schematized trust
play

Schematized Trust Design and Application NDNcomm 2015 September - PowerPoint PPT Presentation

Dec 07, 2023 •226 likes •385 views

Schematized Trust Design and Application NDNcomm 2015 September 28, 2015 Alex Afanasyev University of California, Los Angeles Overview NDN architecture mandates signature Effectiveness of the mandate depends on the implementation If

  1. Schematized Trust Design and Application NDNcomm 2015 September 28, 2015 Alex Afanasyev University of California, Los Angeles

  2. Overview NDN architecture mandates signature • Effectiveness of the mandate depends on the implementation • If too complex, developers will shortcut • “temporarily” disable • use non-secure/fake signatures Need a tool to make security usable need automation 9/28/15 NDNcomm 2015 2

  3. Data-Centric Security in NDN • Data is named and is retrieved using name • Name and content are bound sign together with a crypto signature retrieve data retrieve key verify • Data packet includes a name of the Consumers Producer public key to verify the signature • Key is also a data packet and retrievable by name Data packet Data packet (key) Data packet (key) Name Name Name Content Content Content … Signature Signature Signature KeyLocator KeyLocator KeyLocator 9/28/15 NDNcomm 2015 3

  4. Data Authentication • To authenticate data, one needs a trust model • which keys are authorized to sign which data (trust rules) • one ore more trusted keys • requires crypto properties • Given trust model, anybody can verify data • applications • dedicated storage • routers • Trust model needs to be easily expressible • help consumer to authenticate data • help producers to sign data 9/28/15 NDNcomm 2015 4

  5. NDN Insight: Trust can be defined as a set of relationships between data and key names /nytimes/tech/2015/08/20/ndn /_v=42/_s=1 /nytimes/tech/2015/08 /KEY/_v=5 Content (article) /nytimes/tech/ KEY/_v=1 Content (public key) Signature /nytimes/tech/2015/08 /KEY Signature Content (public key) Hierarchical /nytimes/tech /KEY Signature /nytimes /KEY/_v=9 /nytimes /KEY trust relations Content (public key) /nytimes/tech/2015/09 /KEY/_v=1 Signature Content (public key) … … Signature /nytimes/tech /KEY … … /a/blog/article/food/2015 / a/blog/admin/Alex/ KEY/_v=1 /a/blog /KEY/_v=22 /_v=42/_s=1 C o n t e n t ( a r t i c l e ) C o n t e n t ( p u b l i c k e y ) C o n t e n t ( p u b l i c k e y ) Cross- S i g n a t u r e S i g n a t u r e S i g n a t u r e /a/blog/author/Yingdi /KEY /a/blog/admin/Yingdi /KEY … namespace trust relations /a/blog/author/Yingdi /KEY/_v=5 / a/blog/admin/Lixia/ KEY/_v=1 C o n t e n t ( p u b l i c k e y ) Content (public key) S i g n a t u r e Signature /a/blog/admin/Alex /KEY /a/blog /KEY 9/28/15 NDNcomm 2015 5

  6. Desired Properties for Trust Policy Definition • Clear definition of relationship rules • Use names and name patterns to define rules • data with /some/site prefix can be only signed with /some/site/key/<any-id> � • keys /some/site/key/<any-id> can be only signed with /another/key/id=5 � • Pre-configured trust anchors to bootstrap trust Trust ¡Schema ¡to ¡Schema.ze ¡and ¡ • /another/key/id=5 is <raw-bytes-of-key-data-packet> • Least privilege principle for keys Generalizing ¡Trust ¡ • Limited usage scope • Limited time-span • Re-use of trust models between applications • Define, debug, and refine common trust models • Make security easy to use 9/28/15 NDNcomm 2015 6

  7. Example: Web Blog configured by authorize to publish Blog Website Admins Authors Articles enable other • Articles authored and signed by authors • Authors are given permissions to publish on the blog by administrators • Administrators are configured by blog configuration or other administrators 9/28/15 NDNcomm 2015 7

  8. Web Blog: Name-Based Trust Relationships /a/blog/KEY /1 Ar#cles ¡authored ¡and ¡ • signed ¡by ¡authors ¡ signs /a/blog Authors ¡are ¡given ¡ • permissions ¡to ¡publish ¡on ¡ the ¡blog ¡by ¡administrators ¡ /a/blog /article /a/blog /author /a/blog /admin Administrators ¡are ¡ • configured ¡by ¡blog ¡ configura#on ¡or ¡other ¡ Articles Authors Admins administrators ¡ /a/blog/ article/food/2015/1 /a/blog/ author/Alice/KEY /22 /a/blog /admin/Carl/KEY /37 signs signs /a/blog /admin/Bob/KEY /5 signs 9/28/15 NDNcomm 2015 8

