authorization credentials for controlled sharing in ndn
play

Authorization credentials for controlled sharing in NDN: Experiments - PowerPoint PPT Presentation

Sep 02, 2022 •291 likes •597 views

Authorization credentials for controlled sharing in NDN: Experiments with codecaps and macaroons in NDN.JS NDNCOMM 2014 Pedro de-las-Heras-Quir os, Eva M. Castro-Barbero <pedro.delasheras@urjc.es> Information Technology and

  1. Authorization credentials for controlled sharing in NDN: Experiments with codecaps and macaroons in NDN.JS NDNCOMM 2014 Pedro de-las-Heras-Quir´ os, Eva M. Castro-Barbero <pedro.delasheras@urjc.es> Information Technology and Communications Department Universidad Rey Juan Carlos, Spain September 5, 2014 pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 1

  2. c � 2014 Pedro de las Heras Qur´ os, Eva M. Castro Barbero. Algunos derechos reservados. Este trabajo se distribuye bajo la licencia Creative Commons Attribution Share-Alike disponible en http://creativecommons.org/licenses/by-sa/3.0/es pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 2

  3. Contents Codecaps for NDN 1 Macaroons for NDN 2 Why use these mechanisms in NDN? 3 pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 3

  4. Introduction We are developing prototypes of codecaps and macaroons for NDN using NDN-CCL (NDN.JS v0.3), ndnd-tlv, ndncert, Mini-CCNx (adapted to ndnd-tlv) Work in progress to explore potential solutions for encryption based group access control for NDN apps Expect more doubts than claims: Can these mechanisms improve consumer anonymity in NDN when compared with signed interests? Can they facilitate service composition of NDN apps? Example applications: Raw sensor data stored and published to service that transforms and republishes data to different group, with different rights Example application: want to let my family group / friends group some of the photos in NDNFlickr, withouth them having an account there Delegation of voting rights acording to subject Open mHealth pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 4

  5. Codecaps for NDN Contenidos Codecaps for NDN 1 Macaroons for NDN 2 Why use these mechanisms in NDN? 3 pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 5

  6. Codecaps for NDN What are Codecaps Secure abstraction with code capabilities. R. van Renesse, H.D. Johansenn, N. Naigaonkar and D. Johansen. In 21st Euromicro International Conference on Parallel, Distributed and Network-Based Processing, 2013 Codecaps are Capabilities that embed code that programatically expresses the rights acquired by the owner Rights are code (Javascript in the original paper) that is evaluated in the context of a request to grant/deny access. pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 6

  7. Codecaps for NDN What are Codecaps Codecaps can be extended by principals. Each codecap includes a certificate chain that can be extended by its owner by adding new right functions that attenuate the original rights Codecaps are extended for a particular principal: each certificate in the chain signs both a new right function and the Public Key of the principal who can use the new extended codecap pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 7

  8. Codecaps for NDN What are Codecaps A request includes a codecap + action requested A request can be created by any principal owning a Codecap by signing the requested action with its private key and sending it alongside the codecap The original creator of the codecap validates the chain of certificates of the request, and evaluates if every rights function is satisfied in the context of the request, granting or denying access pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 8

  9. Codecaps for NDN Example /ndn/urjc/ bob O1: bob, RW /ndn/urjc /ndn/ucla/ mary pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 9

  10. Codecaps for NDN Example Signed interest /ndn/urjc/ /ndn/urjc/ get-codecap / O1 bob O1: bob, RW /ndn/urjc /ndn/ucla/ mary pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 10

  11. Codecaps for NDN Example Signed interest /ndn/urjc/ /ndn/urjc/ get-codecap / O1 bob K-urjc{K+bob, O1, RW} O1: bob, RW /ndn/urjc /ndn/ucla/ mary pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 11

  12. Codecaps for NDN Example Signed interest /ndn/urjc/ /ndn/urjc/ get-codecap / O1 bob K-urjc{K+bob, O1, RW} O1: bob, RW Signed interest /ndn/urjc /ndn/urjc/bob/ get-codecap / O1 /ndn/ucla/ mary pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 12

  13. Codecaps for NDN Example Signed interest /ndn/urjc/ /ndn/urjc/ get-codecap / O1 bob K-urjc{K+bob, O1, RW} O1: bob, RW Signed interest /ndn/urjc /ndn/urjc/bob/ get-codecap / O1 K-urjc {K+bob, O1, RW} K-bob {K+mary, O1, R} /ndn/ucla/ mary pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 13

