Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
PKI in Higher Education:Dartmouth PKI Lab Update
Internet2 Virtual Meeting5 October 2001
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
2
Researchers
Dartmouth College Computer Science
Institute for Security and Technology Studies
Dartmouth College Computing Services
David Nicol, Sean Smith: CS/ISTS
Ed Feustel: ISTS
Robert Brentrup, Larry Levine: Computing Services
Yasir Ali, Alex Iliev, John Marchesini, Eileen Ye:CS Students
Shan Jiang, Evan Knop: Alumni
Lab Created 4Q2000
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
3
Dartmouth PKI Lab Objectives
Exploring how to effectively use public-keycryptography to build trusted informationservices in the real world.
Enable effective trust judgements, in systemsthat are heterogeneous on every level.
In users, roles, computer hardware and software,organizations, administrative domains, applicationcontexts
What are the appropriate pieces of informationfor trust judgments in different contexts atdifferent times?
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
4
End to End Approach
Server
How do we establish foundation for this trust, whencomputation is vulnerable to insider attack?
Client
How can user tools enable effective trustjudgments?
Infrastructure
How do we deploy and manage the certificates,keys, etc., that enables this trust communication
Applications
How can applications engage in PKI-based trustjudgments?
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
5
Status, October 2001
Server
Trusted Third Parties, immune to insider attack
Private Information Retrieval (PIR)
Armored Vault
WebALPS
Client
Web/SSL/Certificate Spoofing
Requirements for Secure Web Client
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
6
Status, October 2001
Infrastructure
Setup COTS, open-source testbeds. LDAP
Campus PKI planning
PKI/Lite: Web Authn/Authz & S/MIME
S/MIME Private Key Server
Applications
Hardened Box Office
Web Application authentication/authorizatiolocal replacement
Voting (demo of WebAlps)
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
7
Private Information Retrieval
Protecting query privacy from insider attack
Server that efficiently provides material toauthorized users…
…so that the server operator learns nothing, noteven statistics!
Domains with sensitive data
Health information, expensive research data
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
8
Armored Vault
Protecting archived private material from insiderattack
Prove to stakeholders that policy is followed
Prototype domain: network data
Archive is encrypted and bound to policy
Built with Snort and IBM 4758-2
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
9
WebALPS
Protecting SSL Web Servers from insider attack
SSL doesn’t help if armored pipe to cardboardbox!
Move server end of SSL into securer co-processor
Built from Apache, OpenSSL and IBM 4758-2
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
10
Hardened Box Office
Protect operator from liability
Campus agents want to sell tickets, etc. online
Server operator wants to minimize risk ofexposing private customer data
Uses WebALPS hardened server
Internal application catches customer data, thensigns and encrypts for entity and e-mails it
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
11
S/MIME Private Key Server
Protecting user private keys from insider attack andprovides mobility
Problem: Web based e-mail offers client mobility…
… but adding PKI requires trusting the server with theprivate keys
Solution: uses WebALPS- hardened server
Generates, certifies, stores user keys…
… and applies them only when authorized by user
Neither bribery nor subpoena reveals the user keys!
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
12
Client: Good Trust Judgements?
Web/SSL provides server identity, not attributes
URL?
Location bar information
SSL Icon?
SSL warning window?
Certificate information?
Status bar
www.cs.dartmouth.edu/~pkilab/demos/spoofing/
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
13
Client Research Questions
Should attributes attest to name of server, orcontent offered?
What are semantics of “independent windows”?
Who is really providing this service?
Which certificate is being used?  Why?
What information does the server acquire about theuser?
Requirements for “better” browser
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
14
Infrastructure
Developing Familiarity with tools for applicationdevelopment
Defining strategies to setup and administer institutionscale PKI environment
Interactions with Central LDAP directory
Tools to support Research projects
Compatibility testing of PKI vendors and clientapplications
Studies of end-user behavior, eg. Why passwords areshared
Research goal: real applications, solving real problems!
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
15
Futures
PKI more than X.509
SDSI/SPKI. PGP, XML...
Trust Judgment in Applications
Rights Management, expressions of policy
Critical Mass, academic community asprototype lab
Internet2 Color Pos RGB.gif 00000012Stephen's G3 ABA78158:
Internet2 Fall 2001 Meeting: HEPKI
16
For More Information
www.cs.dartmouth.edu/~pkilab
Sean Smith
sws@cs.dartmouth.edu
Ed Feustel
efeustel@ists.dartmouth.edu
Robert Brentrup
Robert.J.Brentrup@dartmouth.edu