PKI Labs Conference Call, January 13, 2003

*PKI Labs Conference Call*
January 13, 2003

*Attendees*

Neal McBurnett (convener) - Internet2

Bob Brentrup - Dartmouth
Sean Smith - Dartmouth

Cliff Neuman - ISI
Bob Morgan - Washington
Carl Ellison - Intel
Peter Honeyman - Michigan
Lisa Hogeboom - Internet2
Renee Frost - Michigan/Internet2

Ben Chinowsky (scribe) - Internet2

*Discussion*

The group reviewed the minutes from the previous call; the "sufficiently trustworthy" reference needs to be expanded. [AI] Ben will send out revised Dec. 9 minutes.

Sean and Bob B. updated the group on work at Dartmouth.
- A couple of Sean's students are working on keyjacking. A particularly easy attack they've been looking at involves "evil HTML" that uses a user's client-side authentication to do things in the user's name at sites other than those the user intends. Sean observed that this attack exploits shortcomings in how certs are stored and used to authenticate the user. Many PKIs lack a well-thought-out binding between what the service is used for and how to present it to the user -- e.g. asking "are you really sure that this is what you meant?" when necessary. Sean has some ideas for easy ways to improve this binding. [AI] Sean will write up instructions for accessing Dartmouth's keyjacking demo.
- Bob B. is experimenting with iKey personal key storage devices; students are already working on breaking the system he's set up.
- Bob noted that Dartmouth has also tried using Chrysalis hardware key storage with their iPlanet implementation; it broke and caused major problems.

Sean pointed the group to an nCipher press release (http://online.securityfocus.com/archive/1/304161) about a problem with their hardware exporting keys in plaintext. Sean has an IEEE column coming out in which he shows that many purported hardware vulnerabilities are really vulnerabilities of associated software. [AI] Sean will send the list references for purported hardware vulnerabilities he's heard about lately.

Cliff has been working on policy evaluation, continuing to work with GAAAPI but also trying to integrate it with other security services and with Apache. The idea is to allow the threat level to rise whenever wider access is allowed, even without a specific threat (the "blue light"), and to respond accordingly, for example by locking down specific areas. An early reference implementation of the Extended Access Security Language is now available; [AI] Cliff will send out a URL for the EASL reference implementation.

Carl noted a problem he sees with the project Stefan Brands discussed on the Nov. 11 call: people want to buy complete solutions, but Stefan is offering only a component. Carl suggested that Stefan will need to provide an application as well, and commented that despite PKI proponents' agreement on "the beauty and necessity of this technology", there is no agreement on the killer app for PKI.

This led into a more general discussion of why PKI is failing to catch on. Sean observed that "whenever you look close at this stuff it doesn't work" -- as illustrated by, e.g., forging SSL certs, forging signed documents with Lexign, and misusing client-side authentication. People are going forward with flawed technology, apparently with the attitude that "eventually someone will get burned big time, but it probably won't be me." Neal expressed more optimism, noting that the issue is whether or not PKI is a step forward over whatever we're using now; maybe PKI can at least make things more traceable. Neal also noted that Kevin Mitnick is pushing "social engineering" as a solution. Sean pointed out that PKI can be even worse than cleartext passwords because people trust it more; Ross Anderson [http://www.cl.cam.ac.uk/users/rja14/] has documented this. Sean noted the case of a policeman in the UK who was jailed as a result of someone committing fraud involving his bank account. As the law assumed that the bank's systems were not vulnerable, suspicion fell on the person who was known to have access to the account -- in this case, the victim of the attack. There was general agreement that social effects are pervasive in security in general. Neal suggested that another major source of difficulty is lack of proper integration among the different pieces of a PKI.

The submission deadline for papers for the PKI Labs workshop is Jan. 31; few submissions have been received so far. There was general agreement that this is not cause for concern and that the deadline can be moved back if necessary. [AI] Peter will ask program chairs for other conferences (Usenix in particular) to forward papers rejected for reasons other than poor quality, and will get the PKI Labs Workshop added to the Usenix calendar. [AI] Neal will contact Peter about further coordination with Usenix. Peter noted that NDSS, which he is co-chairing, has a great program this year; see http://www.isoc.org/isoc/conferences/ndss/03/program.shtml.

The next meeting will take place Feb. 10 at 4:00 PM Eastern, per the regular schedule.

*Action Items*

[AI] Ben will send out revised Dec. 9 minutes.
[AI] Sean will write up instructions for accessing Dartmouth's keyjacking demo.
[AI] Sean will send the list references for purported hardware vulnerabilities he's heard about lately.
[AI] Cliff will send out a URL for the EASL reference implementation.
[AI] Peter will ask program chairs for other conferences (Usenix in particular) to forward papers rejected for reasons other than poor quality, and will get the PKI Labs Workshop added to the Usenix calendar.
[AI] Neal will contact Peter about further coordination with Usenix.