PROCEEDINGS
` |'l'II|'F_'!l'hL'fTS[J[31EI-f
`Symposium on
`Network and Distributed
`System Security E
`
` . N
`
`._,r'’
`
`_-;:_='.L
`
`February 22-23, 1996
`H San Diego,Ca|ifornia
`
`I
`
`® 2
`1
`
`33""-’*5'"*‘3'='5'3=""=°"r*=5=°§-""""'5-‘"° EXHIBIT- 1005
`Black Swamp IP, LLC V. VirI1etX, Inc.
`TUT) —.—CTTC'§ T\..4A..d.'\T.\
`"1'
`10
`
`

`
`gfroceedings ofthe
`
`Symposium on /jetwork and Distributed
`System Security
`
`

`
`Proceedings of the
`
`Symposium on Network and Distributed
`System Security.
`
`February 22. — 23, 1996
`
`San Diego, California
`
`Sponsored by
`
`The Internet Society
`
`Cfiflarursn SOCIETY
`5iiTEAIS D1‘ SERVICE ' 1916-1996
`
`Los Alamitos, California
`
`Washington
`
`o
`
`Brussels
`
`-
`
`Tokyo
`
`

`
`
`
`IEEE Computer Society Press
`10862 Los Vaqueros Circle
`P.O. BOX 3014
`Los Alamitos. CA 90720-1264
`
`A"
`’ ‘”"
`I-*2
`
`57.]
`
`
`
`--u-q..n-»¢c-u-6\:..-.;u:.¢,..--I
`
`Copyright @ 1996 by The Institute of Electrical and Electronics Engineers/, l_Ipc.___
`
`Allrightsreserved.
`
`ltjf
`
`Copyright and Reprint Permissions: Abstracting is permitted with credit to the source. Libraries may
`photocopy beyond the limits of US copyright law. for private use of patrons. those articles in this volume that
`carry a code at the bottom of the first page. provided that the per-copy fee indicated in the code is paid through
`the Copyright Clearance Center. 222 Rosewood Drive. Danvers. MA 01923.
`
`Other copying, reprint, or republication requests should be addressed to:
`Service Center. 445 Hoes Lane. P.0. Box 1331. Piscataway, NJ 08855-1331.
`
`IEEE Copyrights Manager,
`
`The papers in this book comprise the proceedings of the meeting mentioned on the cover and title page. They
`reflect the authors’ opinions and, in the interests oftimely dissemination, are published as presented and without
`change. Their inclusion in this publication does not necessarily constitute endorsement by the editors, the IEEE
`Computer Society Press, or the Institute a_fELectricol and Electronics Etgineers, Inc.
`
`IEEE Computer Society Press Order Number PR07222
`Library of Congress Number 95-82021
`ISBN 0-8186-7222-6
`
`Additionnl copies may be orderedfrom:
`
`IEEE Computer Society Press
`Customer Service Center
`10662 Los Vaqueros Circle
`P.0. Box 3014
`Los Alamitos, CA 90720-1264
`Tel: +1-114-821-8380
`.
`Fax: +1-714-821-4641
`Email: cs.books@comp1.1ter.org
`
`IEEE Computer Society
`13, Avenue de 1’AquJ.1on
`B-IEO Brussels
`BELGIUM
`Tel: +32-2-770-2198
`Fax: +32-2-170-B505
`euro.ofc@computer.org
`
`Computer Society
`Ooshima Building
`2-19-1 Minami-Aoyamn
`Minato-Im, Tokyo 107
`JAPAN
`Tel: +81-3-3408-3118
`Fax: +81-3-3408-3553
`I:okyo.ofc@computer.org
`
`Editorial production by Mary E. Kavanaugh
`Cover design by Danny M. Nesseu
`Cover production by Joseph Daigle
`Printed in the United States of America by KNI, Inc.
`
`® The Institute of Electrical and Electronics Engineers. Inc.
