`
`WVROCEEDINGS
`
`
`
`”596
`1995
`
`
`
`Symposium on
`Network. and Distributed
`SVstem Security I E
`
`
`
`:14
`ill
`
`
`
`“1““
`
`'. "1"?-
`E February 16-17, 1995
`E
`
`San Diego,CaIifornia
`
`@ IEEE Computer Society Press
`
`The Institute of Electrical and Electronics Engineers, lnc.
`
`L—z—{ngg-fl‘cfiw ...‘_'|,.v'_...;...:- -':-.'.-.:'-' r'.'.*\7t'.".:'.:'.-.-
`Miran.
`
`:'...
`
`'. II... |.'.'. L1'|'_--.'-‘.‘. 1|.
`
`.-
`
`'-‘ |_'_.’.'.'."-::r'
`
`'r.-.-.‘.-_--'-.-:_-.|
`
`r ..." .-r--.-.. -
`
`----..--:.
`
`.-.-.n-.
`
`-.
`
`[..‘-n-Iv.
`-
`
`..‘
`
`-
`
`,Ig
`-
`
`‘
`-
`
`
`
`-
`
`-
`
`-
`
`--
`
`.“..
`--
`
`:
`
`i
`.
`:71
`
`'
`
`Compass Bank, at al.
`Exhibit 1004
`Pa e 1.
`'-;--. --.--
`--_-
`-
`-':" g i '*
`-
`
`-|--.l'.
`
`.
`
`Compass Bank, et al.
`Exhibit 1004
`Page 1
`
`

`

`.............
`
`
`
`-'.':.' ‘.'||-I "Y'f-Z.‘ -.'-"I1‘.I|“ -‘-'.
`
`'_
`
`-'-.I-.‘.
`
`
`
` Proceedings of the
`
`Symposium on Network and Distributed
`System Security
`
`February 16 —— 17, 1995
`
`San Diego, California
`
`Sponsored by
`
`The Internet Society
`
`IEEE Computer Society Press
`Los Alamitos, California
`
`
`
`Compass Bank, at al.
`Exhibit 1004
`Page 2
`
`
`
`
`
`
`
`. Brussels .Washington Tokyo
`
`
`
`Compass Bank, et al.
`Exhibit 1004
`Page 2
`
`

`

`IEEE Computer Society Press
`10662 Los Vaqueros Circle
`PO. Box 3014
`Los Alamitos, CA 90720-1264
`
`Copyright © 1995 by The Institute of Electrical and Electronics Engineers, Inc.
`All rights reserved.
`
`I
`
`Copyright and Reprint Permissions: Abstracting is permitted with credit to the source. Libraries may
`photocopy beyond the limits of US Copyright law, for private use of patrons, those articles in this volume
`that carry a code at the bottom of the first page, provided that the per-copy fee indicated in the code is paid
`through the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923.
`
`IEEE Copyrights Manager, IEEE
`Other copying, reprint, or republication requests should be addressed to:
`Service Center, 445 Hoes Lane, PO. Box 1331, Piscataway, NJ 08855-1331.
`
`The papers in this book comprise the proceedings of the meeting mentioned on the cover and title page. They
`reflect the authors' opinions and,
`in the interests of timely dissemination, are published as presented and
`without change“ Their inclusion in this publication does not necessarily constitute endorsement by the
`editors, the IEEE Computer Society Press, or the Institute ofElectrical and Electronics Engineers, Inc.
`
`IEEE Computer Society Press Order Number PR7027
`Library of Congress Number 94-74194
`ISBN 0-8186-7027-4 (paper)
`ISBN 0—8186-7028-2 (microfiche)
`
`Additional copies may be orderedfrom:
`
`‘
`
`IEEE Computer Society Press
`Customer Service Center
`10662 Los Vaqueros Circle
`PO. Box 3014
`Los Alamitos, CA 90720-1264
`Tel: +1—714—821-8380
`Fax: +1-714-821-4641
`Email: cs.books@computer.org
`
`IEEE Computer Society
`13, Avenue de l’Aquilon
`B-1200 Brussels
`BELGIUM
`Tel: +32-2-770-2198
`Fax: +32-2-770-8505
`
`IEEE Computer Society
`Ooshima Building
`2-19—1 Minami-Aoyama
`Minato-ku, Tokyo 107
`JAPAN
`Tel: +81-3-3408-3118
`Fax: +81-3-3408-5553
`
`Editorial production by Mary E. Kavanaugh
`Cover design by Danny Nessett, additional layout by Joseph Daigle
`Printed in the United States of America by Braun-Brumfield, Inc.
`
`® The Institute of Electrical and Electronics Engineers, Inc.
`
`._.-w.u-.:.I|' mm - --
`
`-.---
`
`'-- .
`
`--;:.--.-1- —,,w..-_---.‘,---;.-.,.-I,--.
`
`.__._,.:,|.
`
`--L-
`
`--.---.r
`
`..-r_--
`
`r-
`
`.-._— v ,-
`
`..-\-r—.-t-r‘-.-r-.-~—.. “urn"
`
`'.--r .
`
`v.____.--.-.- --.-..-.--::.
`
`'--
`
`'- - -:'
`
`_
`:
`.
`.
`.' :.- ---.'
`-
`1 -.'.I
`Compass Bank, at al.
`Exhibit 1004
`
`'
`
`'-
`
`
`
`.
`m
`P39 2%
`humfliwmecfimffltlhealth:-.!:I'uz:'l:fi:l.'5m‘:m::§£=mufimazesinmswrurnaivmnusurm:1'.'JnI“smears“u.:m-umm-nanvnmvnnmwmhwafllupuma-amennummmmm Westat-tumult:-mg
`
`Compass Bank, et al.
`Exhibit 1004
`Page 3
`
`

