Proxy certificates are public key certificates and typically used for credential delegation and single-sign on in Grid Security Infrastructure (GSI). Credential delegation allows a user to delegate its authority to another user or application to perform tasks on her behalf. In this paper we present our implementation of a use case for on-demand provisioning of proxy certificate using Firefox browser. Our solution demonstrates that Mozilla NSS library can be used as an alternative to Open SSL based tool used in the Globus Toolkit for provisioning proxy certificates in GSI. The proxy certificate signing tool described in this paper is implemented as a component of our Firefox extension, called KeyManager, for key generation and certificate enrollment.

In this paper we present the architecture and implementation of our Firefox extension for XML digital signature processing. This extension uses the Apache XML security C library (version1.3), which implements the W3C standard for XML signature syntax and processing. This Firefox extension provides an XPCOM IDL based API for wrapping C++ based Apache XML security library. The XPCOM IDL based API allows any Firefox based extension or other XPCOM based entities to access XML Security library using JavaScript. In addition, this tool also provides XUL based GUI for specifying various parameters for manually signing XML files and verifying signed XML files. We also present the architecture and implementation of the tool for creation of self-issued SAML token for digital identity as an application of the XML Digital Signature processing extension.

Start with a necklace consisting of one white bead and one black one, and add new beads one at a time by inserting each new bead between a randomly chosen adjacent pair of old beads, with the proviso that the new bead will be white if and only if both beads of the adjacent pair are black. Let W_n denote the number of white beads when the total number of beads is n. We explore the properties of this process using the fact that the process (n, W_n) is an embedded Markov chain. We show EW_n = n/3 and that with c^2 = 2/45, (W_n - n/3)/c sqrt{n} is asymptotically standard normal. We find that for all r >= 1 and n > 2r, the r-th cumulant of the distribution of W_n is of the form nh_r. We find the expected numbers of gaps of given length between white beads, and examine the asymptotics of the longest gaps.

In this paper we describe our implementation of automatic transformation of ASN.1 based raw SNMP event data in textual form into XML schema based document. The SNMP events are defined either as Traps in SNMPv1 or Notification in SNMPv2 specifications. The Traps or Notifications are declared in the SMI module for specific network resources. SNMP events sent by the agents in the network devices send traps or notifications conforming to the definitions in the SMI modules. In this paper we present server based architecture for automatic conversion of SNMP event data in ASN.1form to XML schema based documents. We first describe our mapping of SNMP event specification in SMI module to XML schema. Then we describe how we convert the raw ASN.1 based SNMP event data to XML document through a series of XSL based transformation. The prototype of the conversion is implemented as Firefox extension and as such uses Mozilla DOM libraries.

It is usual to choose to make the bins in a histogram all have the same width. One could also choose to make them all have the same area. These two options have complementary strengths and weaknesses; the equal-width histogram oversmooths in regions of high density, and is poor at identifying sharp peaks; the equal-area histogram oversmooths in regions of low density, and so does not identify outliers. We describe a compromise approach which avoids both of these defects. We argue that relying on asymptotics of the Integrated Mean Square Error leads to inappropriate recommendations.

As more and more applications are delivered over the web, the browsers are providing the infrastructure for secure communication. A key requirement for secure communication is to support the HTTPS standard which in turn requires support for PKI based certificate management. Most browsers support PKI-based certificate management functions but the key generation capability is always coupled with enrollment with a remote Certificate Authority. Very few browsers provide stand alone key-pair generation with ability create self-signed certificate. Even if a browser supports stand-alone key generation then the certificate enrollment process is not automated. The certificate enrollment process is proprietary to each browser even though they use the same standard message format for certificate signing request (CSR). The current certificate enrollment process used by the browsers does not support the upcoming Simple Certificate Enrollment Protocol (SCEP). None of the browser based certificate management systems support signing of other users’ certificate either for delegating authority using proxy certificate or acting as stand alone certificate authority. The certificate signing capability is goingto be useful as browser based application move from client-server to peer to peer applications where individual user would like to authenticate user without using a central certificate authority as well as delegating authority to proxy entities. In order to support requirements state above, we have built a tool, called KeyManager, for standalone key generation and certificate enrollment using SCEP and signing of proxy certificate. We have used Personal Security manager (PSM) of Mozilla Firefox browser as the base of our tool. Mozilla Firefox browser is supported on large number platforms and it has an excellent certificate management tool as part of PSM. PSM allows import and export of keys but does not provide interface for local key generation. We have extended the Firefox Certificate Manager wizard and added the capability for key generation. The KeyManager tool has built-in SCEP client for certificate enrollment with SCEP complaint Certificate Authorities. The KeyManager tool also supports certificate enrollment with MicrosoftCrypto services as well as any PKCS10 based CA. In addition, the tool supports signing of proxy certificates for delegation of authorities. The KeyManager tool is packaged as “chrome” based Firefox extension and the tool is distributed using Mozilla's extension framework.

