please post INTERNET SECURITY SECURE COMMUNICATIONS OVER UNTRUSTED NETWORKS A one-day seminar on November 12, 1994 Embarcadero Hyatt Regency Hotel in San Francisco. Methods of achieving authentication, authorization, confidentiality, integrity, and nonrepudiation are key to the successful realization of the National Information Infrastructure (NII). Today's Internet is a proving ground for what will become the NII. The San Francisco Chapter of the IEEE Computer Society has put together an outstanding program on encryption, intrusion detection, firewalls, architectures, and protocols for Internet Security. Speakers in this seminar will describe several of the main techniques that exist today and the directions in which they are evolving. The seminar will be helpful to engineers, engineering managers and product planners seeking current knowledge of Internet Security. PROGRAM 8:30 a.m. Registration opens 9:00 a.m. Introduction 9:05 a.m. Keynote Address James Bidzos, President of RSA 9:45 a.m. Steven Bellovin, Ph.D., Bell Labs "Firewalls for Computer Security" 11:00 a.m. Teresa Lunt, SRI "Intrusion Detection" 11:45 a.m. Round Table Lunch (incl. with registration) 1:00 p.m. Professor Martin E. Hellman, Ph.D., Stanford "Cryptography: The Foundation of Secure Networks" 2:00 p.m. Dan Nessett, Ph.D., SunSoft and PSRG "Future Internet Security Architecture" 3:00 p.m. Matt Blaze, Ph.D., Bell Labs "Protocols: Security Without Firewalls" 4:00 p.m. "Public Safety vs. Private Liberty" A Panel Discussion on the Social Implications of Internet Security Rex Buddenberg NPS Alan McDonald FBI Stewart Baker formerly of the NSA James Bidzos President of RSA Matt Blaze Bell Labs Martin Hellman Stanford A one day seminar in San Francisco, on Saturday, November 12th, covering private and public-key encryption, key-escrow, fire-walls, architecture and protocols for security, intrustion detection, and a spirited panel discussion on "Public Safety vs. Private Liberty" ! SEATING IS LIMITED. PRE-REGISTER BY OCTOBER 15TH. 9:05 Keynote Address James Bidzos, President of RSA James Bidzos, President of RSA Data Security, will present the keynote address. Mr. Bidzos heads a company whose encryption technologies are licensed for products ranging from computer operating systems, to software copy protection, to electronic mail, to secure telephones. RSA has licensed several million copies of its encryption software, and has become a focal point for debate on appropriate application of cryptography. Mr. Bidzos has gained a unique perspective on the requirements of effective cryptographic systems. He will highlight the problem of providing strong encryption for users of computer networks while meeting the legitimate needs of law enforcement 9:45 Steven Bellovin, Ph.D., Bell Labs "Firewalls for Computer Security" When you connect your computer to the Internet, you also create a channel into your computer. Clever vandals, thieves and industrial spies have found ways to abuse most of the Internet protocols from FTP and Telnet to the World Wide Web and Network Time Protocols. Short of pulling the plug, firewalls provide the surest defense. The firewall administrator must keep abreast of new methods of attack and understand how firewalls can mitigate the threat. Steven M. Bellovin, Ph.D., is a senior researcher at AT&T's Bell Laboratories and co-author of the well known guide "Firewalls and Internet Security: Repelling the Wily Hacker." As one responsible for protecting "the phone company" from Internet hackers, Dr. Bellovin can describe from firsthand experience how firewalls can be constructed to screen them out. Dr. Bellovin will join us in a live video teleconference from Bell Laboratories. 11:00 Teresa Lunt, SRI "Intrusion Detection" Inevitably, someone will try to breach your firewall and might succeed. The time it takes you to discover the intrusion and catch the culprit depends on the event logging you have established. However, logging the many different transactions that might expose trespassing produces mountains of data. Automatic digestion of the logs is the only hope of monitoring them all. Teresa F. Lunt, Director of Secure Systems Research at SRI's Computer Systems Laboratory, directs work in multilevel database systems and intrusion detection. Ms. Lunt will describe intrusion detection and demonstrate automated tools developed at SRI to analyze audit data for suspicious behavior. 1:00 Professor Martin E. Hellman, Ph.D., Stanford "Cryptography: The Foundation of Secure Networks" Data in transit across unsecured networks like the Internet are subject to wiretapping attacks and impersonation. Moreover, privacy of communication and authentication of the sender's message are essential to Internet commerce, with exchange of contracts, receipts, credit card drafts and the like increasingly commonplace. Encryption can solve some of these problems, but what kind of encryption? Authentication only or encrypted messages? Secret key or public key, or both? Will you need a giant key ring for mes sage keys, session keys, file keys, and passwords? Martin E. Hellman, Ph.D., Professor of Electrical Engineering at Stanford University, is co-inventor of public key cryptography with Whitfield Diffie and Ralph Merkle. He was elected a Fellow of the IEEE for contributions to cryptography. Dr. Hellman will explore threats to communication and costs of electronic countermeasures. He will explain the importance and means of authenticating electronic messages, and he will survey public key cryptography. Dr. Hellman will describe public key techniques including Rivest-Shamir-Adleman (RSA), Diffie-Hellman, ElGamal and Digital Signature Standard (DSS). He will also describe the current status of export control and encryption standards such as the Data Encryption Standard (DES), Escrowed Encryption Standard (EES) and its encryption algorithm, Skipjack, which is implemented in Clipper and Capstone chips. 