`

`n-wwrr-ylm'uwmmm
`.
`WSW-'"Ja‘mu: m
`.
`_
`.
`-
`.
`.v .
`..
`a?» -
`f
`.1W:
`
`-
`-
`rmnamtr-nrm-uaumnn-Eimxmmimnr-mmg
`
`_
`_
`,
`.
`.
`_
`.
`,
`,
`www.mmlflfiilflmflh‘c‘dfi‘ltli‘fl'filkflmflflufiIC3m;:fi::!{;r:m_wyfialmmumFEW-r315”?mmfiflfim
`
`Table of Contents
`
`General Chair’s Message ................................................... _ ............................ . ...................... vii
`Program Chairs’Message ........................................................... ............. . ............................ viii
`Organizing andProgram Committee .................................. .................................................. ix
`PSRG Members ................................ . .......................................................................................... x
`
`. 77C
`
`_")
`,
`n
`.
`’6)? g,
`
`,
`
`'
`
`Session 1 — Diverse Approaches to Security at the Network Layer
`Chair: Stephen T. Kent — Bolt, Beranek and Newman, USA
`Multicast-Speciflc Security Threats and Counter-Measures .............................................................. 2 )K
`T. Ballardie and J. Crowcroft
`Design of a Key Agile Cryptographic System for OC—lZc Rate ATM .............................................. 17 X
`D. Stevenson, N. Hillery,‘G. Byrd, F. Gong, and D. Winkelstein
`Ip‘Access — An Internet Service Access System for Firewall Installations .................................'...... 31 M
`
`S. Stempel
`
`Session 2 — Panel: Security Architecture for the Internet Infrastructure ................ 43
`Chair: Robert W. Shirey —- The MITRE Corporation, USA
`
`Security for the Internet Protocol (IP) and IP Next Generation
`P.A. Lambert
`[presentation only]
`
`Security for the Internet Domain Name System
`J.M. Galvin
`[presentation only]
`
`Security of Routing Protocols in the Internet
`G.S. Malkin
`[presentation only]
`
`Security Approaches to Routing in the Internet
`S.L. Murphy
`[presentation only]
`
`Session 3 — Off-Line Object Distribution Security
`Chair: Jeffrey I. Schiller —— Massachusetts Institute of Technology, USA
`Trusted Distribution of Software Over the Internet .......................................................................... 47
`AD. Rubin
`Location-Independent Information Object Security ................................. .: ....................................... 54
`J. Lowry
`
`Session 4 — Internet Payments
`Chair: Ravi Ganesan — Bell Atlantic, USA
`Electronic Cash on the Internet ....................................................................................................... 64
`S. Brands
`Panel — Internet Payment Mechanisms: Requirements and Architectures ..................................... 85
`Chair: Ravi Ganesan — Bell Atlantic, USA
`Panelists: Cliff Neuman — USC [SI
`Dave Crocker — Brandenburg Consulting
`[additional panelists to be announced]
`
`1
`l
`!
`l|
`:‘
`
`i
`
`
`
`Compass Bank, at al.
`Exhibit 1004
`Page 4
`
`Compass Bank, et al.
`Exhibit 1004
`Page 4
`
`

