Noninvasive Methods for Host Certification

Determining whether a user or system is exercising appropriate security practices is difficult in any context. Such difficulties are particularly pronounced when uncontrolled or unknown platforms join public networks. Commonly practiced techniques used to vet these hosts, such as system scans, have the potential to infringe on the privacy of users. In this article, we show that it is possible for clients to prove both the presence and proper functioning of security infrastructure without allowing unrestricted access to their system. We demonstrate this approach, specifically applied to antivirus security, by requiring clients seeking admission to a network to positively identify the presence or absence of malcode in a series of puzzles. The implementation of this mechanism and its application to real networks are also explored. In so doing, we demonstrate that it is not necessary for an administrator to be invasive to determine whether a client implements required security practices.

[1]  Iwao Sasase,et al.  Proposal of secure remote access using encryption , 1998, IEEE GLOBECOM 1998 (Cat. NO. 98CH36250).

[2]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[3]  Dirk Fox Computer Emergency Response Team (CERT) , 2002, Datenschutz und Datensicherheit.

[4]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[5]  Florence Olsen The Growing Vulnerability of Campus Networks. , 2002 .

[6]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[7]  Wenke Lee,et al.  Evading network anomaly detection systems: formal reasoning and practical techniques , 2006, CCS '06.

[8]  D. Scheuermann The smartcard as a mobile security device , 2002 .

[9]  Peeter Laud,et al.  Eliminating Counterevidence with Applications to Accountable Certificate Management , 2002, J. Comput. Secur..

[10]  Donald F. Towsley,et al.  Modeling malware spreading dynamics , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[11]  Christopher Krügel,et al.  Accurate Buffer Overflow Detection via Abstract Payload Execution , 2002, RAID.

[12]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[13]  Ari Juels,et al.  $evwu Dfw , 1998 .

[14]  Brent Waters,et al.  New client puzzle outsourcing techniques for DoS resistance , 2004, CCS '04.

[15]  Trent Jaeger,et al.  Attestation-based policy enforcement for remote access , 2004, CCS '04.

[16]  Sarah Gordon Feature: Are good virus simulators still a bad idea? , 1996 .

[17]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[18]  Shane Markstrum,et al.  Securing nomads: the case for quarantine, examination, and decontamination , 2003, NSPW '03.

[19]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[20]  Glen Zorn,et al.  IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines , 2003, RFC.

[21]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[22]  Prabir Bhattacharya,et al.  Remote access and networked appliance control using biometrics features , 2003, IEEE Trans. Consumer Electron..

[23]  Eric van den Berg,et al.  A Fast Static Analysis Approach to Detect Exploit Code Inside Network Flows , 2005, RAID.

[24]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[25]  James Newsome,et al.  Polygraph: automatically generating signatures for polymorphic worms , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[26]  Patrick Traynor,et al.  Non-Invasive Methods for Host Certification , 2006, 2006 Securecomm and Workshops.

[27]  B. Karp,et al.  Autograph: Toward Automated, Distributed Worm Signature Detection , 2004, USENIX Security Symposium.

[28]  Takashi Tsunehiro,et al.  A secure flash card solution for remote access for mobile workforce , 2003, IEEE Trans. Consumer Electron..

[29]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[30]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[31]  George Varghese,et al.  Automated Worm Fingerprinting , 2004, OSDI.

[32]  Hannu A. Aronsson Zero Knowledge Protocols and Small Systems , 1995 .

[33]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[34]  David Watson,et al.  The Blaster worm: then and now , 2005, IEEE Security & Privacy Magazine.

[35]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.