Inferno Security


David Presotto
Affiliation: Bell Labs, Lucent Technologies
Abstract: As telecommunications, entertainment, and computing networks merge, a wide variety of services will be offered on a diverse array of hardware, software, and networks. Inferno provides a uniform execution environment for applications and services in this chaotic world. Inferno comprises a networked operating system that can run native or above a commercial operating system, a virtual machine, a programming language, protocols, and standard interfaces for networks, graphics, and other system services. This talk describes both the security features currently in Inferno and those we intend to move to.

Inferno currently uses public key cyptography only for authentication. The Station to Station protocol (STS) using Elgamal certificates provides mutual authentication between parties. Authentication also yields a mutually held secret that can be used to encrypt the conversation or to add a cryptographic hash to each message sent. Rather than reinvent the wheel, we use the same line format as SSL.

Two methods are used for certificate creation: a one time registration procedure and a login procedure. The registration procedure requires a conversation between the CA and user during each registration. The login procedure requires one only when a password is assigned. Login uses a Bellovin-like encrypted key exchange.

Our trust relations are currently too simplistic; communicating parties must have keys signed by the same certifying authority. There are no attributes attached to certificates. This is sufficient for authentication but not for anything more advanced such as signing code, passing trust to third parties, etc. We are currently trying to build extensible certificates in the same vein as PolicyMaker and SDSI so that we can embed more semantics into them and reason on it.

For more information, see http://inferno.lucent.com/