Scalability in a Secure Distributed Proof System Kazuhiro Minami and David Kotz May 9, 2006 Institute for Security Technology Studies Dartmouth College.

Slides:



Advertisements
Similar presentations
An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Advertisements

Chapter 14 – Authentication Applications
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Secure Context-sensitive Authorization Kazuhiro Minami and David Kotz Dartmouth College.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Database Administration and Security Transparencies 1.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 5 Network Security Protocols in Practice Part I
Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Dr.
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Improving Data Access in P2P Systems Karl Aberer and Magdalena Punceva Swiss Federal Institute of Technology Manfred Hauswirth and Roman Schmidt Technical.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.
Distributed Data Stores – Facebook Presented by Ben Gooding University of Arkansas – April 21, 2015.
Chapter 2 Architectural Models. Keywords Middleware Interface vs. implementation Client-server models OOP.
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
A Survey on Secure Cloud Data Storage ZENG, Xi CAI, Peng
Aggregation in Sensor Networks
SANE: A Protection Architecture for Enterprise Networks
IMDGs An essential part of your architecture. About me
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
1 Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin 1, Ravinder Shankesi 1, Michael J. May 1,2, Carl A. Gunter 1, Wook Shin.
CEPH: A SCALABLE, HIGH-PERFORMANCE DISTRIBUTED FILE SYSTEM S. A. Weil, S. A. Brandt, E. L. Miller D. D. E. Long, C. Maltzahn U. C. Santa Cruz OSDI 2006.
1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Confidentiality-preserving Proof Theories for Distributed Proof Systems Kazuhiro Minami National Institute of Informatics FAIS 2011.
Intrusion Tolerant Software Architectures Bruno Dutertre, Valentin Crettaz, Victoria Stavridou System Design Laboratory, SRI International
Cerberus: A Context-Aware Security Scheme for Smart Spaces presented by L.X.Hung u-Security Research Group The First IEEE International Conference.
Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University.
DAME: A Distributed Diagnostics Environment for Maintenance Duncan Russell University of Leeds.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Server to Server Communication Redis as an enabler Orion Free
The TAOS Authentication System: Reasoning Formally About Security Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Fast Crash Recovery in RAMCloud. Motivation The role of DRAM has been increasing – Facebook used 150TB of DRAM For 200TB of disk storage However, there.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Single-bit Re-encryption with Applications to Distributed Proof Systems Nikita Borisov and Kazuhiro Minami University of Illinois at Urbana-Champaign.
11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.
Geo-distributed Messaging with RabbitMQ
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Secure Sharding.
PPSP BAR BOF meeting 74th IETF – San Francisco, CA, USA March, 2009 P2P Streaming Protocol (PPSP) Requirements Ning Zong,Huawei Technologies Yunfei Zhang,China.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
2/25/2016CSI WG/IETF761 Open Source Project SEND & Extensions Beijing University of Posts & Telecommunications HUAWEI Yuhong LI (Speaker) Wendong WANG.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
DISTRIBUTED FILE SYSTEM- ENHANCEMENT AND FURTHER DEVELOPMENT BY:- PALLAWI(10BIT0033)
Problem: Internet diagnostics and forensics
Hardware-rooted Trust for Secure Key Management & Transient Trust
Load Weighting and Priority
pVault Sharing Architecture
#01 Client/Server Computing
Jess Architecture Diagram WORKING MEMORY INFERENCE ENGINE EXECUTION ENGINE PATTERN MATCHER RULE BASE Here you can see how all the parts fit.
Web Server Administration
JINI ICS 243F- Distributed Systems Middleware, Spring 2001
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Outline Review of Quiz #1 Distributed File Systems 4/20/2019 COP5611.
#01 Client/Server Computing
Presentation transcript:

Scalability in a Secure Distributed Proof System Kazuhiro Minami and David Kotz May 9, 2006 Institute for Security Technology Studies Dartmouth College