  9. Generalized Rules for Name-Based Trust Relationship between data and key names • /a /blog/ article / food / 2015 / 3 <-> /a /blog/ author / Alice /KEY/ 22 • /a /blog/ article / drink / 2014 / 9 <-> /a /blog/ author / Zach /KEY/ 5 Generalizing relationship • blogPrefix + “blog” + “ article ” + category + miscInfo <-> • blogPrefix + “blog” + “ author ” + name + “KEY” + keyid Use regular-based syntax to capture the relationship • (<>)* <blog><article> [category] <><> <-> • \1 <blog><author> [user] <KEY>[id] 9/28/15 NDNcomm 2015 9

  10. Web Blog: Trust Schema Regex-­‑like ¡pa<ern ¡with ¡grouping ¡ Name ¡or ¡other ¡rule ¡ (group ¡values ¡accessible ¡as ¡\1, ¡\2, ¡\3 ¡...) ¡ specializa.ons ¡ Data Name � Key Name � /a/blog/article/food/2015/3 article (<>*)<blog><article><><><> � author ( \1 ) � /a/blog/author/Alice/KEY/22 author (<>*) <blog><author>[user]<KEY>[id] � admin ( \1 ) � /a/blog/admin/Bob/KEY/5 admin (<>*) <blog><admin>[user]<KEY>[id] � admin ( \1 ) � root ( \1 ) � /a/blog/admin/Carl/KEY/37 Key Name � Key � /a/blog/KEY/1 (0x30 root (<>*) <blog><KEY>[id] � 0x82 ...) � Different trust anchor for � different blog website � 9/28/15 NDNcomm 2015 10

  11. Trust Rule Processing / a / b l o g / a r t i c l e / f o o d / 2 0 1 5 author (<>*) <blog><author>[user]<KEY>[id] � admin ( \1 ) � / _ v = 4 2 / _ s = 1 Content (article) /a/ blog/article/food/2015/3 =>> \1 = /a Signature / a / b l o g / a u t h o r / Y i n g d i / K E Y article must be signed with the key with name expanded from author(“/a”) [user] -> accepts any user name (auth) -> generates use name (keygen) [id] -> accepts any key id (auth) -> generates unique key id (keygen0 <a> <blog><author>[user]<KEY>[id] � author (<>*) <blog><author>[user]<KEY>[id] � 9/28/15 NDNcomm 2015 11

  12. Trust Rule Processing author (<>*) <blog><author>[user]<KEY>[id] � admin ( \1 ) � /a/blog/author/Yingdi /KEY/_v=5 C o n t e n t ( p u b l i c k e y ) S i g n a t u r e /a/ blog/author/Yingdi/KEY/_v=5 =>> \1 = /a /a/blog/admin/Alex /KEY author key must be signed with the key with name expanded from admin(“/a”) admin (<>*) <blog><admin>[user]<KEY>[id] � <a> <blog><admin>[user]<KEY>[id] � 9/28/15 NDNcomm 2015 12

  13. Trust Schema Implementation Status ndn-cxx: http://www.github.com/named-data/ndn-cxx • old schema (ValidatorConf) • new schema implementation in the upcoming release NDN-CCL: http://named-data.net/codebase/platform/ndn-ccl/ • NDN-CPP, NDN-JS, PyNDN, jNDN Trust schema powers data and interest authentication in • NFD: NDN Forwarding • NLSR: NDN Link State Routing Protocol • Repo-ng: NDN Data Repository Works! ¡ ¡ ¡Even ¡be<er ¡ • ChronoChat: a chat application over NDN implementa.ons ¡coming ¡ • NDNS: NDN Domain Name System really ¡soon ¡ 9/28/15 NDNcomm 2015 13

  14. Making Trust Schema Universal Tool for Trust Captures data/key name relationships using generalizations and patterns • formally describes and defines trust model • enforces trust model in automatic way • both authentication and signing paths Representable in a data packet • can be retrieved and executed by any NDN entity • can be (recursively) authenticated using higher-level schemas Trust schema also defines security design pattern • regulate the behavior of applications • an operating system can define a trust schema to authenticate the trust schema of applications • only install and execute apps with authenticated trust schema 9/28/15 NDNcomm 2015 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Schematized Trust in NDN Van Jacobson FIA-NP Meeting Arlington, VA May 19-20, 2014

