interest based access control in ccn
play

Interest-Based Access Control in CCN Cesar Ghali, Marc A. - PowerPoint PPT Presentation

Apr 27, 2023 •18 likes •398 views

Interest-Based Access Control in CCN Cesar Ghali, Marc A. Schlosberg, Gene Tsudik, Christopher A. Wood Department of Computer Science University of California Irvine woodc1@uci.edu Confidential Agenda 1. Introduction and Access Control

  1. Interest-Based Access Control in CCN Cesar Ghali, Marc A. Schlosberg, Gene Tsudik, Christopher A. Wood Department of Computer Science University of California Irvine woodc1@uci.edu Confidential

  2. Agenda 1. Introduction and Access Control Overview 2. IBAC Security Model 3. IBAC via Name Obfuscation 4. Security Considerations 5. Experimental Assessment 6. Conclusions and Recommendations 2

  3. CCN Elevator Pitch • Content is named and transferred through the network from producers to consumers upon request • Any consumer can ask for content by name • Producers are responsible for access control 3

  4. 
 
 Notation N name of a Content Object CO [ N ] N content object with name 
 U ( N ) N set of consumers authorized to access content with name ¯ U ( N ) complement of the above G group of consumers 4

  5. The Access Control Problem Question : How to ensure that only authorized users access a content object? 1. Content-based: Ensure that only authorized consumers can decrypt content they retrieve 2. Interest-based: Ensure that consumers can only retrieve content they are authorized to access 5

  6. Content-Based Access Control CO [ N ] Main Idea: If then should not be able to decrypt Cr / ∈ U ( N ) Cr • A preliminary specification was first introduced in [1] • Many variations based on different public-key cryptographic algorithms have been proposed (see [2]): • Broadcast encryption • Attribute-based encryption • Proxy-based re-encryption • … etc. [1] Smetters, Diana, Philippe Golle, and Jim Thornton. CCNx Access Control Specifications. Technical report, PARC, 2010. [2] Kurihara, Jun, C. Wood, and Ersin Uzun. “An Encryption-Based Access Control Framework for Content-Centric Networking.” IFIP, 2015. 6

  7. Content-Based AC in Pictures Content Object Header [/a/b/c] Payload ValidationSection 7

  8. Content-Based AC in Pictures (cont’d) Content Object Content Object Header [/a/b/c] Header [/a/b/c] Enc(k, payload) Payload Payload ValidationSection ValidationSection 8

  9. Content-Based AC in Pictures (cont’d) Content Object Content Object Content Object Header [/a/b/c] Header [/a/b/c] Header [/a/b/c/k] Enc(k, payload) Payload Payload Payload ValidationSection ValidationSection ValidationSection 9

  10. Interest-Based Access Control Main Idea: If then should not be able to construct a Cr / ∈ U ( N ) Cr correct interest for CO [ N ] Implication : Interest names should depend on a secret that only authorized consumers know 10

  11. Interest-Based AC in Pictures Content Object Header [/a/b/c] Payload ValidationSection 11

  12. Interest-Based AC in Pictures (cont’d) obfuscated su ffi x Content Object Content Object Header [/a/b/c] Header [/a/b/c] Enc(k, name) Payload Payload ValidationSection ValidationSection 12

  13. … why not do both? 13

  14. Two Dimensions of AC obfuscated obfuscated su ffi x su ffi x Content Object Content Object Content Object Header [/a/b/c] Header [/a/b/c] Header [/a/b/c] Header [/a/b/c/k] Header [/a/b/c/k] Enc(k1, name) Enc(k2, payload) Payload Payload Payload ValidationSection ValidationSection ValidationSection 14

  15. Security Model IBAC is about obfuscating the name (the payload may also be encrypted…) Security means: an adversary without the (group) secret cannot generate the same obfuscated name Let be the set of all routers on the path between and P Cr Path ( Cr, P ) Adv Assume who can deploy and compromise any unauthorized consumer or any router R / ∈ Path ( Cr, P ) • On-path adversaries can see the names in interest and content • …will consider this later 15

  16. IBAC via Name Obfuscation The goal of IBAC is to make the name of a content object available N N 0 = f ( N ) f under the name for some obfuscation function At least two ways to do this: • Encryption-based • Hash-based Note : the obfuscation function only masks the suffix of a name — not the routable prefix 16

  17. Encryption-based Obfuscation N 0 = Enc ( k, N ) k where is the private key associated with an authorized Cr 17

  18. Supporting Multiple Groups Question 1 : What if we want group-based access control, i.e., where consumers in the same group generate the same obfuscated name? k G (One) Answer : Consumers in group share the encryption key G 18

