Secure Multicast Interest in ChronoSync Yingdi UCLA 1 ChronoSync - - PowerPoint PPT Presentation

secure multicast interest in chronosync
SMART_READER_LITE
LIVE PREVIEW

Secure Multicast Interest in ChronoSync Yingdi UCLA 1 ChronoSync - - PowerPoint PPT Presentation

Sep 22, 2023 161 likes •296 views

Secure Multicast Interest in ChronoSync Yingdi UCLA 1 ChronoSync State of a data set Digest State tree modification 00a12... <update /ucla/alice to SeqNo 4 > is expressed as a 3da49a <update /arizona/bob to SeqNo 2 >

slide-1
SLIDE 1

Secure Multicast Interest in ChronoSync

Yingdi UCLA

1

slide-2
SLIDE 2

ChronoSync

State Digest Alice's Digest Bob's Digest Cathy's Digest Name Prefix Max Seq-No Name Prefix Max Seq-No Name Prefix Max Seq-No

Digest State tree modification 00a12... <update /ucla/alice to SeqNo 4> 3da49a <update /arizona/bob to SeqNo 2> 8f904d <update /arizona/bob to SeqNo 1> c3412e <update /ucla/alice to SeqNo 3> dd79f2 <update /ucla/alice to SeqNo 1>

  • State of a data set

is expressed as a digest

  • Maintain a digest

log to identify the state difference

2

slide-3
SLIDE 3

Sync interest multicast

My current state digest is 4de318f...

3

slide-4
SLIDE 4

Identity state digest

What is 4de318f? What is 4de318f? What is 4de318f?

4

slide-5
SLIDE 5

Recover unknown digest

Unknown digest 4de318f Start reconcile

5

slide-6
SLIDE 6

If anyone can send multicast interest…

6

slide-7
SLIDE 7

To launch attack

  • Attacker needs to

– get prefix of the sync group – generate a large number of sync interests with random digest

  • All legitimate users will be forced to

– do extra lookup – do unnecessary reconciliation – do extra signing

  • No way to distinguish legitimate sync interests

from malicious sync interests

7

slide-8
SLIDE 8

Authenticate sync interest

  • Signed interest
  • Should not prevent interests from being

merged in the network

8

slide-9
SLIDE 9

Interest merging

Current state is 4de318f... Current state is 4de318f... Current state is 4de318f...

Interests representing the same state should be merged

9

slide-10
SLIDE 10

Data multicast

New updates

10

slide-11
SLIDE 11

Authenticate sync interest

  • Signed interest
  • Should not prevent interests from being

merged in the network

– asymmetric signatures do not work

  • Symmetric signatures

– how to distribute the symmetric key?

11

slide-12
SLIDE 12

Symmetric Key Distribution

  • Periodically generate a symmetric key
  • Encrypt the symmetric key using the each user’s

public key

  • Published as a single packet
  • Who can generate the symmetric key?

– designated user

  • single pointer failure

– any user

  • resolve conflict when

more than one user generate keys at the same time

Content: Name: /ucla/bob/<sync_group>/SyncKey/SeqNo Bob's Signature Key encrypted using /ucla/alice's public key Key encrypted using /arizona/bob's public key Key encrypted using /memphis/cathy's public key 12