`

`Session 5 — Security Monitoring Tools: Practice and Experience
`Chair: Michael St. Johns — Advanced Research Projects Agency, USA
`
`NERD: Network Event Recording Device — An Automated System for Network Anomaly
`Detection and Notification ..................... . ........................................................................................ 87
`D. G. Simmons and R. Wilkins
`An Overview of SNIF: A Tool for Surveying Network Information Flow ....................................... 94
`J. Alves-Foss
`
`Distributed Audit Trail Analysis .................................................................................................... 102
`A. Mounji, B. Le Charlier, D. Zampuniéris, and N. Habra
`
`j
`
`Session 6 — Authentication and Authorization
`Chair: B. Clifford Neuman — Information Sciences Institute, USA
`/ SESAME V2 Public Key and Authorisation Extensions to Kerberos ............................................. 1 M-
`P. V. McMahon
`Yaksha: Augmenting Kerberos with Public Key Cryptography .................................................... 132
`R. Ganesan
`GSS-API Security for ONC RPC .............................................................................. . .................. 144
`B. Jaspan
`
`Session 7 — Mechanisms of Identity: The Certificate Infrastructure
`Chair: Hilarie Orman — University ofArizona, USA
`A Certificate Management System: Structure, Functions and Protocols
`N. Kapidzic and A. Davidson
`PEMToolKit: Building a Top—Down Certification Hierarchy for PEM from the
`Bottom Up ................................................................................................................................... 161
`A. Bahreman
`-
`
`.................................... 153
`
`A New Approach to the X509 Framework: Allowing a Global Authentication
`Infrastructure Without a Global Trust Model ................................................................................ 172
`S. Mendes and C. Huitema
`
`Session 8 — Panel: Security Issues for Mosaic and the World Wide Web ............. 191
`Chair: Fred Avolio — Trusted Information Systems, USA
`'
`Panelists. Peter J. Churchyard — Trusted Information Systems, USA
`Phillip M. Hallam—B aker —— CERN, Switzerland
`Allan M. Schiffman — Enterprise Integration Technologies, USA
`
`Author Index ..............................................................................
`
`........................... 192
`
` ”It Mirna] .-
`
`H
`
`" "Compass Bank etal
`Exhibit 1004
`
`.
`
`l
`._...u: ...].f .1‘3.'.'.:I.l‘_'.
`
`1.;
`L J.
`.I.
`..
`.1
`.‘II: ". I: '."'J ”JP“; '
`
`.
`
`. “...s.t...|.......
`.
`" J- " ‘ I" I
`' 1'
`
`.
`
`4 .._......-:. -...-. .. _\.-.- I"|-A-f_‘1J--l.':;:JUI:_.|_\§'I_|_."9.§ |..'.irEli'iuk‘l”'4“J~"'Jhll'.:.'.‘|:l‘?\lll.'1'JLL‘I.it'fll‘iil
`'>I-- - . ' -'J--- .-._.
`-
`-
`-
`.
`
`'1
`
`:nfiai39.1%: “I?$1.5"
`Hui-i114“
`—..I
`_'
`
`.
`
`.
`
`I
`
`Compass Bank, et al.
`Exhibit 1004
`Page 5
`
`

`

`
`
`General Chair’s Message
`
`Welcome to the second ISOC Symposium on Network and Distributed System Security!
`Building on last year’s very successful symposium and 1993’s workshop, we are looking
`forward to another set of thought—provoking presentations and lively panel discussions.
`
`Connections to international distributed networks, and the Internet in particular, are no longer a
`luxury for many organizations. As these networks continue to grow,
`the need for security
`services will increase and become more complex. At the same time, this connectivity provides
`potential intruders with greater access to both other systems and other intruders. Sophisticated
`attacks which were once scarce due to the relatively small number of intruders able to mount
`them, have increased greatly because of the sharing of toolkits that implement the attacks.
`Increasingly, the‘very infrastructure of the networks is being attacked and flaws exploited.
`Although much research has been done in network security and much practical experience is
`\
`available, that knowledge has yet to be widely deployed and used.
`
`This symposium was created specifically to draw together researchers, implementors, and users
`of network and distributed system security facilities. The fact that we provide a unique focus on
`this widely shared need is reflected by growth in both attendance and responses to the Call for
`Papers. The number of submissions increased 50% this year and we continue to enjoy a strong
`international representation in the presentations.
`
`I particularly
`to the Internet Society for again sponsoring the' symposium.
`I am grateful
`appreciate the vision and guidance of the Privacy and Security Research Group (PSRG), which
`conceived this symposium, and especially Dan Nessett who led its development during the first
`two years.
`
`Organizing a symposium of this size is a time-consuming task, and I want to thank all the
`symposium chairs for the tremendous time and effort they have given to pull all the details
`together. Tom Hutton has taken care of the many local details, while Gloria Carriker and Heidi
`Stefani have done a superb job in handling the registration activities. Terry Mayfield navigated a
`maze of unexpected pitfalls to produce the proceedings you are now holding.
`
`A special thanks is in order for the Program Committee and its co-chairs, Dave Balenson and
`Rob Shirey, as they have put together another excellent program that is timely for Internet
`designers and implementors worldwide. Much behind—the-scenes effort went into working with
`the paper authors and panel leaders, and a huge debt of appreciation is owed to the members of
`this committee.
`
`Finally, I would like to thank all the authors who submitted papers and the panelists who are
`participating for sharing their knowledge and experiences with us.
`
`James Ellis
`
`CERT Coordination Center — Carnegie Mellon University
`Pittsburgh, Pennsylvania
`
`E—mail: Jte@cert.org
`
`
`
`vii
`
`Compass Bank, at al.
`Exhibit 1004
`Page 6
`
`
`
`Compass Bank, et al.
`Exhibit 1004
`Page 6
`
`