`
`4
`
`

`
`Proceedings of the Symposium on Network and Distributed Systems Security
`
`Table of Contents
`
`General Chair’sMe.tsage
`
`vii
`
`Program Chairs’ Message ....................................................................................................... viii
`
`Organizing Committee ............................................................................................................. .. ix
`
`Program Committee ................................................................................................................... ..x
`
`Privacy and Security Research Group ..................................................................................... xi
`
`Session 1-. Electronic Mail Security
`
`Chair: Stephen T. Kent —— BBN Corporation
`
`Mixing Email with BABEL ..................................................................................................... ..2
`C. Gitlcii and G. Trudi}:
`
`An Integration of PGP and MIME .......................................................................................... .. 17
`K. Yamamoto
`
`Session 2: Distributed Object Systems
`
`Chair: Danny M. Nessett — Sun Microsystems
`
`A Security Framework Supporting Domain-Based Access Control in
`Distributed Systems ................................................................................................................. .26
`N. Yialelis and M. Sloman
`
`Panel -— Scalability of Security in Distributed Object Systems ............................................... ..4(}
`Moderator: Danny M. Nessett — Sun Microsystetns
`Panelists: Bret Hartman — Odyssey Research Associates
`Danny M. Nessett —— Sun Microsyttems
`Nicholas Yialelis -—— Imperial College, London
`
`Session 3: Distributed System Security
`
`Chair: Michael Roe —-~ University ofCambridge
`
`A Flexible Distributed Authorization Protocol ........................................................................ ..43
`1.31 Troetic and B.C. Newman
`
`Preserving Integrity in Remote File Location and Retrieval ..................................................... .. 53
`TI Jaeger and 11.13. Rubin
`
`C-HTTP -— The Development of a Secure, Closed H'I‘I'P-Based Network on the Internet ....... .. 64
`T. Kiuchi and S. Kaihara
`
`

`
` IEEE computer Society Press
`
` ® IEEE computer society
`
`
`
`
`IEEE computer society Press Publications
`
`Press Activities Board
`Vice President: Joseph Boykin, GTE Laboratories
`Jan '1‘. Butler, Naval Postgraduate School
`Elliot J. Ghikotaisy, Nortizealtsna University
`James J. Farrell III, Motorola Corp.
`Mohammad E. Fayed, University ofNevada
`I. Marl: Hess, Bell Northern Research, Inc.
`Ronald G. Hoalzeman, University ofPittsburgh
`Gene 1?. Hoifnagle, IBM Corporation
`John R. Nicol, ME Laboratories
`Yale N. Putt, University ofhiichigsn
`Benjamin W. Wail, University of Illinois
`
`Press Editorial Board
`Advances in computer science and Engineering
`Eiditor-in-Chief: Jon '1‘. Butler, Naval Postgraduate School
`Assoc. Elcliteqcisitions: Prsdip K. Brinrsni. Colorado late Univeraity
`Dharraa P. Ag:-awal, North Carolina State University
`Road Balls. IBMTJ; Watson Research Center
`‘lfiiay K. Jain. University ofsooth Florida
`Yutala Kanoyeme, Naval Postgraduate School
`Gerald M. Manson, The Johns Hopkins University
`Sudha Ram. University ot‘Ar-inona
`David C. Blue, George Mason University
`A.R..I{. Sentry, Rockwell International Science Ocuier
`Ahhiiit Senlllilta. University ofSouth Carolina
`Mukechslnghsl. Ohiostote Univar-si_t;_ l
`.
`Scott M. Stevens. Carnegie Mellon-Uxiiilereity
`ofcslgory
`' Ronald D. ‘Williams, Umfirsrstty ofVir:I.mI''
`Lotfi Zadeh,
`of Galifornia. Berkeley
`
`"
`
`.
`
`Press Staff
`'1‘. Michael Elliott, Executive Director
`H. ‘has Scabcm. Publisher
`Matthew . Lash, Assistant Publisher
`Catherine Harris. Manager, Press Product Development
`Mary E. Kavauaugh, Prodnctim Editor
`mi: O'Connor, Production Editor
`Regina Spencer Sipple, Production Editor
`Penny Storms, Production Editor
`Robert Werner. Production Editor
`Frieda Koester. Mei-ketingfsaies Manager
`Thomas Fink, AdvertisingfP1-orootions Manager
`
`Offices of the IEEE Computer Society
`Headquarters Oflice
`1730 Massachusetts Avenue, N.W.
`Washington. DC 20036-1903
`Phone: (202) 371-0101 — Fax: (202) 728~9B14
`E-mail: hq.o£o@oornputsr.or¢
`
`~
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CS Press publish, promotes, anddistributesever20 original and
`reprint computer science and engineering tents annually. Original
`bocl:econsistof100percantoriginalmatsrial;rapzintbco1:socntein
`a carefully selected group of previously published papers with
`accompanying original introductory and explanatory text.