Yehuda Vardi introduced the term network tomography and was the first to propose and study how statistical inverse methods could be adapted to attack important network problems (Vardi, 1996). More recently, in one of his final papers, Vardi proposed notions of metrics on networks to define and measure distances between a network's links, its paths, and also between different networks (Vardi, 2004). In this paper, we apply Vardi's general approach for network metrics to a real data network by using data obtained from special data network tools and testing procedures presented here. We illustrate how the metrics help explicate interesting features of the traffic characteristics on the network. We also adapt the metrics in order to condition on traffic passing through a portion of the network, such as a router or pair of routers, and show further how this approach helps to discover and explain interesting network characteristics.

The paper referred to is "The future of data analysis", published in 1962. Many authors have discussed it, notably Peter Huber, who in 1995 reviewed the period starting with Hotelling's 1940 article "The teaching of statistics". I extend the scope of Huber's remarks by considering also the period before 1940 and developments since 1995. I ask whether statistics is a science, and suggest that to attract bright students to our subject we will need to show them the excitement and rewards of applied work.

Code prioritization for testing promises to achieve the maximum testing coverage with the least cost. This paper presents an innovative method to provide hints on which part of code should be tested first to achieve best code coverage. This method claims two major contributions. First it takes into account a "global view" of the execution of a program being tested, by considering the impact of calling relationship among methods/functions of complex software. It then relaxes the "guaranteed" condition of traditional dominator analysis to be "at least" relationship among dominating nodes, which makes dominator calculation much simpler without losing its accuracy. It also then expands this modified dominator analysis to include global impact of code coverage, i.e. the coverage of the entire software other than just the current function. We implemented two versions of code prioritization methods, one based on original dominator analysis and the other on relaxed dominator analysis with global view. Our comparison study shows that the latter is consistently better in terms of identifying code for testing to increase code coverage.

Testing a large-scale, real-life commercial software application is a very challenging task due to the constant changes in the software, the involvement of multiple programmers and testers, and a large amount of code. Integrating testing with development can help find program bugs at an earlier stage and hence reduce the overall cost. In this paper, we report our experience on how to apply eXVantage1 (a tool suite for code coverage testing, debugging, performance profiling, etc.) to a large, complex Java application at the implementation and unit testing phases in Avaya. Our results suggest that programmers and testers can benefit from using eXVantage to monitor the testing process, gain confidence on the quality of their software, detect bugs which are otherwise difficult to reveal, and identify performance bottlenecks in terms of which part of code is most frequently executed.

When authenticating over the telephone or mobile headphone, the user cannot always assure that no eavesdropper hears the authentication secret. We describe an eavesdropper-resistant authentication scheme for spoken authentication. This entails the user memorizing a small number of plaintext-ciphertext pairs. At authentication, these are challenged randomly and interspersed with camouflage elements. It is shown that the response can be made to appear random so that no information on the memorized secret is available to eavesdroppers. We describe the method along with parameter value tradeoffs of security strength, authentication time, and memory effort. We also describe early results of its implementation in a hands-free communication system deployed at a hospital. This method is not restricted to spoken passwords. In general, it is a one-time password scheme that can be used, for instance, for computer login to defend against keystroke logger attacks. An advantage over other one-time schemes is that it does not require the user to carry a token or password list.

Our work focuses on the use of mobile technologies and context-aware computing to address the collaboration needs of a class of mobile workers known as "corridor cruisers" or "campus roamers" - those employees whose tasks require them to be mobile within the enterprise. In this paper, we describe an innovative system conceived of, and built, in our laboratory using existing mobile technologies in new and different ways. We share our experience with taking our prototype system into a real work environment to test with end-users. Lastly, we relate how the technologies that inspired this solution are the very ones that may hinder adoption by organizations.

Denial-of-Service attacks are a major concern in VoIP deployments. IP phones are especially vulnerable because of their inherent imbalance in network capacity and processing power. In other words, a packet flood can easily bring an IP phone down long before the network saturation point is reached. In this work, we present the ideas behind the design of an efficient firewall to protect against DoS attacks. The main contribution lies in the novelty of packet classification heuristics by leveraging the behavior specific to VoIP. These include 1) State based rule-partitioning and 2) Flow-rate based rule update. The ideas and the evident contrast to generic firewalls should also facilitate firewall design for other applications.

