A consumer-driven access control approach to censorship - - PowerPoint PPT Presentation

a consumer driven access control approach to censorship
SMART_READER_LITE
LIVE PREVIEW

A consumer-driven access control approach to censorship - - PowerPoint PPT Presentation

Dec 05, 2023 227 likes •584 views

A consumer-driven access control approach to censorship circumvention in content-centric networking Jun Kurihara, Kenji Yokota and Atsushi Tagami KDDI R&D Laboratories, Inc. ACM ICN 2016 Kyoto, Japan, Sep. 28, 2016 1 Sep. 28, 2016 Jun

slide-1
SLIDE 1

A consumer-driven access control approach to censorship circumvention in content-centric networking

Jun Kurihara, Kenji Yokota and Atsushi Tagami

KDDI R&D Laboratories, Inc.

ACM ICN 2016 Kyoto, Japan, Sep. 28, 2016

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

1

slide-2
SLIDE 2

Outline of my talk

1. Introduction 2. Censorship circumvention in CCN 3. Basics of consumer-driven access control approach 4. Enhancement using manifest and nameless object 5. Conclusion

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

2

slide-3
SLIDE 3

Introduction

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

3

slide-4
SLIDE 4

Censorship: A serious problem in networking

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

4

Censorship in a network: Monitoring network messages, checking ‘what is requested’, and dropping messages in the blacklist by a certain authority. Censorship is widely spread now and serious problem in the Internet

slide-5
SLIDE 5

Censorship is easily enforceable in CCN

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

5

consumer domain: /kddi publisher router

Censorship authority

  • Capture and analyze interests; and
  • Drop any interests by checking only their

names “democracy” Explicitly-given and semantic name in CCN made censorship trivial.

domain: /kyoto

Content data itself can be encrypted in a certain AC, but interest name is not.

slide-6
SLIDE 6

Censorship circumvention in CCN

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

6

slide-7
SLIDE 7

Two types of countermeasures in CCN

  • Tor-like scheme
  • Multi-layered encryption at

anonymizing routers

  • Significant overhead and delay
  • Proxy-based scheme
  • Establishing anonymized channel

between proxy and consumer

  • Simpler and faster than Tor-like

scheme

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

7

  • R. Tourani, S. Misra, J. Kliewer, S. Ortegel, and T. Mick, “Catch me if you

can: A practical framework to evade censorship in information-centric networks,” in Proc. ACM ICN 2015.

  • C. Ghali, M. A. Schlosberg, G. Tsudik, and C. A. Wood, “Interest-based

access control for content centric networks,” in Proc. ACM ICN 2015.

  • S. DiBenedetto, P. Gasti, G. Tsudik, and E. Uzun, “ANDāNA: Anonymous

named data networking application,” in Proc. NDSS 2012.

slide-8
SLIDE 8

Proxy-based approach

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

8

?

domain: /kddi

(/kddi/democracy.mpg) /kddi/democracy.mpg

encrypt! decypt! Trusted proxy

Communication via encrypted name plaintext name

Our scheme is basically categorized as a proxy–based scheme

Anonymized interest (/<routable prefix>/ + encrypted name)

interest

slide-9
SLIDE 9

Cache recycling problem of proxy-based approaches

Anonymized communication is established between each consumer and a proxy under distinct encryption key.

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

9

Anonymized communication channel

Consumer A Consumer B

Cached content never be recycled

Standard CCN behind the proxy

The same content is queried via different names by different users

slide-10
SLIDE 10

Basics of consumer-driven access control approach

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

10

slide-11
SLIDE 11

System model

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

11 anonymizer A (trusted proxy) cache enabler E2 (as a router) attacker (as a router) consumers CCN router publisher cache enabler E1 (as a router)

domain: /kddi

  • Content names follow a conventional (ICN) hierarchical naming scheme like

URL (e.g., /kddi/demo/video.mpg).

  • Entity: CCN basic parties + cache enablers Ei + anonymizer A + attacker
slide-12
SLIDE 12

Capture/analyze interests

Attacker definitions

We consider two types of attackers.