`
`Submission ofproposole: li'orgnideli.aesonpreparingG5Pmg5
`hooks, write to Manager, Press Product Development, IEEE
`ComputsrSocietyPr-ass, E0. Boxiiolt, 10662 LosvaquerosCircle,
`Les Alamltos, GA 90720-1264, or telephone (714) 8216380.
`
`Purpose
`
`ThalEEE Computersociaty advances the thsoryand practice of
`computer science and engineering, promotes the exchange ofteeh-
`ntcel information among 100,000 members worldwide. and pro-
`vides a voids range ofsarvices to members and nonmembers.
`
`- lilemberehlp
`
`All members recaivethe monthiymagnzine Campuundisconmta,
`and opportunities to serve (all activities are led by volunteer
`members). Membership is open to all IEEE members, aiiiliate
`society members. and others interested in the computer field.
`
`Publications and Activities
`
`Computer Society On-Line: Provides electronic access to ab-
`stracts and tables cfcontsnta from society periodicals and confer-
`ence proceedings, plus information on membership and volunteer
`activities.Toaccess, telnet totheInternetaddressinfo.cempuier.org
`(user i.d.: guest).
`
`Computer magazine: An authoritative, easy-to-read maga-
`zine containing tutorial and in-depth articles on topics across the
`computer field, plus news, conferences. calendar, interviews. and
`product reviews.
`
`Periodicals: The society publishes 10 magazines and seven
`research transactions.
`
`conference proceedings, tutorial texts, and standards
`documents: The Computersociety Press publishes more than 100
`titles every year.
`
`stander-dsworking groups: Over 200 ofthessgroupsproduca
`IEEE standards used throughout the industrial world.
`
`Technical committees: Over 29 ‘PCs publish newsletters,
`provide interaction with peers in specialty areas, and directly
`influence standards. coats:-eases. and education.
`
`Conferenceslilducutionz The ociety holds about 100 condor-
`ences each year and sponsors many educational activities, includ-
`ing computing science accreditation.
`
`Chapters: Regulsrand student chapters worldwideprovide the
`opportuaitytointeract with colleagues. hear technical experts, and
`serve the local professional community.
`
`enqsuu-¢.n.—_aa.-—a—p-u-a-on.--nuns:
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Publications Oiiice
`
`P40. Box 9014:
`
`
`10552 Lee Vaqusros Circle
`Los Alamitos. CA 9W20-1264
`Membership and General Information: (714) 321-8380
`
`Publication Orders: (800) 212-6657- Fax: (T14) 821-4010
`E-mail: ca.books@compnter.or-g
`
`
`
`
`
`European Oflics
`
`13, avenue de lktquiloo
`
`B-1200 Brussels, BELGIUM
`Phone: 32-2-1'70-21-98 — Fax: 82-2-770-85-06
`
`
`E-mail: our-o.of@compnter.org
`
`Asian Office
`Ooshima Building
`2-19-1 Mineoai-Aoyolna. ifutatc-lru
`Tokyo 107, JAPAN
`
`Phone: 514-408-3118 — Fax: 81-3-403-3553
`
`E-mail: lack}-o.of@omputer.org
`
`
`
`
`
`
`
`
`i-‘lsvissd 11115195
`
`5
`
`

`
`C-HTTP -- The Development of a Secure, Closed HTTP-basal Network
`on the Internet
`
`Takahiro Kiuchi
`Department ofEpidemiology and Biostatistics
`Faculty of Medicine, University ofTokyo
`7-3-1 Hongo, Bunkyo‘-ku, Tokyo 113, Japan-
`
`Shigekoto Kaihara
`Hospital Computer Center
`University of Tokyo Hospital
`7-3-1 Hongo, Bunkyo-ku, Tokyo 113, Japan
`
`Abstract
`We have designed "C-HTT " which provides secure
`HTTP communication mechanisms within a closed group
`of institutions on the Internet, where each member is
`protected
`by
`its
`own
`firewall.
`CLHTTP-based
`communications are made possible by thefizllowing three
`components: a client-side proxy, at server-side proxy and
`o C-HTTP name server. A client-side proojy and server-
`side proxy communicate with each other using a secure,
`encrypted protocol while communications between a user
`agent and client-side proxy’ or an origin server and
`set-verasicte proay are performed’ using current HTI?/1.0.