  14. Codecaps for NDN Example Signed interest /ndn/urjc/ /ndn/urjc/ get-codecap / O1 bob K-urjc{K+bob, O1, RW} O1: bob, RW Signed interest /ndn/urjc /ndn/urjc/bob/ get-codecap / O1 K-urjc {K+bob, O1, RW} K-bob {K+mary, O1, R} Signed interest /ndn/urjc/ O1 / W / K-urjc{K+bob ,O1, RW} K-bob{K+mary, O1, R} /ndn/ucla/ mary pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 14

  15. Macaroons for NDN Contenidos Codecaps for NDN 1 Macaroons for NDN 2 Why use these mechanisms in NDN? 3 pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 15

  16. Macaroons for NDN What are Macaroons Macaroons: Cookies with contextual caveats for decentralized authorization in the cloud. A. Birgisson, J.G. Politz, ´ Ulfar Erlingsson, A. Taly, M. Vrable, and M. Lentczner. In Network and Distributed System Security Symposium, 2014 Similar to codecaps although they’re not capabilities, but credentials pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 16

  17. Macaroons for NDN What are Macaroons Also embed code: authorization predicates in caveats, similar to rights functions of codecaps Express when, where, by who and for what purpose a producer principal should authorize requests for content or services it owns pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 17

  18. Macaroons for NDN What are Macaroons Macaroons can also be extended but they don’t use PK certificates for expressing delegation The list of caveats added by principals is chained through HMAC’s: much more efficient, and potentially anonymous for NDN consumers Original creator of macaroon keeps secret the root key used to calculate the first HMAC, and adds nonce identifying it to macaroon Next principal in chain will use the previous HMAC as the key for calculating HMAC of next caveat added Requests can only be validated by original creator, who recalculates the chain of HMACs starting with secret root key indexed by nonce in macaroon of request pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 18

  19. Macaroons for NDN What are Macaroons Main innovation of macaroons: third-party caveats pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 19

  20. Macaroons for NDN Example Bob receives macaroon created by /ndn/urjc O1: bob, RW nonce X caveat: /ndn/urjc/ /ndn/urjc O1, RW bob Bob friends: mary, K+mary jane, K+jane ... /ndn/urjc/ /auth-service mary pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 20

  21. Macaroons for NDN Example Bob extends the macaroon with normal caveat and with third-party caveat that requires Mary to authenticate in auth-service, and then sends the extended macaroon to Mary O1: bob, RW nonce X caveat: /ndn/urjc/ /ndn/urjc O1, RW bob nonce X caveat: O1, RW caveat: O1, R Bob friends: 3rd party caveat, nonceY : mary, K+mary my friend in /auth-service? jane, K+jane ... /ndn/urjc/ /auth-service mary pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 21

  22. Macaroons for NDN Example In order for Mary to create a request for O1, she must first authenticate herself in the third party auth-service to satisfy the third party caveat as demanded by Bob O1: bob, RW nonce X caveat: /ndn/urjc/ /ndn/urjc O1, RW bob nonce X caveat: O1, RW caveat: O1, R Bob friends: 3rd party caveat, nonceY : mary, K+mary my friend in /auth-service? jane, K+jane ... /ndn/urjc/ 3rd party caveat: /auth-service my friend in /auth-service? mary nonce Y discharge macaroon pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 22

  23. Macaroons for NDN Example Mary then adds the discharge macaroon to a request sent to /ndn/urjc O1: bob, RW nonce X caveat: /ndn/urjc/ /ndn/urjc O1, RW bob nonce X nonce X caveat: caveat: O1, RW O1, RW caveat: caveat: O1, R O1, R Bob friends: nonce Y 3rd party caveat, nonce Y, 3rd party caveat, nonceY : mary, K+mary my friend in /auth-service? discharge jane, K+jane macaroon ... /ndn/urjc/ 3rd party caveat: /auth-service my friend in /auth-service? mary nonce Y discharge macaroon pedro.delasheras@urjc.es - 2014 Authorization credentials for controlled sharing in NDN 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CREDENTIALS STUDENT RECORD SERVICES TUTORIAL WHAT ARE CREDENTIALS ? 01 credentials ( noun )

CREDENTIALS STUDENT RECORD SERVICES TUTORIAL WHAT ARE CREDENTIALS ? 01 credentials ( noun )

CREDENTIALS STUDENT RECORD SERVICES TUTORIAL WHAT ARE CREDENTIALS ? 01 credentials ( noun ) reference materials used to support applications for employment or graduate study BENEFITS OF CREATING A FILE Compile all of your resources in the Career