Institute for Security Technology Studies, Dartmouth College1 Context-sensitive authorization Consider a requester’s context (e.g., location) to make an authorization decision –Support unregistered users –Non-intrusive access to resources Authorization system Request Granting decision (TRUE or FALSE) Context information

Institute for Security Technology Studies, Dartmouth College2 Emergency response system First responder Situation monitor server Request Responder assistance Critical incident Access is granted if a requester is located at the scene, and holds the role ``fire fighter.’’ Context-sensitive authorization policy

Institute for Security Technology Studies, Dartmouth College3 Logic-based approach Inference engine Authorization Server ?grant(Bob) TRUE Knowledge base Proof Tree Rules Facts

Institute for Security Technology Studies, Dartmouth College4 Secure distributed proof system [Minami and Kotz 2005] Host A Host B Host C Sub-Proof Tree Sub-Proof Tree Sub-Proof Tree Authorization Query Logical Query Protect confidential rules and facts in each host Proof decomposition on multiple hosts Each host returns an encrypted result (or subproof)

Institute for Security Technology Studies, Dartmouth College5 Performance consideration Handling a query could involve long latency –Cryptographic operations –Transmission of data over a network Can we build a practical system with reasonable performance?

Institute for Security Technology Studies, Dartmouth College6 Caching and revocation Speed –Reduce average latency for handling a query Freshness –Keep cached information fresh Fault tolerance –Not give unauthorized access based on stale cached information

Institute for Security Technology Studies, Dartmouth College7 Caching mechanism In many pervasive applications, users access a same resource continuously Can avoid issuing subsequent queries with caching Support both positive and negative caching

Institute for Security Technology Studies, Dartmouth College8 Positive and negative caching A fact that is proven goes to the positive KB. Positive KB Negative KB Inference engine ?loc(Bob, room12) TRUE loc(Bob,room12) Host A Host B

Institute for Security Technology Studies, Dartmouth College9 Positive and negative caching A fact that is not provable is stored in the negative KB. Positive KB Negative KB Inference engine ?loc(Alice, room12) FALSE loc(Bob,room12) Host A Host B loc(Alice,room12)

Institute for Security Technology Studies, Dartmouth College10 Capability-based revocation Some facts in a proof are dynamic Multiple hosts can revoke cached information A query result contains a capability (random number) Each host maintains dependencies among local and remote facts

Institute for Security Technology Studies, Dartmouth College11 Capability-based revocation H0H0 H3H3 H2H2 H1H1 ?loc(bob, hospital) (TRUE, c 2 ) (TRUE, c 3 ) ?owner(bob, pda11) ?loc(pda11, hospital) (TRUE, c 1 ) Positive KB owner(bob, pda11), c 2 loc(pda11, hospital), c 3 Positive KB loc(bob, hospital), c 1

Institute for Security Technology Studies, Dartmouth College12 Capability-based revocation H0H0 H3H3 H2H2 H1H1 c3c3 Positive KB owner(bob, pda11), c 2 loc(pda11, hospital), c 3 Positive KB loc(bob, hospital), c 1 c1c1

Institute for Security Technology Studies, Dartmouth College13 Semantics of revocation Positive KB Negative KB Revocation handler loc(Bob,room12), C 1 Host A Host B loc(Alice,room12), C 2 C1C1

Institute for Security Technology Studies, Dartmouth College14 Semantics of revocation Positive KB Negative KB Revocation handler Host A Host B loc(Alice,room12), C 2 C2C2

Institute for Security Technology Studies, Dartmouth College15 Semantics of revocation Positive KB Negative KB Revocation handler Host A Host B loc(Alice,room12), C 2 We cannot use the same capability c2c2 Adversary

Institute for Security Technology Studies, Dartmouth College16 Semantics of revocation Positive KB Negative KB Revocation handler Host A Host B Adversary

Institute for Security Technology Studies, Dartmouth College17 Additional measures for revocation Establish a secure channel for sending revocation messages Generate a new capability for switched cached information

Institute for Security Technology Studies, Dartmouth College18 Evaluation Is our system scalable to a large number of servers? Does our revocation mechanism keep cached information fresh?