`In a C-HTTP-based network, instead ofDNS, or C-HTI'P—
`based secure. encrypted name and certification service is
`used. The aim of C-H77’? is to assure institutional level
`security and is diflerent in scapefi-om other secure HTIZP
`protocols currently proposed which are oriented toward
`secure end-to-end HTIP communications
`in which
`
`security protection is dependent on each end—user.
`
`1. Introduction
`
`.
`
`In the medical community, there is a strong need for
`closed networks among hospitals and related institutions,
`such as coordinating centers for clinical trials or clinical
`laboratories. Secure transfer of patient information for
`clinical use is obviously essential. In addition, some
`medical
`information has to be shared among some
`hospitals, but it should not be made available to other
`sites. ‘I‘his includes, for example, information concerning
`multi-institutional clinical trials and documents for case
`conferences although patients‘ names are usually not
`specified in such information. In this paper, we discuss
`the design and implementation of a closed I-l'l‘I'P
`(Hypertext Transfer Protocol)-based network (C-1-l'I'I'P)
`which can bcbuilt on the Internet.
`
`2. Design and specification of C—HTI‘P
`2.1 Overview
`C-HTTP is assumed tobcusedin a closed group of
`institutions on the Internet, in which each member is
`protected
`by
`its
`own
`firewall.
`C-I-I'I"l'P—basod
`communication is made possible with the following three
`components: 1) a client-side proxy on the firewall of one
`institution, 2) a server-side proxy on the firewall of
`another institution and 3) a C-I-ITTP name server, which
`manages a given C-I-I'I'l'.P-based network and the
`information for its all proxies. A client-side proxy and
`server-side proxy communicate with each other using a
`secure, encrypted protocol (C-HTTP). Communications
`between two kinds of proxies and H'I'I'Pll.0 compatible
`servershlser agents within the firewalls are performed
`based on I-I'I'I‘Pl1.0 with current C-H'l."I'P implementation
`under way[1]. The DNS name service is not used for
`hostname resolution as the original secure name service,
`including certification,
`is used for the C-I-lT'I'P—bascd
`network. A summary of the protocol specification is
`described in the Appendices.
`
`2.2 Security technology and key information
`In C-I-I‘l’I'lf, five kinds of security technologies are used.
`They are: 1) asymmetric key encryption for the secure
`exchange of data encryption keys between two types of
`proxies and host information between a proxy and C-
`HTTP name server, 2) symmetric key encryption for the
`encryption of C-l-l'I'I‘P encrypted headers and HTTP}1.0
`requests, 3) electronic signature for the requestlresponse
`authentication, 4) a one-way hash fimction for checking
`data tampering and 5) random key generation technology.
`In the C-H'ITP name service, symmetric encryption is not
`used because the amount of information transferred is
`small.
`
`Each client-side or server-side proxy has its own
`private and public asymmetric keys and the C~H’I‘TP
`name server's public key. Proxies do not exchange their
`
`0-8186-7222-6196 $5.00 0 1996 IEEE
`Proceedings ofSNDSS ’96
`
`64
`
`

`
`public keys with each other directly. Instead, the C-H'I'I'P
`name server provides both client-side and server-side
`proxies with each peer's public key. In addition, Nonce
`values for both request and response are also generated
`andprovidedbythe C-H’I'I'Pnameserver, which will be
`specified as
`initial values
`in Request-Nonce
`and
`Response-Nance headers contained in the first C-H'I'I'P
`request dispatched by a client-side proxy and in the first
`C-H'I'I'P response dispatched by a server-side proxy,
`respectively. The C-H'I'I'P name server manages its own
`private and public asymmetric keys and the public keys of
`all proxies which participate in the closed network Two
`data encryption keys (symmetric keys) for requests and
`responses respectively are generated randomly during
`each C-H'I'I'P session.
`An origin server which is compatible with H'l'I'P/1.0 is
`responsible for user authentication if necessary. It uses
`the
`built-in
`I-I'I'I'Pl1.0
`authentication mechanisnt
`Information concerning a user's
`ID, password and
`security realm (HTTP/1.0) are encrypted by proxies and
`aretransferredonlyinencryptedformthroughthe
`Internet. Replay attacks are blocked by checking values of
`the Request-Nonce header field of each request.