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

12

Passive Attacker Active Attacker

Modify interests

  • Learn “what is requested”

and “who is requesting”;

  • Drop/filter interests

*Passive ⊃ Active

Stronger version Masquerade as legitimate consumers

Capture/analyze interests

slide-13
SLIDE 13

Key elements of our approach

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

13

(1) Encryption-based access control to interest names for cache enablers and anonymizer (2) Authentication and decryption with hidden consumer ID at cache enablers and anonymizer

[Against passive/active attacker] [Against passive attacker]

slide-14
SLIDE 14

(1) Encryption-based access control to names: Preliminary

Access control:

A technique used to regulate who or what can view raw/original data in a computing environment.

Encryption-based access control:

Data is encrypted in such a way that only authorized users are allowed to decrypt the encrypted data and obtain the raw data.

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

14

Assigned decryption keys are identified as access rights

Encrypted data With no key

With valid key With valid key Possibly different

slide-15
SLIDE 15

(1) Encryption-based access control to names: Overview of the approach

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

15 anonymizer

A

cache enabler

E1 domain: /kddi Consumer grants access rights to original interest names to cache enablers Ei and anonymizer A via the encryption-based access control

Assign key for E2 Assign key for E1

E2

Assign key for A

slide-16
SLIDE 16

(1) Decrypt

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

16

(/kddi/democracy.mpg)

(/kddi/democracy.mpg)

/kddi/democracy.mpg

(2) CS search with original name

/kddi/democracy.mpg

CS

(3) Respond by encrypted name

(/kddi/democracy.mpg)

content object [Processing incoming interest at Ei]

*** illustrated only the case of cache hit for simplicity. ***

Qualified cache enabler

Ei

Anonymized interest (/routable prefix/ + encrypted name)

Consumers encrypts interest names in such a way that pre-authorized Ei and A can decrypt them and obtain original names.

slide-17
SLIDE 17
  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

17

content object

(/kddi/democracy.mpg)

(1) Decrypt

(/kddi/democracy.mpg)

/kddi/democracy.mpg

(2) Cache with original name for recycle

CS

/kddi/democracy.mpg

[Processing incoming content at Ei] (simply the dual of interest case)

Access control to interest names ↔ Access control to cache-recycling opportunities

*** omitted the process of PIT entry consumption for simplicity. ***

[Key observation]

Qualified cache enabler

Ei

slide-18
SLIDE 18

Ei and A must learn the consumer ID from an interest to find a consumer specific key(s) for name decryption and interest authentication via HMAC/signature Consumer ID itself leaks the consumer information to attackers

(2) Authentication and decryption with hidden ID: Preliminary

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

18

[Observations] [Requirements]

  • Consumer ID must be included and hidden in interests
  • Only cache enablers and anonymizer learn the ID from an interest for

decryption and authentication

slide-19
SLIDE 19

(2) Authentication and decryption with hidden ID: Overview of the approach

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

19 anonymizer

A domain: /kddi

Assign key for E1

E2 Anonymizer uses a public key broadcast encryption for hiding IDs in interests.

  • Decryption keys are assigned to cache enablers
  • Public (encryption) key is published.

Store key for A Having public key Having public key Assign key for E2

E1

slide-20
SLIDE 20
  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

20

Consumer generates the anonymizing interest from the encrypted name as:

Broadcast public key from A

(/kddi/democracy.mpg) (Consumer ID)

Encrypted ID Encrypted name

HMAC generation by name encryption key HMAC

slide-21
SLIDE 21
  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

21

Ei and A authenticate and generate the incoming interest as:

Assigned broadcast decryption key

(/kddi/democracy.mpg) (Consumer ID)

Encrypted ID Encrypted name

Retrieve the name encryption key associated to the ID from key storage HMAC Consumer ID Authenticate! Decrypt!

slide-22
SLIDE 22

Advantage and disadvantage

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

22

  • No leakage about content name (what)
  • No leakage about consumer identity (who)

[Security for passive attacker]

  • Interest modification can be detected

[Security for active attacker]

slide-23
SLIDE 23
  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

23

  • In-network caching can be fully leveraged at cache enablers

Ei’s and anonymizer A

  • More beneficial as # of Ei’s increases.

[Efficiency]

  • Cryptographic operations (access control and authentication)

at Ei and A may involve serious computational cost.