`

`|
`'-
`
`I
`-
`
`I
`
`1
`
`I
`
`
`I
`
`I
`
`Program Co-Chairs’ Message
`
`Everyone knows that the Internet is experiencing explosive growth. But it is more important
`to notice that the Internet is also changing from an academic research tool into a ubiquitous
`platform for education and commerce. Every day, more users become dependent upon
`Internet services to do their jobs and to carry their data. Every day, more of the data found on
`the Internet is sensitive data that needs protection. Thus, there is an urgent need to secure the
`Internet in all of its aspects.
`
`Happily, network security has been studied since before the Internet began. At the same time
`that computing and communication technology were developed to make the Intemet’s
`growth possible,
`security technology was also being developed. Now,
`the Internet
`community is beginning to apply that technology. There is security activity in many places,
`especially in the Internet Society’s Internet Research Task Force (IRTF) and Internet
`Engineering Task Force (IETF). These activities are incorporating security techniques
`into Internet protocols and components, and are producing practical implementations of
`security technology.
`
`Many security tools and systems are already available for use, such as the Kerberos system,
`the Generic Security Service API, the Privacy—Enhanced Mail system, and security features
`for Point-to—Point Protocol, Telnet, and Simple Network Management Protocol. Additional
`security tools are in the works, including security for the underlying Internet Protocol (IP),
`the File Transfer Protocol (FTP), the Domain Name System, and routing protocols.
`
`Still,
`there is a much work to be done. The increasingly popular network information
`discovery and retrieval protocols — such as Gopher, WAIS, and World-Wide Web — need
`protection. So,do protocols for time services, transaction processing, and voice and video
`conferencing. And, in every case, the security must be made user-friendly and low—cost, or
`else users will avoid it.
`
`The organizers of this Symposium seek to enable and encourage the Internet community to
`deploy the available security technology, as well as develop new technology in areas where
`it is lacking. Hopefully, all protocols and components used in the Internet eventually will
`include or use suitable security facilities. This will make possible a protected Internet
`environment that can meet the wide range of security needs found among the diverse, global
`community of users.
`
`e...
`
`l‘
`
`I A
`
`'
`
`D
`
`St
`
`/ SE
`1
`
`/
`
`Ya
`
`GS
`
`Ses
`
`A C
`
`I];1::
`
`'
`31;:
`‘
`L
`
`Sessi
`
`C
`
`Auth
`
`Rob Shirey
`The MITRE Corporation
`
`McLean, Virginia
`
`E-mail: Shirey@MITRE.org
`
`David Balenson
`Trusted Information Systems
`
`Glenwood, Maryland
`
`E-mail: Balenson@TIS.com
`
`viii
`
`
`
`‘- a r
`
`.r=.
`mp...
`ompass Bank, at al.
`Exhibit1004
`Pag ,
`i
`u! mur- '_‘-'_'MI|.1--.r
`
`J
`it?
`
`
`
`Compass Bank, et al.
`Exhibit 1004
`Page 7
`
`

`

`-I-—=a ‘1 mum-u“..--..m.-m,‘.,...
`“WWW-n" '8'|'*t".""‘
`
`{Kfllmlfifimfimw
`I
`
`.
`.
`"mum“ i ""'
`
`1‘:
`
`.
`.
`..
`.. .
`
`
`
`
`'~’\'"‘-"'i| "1' “'E‘EJ'v-H-I-ulh l-Ju’w-rnlu‘, fluke-or." x—iv-mnius .-..'.. :."..'.I:.- '. ;-.-.K,'.-'.r.\:1.'!.-»~".-,.-' '
`
`
`
`
`
`
`
`
`
`.-v_-¢.-.. J.‘ 13—. . "I' -... . ..., ....-‘ - '- ~ ‘-- 1....
`
`-
`
`.
`
`
`
`.'-".‘-'-:- maria-mm1
`
`
`
`Compass Bank, at al.
`
`Exhibit 1004.
`Page 8
`
`
`
`Organizing and Program Committee
`
`General Chair
`
`James T. Ellis
`CERT Coordination Center
`
`Carnegie Mellon University
`
`Program Co-Chairs
`David M. Balenson
`
`Trusted Information Systems
`
`Robert W. Shirey
`The MITRE Corporation
`
`Program Committee
`
`Thomas A. Berson — Anagram Laboratories
`Matt Bishop — University of California at Davis
`Ravi Ganesan ~— Bell Atlantic
`Stephen T. Kent — Bolt, Beranek and Newman
`Paul A. Lambert — Motorola
`John Linn —— Open Vision Technologies
`B. Clifford Neuman — Information Sciences Institute
`Hilarie Orman — University ofArizona
`Michael Roe —- University of Cambridge, UK
`Robert Rosenthal — US National Institue ofStandards and Technology
`Jeffrey I. Schiller — Massachusetts Institute of Technology
`Peter Yee — US. National Aeronautics and Space Administration
`Robert ZampaIO — Telia Research, Sweden
`
`Publications Chair
`Terry Mayfield,
`Institute for Defense Analyses
`
`Registrations Chair
`Gloria Carrier,
`The MITRE Corporation ‘
`
`Local Arrangements Chair
`Thomas Hutton,
`
`San Diego Supercomputer Center
`
`Steering Group
`Internet Research Task Force, Privacy and Security Research Group
`
`ix
`
`’ '
`
`n d
`
`0
`)r
`
`to
`:re
`{111
`SICt
`bal
`
`Compass Bank, et al.
`Exhibit 1004
`Page 8
`
`