`When a given institution wants to participate in a
`closed network, it must 1) install a client-side and/or
`server-side proxy on its firewall, 2) register an IP address
`( for a server-side proxy, a port number should also be
`registered) and hostnarne (which does not have to be the
`same as its DNS name) for a firewall gateway, 3) give the
`proxy's public key to the C-H'I'I'P name sewer, and 4)
`obtain the C-H'I'I'P name server's public key. In the
`present C-H'I'I'P specification,
`there is only one name
`server in a given C-H'I'I'P network, although one can
`define any possible combination of closed subnetworks
`within the network.
`
`2.3 C-HTTP-based communication
`C-H'I'I'P-based
`communication is
`follows:
`
`summarized
`
`as
`
`1) Comrection of a client to a client-side proxy
`A client-side proxy behaves as an HTTPILO compatible
`proxy, and it should be specified as a proxy server for
`external (outside the firewall) access in each user agent
`within the firewall.
`In C-H'I'I'P, as diiferent
`from
`ordinary HTTP, a session (virtual C-HTI'P connection) is
`established between a client-side proxy and server-side
`proxy and, thus, it is not stateless. The session is finished
`when the client accesses another C-H'I'I'P server or an
`ordinary WWW server or when the client-side or server-
`side proxy times out. The following ad-hoe mechanism is
`employed to define a session in statelws I-l'I'l'P/1.0-based
`communication between a client-side proxy and user
`
`agent. Supposethatthel-l'I'MI.speci:liedinFigure (a)is
`retrieved and sent to a client-side proxy alter a C-I-lT'l‘P
`session is established. In the client-side-proxy, the HTML
`document
`is rewritten as specified in Figure (b) and
`forwardedtoauseragentwhenoneoftheseresource
`names with a connection ID, for example,
`"http:l/server.in.current.oonnection/sarnple.html=@=6zd
`DfldfcZLj8VIi" in Figure (b), is selected and requested by
`an end-user, the client-side proxy takes of the connection
`lDandforwardsthestripped,theorigina1resourcename
`to the server in its request as described in Figure (c).
`WhentheconnectionIDisnotfound inthecurrent
`‘connection table in the client-side-proxy,
`the current
`connection is disconnected. Thus a new connection is
`established if the host is in the closed network and an
`ordinary I-l'I'I'Pl1.0 request is dispatched otherwise.
`
`2) Lookup of server-side proxy information (Appendix 3.
`a.b)
`A client-side proxy asks the C-H'I'I'P name server
`whetheritcancomnrunicatewiththehostspecifiedina
`givenURL. Ifthenameserverconfirrnsthatthequeryis
`legitimate, it examines whether the requested server-side
`proxy is registered in the closed network and is permitted
`to accept the connection from the client-side proxy. If the
`connection is permitted, the..C-H'I'I'P name server sends
`the IP address and public key of the server-side proxy and
`both request and response Nonce values. If it is not
`permitted, it sends a status code which indicates an error.
`If a client-side proxy receives an error status. then it
`
`Both the request to and response from the C-H'I'I'P
`name
`server
`are
`encrypted
`and
`certified,
`using
`asymmetric
`key
`encryption
`and digital
`signature
`technology.
`
`for connection to the server-side proxy
`3) Request
`(Appendix 3. c)
`WhentheC-H'I'l‘Prrameserverconfinnsthatthe
`specified server-side proxy is an appropriate closed
`network member, a client-side proxy sends a request for
`connection to the server-side proxy, which is encrypted
`using the server-side proxy’s public key and contains the
`client-side proxy's IP address, hostname, request Nonce
`value and synunetric data exchange key for request
`encryption
`
`4) Lookup of client-side proxy information (Appendix 3.
`do)
`for
`server-side proxy accepts a request
`When a
`connection from a client-side proxy, it asks the C-H'I'I'P
`
`65
`
`

`
`Figure. Conversion of stateless HTTP to
`statefui C—HTTP
`
`a. The HTML document sent from a origin server to a
`client-side proxy
`
`<TlTLE>5tAMPLE</TlTLE>
`
`<BODY>
`
`b. The HTML document rewritten and forwarded to a
`use agent by the client-side proxy. The string.