  • More serious overhead as # of Ei’s increase.

trade-off between cache recycling

  • pportunity and overhead
slide-24
SLIDE 24
  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

24

This problem is solved by combining our approach with manifest and nameless objects. We minimize the overhead with maintaining the security and maximizing the benefit of in-network caching.

slide-25
SLIDE 25

Enhancement using manifest and nameless object

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

25

slide-26
SLIDE 26

Preliminary: Manifest and nameless objects in CCNx

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

26

Manifest: Content object providing a list of content objects (names and hashes)

Names Hashes /kddi/democracy.mpg/1 0xABCD /kddi/democracy.mpg/2 0x1234 /kddi/democracy.mpg/3 0xA1B2 … …

Manifest structure

content object catalog signature

Guarantee of integrity and unforgeability

Manifest-based content retrieval: Consumer first obtain and parse manifest, then retrieve listed content objects.

Listed items can be authenticated

  • nly by lightweight hash verification.

Additional information (e.g., decryption key name/hash)

slide-27
SLIDE 27

Nameless object: a variant of content object

  • Content object payload is decoupled with name.
  • Queried by arbitrary-given but correctly-routable name + its hash value.
  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

27 Content replica redirection can be easily realized.

hash name Used for interest routing Used for CS/PIT search /anonymized/v.mpg/1 /kddi/democracy.mpg/1 0x1234ABCD /kyoto/movie.mpg/1

**Decoupled from name**

May have multiple combinations

Note: Consumer needs to first retrieve a manifest in order to learn routable names and hashes for nameless objects.

  • riginal

replica replica

slide-28
SLIDE 28

Maximizing benefit of in-network caching with minimizing computational overhead

Assumption: Desired content objects are encrypted under appropriate access control (like CCN-AC*), and attacker does not know their hashes. Assumption: Desired content objects are nameless objects and hosted at a certain consumer-reachable replication server with meaningless (uncensored) names.

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

28

Important observation: The name of replicated content object itself is semantically meaningless.

  • > Nameless objects are never filtered based on name.
  • J. Kurihara, E. Uzun, and C. A. Wood. An encryption-based access control framework for content-centric networking. In Proc. IFIP Networking 2015
slide-29
SLIDE 29

The 2-phased strategy of enhancement:

  • [Phase 1]

Manifest and non-replicated extra information (e.g., decryption keys) are retrieved by consumer-driven access control approach.

  • [Phase 2]

Replicated nameless content objects are simply queried in the standard manner of content retrieval.

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

29

  • > Our secure but heavy approach is used only for manifest + α
  • > Large number of objects are never be filtered even in the standard manner.
slide-30
SLIDE 30
  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

30 anonymizer a.k.a. replication server anonymized interest for a manifest publisher manifest interest for a manifest Cryptographic operations on interest name interests for listed nameless objects listed nameless

  • bjects

replicating nameless objects Phase 1 Phase 2

Example of minimization of computational cost in flow:

No cryptographic operations at intermediate nodes in phase 2!

slide-31
SLIDE 31
  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

31 anonymizer a.k.a. replication server anonymized interest for a manifest publisher manifest interest for a manifest

  • pportunity to respond from cache

interests for listed nameless objects listed nameless

  • bjects

replicating nameless objects

Example of cache recycling opportunities in flow:

Phase 1 Phase 2

Every node has recycling opportunity in phase 2!

slide-32
SLIDE 32

Conclusion

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

32

slide-33
SLIDE 33

Conclusion and future work

  • In this talk:
  • We introduced a proxy-based censorship circumvention approach

enabling in-network caching.

  • Consumer-driven access control to interest names
  • Authentication and decryption with hidden consumer ID
  • We enhanced the approach by using manifest and nameless objects
  • Maximizing the cache recycling opportunity
  • Minimizing the overhead of cryptographic computation at intermediate nodes
  • Future work:
  • Implementation and performance evaluation in realistic environment with specific

settings.

  • etc.
  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

33

slide-34
SLIDE 34

Thank you!

  • Sep. 28, 2016

Jun Kurihara (KDDI R&D Labs.)

34

Comment and question...?

e-mail: kurihara@ieee.org