Tutorial III ]
Internet Privacy and Anonymity
14:00 - 15:30 PM
The Internet was designed without provisions for protecting user privacy. Researchers have proposed anonymous protocols as a technical means to privacy. These protocols trade local resources, such as bandwidth, latency, and processing, for anonymity within a forwarding group. |
This tutorial will provide an overview of a number of techniques that have been proposed to support anonymous routing including Mixes, anonymous remailers, DC-nets, and path-based protocols like Crowds, Onion Routing, and Hordes. We examine methods of providing anonymity for initiators of connections (i.e., web surfers) as well as responders (i.e., web servers) and peers in peer-to-peer systems such as Freenet, Publius, and APFS. We will examine the security and network performance limitations of some of these techniques and discuss how anonymous routing can be applied to other applications including the peer-to-peer context.
|Clay Shields was born in Washington, D.C, and spent much of his childhood living overseas as required by the career of his stepfather, who was a covert agent for the CIA. Clay got an undergraduate degree in electrical engineering from the University of Virginia, then served in U.S. Army as an infantry officer with the 101st Airborne Division. He attended the University of California at Santa Cruz, and for his dissertation he studied computer networking, particularly multicast routing and network security issues. Clay is now an assistant professor in computer science at Georgetown University, where he studies issues in network security, particularly means of providing individual privacy, methods of locating the source of network attacks, and security in wireless networks. (For more information: www.cs.georgetown.edu/~clay/)|
Brian Levine joined the UMass Computer Science faculty in Fall 1999. He received his Master's and PhD in Computer Engineering from the University of California, Santa Cruz in 1996 and 1999, respectively. He received his B.S. in Applied Mathematics and Computer Science from the State University of New York at Albany in 1994. Dr. Levine has numerous publications in the areas of network privacy and security, group communication, and mobility. Before joining UMass, he had worked briefly at Sun Labs, Bell Labs, INRIA (RODEO group in Sophia-Antipolis), and Sprint Advanced Technology Labs. (For more information: www.cs.umass.edu/~brian/)
Introduction: Four objectives will be met in this tutorial on mobile wireless security. First a brief identification of the current state of vulnerabilities that affect WLAN security will be discussed. Next an exploration of how these vulnerabilities have been addressed with the future of wireless local area network security, IEEE 802.11i, will take place. Then wide-area wireless security issues incurred as users connect to public WLANs will be investigated. The tutorial will conclude with step-by-step details on how wide-area security can be addressed by utilizing a defense-in-depth secure mobility architecture.|
Part I: (15 minutes) Initially we will cover common vulnerabilities found with initial Wi-Fi offerings protected by weak encryption or utilizing default configurations. Insufficiently protected Wi-Fi networks are susceptible to denial-of-service attacks, unauthorized access, eavesdropping, hijacking, etc. We will demonstrate these attack methodologies to help you know which what they attackers know about penetrating Wi-Fi networks.
Part II: (30 minutes) We will provide attendees with in depth knowledge of the next generation of wireless LAN security, IEEE 802.11i with an emphasis on authentication, integrity, access control (MAC lists, SSL portals, 802.1X port access controls) and data confidentiality changes incorporated into the new Wi-Fi standard, 802.11i.
Part III: (30 minutes) Mobile wireless devices can contain personal or otherwise sensitive information. Once a user acquires a mobile device and connects to remote network not owned by the enterprise they are surrounded by networks and users they cannot trust. This exposes the user to a host of attacks. Traditionally users connected to the enterprise network from their desks, and were protected by layers of both physical and logical defenses. Mobile users have no other protection than those available on their devices.
Part IV: (15 minutes) Provide attendees with in-depth knowledge of techniques and methods to address end-to-end security mobility. With the proliferation of wireless devices and the upsurge of public wireless networks, end-users desire to take advantage of increased mobility. Public hotspots and their “use at your own risk” security frameworks offer no protection to end-users. The building blocks of security mobility include a VPN, Mobile IP, end-user device security, strong authentication, and configuration management. We will present a defense-in-depth architecture that provides information security (INFOSEC), communications security (COMMSEC), and network security (NETSEC).
Conclusion: Developing secure enterprise WLANs by incorporating 802.11i will provide organizations with access control and strong encryption. To address the growing mobile work force security mobility can be accomplished utilizing a defense-in-depth approach. In this workshop, attendees will leave with a thorough understanding of the need for security mobility, 802.11i, and will gain hands on experience with the latest software WLAN security tools.