`'6zdDfidfcZI.j8V!i'. attached to the end of the URLs
`is a connection ID
`
`"http:/[ancther.server.in.closed.network/=@=6zdDfl
`
`Please click here.I</A>
`<A HREF =
`
`ac. H'lTP/1.0 request from the user agent (I) and
`HTFP/i .0 request encrypted and wrapped in C—H'lTP
`request dispatched by the client-side proxy (2)
`
`(1)
`
`GET "http://server.in.cu rrent.connectton/
`samp|e.html=@=6zd DfldfcZt.j8V!i"
`HT|'Pl1.0<CR><LF>
`
`HTi'Pll .0<CR><LF>
`
`(2)
`
`GET 'http://server.In.cu rrent.connection/
`sarnple.html'
`
`66
`
`an
`the client-side proxy is
`name server whether
`appropriate member of the closed network. If the name
`server confirms that the query is legitimate,
`it then
`examines whether the client-side proxy is permitted to
`accesstotheserver-sideproxy. Ifaccessisperrnitted,the
`C-HTTP name server sends the IP address and public key
`of the client-side proxy and both request and response
`Noricevalues,whicharethesarrreasthosesenttothe
`client-side proxy. The C-I-I’I'l‘P name server keeps both of
`the Nance values for thirty seconds. If not, it sends a
`status code which indicates an error and the server-side
`proxy refirses the connection from the client-side proxy.
`
`5) Connection establishment (Fig. 21)
`When the sever-side proxy obtains the client-side
`proxy's
`IP address, hostname and public key,
`it
`authenticates the client-side proxy, checks the integrity of
`the request and the request Nonce value and generates
`both a connection ID derived front the server-side proxy's
`name, date and random numbers (32 bits) using MD5,
`and also a second symmetric data exchange key for
`response encryption, which are sent to the client-side
`proxy. When the client-side proxy accepts and checks
`them, the connection is established.
`
`6) Sending C-HTTP requests to the server-side proxy (Fig.
`28)
`Once the connection is established, a client-side proxy
`forwards I-IT'I'.P/1.0 requests from the user agent
`in
`encrypted form using C—HTTP format.
`
`7) Forwarding requests to an origin server
`Using I-1'ITPll.0, a server-side proxy communicates
`with an origin server inside the firewall. From the view of
`the user agent or client-side proxy, all resources appear to
`be located in a server-side proxy on the firewall. In reality,
`however, the server-side proxy forwards requests to the
`origin server. It is possible to map any ofthe virtual
`directories on the server-side proxy to any of the
`directories in one or more origin servers inside the
`firewall.
`
`8) Origin server responses to the user agent through the
`server-side and client-side proxies (Fig. 2h)
`An HTTP/1.0 response sent from the origin server to
`the server-side proxy is encrypted in C-I~1'I'I‘P format by
`the server-side proxy, and is forwarded to the client-side
`proxy. Then,
`in the client-side proxy.
`the C-H'I'I'P
`response is decrypted and the HTTPl1.0 response
`extracted. Ifthe transferred object is in HTML format, the
`connection ID is attached to the anchor URLs contained
`in the document. The resulting HTTP!1.0 response is sent
`to the user agent.
`
`

`
`9) Request for closing the connection (Appendix 3. ij)
`A client-side proxy can send a request for closing the
`connection The server-side proxy returns a status which
`indicates the connection is closed On the other hand, if
`the server-side proxy detects that a given connection
`times out,
`it deletes
`the connection ID from the
`connection list, informing the client-side proxy that the
`connection is closed when an error status is returned in
`response to the request.
`
`3. Trial implementation
`Trial implementation is under way using 1) RSA as the
`asymmetric key encryption method (OSISEC RSA
`1ihrary)[2], 2) DES as the symmetric key encryption
`method (GNU DES library)[3], 3) RSA as the electronic
`signature method (OSISEC RSA hbrary) and 4) a one-
`way hash function based on MD5[4]). As for random key
`generation, programs included in the OSISEC RSA
`library and GNU DES library are used for RSA
`asymmetric keys and DES qrmrnetric keys, respectively.
`In the implementation, we employed the following
`methods to enhance security.
`
`' 1) Key protection
`InC-HT'I'P, lceysarestoredonlyonthefirewallofa
`given institution. C-HTTP proxy software is provided as
`sourcecode, andtheloeysaredesignedncttobestored in
`a separate "key file." A key generation program generates
`a C program file, which contains key information for
`proxies.
