7th ACM Conference on Computer and Communication Security

1-4 November 2000, Athens, Greece
[Location : Athens Chamber of Commerce and Industry]

 

  TUTORIAL 1 and biographies

  TUTORIAL 2 and biography

  TUTORIAL 1 : Network Security and IPsec

        J. Ioannides (AT&T) and A. Keromytis (Univ. of Pennsylvania)

Abstract:

 The IPsec protocol suite provides network-layer security for the Internet and has recently been standardized in the IETF. It is beginning to make its way into commercial implementations of desktop, server, and router operating systems. IPsec offers a remarkable flexibility not possible at higher or lower layer abstractions: security can be configured between end hosts, between security gateways such as firewalls, between a security gateway and an end host, or in any other configuration in which network nodes can be identified as appropriate security endpoints. This flexibility however implies some associated complexity, which tends to obscure the usefulness of IPsec in engineering a secure network.

 In this tutorial, we are presenting:

·      The IPsec protocols: AH and ESP, which are the actual protocols that secure the packets, and IKE, the protocol used to set up security associations and keys between nodes.

·      Uses of IPsec, with detailed examples on a variety of operating systems (for setting up a Virtual Private Network (VPN); for secure remote access; for host-to-host security).

·      Interaction of IPsec with firewalls and other perimeter security devices (maintenance of security policies on firewalls; examples of setting up a security gateway).

·      Infrastructure necessary to support IPsec (manual or pre-negotiated keying; certificate management in IKE; policy support in IKE implementations).

·      Miscellaneous topics (Performance considerations and hardware support; interaction with other security mechanisms, such as Kerberos; comparisons with TLS/SSL, SSH, as well as link encryptors).

·      Future developments (Support for DNSSEC; use of PKIX as a Public Key infrastructure; the emerging IP Security Policy protocol).

  

Short biographies:

 John Ioannidis is a Researcher at AT&T Labs, where he is working on many aspects of secure systems. He has been with the IP Security effort of the IETF since its very beginning. He has written the original IPsec implementations for both BSD Unix and Linux, as well as the IPsec precursor, swIPe. He holds a PhD in Computer Science from Columbia University, and a Diploma in Electrical Engineering from the University of Patras.

  Angelos Keromytis is a Doctorate candidate at the University of Pennsylvania. He has been working on IPsec since 1995, when he implemented the first automated key management (Photuris) and interoperated with the second independent implementation. Since then, he has worked on two IPsec implementations (for BSD and Linux), and is the lead developer of the OpenBSD IPsec stack. He also implemented the first freely available IKE implementation (named Pluto, and in use in the Linux FreeSWAN project), which is also used as part of NIST's reference IPsec implementation. He has also worked on cryptographic hardware accelaration for IPsec, and in various applications of IPsec for network management.

 

  TUTORIAL 2 : Electronic Payment Technologies

          Y. Frankel, eCash Technologies

Abstract:

We discuss the various technologies that have been proposed in the scientific community as well as present several of the currently implemented technologies. The course will focus on architecture issues and will when necessary introduce specific cryptographic and design mechanisms required for a secure, robust, and efficient payment technology.

 Special emphasis will be made on providing the necessary knowledge to compare and contrast between the various technologies.  Some categories of particular interest will be security, efficiency, robustness, implementation costs (e.g., communication, storage, etc.), privacy and theft protection with respect to issuers, acquirers, merchants and customers.  Legal issues related to implementing some of the various technologies will also be presented.

 

Short biography:

 Yair Frankel is currently the Chief Scientist at eCash Technologies. He has over 15 years of experience developing risk management and security tools in technology companies as well as government and industrial laboratories. Prior to joining eCash Technologies, Dr. Frankel served as Vice President and Chairman of the Technical Advisory Board of CertCo Incorporated. He was also a senior member of technical staff at Sandia National Laboratories, where he co-authored a multi-year Sandia Laboratory Directed Research and Development proposal to investigate scalable cryptography. After receiving a technology leadership award, he left Sandia National Laboratories on a three year entrepreneurial leave of absence at CertCo. Dr. Frankel was also as a senior member of technical staff at GTE Laboratories. He has a PhD in Engineering from the University of Wisconsin and a BSc in Business from Western Illinois University.

last updated: July 21st, 2000