`

`Privacy and Security Research Group
`of the
`
`Internet Research Task Force
`
`1
`
`Chair
`
`Stephen T. Kent
`Bolt Beranek and Newman
`
`Kent@bbn.com
`
`Members
`
`David M. Balenson
`Trusiea' Information Systems
`Balenson@tis.com
`
`Matt Bishop
`University of California at Davis
`Bishop@cs.ucdavis.edu
`
`Russell D. Housley
`Spyrus
`Housley@spyrus.com
`
`Danny M. Nessett
`Sun Microsystems
`Nessett @jurassic.sun.com
`
`Burton S. Kaliski, Jr.
`RSA Laboratories
`Burt@rsa.com
`
`B. Clifford Neuman
`Information Sciences Institute
`Bcn@isi.edu
`
`Michael Roe
`
`Robert Rosenthal
`
`University of Cambridge, UK
`Michael.roe@cl.cam.ac.uk
`
`US. National Institute of Standards
`and Technology
`Rosenthal@ecf.ncsl.nist.gov
`
`Jeffrey I. Schiller
`‘
`Massachusetts Institute of Technology
`Jis @ mitedu
`
`Robert W. Shirey
`The MITRE Corporation
`Shirey @ mitre. org‘
`
`Roberto Zamparo
`Telia Research
`
`RobertoZamparo @ haninge.trab.se
`
`,
`
`_-':i""i_ -"":‘4,_]_'n "'_'
`
`'-"r'..
`
`.'3'”-':"'
`
`r'
`
`{'1 'r“.-.‘i:‘..:_11'.-|-'v'”3l:"-'-‘
`
`,.._.'.':,.,- ."'.| 21"....
`
`- ..
`
`‘
`
`--" '3‘ "-J .T‘.
`
`,
`
`."_!‘|
`
`._,.
`
`-~-.I:\II‘.‘1|1_..'
`
`':.~:.‘..
`
`\..rlJ‘l —'
`
`.'.‘..‘.‘r.
`
`I.._' :1; .'I‘.
`
`.
`
`'5 *"'.'-‘
`| t,
`“TI
`.
`.:‘.m..
`Compass Ban ,et al.
`Exhibit 1004
`
`'__-“'...'!‘||'
`
`Wu
`“Em-‘_‘,fld.“f:jfi'r._I_-'_'__:_':-'_-:1r_‘§-.L':.‘1;_';.i.'.f,\:.-;' 2;.{11
`
`:Lrwtfl-Lm:i'.'.£,-.-."|_‘_-'.'m _-‘!ld.r:.:.2‘.'.
`
`'
`
`.
`
`gig-@2-
`'L'n’:..‘ : mums-:1.- -..'.'i.|.'."_'.__:.‘.;':_ .._‘-{-.‘ s': -i:-ni.: ‘I..I 4'.-|J'.\.' '-.'-.\'.*:n .4 -' . .-'— .'ti':ll.‘1..h:nP-l'-‘.‘u u“:- L.‘>.L"'.’! L'n: -:i.|.-J_-_-.:.'.t_:;,-;.,'.‘..nu.r.:'.l.fi .-"Z-'lw§'.
`-_-'.-:.:.'
`
`
`
`‘
`
`'-
`
`
`
`Compass Bank, et al.
`Exhibit 1004
`Page 9
`
`