Schematized Trust in NDN Van Jacobson FIA-NP Meeting Arlington, VA May 19-20, 2014

Schematized Trust in NDN Van Jacobson FIA-NP Meeting Arlington, VA May 19-20, 2014 Today we (attempt to) secure the process of communication by adding cryptographic wrappers to the packet transport. This hasnt worked well. One

153 views • 13 slides
Schematized Access Control for Data Cubes and Trees Claudio Marxer Christian Tschudin &lt;

Schematized Access Control for Data Cubes and Trees Claudio Marxer Christian Tschudin &lt;

Schematized Access Control for Data Cubes and Trees Claudio Marxer Christian Tschudin &lt; claudio.marxer@unibas.ch &gt; &lt; christian.tschudin@unibas.ch &gt; Computer Networks Group University of Basel Switzerland ACM ICN 17, Berlin

332 views • 7 slides
FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust

FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust

FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust Your Local Mental Health NHS Trust Implementation of Involvement Agenda National accreditation for Memory Service Team (Bloxwich Hospital)

763 views • 14 slides
PGP web of trust Web of trust From:

PGP web of trust Web of trust From:

PGP web of trust Web of trust From: h2p://pgp.cs.uu.nl/plot/ The PGP web of trust can be viewed as a directed graph where the points are

558 views • 10 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization

Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization

Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization creates opportunities and risks Page 2 And its common truth We cant expect people to actively support the digital transformation if we cannot

499 views • 11 slides
The Economics of Trust in Organisations Trust Trust is the voluntary acceptance of vulnerability

The Economics of Trust in Organisations Trust Trust is the voluntary acceptance of vulnerability

The Economics of Trust in Organisations Trust Trust is the voluntary acceptance of vulnerability based upon positive expectations of the intention or behaviour of another. Key components of TRUST include (1) the recognition of vulnerability

471 views • 13 slides
Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust:

Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust:

Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust: confidence in, or an assured reliance on, the character, integrity, ability, strength, or truth of someone or something faith: Confidence or

784 views • 33 slides
Trust rust What is Trust? A Definition Trust is a phenomenon of reliance on the good intentions

Trust rust What is Trust? A Definition Trust is a phenomenon of reliance on the good intentions

Trust rust What is Trust? A Definition Trust is a phenomenon of reliance on the good intentions and/or adequate competences of others in situations characterized by dependence, vulnerability and risk.* *Luhmann (1968), Baier (1986, 1992),

573 views • 7 slides
Dynamics, robustness and fragility Private trust Public trust of trust Conclusions Dusko

Dynamics, robustness and fragility Private trust Public trust of trust Conclusions Dusko

Dynamics of trust Dusko Pavlovic Introduction Dynamics, robustness and fragility Private trust Public trust of trust Conclusions Dusko Pavlovic Kestrel Institute and Oxford University FAST Malaga, October 2008 Dynamics of trust

596 views • 46 slides
Its all about trust(s) Its all about trust(s) Housekeeping We want you to have a great

Its all about trust(s) Its all about trust(s) Housekeeping We want you to have a great

Its all about trust(s) Its all about trust(s) Housekeeping We want you to have a great experience, so: If youre having any sound or viewing issues during the live webinar, please contact the GoToWebinar support team using the link

945 views • 68 slides
ENLIGHTENED NEGOTIATION Dr. Mehrad Nazari, MBA The Law of Trust Trust is the foundation of

ENLIGHTENED NEGOTIATION Dr. Mehrad Nazari, MBA The Law of Trust Trust is the foundation of

ENLIGHTENED NEGOTIATION Dr. Mehrad Nazari, MBA The Law of Trust Trust is the foundation of any relationship, collaboration, and negotiation Trust is the congruity of words and actions Trust is a moral credit rating; it is the

466 views • 15 slides
Islands Trust Council September 15, 2011 The Islands Trust Trust Council 26 elected

Islands Trust Council September 15, 2011 The Islands Trust Trust Council 26 elected

Islands Trust Council September 15, 2011 The Islands Trust Trust Council 26 elected representatives of island communities The Islands Trust Act To preserve and protect the unique amenities and environment of this area for:

354 views • 31 slides
Trust Speak Overview with dialogue all along the way: Definition of trust Three

Trust Speak Overview with dialogue all along the way: Definition of trust Three

Trust Speak Overview with dialogue all along the way: Definition of trust Three roads to trust: 1. Personal: one-on-one 2. Strategy: confidence in what we are doing 3. Process: how things are done Four principles