`It
`is more diflicult to steal keys using this
`methodthaniftheywere storedinasepararefile.
`
`2) No simultaneous data transfer to both sides
`' Only ‘alter
`all the data transferred from one
`side, does a proxy server begin to forward it to the other
`side, except for image and sound data. In this method, the
`performance ofdata transfer is not good, however, the
`data transfer
`is separated between the internal and
`external sides. For the secure implementation of this
`feature, the size of HTML documents and object bodies
`should be limited and checked by each proxy. We plan to
`implement routines which check the contents of object
`bodies (especially concerning form data used in POST
`method) in the future.
`
`3) Closure of TCP connection after each transaction
`C-H'I'I'P itself is stateful, but the TCP connection is
`closed after each transaction (request and response pair)
`in order to reduce the possibility of it being intercepted by
`attackers.
`
`4. Discussion
`
`4.1 Why HTTP?
`It is possible to develop a secure application level
`protocol available only to a closed group in the Internet,
`making use of cipher technology. The reasons we chose
`I-l‘ITP as the communication protocol
`for a closed
`network are as follows:
`
`1) Flexibility ofHTTP
`been
`have
`protocols
`Diflerent
`application level
`developed for
`network services, such as Fl‘P,
`SMTP, NNTP or GOPHER[S],[6],[7],[8]. HTTP has the
`flexrbilitytobeabletoprovideservicessimilartctlrose
`which have been provided by these protocols
`. For
`example, file transfer by FTP is accomplished by the
`object
`transfer mechanism of I-l'I'I'P ‘and,
`from a
`frmctional viewpoint,
`the Gopher protocol can be
`considereclasubsetofl-I'I'I‘P.Internetnewsand
`electronic mail services are available with an I-lT'I'P-
`based graphical user interface via gateways for protocol
`conversions[9]. Electronic mail services withina given
`group of institutions can be also developed using H'I'I'P
`and CGI (Common Gateway Interface)[10].
`
`2) Hypertext-based user-friendly graphical interface
`UsingH'I'I‘PandtheHypertextMarkupLanguage
`(I-ITML), distributed multimedia information systems
`with user-friendly graphical interfaces based on hypertext
`can be easily developed[l1].
`
`3) User agents and servers available on almost all
`platforms
`HTTP has now gained widespread popularity and
`various kinds of user agents and servers are available on
`almost all platforms. Even if new protocols for closed
`networks are developed which are superior in function or
`flexibility, new clients and servers have to be developed
`for compatibility, which is costly and an obstacle to their
`universal acceptance.
`
`4.2 Proxy-proxy vs. end-to-end secure HTTP-
`based infornratiort exchange
`As for hospitals, fiom which the Internet is available,
`in-hospital networks are usually protected using a dual
`home gateway and packet filter (firewall) and the Internet
`can only be accessed through proxies on the firewalls
`The role of proxies irt HTTP communication has been
`considered as important in communicating over firewalls
`and nansferring information efiiciently by caching. Other
`secure HTTP protocols are designed to be implemented in
`origin servers and user agents in order to assure "end-to-
`end" security protection[ 12-15]. Our approach is aimed at
`
`67
`
`10
`
`

`
`assuring proxy-proxy security and is
`different from theirs.
`
`fundamentally
`
`All proposals for secure I-ITIP communications are
`designed to be secure against the following attacks: 1)
`network tampering, 2) replay attacks and 3) middle of the
`man attaclt[l2-15]. C-HTIZP is also designed to be secure
`against these attacks anti, in addition. it has the following
`enhancements for security protection.
`
`2*
`
`1) No end-user has any chance to obtain keys for
`encryption or decryption.-
`Much cost and time are necessary to decode ciphers»
`which have been used for a long time and are considered
`confidential, such as DES or RSA, so an easier and more
`practical way to obtain original
`information is not
`to
`decode them, but to "steal a key" instead It is not realistic
`for hospital
`information managers to expect
`that all
`individual end-users, including those who connect their
`PCs to in-hospital LANs, manage their keys in a secure
`manner.
`
`As currently proposed secure I-I'I"l'P' protocols aim at
`providing end-to-end security mechanisms, responsibility
`for security is attributed to each individual user. Secure
`transfer of data
`exchange keys
`is performed by
`exchanging public keys (in most cases with certificates)
`between both parties. In this situation, once a private key
`is stolen, it is possible to obtain information from WWW
`servers outside the hospital.