  19. Supporting Multiple Groups Question 1 : What if we want group-based access control, i.e., where consumers in the same group generate the same obfuscated name? k G (One) Answer : Consumers in group share the encryption key G Question 2 : How does a producer identify the correct decryption key for content? (One) Answer : Include the group identifier in the payload of each interest, e.g., P ID G = H ( k G ) 19

  20. Supporting Multiple Groups (cont’d) Question 3: How to prevent likability of multiple interests with the ID G same ? (One) Answer : Encrypt the identifiers using the publisher’s public pk P key ID G = Enc ( pk P , H ( k G )) P 20

  21. Hash-based Obfuscation N 0 = H ( k, N ) k where is the same shared group key 
 21

  22. Hash-based Obfuscation N 0 = H ( k, N ) k where is the same shared group key H Introduces more state since a producer must be able to invert to discover N 22

  23. What about on-path attackers?… 23

  24. Replay Attacks 1) issue interest I for IBAC-protected content with name N I[N] I[N] C R P CO[N] CO[N] 2) Cache IBAC-protected 3) Consume content CO[N] content CO[N] 24

  25. Replay Attacks (cont’d) 25

  26. Replay Attacks (cont’d) 26

  27. Replay Attacks in Detail Any (on-path) adversary can observe an obfuscated interest, replay it, and get the same content Replay prevention : • Nonces and timestamps help prevent replays • … in addition to consumer authentication information ⇣ ⌘ G ( N 0 || ID G || r || t ) Payload = ID G , r, t, σ = Sign sk s 27

  28. Interest Authentication Question : How can a router check if a given (cached) content object should be returned in response to an interest? Answer : Verify an authenticator in interests (e.g., a digital signature) 28

  29. Interest Authentication Question : How can a router check if a given (cached) content object should be returned in response to an interest? Answer : Verify an authenticator in interests (e.g., a digital signature) Question : How does a router know what key(s) to use for verification? Answer : Follow the authorized content key binding (ACKB) rule: ACKB: Cached content protected under IBAC must reflect the verification key associated with the authorization policy. 29

  30. ACKB in Action (Part 1) P verification key 30

  31. ACKB in Action (Part 2) 31

  32. Verification Procedure 32

  33. Handling Policy Changes • Policy changes include adding and removing users from groups • Adding users to groups is easy (give them the right key) • Removing users is hard: • Generate and distribute new group keys • Cached content may still exist in the network 33

  34. Experimental Assessment • Without authorization checks, routers incur no added overhead • With authorization checks, routers must: • Manage and verify nonces and timestamps • Verify interest signatures (!) 34

  35. DoS Issues I Fraction 35

  36. Recommendations • If replay attacks are not a concern, consumers use name obfuscation and include their group identity in interests. • Otherwise, name obfuscation must be used and authorization information must be included in interests. • If replay attacks are plausible but name privacy is not a concern, authorization information is sufficient. 36

  37. Conclusion 1. Motivated content- and interest-based access control 2. Two ways to enforce IBAC 3. One way to handle replay attacks 4. Experimental assessment 5. Recommendations for using IBAC 37

  38. Questions?… 38

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File Systems Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University

667 views • 23 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Access Control Enforcement Access Control Enforcement for Conversation- -based based for

Access Control Enforcement Access Control Enforcement for Conversation- -based based for

The Cyber Center The Cyber Center Access Control Enforcement Access Control Enforcement for Conversation- -based based for Conversation Web Services Web Services Massimo Mecella * Mourad Ouzzani Univ. Roma LA SAPIENZA, Italy Purdue

375 views • 26 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of security administration p y y For large number of subjects and objects, the number of authorizations can become extremely large For dynamic

536 views • 51 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
Overview Access control lists Capability lists Locks and keys Rings-based

Overview Access control lists Capability lists Locks and keys Rings-based

Overview Access control lists Capability lists Locks and keys Rings-based access control Propagated access control lists May 31, 2005 ECS 235, Computer and Information Slide #1 Security Access Control Lists Columns

1.24k views • 80 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System Evaluation Criteria (TCSEC) Background MAC Mandatory Access Control Firm security levels DAC Discretionary Access Control Access

240 views • 6 slides
Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control Introduction to Computer Security Announcements intermission Day 11: OS security: higher assurance Stephen McCamant OS trust and assurance University

303 views • 9 slides
Language-Based Access Control and Safety Language-based access control is impossible in a

Language-Based Access Control and Safety Language-based access control is impossible in a

Language-Based Access Control and Safety Language-based access control is impossible in a programming language that is not memory safe. Without memory safety, there is no way to guarantee separation of memory used by different program

413 views • 30 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody {ab374,km}@cl.cam.ac.uk University of Cambridge, Computer Laboratory, OPERA Policy 2002 1 Outline Role-Based Access Control OASIS

480 views • 14 slides
A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and

A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and

A Distributed Calculus for Role-Based Access Control Chiara Braghin joint work with D. Gorla and V. Sassone MyThS Meeting, Venice, June, 14th, 2004 A Distributed Calculus for Role-Based Access Control p.1/18 RBAC Why: Role-Based Access

613 views • 36 slides
SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is

Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is

Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is access control? Access control is the part of security that constrains the actions that are performed in a system based on access control rules .

