*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Ph.D. Defense of Dissertation Announcement
Title: Practical Authentication in Large-Scale Internet Applications
Italo Dacosta
School of Computer Science
College of Computing
Georgia Institute of Technology
Date: Friday, June 1st, 2012
Time: 9:00 AM - 11:00 AM
Location: Klaus 3126 (GTISC War Room)
Committee:
Abstract:
The rapid adoption of Internet applications such as VoIP and Web applications has resulted in systems with high performance and scalability requirements. Such systems typically need to support millions of users located in different geographical areas -- a scenario no other system has faced before. Due to these requirements, application architects and developers have made performance and scalability their primary goals while giving less importance to security. As a result, many large-scale Internet applications rely on weak-but-efficient security mechanisms, particularly authentication protocols. However, the increasing popularity and importance of Internet applications have also raised their risk to attacks. For example, weaknesses on authentication protocols have being actively exploited by a variety of adversaries, including criminal organizations and governments. While more robust authentication protocols have been proposed, most of them fail to address the unique requirements of large-scale Internet applications and, therefore, such protocols have not been widely deployed.
Therefore, the unprecedented performance and scalability requirements of large-scale Internet applications have hindered the use of more robust authentication mechanisms. We can build efficient and scalable authentication mechanisms with stronger integrity guarantees and resistance to active attacks by better understanding the specific requirements of such class of applications.
This dissertation presents the following contributions. First, we show how even a simple authentication mechanism such as SIP Digest authentication can significantly impact the performance and scalability of a highly distributed VoIP infrastructure. Hence, we propose Proxychain, a SIP authentication protocol that not only provides better security guarantees than Digest authentication but also improved performance and scalability. Second, we propose One-Time Cookies (OTC), an alternative to the use of HTTP cookies as session authentication tokens. OTC is inherently robust against active attacks such as session hijacking while preserving the efficiency of cookies. Third, we develop Direct Validation of SSL/TLS Certificates (DVCert), a practical mechanism that offers more robust validation of SSL/TLS server certificates to prevent MITM attacks without requiring external third-parties or additional infrastructure.
