Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity-Based Cryptography for Grid Security Hoon Wei Lim Information Security Group Royal Holloway, University of London (Joint work with Kenny Paterson)

Published byAlexander Scott Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity-Based Cryptography for Grid Security Hoon Wei Lim Information Security Group Royal Holloway, University of London (Joint work with Kenny Paterson)"— Presentation transcript:

1 Identity-Based Cryptography for Grid Security Hoon Wei Lim Information Security Group Royal Holloway, University of London (Joint work with Kenny Paterson)

2 The 17 th Global Grid Forum, May 10-12, Tokyo 2 Outline 1.Grid security 2.Identity-based cryptography 3.An identity-based alternative to GSI 4.Performance analysis 5.Benefits and drawbacks 6.Conclusions

3 The 17 th Global Grid Forum, May 10-12, Tokyo 3 1. Grid Security  Grid security requirements:  Entity authentication  E.g. individual users, resource/service providers.  Single sign-on  Logon once but authenticate to multiple resources.  Delegation  Achieve unattended authentication, allowing an intermediate party to act on user’s behalf.  Credential life-span and renewal  Short-term (proxy) credentials are used to limit the exposure of long-term credentials (private keys)  Authorization and access control  Others: integration and inter-operability, policy management, trust relationships, user privacy, etc.

4 The 17 th Global Grid Forum, May 10-12, Tokyo 4 GSI: Single sign-on  User’s long-term private key encrypted using key derived from password.  Public key certified by X.509 certificate that is issued by Grid CA.  At logon:  Password unlocks long-term private key.  User’s machine generates proxy/short-term key pair.  Proxy certificate for short-term public key signed using long-term private key.  Proxy private key protected by local file system permissions.  User now uses proxy credential to authenticate, establish secure sessions, etc.  No password re-entry needed and long-term private key protected.

5 The 17 th Global Grid Forum, May 10-12, Tokyo 5 GSI: Authentication  Mutual authentication performed as part of a TLS handshake protocol.  Needed during job submission and before delegation.  Make uses of standard and proxy certificates in ClientCert and ServerCert.  Proxy private keys are used for signing handshake flows.  Involves transmission and verification of certificate chains.

6 The 17 th Global Grid Forum, May 10-12, Tokyo 6 GSI: Secure communications  Authenticated session key establishment also as part of the TLS handshake protocol.  Uses RSA encryption to transport keying material securely from client (user) to server (resource).  Proxy keys are used for RSA encryption.  Keying material used to derive keys for TLS secure channel.

7 The 17 th Global Grid Forum, May 10-12, Tokyo 7 GSI: Delegation  Delegation of rights from one party to another.  For example, a resource X may need to access additional resources on behalf of user A, without user intervention.  Resource X creates proxy key pair.  Proxy request signed using X’s newly created proxy private key and delivered to user A along with proxy public key.  A’s proxy checks request and signature, then creates proxy certificate on resource’s proxy public key and proxy request.  Signature created using A’s proxy private key.  Proxy certificate forwarded to resource X.  A certificate from user (proxy) delegating certain rights to resource.

8 The 17 th Global Grid Forum, May 10-12, Tokyo 8 Some problems  Large number of signature and certificate chain verifications are needed.  Even for execution of a simple job request.  SSO and delegation require frequent generation of proxy credentials.  Each new credential requiring moderately intensive key generation (typically use 512 and 1024 bit RSA keys).  Several protocol messages and round trips involved in delegation.  High computational and communication overheads.  CRLs as proposed revocation mechanism for long-term keys.  Scalability and timeliness of information.  Does the security architecture scale to production level grids?

9 The 17 th Global Grid Forum, May 10-12, Tokyo 9 2. Identity-Based Cryptography Original idea due to Shamir (1984):  Public keys derived directly from system identities (e.g. an e-mail address or IP address).  Private keys generated and distributed to users in by a trusted authority (TA) who has a master key.  As long as:  Bob is sure of Alice’s identity and  The TA has given the private key to the right entity, then Bob can safely encrypt to Alice without consulting a directory and without checking a certificate.

10 The 17 th Global Grid Forum, May 10-12, Tokyo 10 Basic idea of IBC TA Private Key Alice’s ID Public Key

11 The 17 th Global Grid Forum, May 10-12, Tokyo 11 Reality of IBC TA Secure channel Authentic public parameters Alice’s ID

12 The 17 th Global Grid Forum, May 10-12, Tokyo 12 IBC: A short history  Shamir devised only an ID-based signature scheme.  Construction of truly practical and secure ID-based encryption scheme an open problem until 2001.  Sakai, Ohgishi and Kasahara (SCIS, Jan. 2001).  Boneh and Franklin (CRYPTO, Aug. 2001).  Practical and provably secure.  Uses elliptic curve cryptography and pairings on elliptic curves.  Cocks’ scheme (IMA C&C, Dec. 2001).  Scheme based on quadratic residuosity, not bandwidth efficient.  Research done in mid 1990’s at UK government agency.