`Undoubtedly,
`the purpose of security protection is
`secure commercial
`information services or on-line
`shopping sewices which are provided by profit-making
`companies for the masses. For commercial services. it is
`reasonable that individual users (payers) are responsible
`for “their own risks," but, as for patient information, it is
`each hospital
`that
`should be responsible for "their
`patients‘ risks.“ Each hospital should take measures to
`assure security at the institutional level.
`
`2) Name service
`
`As C-HTTP includes its own secure name service,
`which contains a certification mechanism, it is impossible
`to know the IP address of a server-side proxy even if its
`C«H'l"I'P hostname (not necessarily the same as its DNS
`name ) is known and vice versa. The C-1-l"l"I'P name
`service is efficient because it can do name resolution and
`host certification simultaneously.
`
`3) Difliculty in accessing from outside the closed network
`It is -difficult to access any servers in a closed network
`from outside. A cracker has to take the following steps:
`
`a) To find the IP address and port number of a server-side
`P703)’
`
`b) To get the public key of the server-side proxy in ord
`to send avalid C-H'I'I‘P request for C-HTTP connection.
`c) To make a TCP connection to a target server-side
`proxy using a certain client-side proxy's IP address
`d} To make the server-side proxy believe that request
`comes front a legitimate client-side proxy within the
`closed network. For this,
`it
`is necessary to know the
`private key and C-1-l'I'l‘P hostnanre of the client-side
`P1'°xY-
`
`There are other merits in favor of C-I-l’I‘I'P over other
`secure HTTP protocols, although they are not the original
`purposes of the development.
`
`1) Easy installation
`A C-I-l'I"I'P based network is made available simply by
`installing proxies on the firewall and registering their
`information with the C-I-1'I"I'P name server. Current
`I-ITTP/1.0 compatible servers and clients can be used as
`they are.
`
`2)Simp1icity
`There are no negotiations concerning security options
`or type and representation of objects in C-HTTP because
`C-HI'I'P-based
`communication
`is
`performed
`only
`between two types of C-HTTP proxies and between a C-
`I-I'I'I'P proxy and C-I-ITTP name server. They do not
`communicate directly with various types of user agents
`and servers using C-HTTP. Negotiations concerning type
`and representation of objects are done between an origin
`sewer and user agent, using H'I'I'P./1.0. As for these
`negotiations, C-HTTP is transparent to both of them.
`This makes the design and implementation of C-I-l'l'l‘P
`simple.
`
`3) Easy manipulation by end-users
`End-users do not have to employ security protection
`procedures. They do not even have to be conscious of
`using C-HTTP based communications.
`
`4.3 Disadvantages and limitations
`Our proposal has some disadvantages and limitations,
`and it should be used where its use is appropriate and
`suitable, taking them into account.
`The key technology used in the Internet is dedicated to
`assure
`connectivity between the
`huge number of
`computers, which may be added or removed at any time.
`Such connectivity is attractive to commercial companies
`and, in this context, it is necessary to develop technology
`which assures secure communications between a huge
`number of computers.
`Our system is assumed to accommodate up to a few
`hundreds proxies. This number is much smaller than that
`
`'11
`
`
`
`....u-........—._...——..........._i._.._
`
`
`
`
`
`

`
`needed for most commercial purposes. In addition, a new
`proxy should be registered manually to the centralized
`name server. For the management of huge number of
`proxies, another mechanism for proxy management is
`necessary-
`
`Besides the above mentioned reasons, it is desirable for
`us, or the medical community,
`to obtain license-free
`sofiwarewith souroecode. It isnotalways necessaryfora
`given closed group to adopt "standards." It can modify
`C-l-ITTP or develop its own new protocol, based on C-
`I-I'I'I'P.
`
`4.4 Relations to other secure HTTP protocols
`C-H'I'I'PisnotanalternativetoolhersecureH'I'l'P
`
`proposals. but it can co-exist with them Although the
`current C-I-l'I'I'P implementation assumes the use of
`lfl"ll’Il.0 compatible user agents’ and servers,
`it
`is
`possible
`to develop C-I-I'I'I'P proxies which
`can
`communicate with other secure HTTP compatible user
`agents and servers.
`If C-I-IT'I'P is used with these
`protocols,