Authenticated Traversal

Carl Gunter
University of Pennsylvania

Monday, January 20, 2:00PM
Lieb 3rd floor Conference Room
 

Abstract


In establishing a connection between a client and server it is common for one or more elements on the communication path to review and approve or reject the connection request. Firewalls, routing gateways, access points, and proxies often act as such security gateways. When it is necessary to establish an encrypted channel, it is often desirable to obtain authorization for the communication request at security gateways without breaking end-to-end confidentiality between client and server. This talk describes an architecture for authenticated paths through multiple security gateways. I will describe a general protocol based on IPSec and a derived protocol that optimizes header overheads when IPSec is used in connection with TLS. I will describe a theoretical analysis and an implementation based on Apache/OpenSSL and communication across FreeBSD firewalls and routers.


Biography

Dr. Gunter received his BA from the University of Chicago and his PhD from the University of Wisconsin at Madison. He worked as a postdoctoral researcher at Carnegie-Mellon University and the University of Cambridge in England before joining the faculty of the University of Pennsylvania in 1987, where he is now a Professor of Computer and Information Science, Director of Penn Security Lab, and Professor of Electrical and Systems Engineering. He does research and teaches at Penn in his areas of technical expertise: security, networks, programming languages, and software engineering. His work includes contributions to the foundations of programming languages, the design of functional and object-oriented programs, languages for networks and security, and formal methods in software engineering.