Prerequisites for the tutorial: It is expected that all attendees have background knowledge relating to Wi-Fi networks.
|Cornell W. Robinson III, a Senior Consultant with Booz Allen Hamilton, has more than seven years experience of information technology (IT) related experience that carry with them extensive knowledge in wireless communications (802.11/WiFi), network security, local area network (LAN)/wide area network (WAN) design, system administration, network device implementation/configuration, and network management. Prior to joining Booz Allen Hamilton, Mr. Robinson was an adjunct professor for Syracuse University and functioned as a reviewer for Network Computing Magazine in the area of emerging wireless technologies. As a professor he lectured on the topics of wireless networking, network security fundamentals, and network design & documentation principles. His course covered the design and maintenance of enterprise networks, producing students with both a theoretical understanding of network design, and with hands-on experience using the network infrastructure and servers located in the university’s state-of-the-art experiential learning laboratory. Mr. Robinson published a number of articles with Network Computing magazine. These articles were read by thousands of network professionals worldwide and include the results of real-world, hands-on testing and evaluation of competing products from various vendors. Mr. Robinson developed the wireless lab — a division of Network Computing’s Real-World laboratories located in Syracuse that focuses specifically on mobile and wireless technology. Mr. Robinson has a MS. in Telecommunications and Network Management from Syracuse University, and a BS. in Computer Science from Point Park University. He holds eight industry certifications covering wireless technologies, security, operating systems, IP networking, a few of which are the CWSP, CWNA, CCDA and CCNA. Contact Information:
Cornell W. Robinson, III, (o) 703/902-4184, 8283 Greensboro Drive
McLean, VA 22102, Robinson_cornell@bah.com |
Anthony Scott is a licensed professional engineer (PE) in electrical engineering specializing in communications and control systems and a Certified Information Systems Security Professional (CISSP). Mr. Scott has over five years of technical experience in secure commercial communications, ad hoc networking research, secure infrastructure networking, commercial device research and military missile/radar systems analysis with a comprehensive background and experience in secure wireless communications, cryptography, secure type-1 mobile handset 2.5G and 3G communications, hand held 2-way radio communications, and information security. Mr. Scott is a functional expert in wireless local area networks (WLAN). Mr. Scott is currently the co-author of a future 200 page NIST special publication detailing the IEEE 802.11i wireless medium access layer security enhancements. Mr. Scott lectures at conferences across the nation in the area of wireless communications. At Booz Allen Hamilton Mr. Scott is responsible for co-building the firms wireless security laboratory, providing wireless training and presenting in the firms wireless security workshop. Prior to joining Booz-Allen-Hamilton, Mr. Scott was the sole lead communications engineer for Data Research and Analysis Corporation (DRAC) where he secured the companies government classified SECRET intranet, developed company computer network policies and guidelines as well as enforced them. Mr. Scott graduated from the dual degree program at Georgia Institute of Technology and Morehouse College. He received a Bachelors of Science degree in Electrical and Computer engineering from Georgia Institute of Technology and he received a Bachelors of Science degree in Mathematics from Morehouse College. Mr. Scott also holds a Masters of Science degree from Georgia Institute of Technology in Electrical and Computer engineering. Mr. Scott is an active participant in his community and was born and raised in NJ. Contact Information: Anthony D. Scott, PE, CISSP, (o) 703/377-1436, (f) 703/902-3636, 8283 Greensboro Drive, McLean, VA 22102, Scott_Anthony@bah.com
Identity management is an integral part of almost all information systems. Identity management is to let users manage and utilize their personal information, e.g., username/password, names, addresses, e-mail addresses, national IDs and usage histories, on the Net in a secure and privacy-protected manner. Any successful identity services, such as single sign on and permission-based personal information sharing, should be underpinned by solid identity management. Recently identity federation is attracting attentions from businesses, such as emerging Web services, which require solutions to handle user identities issued and managed by different business entities in a harmonized manner. |
This tutorial gives an overview of identity management with the emphasis on the federated approaches, covering related standard specifications, and security and privacy considerations. Also the tutorial discusses real business cases, ranging from B2E to B2C in different industries, such as mobile communications, gaming, and digital TV. In the tutorial, the Liberty Alliance identity frameworks are used as a concrete example to illustrate federated identity management technologies. Also other approaches, such as SAML, shibboleth and WS-Federation, are compared. The authors are the main editors of Liberty Alliance Developer Tutorials (www.projectliberty.org/resources/tutorial_draft.pdf), which is one of the most downloaded materials worldwide at the Liberty Alliance site.
|Teruko Miyata is a Research Engineer at Information Sharing Platform Laboratories of NTT. She received the B.S. and M.S. degrees in mathematical science from Ochanomizu University, Tokyo, Japan, in 1991 and 1993 respectively. She joined NTT Laboratories as a research engineer in 1993 and her current field of interest is the identity management business and technology. She had made many presentations at international conferences and standardization meetings, including OASIS and TV-Anytime Forum.|
Kenji Takahashi is a Senior Research Engineer, Supervisor at Information Sharing Platform Laboratories of NTT. Currently he is leading several R&D projects for identity management and ubiquitous computing technologies. He gave many tutorials at international technical conferences including WWW6, ACM/IEEE ICSE 2000 and RSA Security Japan 2004. Previously he was a visiting scientist in the College of Computing at Georgia Institute of Technology and Senior Software Engineer at NTT Multimedia Communications Laboratories in Palo Alto, CA. Dr. Takahashi received the Ph.D. in Computer Science from Tokyo Institute of Technology. Contact information: Teruko Miyata, NTT Information Sharing Laboratories, 3-9-11 Midoricho, Musashino, Tokyo 180-8585 Japan, e-mail: firstname.lastname@example.org, Phone: +81 422 59 2927, Fax: +81 422 37 7463