677 views • 21 slides
Precision Information Sharing Craig Thompson &amp; Fred Davis University of Arkansas Credentials

Precision Information Sharing Craig Thompson &amp; Fred Davis University of Arkansas Credentials

Digital Fort Knox Precision Information Sharing Craig Thompson &amp; Fred Davis University of Arkansas Credentials Craig Thompson Acxiom Database Chair in Engineering, co-architect of OMG Object Service Architecture, and 15 years

417 views • 10 slides
Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research Credentials: Motivation ID cards Sometimes used for other uses E.g. prove youre over 21, or verify your address

659 views • 48 slides
Moderator-controlled Information Sharing by Identity-based Aggregate Signatures for Information

Moderator-controlled Information Sharing by Identity-based Aggregate Signatures for Information

Moderator-controlled Information Sharing by Identity-based Aggregate Signatures for Information Centric Networking Tohru Asami 1 , Byambajav Namsraijav 1 , Yoshihiko Kawahara 1 , Kohei Sugiyama 2 , Atsushi Tagami 2 , Tomohiko Yagyu 3 , Kenichi

442 views • 29 slides
myneData Towards a Trusted and User-controlled Ecosystem for Sharing Personal Data Roman

myneData Towards a Trusted and User-controlled Ecosystem for Sharing Personal Data Roman

myneData Towards a Trusted and User-controlled Ecosystem for Sharing Personal Data Roman Matzutt, Dirk Mllmann, Eva-Maria Zeissig, Christiane Horst, Kai Kasugai, Sean, Lidynia, Simon Wieninger, Jan Henrik Ziegeldorf, Gerhard Gudergan, Indra

427 views • 39 slides
Contract Authorization J-Class Road Cost Sharing Program DTIR Agreement 2018-014 Scott

Contract Authorization J-Class Road Cost Sharing Program DTIR Agreement 2018-014 Scott

Contract Authorization J-Class Road Cost Sharing Program DTIR Agreement 2018-014 Scott Conrod, CAO Scott Quinn, Director EPW Lands and Parks Council April 7, 2020 Which Matter Being Discussed Three different J-Class matters for Council

270 views • 9 slides
Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing

70 views • 6 slides
OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios

OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios

OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos Resource sharing Authorization Client Resource owner Resource storage Resource access Resource

1.11k views • 18 slides
Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably Authorization answers the question who is allowed to do what ? A first step in the development of an access control system is the

651 views • 53 slides
1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel Expense 4. Travel Regulations 2 Travel Authorization (See Next Slide for Detailed Steps) 2. Trip Information goes here 1. Budgetary Coding goes

319 views • 11 slides
CREDENTIALING AND PRIVILEGING CVOs Credentials Verification Organizations Organization may

CREDENTIALING AND PRIVILEGING CVOs Credentials Verification Organizations Organization may

CREDENTIALING AND PRIVILEGING CVOs Credentials Verification Organizations Organization may elect to rely on a Credentials Verification Organization (CVO) to conduct primary source verification of an applicants credentials. * Prior to

467 views • 21 slides
Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It

Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It

Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It is designed to : Assist in benefit determination Prevent unanticipated denials of coverage Create a collaborative approach to

187 views • 18 slides
Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents https://cametoolbox.fnal.gov/Project/WADReports?ProjectName=HL-L... Work Authorization Documents Work Authorization Document Control Account Information Control Account Manager: 10629N Nobrega, Fred Control

56 views • 5 slides
Controlled Sharing of Sensitive Content NDN Case Study Yingdi Yu UCLA 10/3/15 1

Controlled Sharing of Sensitive Content NDN Case Study Yingdi Yu UCLA 10/3/15 1

Controlled Sharing of Sensitive Content NDN Case Study Yingdi Yu UCLA 10/3/15 1 Content-based confidentiality Confidentiality stays with content independent from where the content is independent from how it is

647 views • 10 slides
Count Controlled CSCI-UA.0002-008 Loops Count Controlled Loops A count controlled loop is a

Count Controlled CSCI-UA.0002-008 Loops Count Controlled Loops A count controlled loop is a

Introduction to Computer Programming Count Controlled CSCI-UA.0002-008 Loops Count Controlled Loops A count controlled loop is a repetition structure that iterates a specific number of times In contrast, a condition controlled loop iterates a

560 views • 39 slides
The Evaluation of Immigrant Credentials Dietz, Esses, Joshi, Bonnet-Abu Ayyouh Issue: What role