`

`"
`i".
`an: :
`
`7T”
`"'15-’- --‘-'"-‘1 “17?:23t3':‘.," a!a:a-I'Jirljz-lflgi--:’.«::::-_.'.‘.-_.-.,-_1--|\-Ir~- ;-.1.v.‘.||'.'|.'I.-.:‘g-...\w,;-,t._i-.':_!'.L\-: :r.:-| !.'.'"-'-l‘-.'.A|.J.'I.'."."|!'3 L'J. 2.11;“.- .-_-.|-I‘|ni-;;q:;ry wash-mtq‘nuflr -n:_-vg\;-_r..-._;.-_.,n.-_u;-,n_ur,,‘ EAT-=1;,t-.:\;{-'-‘.'.ll.'flrl‘-‘¢'i:"T—fi'i'vzt-"L'i:
`
`.-m.----,-; :21:na: a;:l'—:!::r:1::ur‘:imwm
`
`x”.-
`
`I :Li.||";p-I|' m}- l..-
`
`n .-
`
`
`
`A Certificate Management System: Structure, Functions and Protocols
`
`Nada Kapidzic
`nadak@dsv.su.se
`
`Alan Davidson
`alan@dsv.su.se
`
`Department of Computer and System Sciences
`Stockholm University & Royal Institute of Technology
`Electrum 230, 164 40 Kista, Sweden
`
`Abstract
`
`The Certificate Management System (CMS) is a net-
`worked system for generation, distribution, storage and
`verification of certificates for use in a variety of security
`enhanced applications. The structure of a certificate is
`defined in the X.509 standard. The Internet PEM specifi—
`cation describes the structure and functionality of a
`global certification hierarchy, as well as the structure of
`its internal messages. The approach described in this
`paper specifies new roles and responsibilities for certifi-
`cation authorities. By extending the existing specifications
`with fitnctions for the storage and retrieval of certificates,
`the CMS becomes functionally complete and immediately
`operable. Furthermore,
`it can operate either as an
`autonomous hierarchy, or integrated into a global system.
`
`1 Introduction
`
`those that
`in particular
`Many security protocols,
`support widely distributed security services,
`require
`authenticated public keys,
`i.e. certificates. The admini-
`stration of certificates includes their creation, storage,
`distribution, and verification.
`The CCI'I'I‘ 1988 X.500 series of recommendations
`
`[1] specify that creation of certificates should be performed
`by Certification Authorities (CA5). The format of certifi-
`cates and the method for their verification are defined in
`
`the X.509 standard. The responsibility for storage and
`distribution of certificates is deferred to X.500 directories,
`
`though as yet such directories are not widely established.
`RFC 1422 [3] supplements the X.509 standard with a
`framework for the creation and verification of certificates.
`
`It specifies an Internet wide hierarchical infrastructure of
`CAS with the Internet Policy Registration Authority
`(IPRA) as the single root. RFCs 1421-1424 [2-5] define a
`set of functions for the administration of the Certificates.
`
`They define the structure of PEM letters, which are in
`themselves a medium for the exchange of certificates. The
`
`PEM description of the administrative functions does not
`address the problem of certificate storage in the absence of
`the X500 directories.
`\‘
`
`This paper presents a Certificate Management System
`that implements all necessary functions for the admini—
`stration of certificates. This makes the system immediately
`operational without being dependant on other systems for
`certificate storage and distribution. By integrating all
`functions in one system it becomes possible to add new
`functionality as well as enhance the original functions.
`The paper contributes a description of relationships and
`roles of the system's agents, followed by a detailed and
`structured description of their functions.
`Compared to RFC 1422, the main differences in this
`approach are as follows:
`. It allows for the establishment of the autonomous
`
`hierarchies, each under a single PCA.
`. It defines additional functions for storage and distri—
`bution of certificates.
`
`- It elaborates on existing specifications by including
`design decisions that are relevant for the functional
`description of this system.
`
`2 The CMS structure
`
`The CMS is comprised of a number of co-operating
`CAs. The CA's principle role is in signing certificates,
`either of users or of other CAs, and thereby testifying that
`the certificate has a legitimate binding to the owner's
`Distinguished Name (DN) [1]. The CAs are required to
`uphold a single root hierarchical
`infrastructure. This
`simplifies certificate verification,
`since
`all
`certificate
`verification paths within the system are known to con-
`verge, in the worst case at the top.
`It is assumed that the system infrastructure is a strict
`hierarchy with unlimited depth, where each CA is certified
`by only one parent CA. This is not (strictly speaking) the
`case in the PEM specifications where one CA may be
`
`0—8186-7027-4/95 $4.00 © 1995 IEEE
`
`153
`
`Compass Bank, at al.
`Exhibit 1004
`Page 10
`
`Compass Bank, et al.
`Exhibit 1004
`Page 10
`
`