13 The 17 th Global Grid Forum, May 10-12, Tokyo 13 Some benefits of IBC  Certificate-free.  No processing, management or distribution of certificates.  Directory-less.  Bob can encrypt for Alice without looking-up Alice’s public key first.  Indeed, Alice need not have her private key when she receives Bob’s encryption.  Automatic revocation.  Simply extend identifier to include a validity period.  Alice’s private key becomes useless at end of each period, because Bob will start to update identifier.  So Alice needs to obtain private key for current period from TA in order to decrypt.

14 The 17 th Global Grid Forum, May 10-12, Tokyo 14 Hierarchical IBC  Hierarchical identity-based cryptography (HIBC).  Gentry and Silverberg (2002)  Eases the private key distribution problem and improves scalability of the Boneh-Franklin IBE scheme.  Mimics the hierarchy of CA’s often seen in PKI.  HIBE and HIBS schemes.  Architecture:  A root TA at level 0 with a master secret s 0.  Entity at level t -1 in hierarchy has secret s t-1 and issues private keys S t to entities at level t for which it is responsible.  So each entity acts as TA for lower-level entities.  Any entity can encrypt for (or verify signatures of) any other entity in the hierarchy, provided their identity string is known.

15 The 17 th Global Grid Forum, May 10-12, Tokyo 15 3. An ID-based Alternative  Main ideas:  Replace Grid CA by Grid TA (or hierarchy of TAs depending on the scale).  Apply the Gentry-Silverberg HIBE and HIBS schemes for encryption/decryption and signature generation/verification.  Eliminate certificates and certificate chains.  Simplify proxy generation and dissemination.  Use automatic revocation feature of HIBC to limit proxy credential lifetimes and to set proxy policies.  Use carefully selected cryptographic parameters to minimise computation and bandwidth requirements.

16 The 17 th Global Grid Forum, May 10-12, Tokyo 16 ID-based architecture  Bootstrap root TA’s parameters into grid software.  One-time registration of local TAs with root TA.  Local TAs responsible for:  Registration of local users and resources.  Distribution of long-term private keys to local users and resources.  Users and resources in turn act as TAs for their proxies.  Distribution of short-term (proxy) private keys within user machine/resource.

17 The 17 th Global Grid Forum, May 10-12, Tokyo 17 ID-based architecture Root TA Local TA User User Proxy Local TA Resource Level 0 Level 1 Level 3 Level 2 Resource Proxy

18 The 17 th Global Grid Forum, May 10-12, Tokyo 18 Single sign-on Root TA Local TA User User Proxy Local TA Level 0 Level 1 Level 3 Level 2 Single Sign On:  Password unlocks user (level 2) private key.  User (level 2) can then create private key for user proxy (level 3).  Level 3 identifier encodes validity period for proxy.  Level 3 identifiers can be parsed by resources when checking proxy signatures and making access control decisions. Resource Resource Proxy

19 The 17 th Global Grid Forum, May 10-12, Tokyo 19 Delegation  User proxy combines user proxy identifier, resource identifier, validity period and delegated privileges to create identifier for delegated resource (level 4).  Identifier acts as a form of delegation token.  User proxy transports private key matching identifier to resource, e.g. using a shared session key.  Resource can now use private key to vouch that it has received delegated rights from user proxy.  Exploits dynamic nature of HIBC:  User proxy creates a new level below it in hierarchy.  Delegated resource effectively becomes subordinate to user proxy in hierarchy.

20 The 17 th Global Grid Forum, May 10-12, Tokyo 20 Delegation Root TA Local TA User User Proxy Local TA Delegated Resource Level 0 Level 1 Level 3 Level 2 Level 4 Secure private key transport Resource Resource Proxy

21 The 17 th Global Grid Forum, May 10-12, Tokyo 21 Delegation: Alternative  A one-pass non-interactive delegation protocol.  When user wants to delegate her credential to resource:  User creates identifier (delegation token) as before.  User signs the identifier (using HIBS) and forwards it to resource.  Resource’s status as the delegation target can be confirmed by a third party by:  Verifying the signed delegation token using user’s ID.  Challenging resource to prove possession of the identity-based private key matching delegation token.

22 The 17 th Global Grid Forum, May 10-12, Tokyo 22 Resource Proxy Delegation: Alternative Root TA Local TA User User Proxy Local TA Resource Delegated Resource Level 0 Level 1 Level 3 Level 2 Level 4 Signature on token

23 The 17 th Global Grid Forum, May 10-12, Tokyo 23 Authentication and secure communications  Use identity-based version of TLS.  Gives mutual authentication and establishment of secure communications channel.  Replace RSA signatures by HIBS.  Replace RSA encryption for key transport by HIBE.  Replace ClientCert and ServerCert with ClientIdentifer and ServerIdentifier.  E.g. ClientIdentifier = ID A, LT A  Needs support in TLS for new ID-based ciphersuites.

