E5 – LABORATORY FOR OPEN SYSTEMS AND NETWORKS

Name of the Workshop: NATO Workshop 2003
Duration: 11/1/2003 – 4/30/2006

The Workshop programme consisted of 7 different sessions that covered the most important areas of security provision in networking. Presentations of the first session with a title “Basic concepts in secure communications (I)” described the importance of security and gave an overview of security problems, threats, mechanisms and services. Several security mechanisms, e.g. symmetric and asymmetric encryption, digital signatures, and authentication protocols, were presented in more detail. Security provision at network and transport level was also discussed, such as security in IPv6, virtual private networks, or secure identity-based network access.

Of special interest for system administrators were talks on firewall technologies and intrusion detection systems. Presentation on firewalls gave participants a thorough view on advantages and disadvantages of firewalls, as well as on firewall configurations. Packet filtering routers, stateful packet inspection, and application proxy servers were presented in detail. Participants could find out how to set up a firewall, for example as a dual homed gateway firewall, screened host gateway, or screened subnet gateway. In the second presentation of that session, intrusion detection systems were presented, especially why are they needed, how they work (analysis techniques, data sources), and what should one know about the deployment issues.

Basic Concepts in Secure Communications (II) session was dedicated to the security of electronic documents and standardisation. Different electronic signature methods, secure document types and time-stamping mechanisms were presented, as well as the most known standards for evaluation of security technology, such as Common Criteria, ITSEC, TCSEC or FIPS 140. One of the most important issues in security provision in global computer networks is public-key cryptography. For authorisation, another type of X.509 certificates is more useful, i.e. attribute certificates that bind user’s identity with a set of attributes other than a public key. Attribute certificate format and their use in privilege management infrastructures (PMIs) were also presented in detail. The last presentation from this session dealt with wireless communication security. Special problems of security provision in a wireless environment, together with security technologies and protocols were described. An emphasis was put on GSM and IEEE 802.11 security.

Secure applications session covered WWW security and technical demonstrations of wireless and PKI-based applications. A talk on WWW security presented Web transaction security, browser security and server security. Participants gained knowledge about the SSL and TLS protocols and code signing. In addition, Java and XML security were discussed, for example XML signature, XML encryption, or XKMS. Very interesting for the participants were practical examples of secure applications: student on-line administration (PKI-based secure access to databases with personal data via the Internet), e-petition, digital signing of electronic contracts and PKI-based secure access to an LDAP server.

Special attention was paid to the legal issues of data protection and privacy. Workshop participants were given a thorough overview of legislation in EU on privacy, data protection and electronic signatures. In particular, European directives 1995/46/EC, 2002/58/EC, and 1999/93/EC were explained. As we can not rely just on legislation when providing privacy in computer networks, the second talk discussed privacy-enhancing technologies, such as mix networks, cookie management tools, or identity protectors. Privacy-enhancing technologies protect privacy by eliminating or reducing personal data or by preventing unnecessary and/or undesired processing of personal data. The last session “Secure E-Government and E-business” gave an overview over provision of security services in government and public administration. Challenges to e-government were presented, such as access issues, technical issues, human factors, service delivery issues, and resource issues, as well as steps to e-government transformation. Participants were especially interested in an e-voting case study.

demo

Laboratory for open systems and networks

  • Jamova cesta 39, 1000, Ljubljana
  • + 386 (0)1 477 3900
  • info@e5.ijs.si