*
Quick Links|Home|Worldwide
Microsoft*
Search for

Tuomas Aura

Tuomas Aura

Researcher

Address: Microsoft Research, Roger Needham Building, 7 J J Thomson Avenue, Cambridge CB3 0FB, United Kingdom

Telephone: +44 1223 479708 Mobile: +44 7929 848 823 Email: tuomaura@microsoft.com

Selected projects

Infrastructureless security for Internet mobility and IPv6

Like all new technologies, mobility creates new security issues. If location updates are not authenticated, attackers could spoof them in order to cause denial of service or to hijack data and connections. The challenge in Internet protocols, such as Mobile IPv6, is that there is no global security infrastructure (e.g., PKI or AuC) for the authentication. We developed routing-based infrastructureless authentication solutions that prevent spoofing of location information. We also discovered the so-called bombing attack, a packet-flooding attack in which the attacker redirects data streams to the target by telling the sender that it has moved to the target address. Similar problems appear in almost any mobility and multihoming solution for the Internet. Our return-routability protocol is now part of the Mobile IPv6 standard and has become the baseline security solution for new mobility protocols.

Mobile nodes often roam on insecure local links where some nodes may be malicious. The secure neighbor discovery (SEND) for IPv6 prevents some common on-link attacks (e.g., ND spoofing, the IPv6 equivalent of ARP spoofing). The protocol uses cryptographically generated addresses (CGA), which include a hash of the computer's public key in the interface-identifier part of the IPv6 address. (See also the RFC.) Since the interface identifier only has about 62 bits available for the hash, the mechanism could be vulnerable to brute-force attacks. For this reason, I developed the idea of hash extension, which almost magically stuffs >64 hash bits into <64 bits.

Privacy implications of mobility and other new services

New communications technology always has implications for the privacy users. One such question is whether mobile computer users can move around anonymously. We looked at the issue of location privacy from the point of view of casual observers at the access link. Network chatter, in particular failed attempts to connect to services that are not available on the current link, reveals a lot of information about the user identity and affiliations. The chatter originates from all layers of the protocol stack and from so many different applications that there is no simple way to prevent it. We suggest the following policy: computers should discover or connect to services automatically only when they can identify the network and knows that the service is available on that network. This requires a secure mechanism for recognizing networks, such as our secure network location awareness protocol, which is based on public-key authentication of DHCP servers. The algorithms that we used to detect and analyze network chatter were also useful for detecting PII leaks in digital documents.

IPsec and distributed security policies

The IPsec security architecture has been designed mainly for VPN tunnels, yet it is often assumed that it can be used for all authentication and confidentiality requirements that ever arise in the Internet. When transport-mode IPsec was deployed at Microsoft, we found that it is not easy to configure IPsec for host-to-host protection. Initially, we wanted to find easier, compositional ways of specifying security policies. It turns out, however, that there are fundamental problems with the IPsec architecture. Indeed, my current understanding is that security should not and cannot be implemented as a transparent layer deep in the protocol stack because each protocol layer and application has different security requirements, inluding different identifiers and roots of trust for authentication.

Teaching network security

I am a professor at the Department of Computer Science and Engineering, Helsinki University of Technology (TKK), and lecture a course on network security at University College London (UCL). The slides from the UCL course are below. (Some animations won't work in PDF. Please ask for the PowerPoint files if you want to use these as the basis of your own lectures.)

  1. IP networks, network security threats
  2. Cryptography, email security
  3. PKI
  4. TLS/SSL
  5. Kerberos
  1. Security protocols
  2. Firewalls
  3. IPsec
  4. Wireless LAN
  5. GSM and 3G authentication
  1. Multicast and broadcast security
  2. Security of Internet mobility
  3. Cryptographically generated addresses
  4. Anonymity
  5. Network-software security

Publications

Most of my publications are available online (with abstracts).


©2008 Microsoft Corporation. All rights reserved. Terms of Use |Trademarks |Privacy Statement