529 views • 4 slides
@richardfagerlin I DONT Jim TRUST Larry Gayle THEM 2 | T R U S T O L O G Y

@richardfagerlin I DONT Jim TRUST Larry Gayle THEM 2 | T R U S T O L O G Y

@richardfagerlin I DONT Jim TRUST Larry Gayle THEM 2 | T R U S T O L O G Y IMPACT HIGH TRUST LOW TRUST OF TRUST 3 | T R U S T O L O G Y People at high-trust companies report: LOW 74% less stress

402 views • 19 slides
Session 1 The New Codex Trust Fund Purpose of the Codex Trust Fund? The Codex Trust Fund supports

Session 1 The New Codex Trust Fund Purpose of the Codex Trust Fund? The Codex Trust Fund supports

Session 1 The New Codex Trust Fund Purpose of the Codex Trust Fund? The Codex Trust Fund supports countries to build strong, solid and sustainable national capacity to engage in Codex Scope and focus of support from the Codex Trust Fund Well

679 views • 37 slides
CLOUD SECURITY OR: HOW I LEARNED TO STOP WORRYING AND LOVE THE CLOUD Jakob I. Pagter (Alon Hazay)

CLOUD SECURITY OR: HOW I LEARNED TO STOP WORRYING AND LOVE THE CLOUD Jakob I. Pagter (Alon Hazay)

Click to edit Master title style CLOUD SECURITY OR: HOW I LEARNED TO STOP WORRYING AND LOVE THE CLOUD Jakob I. Pagter (Alon Hazay) Alexandra Instituttet A/S About the Alexandra Institute Click to edit Master title style Non-profit

450 views • 25 slides
SPAC Mee(ng April 10, 2014 Pizza 2 pieces per person

SPAC Mee(ng April 10, 2014 Pizza 2 pieces per person

SPAC Mee(ng April 10, 2014 Pizza 2 pieces per person A.endance What is IEEE? Professional society for those with technical interests in

749 views • 12 slides
5 th TF-NOC Meeting Dubrovnik Flash presentation ACOnet Harald Michl - harald.michl@univie.ac.at

5 th TF-NOC Meeting Dubrovnik Flash presentation ACOnet Harald Michl - harald.michl@univie.ac.at

5 th TF-NOC Meeting Dubrovnik Flash presentation ACOnet Harald Michl - harald.michl@univie.ac.at 1 NOC responsibilities ACOnet www.aco.net Austrian Academic Computer Network VIX www.vix.at Vienna Internet eXchange 5 th

299 views • 10 slides
Leaning based regional magnification of digital displays Sohair Altwal , Remon Vogel Interaction

Leaning based regional magnification of digital displays Sohair Altwal , Remon Vogel Interaction

Leaning based regional magnification of digital displays Sohair Altwal , Remon Vogel Interaction Engineering - WS 19/20 Augsburg University of Applied Sciences Prof. Dr. Michael Kipp 1. Motivation Zooming with mouse a habit, but maybe

306 views • 12 slides
Humans and the Web of Data T om Heath Platform Division T alis Information Ltd

Humans and the Web of Data T om Heath Platform Division T alis Information Ltd

shared innovation Humans and the Web of Data T om Heath Platform Division T alis Information Ltd tom.heath@talis.com http://tomheath.com/ http://www.talis.com/platform T riple-I Keynote, 5 September 2008 shared innovation Structure 1.

892 views • 58 slides
Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model Server/network is adversarial (but trusted identity registration needed) Windows of compromise when a party is under adversarial control (or readable

933 views • 14 slides
Where are we at - Topic overview Lecture 1A: Security requirements/features Lecture 7A

Where are we at - Topic overview Lecture 1A: Security requirements/features Lecture 7A

Where are we at - Topic overview Lecture 1A: Security requirements/features Lecture 7A Threatens Privacy Threatens Try to achieve Lecture 2B: Network threats Lecture 3A: Attacks on Lecture 6A: Security Protocols Web servers, malware

381 views • 25 slides
Characterization results on arbitrary (weighted) minihypers and linear codes meeting the Griesmer

Characterization results on arbitrary (weighted) minihypers and linear codes meeting the Griesmer

Introduction Characterizations Characterization results on arbitrary (weighted) minihypers and linear codes meeting the Griesmer bound J. De Beule, K. Metsch and L. Storme Department of Pure Mathematics and Computer Algebra Ghent University

408 views • 23 slides

More recommend