In most Natural Language Call Routing Applications, the sole purpose of any Automatic Speech Recognizer (ASR) is to transcribe a user's spoken request into text, so that after analysis of the transcribed text the user’s desired destination can be determined. Given the level of uncertainty in correctly recognizing words with an ASR, calls can be incorrectly transcribed, raising the possibility that a caller will be routed to the wrong destination. To reduce the potential for errors in classification, we propose a technique for incorporating confidence scores reported by an ASR to reweigh query vectors in a Latent Semantic Indexing (LSI) Classifier. Our results show that this technique can reduce the number of misrouted calls by a significant amount.

The Real-time Transport Protocol (RTP) is susceptible to several security attacks, including third-party snooping of private conversations, injection of forged content, and introduction or modification of packets to degrade voice quality. The Secure Real-time Transport Protocol (SRTP) provides confidentiality, message authentication, and replay protection for RTP traffic. However, SRTP incurs an additional overhead to verify the HMAC-SHA1 message authentication code for each packet. SRTP+ is a set of proposed schemes that significantly decrease the verification overhead compared to SRTP and thereby increases the number of faked packets required to mount a successful denial of service attack. SRTP+ provides packet authentication but not integrity. However, SRTP+ is compatible with SRTP.

In this paper, we describe WS-Session, which is a generic Web service method for communication service management. WS-Session is application and transport protocol neutral. It can be applied to Web service interactions which are stateful and require the establishment of session. WS-Session can work with multiple Web service standards and provide session based meta-Web service for Web service management in two-way Web service interaction. Two generic session based event subscription models, i.e. source-sink and sink-source, in two-way Web service interaction are presented and studied, under the context of WS-Session. The proposed approach of WS-Session is implemented in a research prototype system which is based on a two-way Web service application proxy (2SAP) architecture for distributive service invocation and service grid. WS-Session advances the Web service approach from system integration and interface to a disruptive approach for communication. The proposed approach has been used in various real-time communication services, and it is on the standardization track for industry standard adoption.

We introduce an authentication framework called Query-Directed Passwords (QDP) that is designed to incorporate the convenience of authentication by entrenched (long-term) knowledge questions (such as “What is your favorite marine animal?”), but to offer stronger security than from personal questions as traditionally used. Security is strengthened for this scheme by imposing several restrictions on the questions and answers, and specifying how QDP is implemented in conjunction with other factors. Four QDP implementations are examined for the call center application. We examine the security and convenience of one of these implementations in more detail. This implementation involves client-end storage of questions in a computer file or a wallet card, and follows a basic challenge-response authentication protocol.

Multimedia applications such as IP Telephony are among the applications that demand strict quality of service (QoS) guarantees from the underlying data network. At the pre-deployment stage it is critical to assess whether the data network can handle the QoS requirements of IP telephony traffic and fix problems that may prevent a successful deployment. In this paper we describe a technique for efficiently assessing network readiness for IP Telephony. Our technique relies on understanding link level QoS behavior in a network from an IP Telephony perspective. We use network topology and end-to-end measurements collected from the network in locating the sources of performance problems that may prevent a successful IP Telephony deployment. We present an empirical study conducted on a real network spanning three geographically separated sites of an enterprise network. The empirical results indicate that our approach efficiently and accurately pinpoints links in the network incurring the most significant delay.

Successful deployment of networked multimedia applications such as IP Telephony depends on the performance of the underlying data network. QoS requirements of these applications are different than those of traditional data applications. For example, while IP Telephony is very sensitive to delay and jitter, traditional data applications are more tolerant of these performance metrics. Consequently, assessing a network to determine whether it can accommodate the stringent QoS requirements of IP Telephony becomes critical. In this paper we describe a technique for evaluating a network for IP Telephony readiness.

The exploitation of buffer overflow vulnerabilities in process stacks constitutes a significant portion of security attacks. We present a new method to detect and handle such attacks. In contrast to previous methods, this new method works with any existing pre-compiled executable and can be used transparently, even on a system-wide basis. The method intercepts all calls to library functions that are known to be vulnerable. A substitute version of the corresponding function implements the original functionality, but in a manner that ensures that any buffer overflows are contained within the current stack frame. This method has been implemented on Linux as a dynamically loadable library called libsafe. Libsafe has been shown to detect several known attacks and can potentially prevent yet unknown attacks. Experiments indicate that the performance overhead of libsafe is negligible.