2:00 Dan Nessett, Ph.D., SunSoft and PSRG "Future Internet Security Architecture" Dan Nessett, Ph.D., of the SunSoft Division of Sun Microsystems, and until recently with Lawrence Livermore National Laboratory, has worked extensively in local area networks, distributed operating systems and distributed systems security. He is a member of the Privacy and Security Research Group (PSRG), which is convened under the auspices of the Internet Society. Dr. Nessett will explain the emerging Internet security architecture work undertaken by the PSRG. The architecture will guide the development of security mechanisms used in Internet standards. 3:00 Matt Blaze, Ph.D., Bell Labs "Protocols: Security Without Firewalls" We use firewalls because Internet protocols are not inherently secure. Can we rehabilitate the Internet protocols to produce protocols which are secure, not computationally prohibitive, and compatible with existing protocols? Matt Blaze, Ph.D., of Bell Laboratories will talk about the problems of integrating cryptographic protection into large-scale network infrastructure. Dr. Blaze is the author of "A Cryptographic File System for Unix," presented at the 1993 ACM Conference on Communications and Computer Security, and co-author with John Ioann idis of "The Architecture and Implementation of Network-Layer Security Under UNIX," which describes "swIPe," a network-layer security protocol for the IP protocol suite. Dr. Blaze will address issues concerning network security protoc ols, key management and distribution, and threats and models for cryptographic engineering. 4:00 A Panel Discussion on the Social Implications of Internet Security "Public Safety vs. Private Liberty" At one end of an imagined security spectrum lies the information police-state. Through traffic analysis, mandatory personal ID numbers and escrowed encryption, and the ability to record all messages and commerce carried out on the Information Superhighway, governments could maintain dossiers on every aspect of the personal life and business of its citizens. Privacy advocates fear that a corrupt government could use such information against its political enemies and to subvert personal freedoms. At the other extreme lies information anarchy. Through the use of digital cash, anonymous remailers, and strong non-escrowed encryption, the Information Superhighway could become a hide-out for criminals and national security threats. The potential for black-market activity and the associated tax-evasion is so enormous that some have speculated that governments could eventually collapse. Law-enforcem ent advocates fear that they will be unable to keep up with criminals and terrorists who ply their trade electronically. Our distinguished panel will provide insight into the interplay between the rights of individuals to privacy and freedom, the rights of companies to conduct unrestrained trade, and the ability of law enforcement and security agencies to perform their functions efficiently. This conclusion to the seminar will put into perspective the social changes that might be wrought by the technical advances discussed earlier in the day. Panelists include: Rex Buddenberg NPS Alan McDonald FBI Stewart Baker formerly of the NSA James Bidzos President of RSA Matt Blaze Bell Labs Martin Hellman Stanford Rex Buddenberg, Instructor of information systems architecture and applied networking at the Naval Postgraduate School, will moderate the panel. Mr. Buddenberg is a maritime command, communication, control and intelligence (C3I) consultant and a computer networking author. As a C3I architect for the U.S. Coast Guard, he developed plans and specifications for extending Internet connectivity to oceanographic ships. Mr. Buddenberg contemplates the means and effects of net warfare as both the good guys and bad guys share the same network. Alan McDonald, Special Counsel for Electronic Surveillance Matters, Information Resources Division, Federal Bureau of Investigation, is a specialist in the law and policy concerning electronic surveillance, Digital Telephony, and encryption issues. He frequently represents the FBI's view of law enforcement equities in light of advanced telecommunications and encryption. Stewart Baker is a former General Counsel to the NSA and a partner in Steptoe & Johnson, a Washington, DC law firm. His expertise is in telecommunications, computer export policy, security of national information infrastructure and encryption. Mr. Baker brings direct experience with the problem that strong encryption creates for the NSA in protecting our national security. QUESTIONS? CALL (415)-327-6622. Cut-off and complete this form, enclose your check payable to the IEEE SFCS, and mail to: IEEE Council Office 701 Welch Rd. #2205 Palo Alto, CA. 94304 To qualify for the reduced Pre-registration fees, your application with check must be postmarked no later than Oct. 15, 1994. Registration fee includes lunch, refreshments, and parking. Seating is limited. To make sure the seminar is not sold out, call (415) 327-6622. please check the appropriate box Fees on or before Oct. 15th: ___ IEEE Member $ 110 ___ Non-member $ 120 ___ Student $ 85 Fees after Oct. 15th: ___ IEEE Member $ 125 ___ Non-member $ 145 ___ Student $ 100 (students must present ID) The seminar location is the Hyatt Regency Embarcadero Hotel, near the Ferry Building, in San Francisco. Your registration fee includes the all day seminar, lunch, and convenient parking in the garages underneath adjacent Embarcadero Centers 1, 2, or 3. (Keep your ticket for validation). Please print clearly: Name : __________________________________________ Title : __________________________________________ Company: __________________________________________ Address: __________________________________________ __________________________________________ _______________________________ ___ ______ Day phone #:(___)_____-_______ IEEE member (or affiliate) #:_______ ____ (for discount) College/University (if student):___________________ ___ Vegetarian lunch option Refunds will be honored through October 22nd, substitutions any time. Additional information can be obtained by telephoning the IEEE Bay Area Council Office: (415)327-6622. IEEE SFCS RESERVES THE RIGHT TO MAKE CHANGES TO THE SEMINAR Sponsored by the San Francisco Chapter of the IEEE Computer Society. The IEEE is a non-profit organization.