24 The 17 th Global Grid Forum, May 10-12, Tokyo 24 Key update and revocation  User long-term keys can be updated on a yearly basis.  Encode year as part of user identifier.  /C=UK/O=eScience/OU=RHUL/CN=Alice/Y=2006  Update requires secure channel from TA to user.  Can use existing user public key to encrypt new private key.  We can use finer-grained identifiers for more regular automated revocation:  /C=UK/O=eScience/OU=RHUL/CN=Alice/Y=2006/M=May  However, if this is still not sufficient, existing PKI revocation mechanisms such as CRLs, OCSP, can be used.  Default lifetime for short-term keys in GSI is 12 hours.  Mimic this by including expiry periods in all proxy identifiers.

25 The 17 th Global Grid Forum, May 10-12, Tokyo 25 4. Performance Analysis  Assumptions:  CA’s certificates and TA’s system parameters are pre-distributed.  Size of standard certificate = 1.5 kilobytes (RSA public key, modulus, signature, excluding subject, issuer, validity period).  Size of proxy certificate = 0.8 kilobytes.  Selection of ID-based components to give roughly same security as 1024-bit RSA.  Dominant computational costs:  GSI – RSA key generation.  ID-based GSI – pairing computation.  Dominant communication costs:  GSI – certificates, RSA encryption (512 bits) and signature (512 bits).  ID-based GSI – HIBE encryption (1056 bits) and HIBS signature (816 bits).

26 The 17 th Global Grid Forum, May 10-12, Tokyo 26 Communication costs  GSI:  Authenticated key agreement: 4 certificates (2 proxy), 1 encryption, 1 signature.  Delegation: 1 proxy certificate, 1 signature, 1 public key.  ID-based GSI:  Authenticated key agreement: 1 encryption, 1 signature.  Delegation: 1 signature. OperationGSI (kbits) ID-based (kbits) Authenticated Key agreement (TLS)37.81.9 Delegation7.80.8

27 The 17 th Global Grid Forum, May 10-12, Tokyo 27 Computational costs  GSI:  Single sign-on: 1 key generation  Authenticated key agreement (TLS): 6 modular exponentiations (encryption), 2 modular exponentiations (decryption)  Delegation: 1 key generation, 1 modular exponentiation (encryption), 2 modular exponentiations (decryption)  ID-based GSI:  Single sign-on: 1 key generation (1 point multiplication and 1 point addition)  Authenticated key agreement (TLS): 3 point multiplications, 4 pairing computations, 1 point addition.  Delegation: 1 key generation, 1 point multiplication.

28 The 17 th Global Grid Forum, May 10-12, Tokyo 28 Computational costs  Timings obtained through implementation of RSA and HIBE/HIBS schemes based on the MIRACL library (with C/C++).  Using a Pentium IV 2.4 GHz processor.  Known optimisation techniques were used, e.g. small RSA public exponent, faster RSA decryption (CRT method) and eta pairing.  The two approaches have comparable costs. OperationGSI (ms) ID-based (ms) Long-term key generation149.901.69 Proxy key generation34.851.74 Authenticated Key agreement (TLS)5.3428.95 Delegation37.495.09

29 The 17 th Global Grid Forum, May 10-12, Tokyo 29 5. Benefits and Drawbacks Benefits:  Identity-based replication of existing grid security features.  Certificate-free  Reduced bandwidth and comparable computational costs.  More efficient delegation mechanisms.  Automated revocation of keys.  Trivial computation of proxy key pairs.

30 The 17 th Global Grid Forum, May 10-12, Tokyo 30 Benefits and drawbacks Drawbacks:  Inherent escrow may be a problem in commercially-oriented grid environments.  But MyProxy already in wide-spread use!  Distribution of private keys to users/resources.  Fine-grained revocation requires an additional mechanism.  Current lack of support for and standardization of IBC.

31 The 17 th Global Grid Forum, May 10-12, Tokyo 31 6. Conclusions  We have used ID-based techniques to propose an alternative grid security infrastructure.  ID-based techniques seem well-matched to the grid environments.  Our ID-based proposal has significant benefits, but also some drawbacks.  Future work:  Prototyping?  Impact on web services security?  Use of certificateless public key cryptography?

Download ppt "Identity-Based Cryptography for Grid Security Hoon Wei Lim Information Security Group Royal Holloway, University of London (Joint work with Kenny Paterson)"

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Similar presentations

Ads by Google