`

`"D'-Ii“W‘2Nina:
`
`
`
`_,...~-...
`
`certified by several PCAs. In fact from the PEM perspec-
`tive this discussion is limited to cover only part of the
`global structure, i.e. the sub-hierarchy underneath a single
`PCA.
`
`not been previously assigned to that CA by some other
`authority, the PCA will create it by deriving it from the
`parent's DN. If the DN has been previously assigned, the
`PCA will check that it conforms to the DN subordination
`
`Such a limitation may seem unreasonable if the CMS
`is primarily intended to support secure e-mail. However, a
`shift of perspective is warranted since this CMS is aimed
`not only to providing services for global security applica-
`tions but also for other security enhanced applications that
`do not presuppose global
`inter-connectivity. A CMS
`according to this perspective can function as an autono-
`mous system, though the section 7 discusses issues regard-
`ing integration of such local systems to the global certifi-
`cation hierarchy.
`
`2.1 The ‘roles of CMS agents
`
`Within the certification hierarchy, some CAs are
`given special roles and responsibilities (see Figure 1). The
`Policy Certification Authority (PCA) is the root of the
`hierarchy, which makes it the common point of trust for
`verification of all certificates in the system. Leaf CAs are
`responsible for the administration of users. Because of
`their special role in relation to the users, these CAs are
`named User Certification Authorities (UCAS).
`
`
`®
`
`i]
`
`
`
`Figure 1 - A Certificate Management System
`
`The PCA defines the security policy that all the CA5
`in its hierarchy are bound to follow. The policy specifies,
`among other things,
`technical and procedural security
`measures that are imposed on all the CMS agents of that
`hierarchy. In a global system the PCA must be responsible
`for making its policy available to all users of the system.
`The importance of this role is reduced in autonomous
`hierarchies.
`
`The PCA is responsible for the administration of the
`hierarchy structure. N0 CA can be added to the hierarchy
`without first registering its DN with the PCA. If 21 DN has
`
`requirement. For each CA in the system the PCA stores its
`DN and addressl. The PCA uses this information to
`resolve certificate requests when the address of the certifi—
`cate owner is not known (see 4.2).
`A separate role of the PCA is to serve as a repository
`for Certificate Revocation Lists (CRLs) [3] of all CAs in
`the system. Each CA and UCA periodically issues a CRL
`and sends it to the PCA. The users of the system can
`retrieve the CRLs from the PCA when needed for the
`verification of certificates.
`
`The registration of users‘ DNs is performed by the
`UCAs. Other CAs are not allowed to administer users,
`which is more restrictive than the model described in the
`
`PEM specifications. Users register their DNs with their
`UCA. The UCA can autonomously ensure that the user
`DNs are unique since the system imposes name subordi—
`nation. The UCAs store the DNs and addresses of all the
`
`users they register.
`The UCAs are the most suitable agents to provide for
`the expeditious storage and retrieval of user certificates in
`the absence of X500 Directories. After signing user cer-
`tificates UCAs return them to the owners and store a local
`
`copy. UCAs handle the distribution of user certificates
`since they can automatically and immediately respond to
`requests for certificates. This service is based on the
`assumption that the UCAs' addresses are normally deriv-
`able from the addresses of the users they certify (see
`section 4).
`Other CAs within the hierarchy do not perform any
`special functions. Their purpose is mainly to reflect the
`structure of the organisation that runs the CMS sub-hier-
`archy (whether the organisation is political, geographical
`or commercial). These CAs are not strictly necessary, as
`the PCA can certify UCAs directly. However,‘it is unlikely
`that such a flat \structure would be preferred to a more
`distributed hierarchy of authorities.
`The CMS User Agents (UAs) implement the interface
`between security applications and the CMS. They provide
`security applications with verified certificates either by
`retrieving them through the CMS or by reading them from
`a local certificate cache.
`
`All CMS agents perform local caching of certificates.
`Each CA keeps local copies of all the certificates in its
`certificate verification path, as well as the certificates of all
`its immediate subordinates, i.e.
`those it has issued. Each
`CMS UA keeps local copies of all the certificates that it
`
`1The form of the address depends on the means of communication used by
`the system. The current implementation uses lntemet e-mail addresses.
`
`154
`
`" .
`
`'I,".i .
`
`l m‘tr..'.r ~.|
`
`rI.-.:".-"---
`
`.r.:-r.-- ”rm-2r? "'..'
`
`'_ 1,“. ,-..-
`
`,.-.
`
`._... .e.‘
`
`'-.: ..'-.t.. L4": '.irw‘S-f
`
`4.!" I.".'-‘:"!:-'-'_ '--...:-.-. -.'.-..'-:
`
`.-'..:.'.:..
`
`'|.r.-.~ .-" .'.i'
`
`I"-
`
`wwrtmiz-li'stlflrfl. 115:;
`
`.1A‘}"4.'.:El-!<I;‘E..'_':aL'L':‘L‘Il.LE_".:.E'!'_':;. _.'_--i=:.i-.-L- {r.-:!I'_.'J.’J'r--iili _L._-:_:-_-;:':.~£atuuwuahs. ugln-r;:.ub.u..u\-k .
`
`.-|JL'-C _<-_-;-_.v.uu.u..:a_-.-m -r..:--..:-_..-. “IL-"J: ';uG.U.-..r.-n);- -.-u.'.
`
`rm 53523151,".
`
`Exhibit 1 004
`Page 1 .1
`-
`
`Compass Bank, et al.
`Exhibit 1004
`Page 11
`
`