This white paper describes a significant new feature of libsafe version 2.0: the ability to detect and handle format string vulnerability exploits. Such exploits have recently garnered attention in security advisories, discussion lists, web sites devoted to security, and even conventional media such as television and newspapers. Examples of vulnerable software include wu-ftpd (a common FTP daemon) and bind (A DNS [Domain Name System] server). This paper describes the vulnerability and the technique libsafe uses to detect and handle exploits.

Multimedia applications require stringent real time QoS guarantees. Successful deployment of such applications closely depends on the performance of the underlying data network. The characteristics and the QoS requirements of these applications are different from traditional data applications. Hence, prior to deployment it is necessary to evaluate a network from a multimedia perspective. In this paper, we focus on IP Telephony and describe a framework for providing tools for IP Telephony readiness evaluation. This framework can be easily generalized to other multimedia applications. We present a novel idea of relating voice quality metrics to the performance of data network devices. Our approach injects voice traffic and measures end-to-end quality this voice traffic incurs. Following the proposed framework, we developed a prototype to evaluate a network and to identify problems, if any, prior to IP Telephony deployment. Our prototype automatically discovers the topology of a given network, collects and integrates network device performance and voice quality metrics. We describe the architecture of our prototype and provide sample outputs from a small network consisting of 129 devices.

We introduce communication flow expressions (CFEs), a general technique for specifying the who, how, when and where of communication. CFEs use a three-value logic including some new logical primitives that are useful in supporting communication. CFEs integrate the communication requirements of applications with the communication preferences of users. We describe the first application of CFEs in the Avaya XUI Notification and Response System.

The exploitation of buffer overflow vulnerabilities in process stacks constitutes a significant portion of security attacks. We present two new methods to detect and handle such attacks. In contrast to previous work, the new methods work with any existing pre-compiled executable and can be used transparently per-process as well as on a system-wide basis. The first method intercepts all calls to library functions known to be vulnerable. A substitute version of the corresponding function implements the original functionality, but in a manner that ensures that any buffer overflows are contained within the current stack frame. The second method uses binary modification of the process memory to force verification of critical elements of stacks before use. We have implemented both methods on Linux as dynamically loadable libraries and shown that both libraries detect several known attacks. The performance overhead of these libraries range from negligible to 15%.

Phone service portability and mobility are expected to be the IP-enabled features that will cause consumers to replace their PSTN service with IP telephony. The Complementary VoIP Service (CVS), which directs PSTN calls to IP (including WiFi, WiMax, and Ethernet), provides comparable portability and, at the same time, allows one to continue to enjoy the advantages of PSTN service. A CVS subscriber will be able to be reached both on his PSTN phone at home and on a VoIP device anywhere broadband Internet access is available. In addition to the convenience VoWLAN brings, it can also help the subscriber save on his cellular bill. The subscriber’s existing phone number will be the single contact number that can reach him everywhere. A variety of companies could offer CVS, including: IP telephony providers, WiFi hotspot and dual-network WiFi/cellular operators, broadband service providers, hotel/restaurant/ coffee shop chains, airlines, and college campuses. A CVS provider can host CVS for other companies interested in this service. By offering CVS, the subscriber base of an IP telephony provider is expanded to include those who want both a PSTN phone at home and portable phone service. Such subscribers will not require new phone numbers. CVS enhances (and is enhanced by) WiFi hotspot and dual-network WiFi/cellular services. To the former, it adds incoming voice calls to an otherwise data centric service. To the latter, it contributes calling minutes carried on the cellular network. By enabling PSTN subscribers to use voice over a wireless LAN (VoWLAN), CVS expands the universe of potential customers for WiFi and dual-network WiFi/cellular services. Through CVS, broadband service providers can offer VoIP service and phone service portability without new phone numbers. Hotel/restaurant/ coffee shop chains, airlines, and college campuses that offer CVS will allow customers to receive personal calls on premises.

Keynote Address, Wi-Fi Voice 2005 Conference; Paris, France, May 11, 2005

Wi-Fi Voice 2004 Conference; Paris, France, May 25-28, 2004

This paper presents a performance evaluation study for the Common Control Channel (CCC) protocol, a medium access control protocol suitable for wireless mesh networks. This protocol was submitted in July 2005 to the IEEE 802.11 Task Group s, which is responsible for developing a mesh-networking standard. CCC extends the distributed IEEE 802.11e MAC protocol to multi-channel operation for single- and multiple-radio devices, and enables additional valuable features. As demonstrated by the simulation results, CCC achieves impressive delay and aggregate throughput performance, and thus offers distributed channel access for backbone meshes with delay properties suitable for VoIP and other QoS-sensitive applications [1] .