Institute for Security Technology Studies, Dartmouth College19 Experiment to measure latency for handling a query Measure latency for handling a query whose proof spans across 27 different hosts in a cluster.

Institute for Security Technology Studies, Dartmouth College20 Comparison of latency for handling a query Latency (ms) Number of nodes in a proof tree No caching with RSA No caching with TDES Cold caching Warm caching Local processing With RSA public-key encryption

Institute for Security Technology Studies, Dartmouth College21 Comparison of latency for handling a query Latency (ms) Number of nodes in a proof tree No caching with RSA No caching with TDES Cold caching Warm caching Local processing With TDES encryption

Institute for Security Technology Studies, Dartmouth College22 Comparison of latency for handling a query Latency (ms) Number of nodes in a proof tree No caching with RSA No caching with TDES Cold caching Warm caching Local processing Exclude latency for initial queries

Institute for Security Technology Studies, Dartmouth College23 Comparison of latency for handling a query Latency (ms) Number of nodes in a proof tree No caching with RSA No caching with TDES Cold caching Warm caching Local processing All the policies and facts in a single host

Institute for Security Technology Studies, Dartmouth College24 Latency for revoking cached information Cluster Test driver query host 0 host 1 host n... Event Generator Event Revocation messages Notification Measure round-trip latency of a revocation message

Institute for Security Technology Studies, Dartmouth College25 Latency for revoking cached information Depth of a proof tree and #hosts Latency (ms)

Institute for Security Technology Studies, Dartmouth College26 Summary Novel caching and revocation mechanisms for a secure distributed proof system Positive and negative caching that minimize the number of remote queries Recursive revocation in a distributed environment The amortized performance of our system scales to dozens of servers

Institute for Security Technology Studies, Dartmouth College27 Thank you! Fore related papers For other projects in our group

Institute for Security Technology Studies, Dartmouth College28 Extra slides

Institute for Security Technology Studies, Dartmouth College29 Semantics of negative revocation A revoked negative fact moves to the positive KB Cannot reuse the same capability A revocation message must contain a new capability encrypted with a secret key.

Institute for Security Technology Studies, Dartmouth College30 Implementation 12,000+ lines of code in Java –based on XProlog (3,800 lines of code) Java Cryptographic Extension (JCE) –RSA public-key operations key length: 1024 bits public exponent: MD5 for signing –TDES symmetric-key operations Outer-CBC in EDE mode key length: 192 bits (3 keys)

Institute for Security Technology Studies, Dartmouth College31 Crypto. parameters RSA public-key operations –key length: 1024 bits –public exponent: –EME-PKCS1-v1_5 padding method –MD5 for signing TDES operations –key length: 192 bits (3 keys) –Outer-CBC in EDE mode

Institute for Security Technology Studies, Dartmouth College32 Experiment of measuring latency for handling a query 27-node (2.8GHz Intel XEONs) cluster with Gigabit Ethernet Java Runtime version1.5.0 on RedHat Linux 9 host Policy Generator KB #nodes in a proof rules & facts

Institute for Security Technology Studies, Dartmouth College33 Experiment of measuring latency for handling a query Test driver query host Event Generator KB proof Events 20 events per second for each fact 10 sets of 10 different queries

Institute for Security Technology Studies, Dartmouth College34 Measurements for revoking cached information Cluster Test driver query host 0 host 1 host n... Event Generator Event Revocation messages Notification Measure round-trip latency of a revocation message

Institute for Security Technology Studies, Dartmouth College35 Related Work Context-sensitive authorization systems [ Al-Muhtadi03, Bacon02, Covington01, Hulsebosch05, Kapadia04, Males03 ] –Centralized architecture Distributed logic system [Ranganathan03] –No caching Caching in a distributed logic system [Bauer05,Katsire03] –No revocation mechanism

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.