The Evaluation of Immigrant Credentials Dietz, Esses, Joshi, Bonnet-Abu Ayyouh Issue: What role

The Evaluation of Immigrant Credentials Dietz, Esses, Joshi, Bonnet-Abu Ayyouh Issue: What role do three factors play in the evaluation of educational credentials: 1. Immigrant status 2. Accreditation (or not) of foreign credentials 3. Race

547 views • 15 slides
A Vision of Value: Planting roots in Mexico Evan Benkert, Kristen Busby, Isa Eugenio Hunter

A Vision of Value: Planting roots in Mexico Evan Benkert, Kristen Busby, Isa Eugenio Hunter

A Vision of Value: Planting roots in Mexico Evan Benkert, Kristen Busby, Isa Eugenio Hunter Gray, &amp; Joey Padgett Dollar Tree should enter Mexico through a joint venture with Calimax Approach Partner Position Prosper Profitably increase

638 views • 46 slides
Indigenous Population in the Americas Mexico 15.7 millions 15% Peru 13.8 millions 45%

Indigenous Population in the Americas Mexico 15.7 millions 15% Peru 13.8 millions 45%

INDIGENOUS (NATIVE) LATIN AMERICAN IMMIGRANTS: among the most vulnerable workers Leoncio Vasquez Santos Seth M. Holmes, PhD, MD Faculty Disclosure We have nothing to disclose Indigenous Population in the Americas Mexico 15.7 millions 15%

548 views • 15 slides
Recent Progress in Understanding the Electrical Reliability of GaN High-Electron Mobility

Recent Progress in Understanding the Electrical Reliability of GaN High-Electron Mobility

Recent Progress in Understanding the Electrical Reliability of GaN High-Electron Mobility Transistors J. A. del Alamo Microsystems Technology Laboratories Massachusetts Institute of Technology 2015 MRS Spring Meeting Symposium AA: Materials

589 views • 25 slides
LOVE YOUR HEART 2019: O U R C O L L E C T I V E I M PA C T June 18, 2019 1 Overview of

LOVE YOUR HEART 2019: O U R C O L L E C T I V E I M PA C T June 18, 2019 1 Overview of

LOVE YOUR HEART 2019: O U R C O L L E C T I V E I M PA C T June 18, 2019 1 Overview of Love Your Heart 2019 Why Love Your Heart? Love Your Heart Results Ama Tu Corazn Love Your Heart Partner Stories 2 TODAYS SPEAKERS

610 views • 28 slides
Introduction. Preprocessing. Laws September 8, 2019 Slides by Marta Arias, Jos Luis Balczar,

Introduction. Preprocessing. Laws September 8, 2019 Slides by Marta Arias, Jos Luis Balczar,

CAI: Cerca i Anlisi dInformaci Grau en Cincia i Enginyeria de Dades, UPC Introduction. Preprocessing. Laws September 8, 2019 Slides by Marta Arias, Jos Luis Balczar, Ramon Ferrer-i-Cancho, Ricard Gavald, Department of Computer

501 views • 35 slides
Technology Initiative Objectives of the 2017 Symposium and Practical Arrangements 27.09.2017

Technology Initiative Objectives of the 2017 Symposium and Practical Arrangements 27.09.2017

UN Basic Space Technology Initiative Objectives of the 2017 Symposium and Practical Arrangements 27.09.2017 Daniel Garca Yrnoz daniel.garciayarnoz@un.org UNOOSAs Mission Statement The core business of the Office is to promote

447 views • 29 slides
How to Gauge the Accuracy Let Us Use This Idea . . . Resulting . . . of Fuzzy-Control But What

How to Gauge the Accuracy Let Us Use This Idea . . . Resulting . . . of Fuzzy-Control But What

Need to Gauge . . . Such Gauging Is . . . How We Elicit Fuzzy . . . How to Gauge the Accuracy Let Us Use This Idea . . . Resulting . . . of Fuzzy-Control But What Should We . . . Resulting Algorithm Recommendations: Proof A Simple Idea

381 views • 15 slides
It is a great pleasure to be here at this conference, with this very vibrant group. Coming from BC,

It is a great pleasure to be here at this conference, with this very vibrant group. Coming from BC,

It is a great pleasure to be here at this conference, with this very vibrant group. Coming from BC, I do want to acknowledge the welcome to the traditional territories of the Blackfoot Confederacy and the Tsuu Tina people. Its also a wonderful

569 views • 20 slides

More recommend