1.4k views • 113 slides
ANOVA: Analysis of Variance Marc H. Mehlman marcmehlman@yahoo.com University of New Haven

ANOVA: Analysis of Variance Marc H. Mehlman marcmehlman@yahoo.com University of New Haven

ANOVA: Analysis of Variance Marc H. Mehlman marcmehlman@yahoo.com University of New Haven The analysis of variance is (not a mathematical theorem but) a simple method of arranging arithmetical facts so as to isolate and display the

722 views • 34 slides
Zlus: a synchronous language with ODEs Timothy Bourke 1 , 2 Marc Pouzet 2 , 1 1. INRIA

Zlus: a synchronous language with ODEs Timothy Bourke 1 , 2 Marc Pouzet 2 , 1 1. INRIA

Zlus: a synchronous language with ODEs Timothy Bourke 1 , 2 Marc Pouzet 2 , 1 1. INRIA Paris-Rocquencourt 2. cole normale suprieure (DI) http://www.di.ens.fr/ParkasTeam.html C O L E N O R M A L E S U P R I E U R E HSCC 2013, CPS

408 views • 8 slides
I NVARIANT S AFETY FOR D ISTRIBUTED A PPLICATIONS Sreeja Nair Gustavo Petri Marc Shapiro S

I NVARIANT S AFETY FOR D ISTRIBUTED A PPLICATIONS Sreeja Nair Gustavo Petri Marc Shapiro S

I NVARIANT S AFETY FOR D ISTRIBUTED A PPLICATIONS Sreeja Nair Gustavo Petri Marc Shapiro S TATEFUL D ISTRIBUTED S YSTEMS W E WANT : } Scalability Replicated State Availability Programmability Strong Consistency S

1.2k views • 98 slides
The General Administration of the Patrimonial Documentation of Belgium (Cadastre

The General Administration of the Patrimonial Documentation of Belgium (Cadastre

D O C U M E N T A T I O N P A T R I M O N I A L E The General Administration of the Patrimonial Documentation of Belgium (Cadastre Registration - Public Property - Mortgage Service) Annual Meeting 2006 and Symposium Federal FIG

236 views • 6 slides
Eurocrypt 2016 Report Marc Fischlin TU Darmstadt, Germany Submissions, submissions, submissions

Eurocrypt 2016 Report Marc Fischlin TU Darmstadt, Germany Submissions, submissions, submissions

Rump Session 2016 Eurocrypt 2016 Report Marc Fischlin TU Darmstadt, Germany Submissions, submissions, submissions parallel-track no. Eurocrypt system goes public submissions 274 202 197 195 194 2012 2013 2014 2015 2016 Marc

253 views • 12 slides
Practical Challenges of Gaussian Processes Marc Deisenroth Statistical Machine Learning Group

Practical Challenges of Gaussian Processes Marc Deisenroth Statistical Machine Learning Group

Practical Challenges of Gaussian Processes Marc Deisenroth Statistical Machine Learning Group Department of Computing Imperial College London New Directions for Learning with Kernels and Gaussian Processes, Dagstuhl November 29, 2016 Data

264 views • 5 slides
Swi$:&New&Paradigms&for& iOS&Development Marc%Prud'hommeaux

Swi$:&New&Paradigms&for& iOS&Development Marc%Prud'hommeaux

Swi$:&New&Paradigms&for& iOS&Development Marc%Prud'hommeaux Indie&So)ware&Developer&/&marc@impathic.com GOTO$Conference Copenhagen,*September*25,*2014 1 Overview 1. Swi& 2. FP 3. Tweet 4. HOF 5.

811 views • 57 slides
Greed Is Good (For Scheduling Under Uncertainty) Marc Uetz m.uetz@utwente.nl (updated) IPCO

Greed Is Good (For Scheduling Under Uncertainty) Marc Uetz m.uetz@utwente.nl (updated) IPCO

Greed Is Good (For Scheduling Under Uncertainty) Marc Uetz m.uetz@utwente.nl (updated) IPCO 2017 paper, with: Varun Gupta, Ben Moseley, Qiaomin Xie 1-Slide Overview Talk is about (basic, notorious) stochastic scheduling problem [defined

349 views • 22 slides

More recommend