`

`Ifip‘.rJ:nmn1§.t_::ll|_"IJ-_fo:ll_'y'| gr..- .- r: ---:.v.m;—.-...m“u.-e w- n_-u,-t-—.,._--..q;u ..‘u:' wan-am. - a m‘Sr-F‘TJItl.‘|'.h’.'.‘i:'.'.|I".liillli'.l'.‘.‘.-.'EL'!:
`
`:;=:'.-L=i.;;;:'n..'.'—.:.1-.|.-.':t.:'- -.-.-..‘.'." mum-rte 31.1-—Annamaria:.t.:.L-*.'-='.'s"c-'.:'..
`
`
`
`
`
`
` 132mm:
`.''.-§'v=i.'.'.{DHIfiTE-FLYJ",15173-31W
`
`
`
`has verified during its operative lifetime, for as long as
`they are valid.
`
`This will normally be performed for the whole certifica-
`tion sub-tree en masse.
`
`2.2 Functional classes
`
`For the ease of analysis and presentation the functions
`performed by the CMS may be classified into groups
`according to typical phases in the life of the system:
`- Establishment
`. Certificate Retrieval
`
`- Certificate Update
`. Certificate Revocation
`
`These are not mutually exclusive groups, since func-
`tions from one group can directly trigger those of another,
`e.g. when a certificate is updated, the old certificate must
`be revoked. This classification gives a better view of how
`the system's agents interact. The following sections give a
`detailed description of these functions. It should be noted,
`however, that error conditions that can occur are not cov-
`ered in this paper.
`
`3 Establishment
`
`In order to be certified by the CMS an agent has to
`supply its DN. If recognised naming authorities exist then
`they have the responsibility of allocating DNs [1]. In the
`absence of such authorities the task of creation of a new
`
`DN is not simple, since the DN has to conform to name
`subordination requirements and has to be unique. In the
`proposed CMS the PCA, together with UCAs, assumes the
`responsibility of naming authority if no other recognised
`authority exists. Therefore, establishment is divided into
`two phases: DN registration and certification, i.e. signing
`of a certificate.
`
`The certification hierarchy is established top-down,
`starting with the PCA. The PCA is established first, after
`which the CA5 at the next level of the certification hierar-
`
`chy can be registered and certified by the PCA. The proc-
`ess iterates down to the UCAs, which register and certify
`users at the bottom of the certification hierarchy.
`
`3.1 DN Registration
`
`In the absence of naming authorities, each CA sug-
`gests its Relative Distinguished Name [1] to the PCA. It
`also provides the DN of its parent CA, thereby specifying
`its position in the hierarchy. The PCA uses that informa-
`tion in order to construct a unique DN according to name
`subordination requirements. If a naming authority exists,
`then the CA should obtain the DN from there and present
`it to the PCA. Furthermore, the CA supplies the PCA with
`its address in order to provide the binding between DNs
`and addresses. The PCA updates its local database with
`the CA's DN, address and its position in the hierarchy.
`
`The PCA generates a configuration file for each CA
`using the information from its local database. Every CA in
`the hierarchy is then supplied with a configuration file
`through some secure medium. The file contains informa-
`tion on its DN, its position in the hierarchy and the PCA's
`certificate. From the file every CA also knows the DN and
`the address of the authority that certifies it, DNs and
`addresses of those it certifies, and the address of the PCA.
`In contrast to CAs, the UCAs configuration files are
`not complete when provided by the PCA. The PCA does
`not provide information about DNs and addresses of the
`users. That
`information is kept only by the particular
`UCA. Users are assigned their DNs by the UCA in a
`similar manner as the CA's by the PCA. The UCA must
`ensure the uniqueness of the user's DNs, which it can do
`independently due to the name subordination requirement.
`Users' configuration files are generated by the UCA in the
`same way as the CA's configuration files are generated by
`the PCA.
`
`3.2 Certification
`
`The process of certifying a new CA involves commu—
`nication between it and its parent. This communication
`consists of two messageszz Certificate Signature Request
`and Certificate Signature Reply. Their format is as pro—
`posed in RFC 1424 [5]. Figure 2 shows an example of
`certification of a CA where the parent CA is the PCA.
`
`
`
`Slgnoture
`Request
`
`Figure 2 - Certification of a CA
`
`Certification starts with the CA's generation of a pair
`of public and private RSA keys. A self-signed certificate is
`
`2In th