security model for hybrid token based networking models
play

Security model for hybrid token-based networking models By Rudy - PowerPoint PPT Presentation

Jan 04, 2024 •280 likes •504 views

Security model for hybrid token-based networking models By Rudy Borgstede Contents Project Background Complex Resource Provisioning and Token-Based Networking Token Validation Service, the Java Aaauthreach project

  1. Security model for hybrid token-based networking models By Rudy Borgstede

  2. Contents • Project Background • Complex Resource Provisioning and Token-Based Networking • Token Validation Service, the Java Aaauthreach project • Identity-Based Cryptography • Public Key Cryptography and IBC • Public Key Infrastructure vs IBC • IBC implementations and the Eyebee experiment • Should we use IBC?

  3. Complex Resource Provisioning • Lookup Resources • Composite the resources • Resource Reservation • Global Reservation ID (GRI) • Policy • Deploy

  4. Token-Based Networking 1. Request a token to access the resource Client Server 2. Token to access the resource at 15:00 3. Access the resource at 15:00

  5. TVS, the Java aaauthreach project • TVS is a component of the TBN policy enforcement infrastructure • Manage resources • Manage reservations • Routes the tokens • TVS is implemented as a pluggable component called the Java Aaauthreach project

  6. CRP operational model

  7. CRPS example User Domain 1 Domain 2 ID 1 ID 2 ID 1 ID 2 ID 3 ID 4 ID 3 ID 4

  8. Public Key cryptography • Private Master Key • Private Key • Public Key Encryption Decryption Encrypted Data Public Private Master Key Key Data Data Private Public Key Key

  9. Identity-Based Cryptography • Public Key is based on the identity of the destination • Server Based • Static location • Only exist once • Service or User Based • Dynamic location • Can exist more then once

  10. Identity-Based Cryptography • Retrieves the setup • Encrypt the data • Generate Public Key • Generate Public Key • Generate Private Key • Decrypt the data IBC User Key Distribution Identity 1 Identity 2 Service

  11. Public Key Infrastructure vs IBC IBC PKI • Public Key Based on • Public Certificate an identity. describes an identity. • All the keys are • The private key and generated on the public certificate is client except the distributed to the private master key. client. IBC PKI Identity 1 Identity 2 User Key Distribution Certificate Identity 1 Identity 2 User Service Authority

  12. Public Key Infrastructure vs IBC • RSA: Only the right identity can see the data because only the right identity has the right private master key and knows his own identity • PKI: If a CA says the public certificate could be trusted then it is safe to encrypt data with the given private and public key for the described destination identity • IBC: Only the identity for which the data was encrypted could understand the data

  13. IBC implementations • Voltage Identity-Based Encryption • Certificate-Based Cryptography • Commercial C library • Eyebee of the University of Ireland • Certificate-Based Cryptography • Java library

  14. the Eyebee experiment • Created an Eyebee implementation • Test Class • Experiment

  15. the Eyebee experiment • Created an Eyebee implementation Java Class • Generate a Private Master Key • Encrypt data by the Private Master Key and the destination identity • Decrypt data by the Private Master Key and the destination identity.

  16. the Eyebee experiment • Test Java Class • Create a message: Test Token key #1 • Generate a Private Master Key • Encrypt the message with the identity: Rudy.Borgstede@gmail.com and the Private Master Key • Decrypt the message with the identity and the Private Master Key. • Print the message in the terminal

  17. the Eyebee experiment • Experiment • Addepted the implementation class to print the keys, message and identity • Test Message: Test Token key #1 • Identity: Rudy.Borgstede@gmail.com • Identity Hash: • 95 6d 74 25 69 46 a5 d0 81 14 75 e3 f9 4f 0e 83 • Private Master Key: • 7c 01 fc 3e 86 c6 cf 51 60 c5 d5 95 52 1a c4 5f • c1 5e 7d bb 5e 06 6d 19

  18. the Eyebee experiment • Experiment • Public Key with the identity: • 03 26 0e 4b 97 9a cb dd b7 9a 57 b7 29 3b cb 26 • 69 9e c9 75 55 9b e7 45 f9 7a f1 d1 cb 8c 04 1e • cb 13 9e 7e 38 99 8b 27 16 c3 a4 8f e6 89 bb ae • 52 f9 1f a1 29 bc 20 9b 49 31 da b8 91 a7 8e 4c • Private Key • 02 a7 86 92 99 d3 61 64 bc f7 17 4c 32 14 64 c1 • 4c 50 ee 8c 72 2f 1b 07 f5 5f 9c 10 79 5f 82 6f • 46 45 1e cf 53 cc ef 51 f6 25 58 19 90 ae 57 1f • fc 87 65 cf ec 81 40 db 24 ce 3b e8 a0 7c 39 a7

  19. the Eyebee experiment

  20. Should we use IBC? • Not yet in a critical production environment. • It hasn’t been extensively tested • It isn’t a standard • The Java aaauthreach project • It is a better security model

  21. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

May 3: Trust and Hybrid Models Trust models Chinese Wall model Aggressive Chinese Wall

May 3: Trust and Hybrid Models Trust models Chinese Wall model Aggressive Chinese Wall

May 3: Trust and Hybrid Models Trust models Chinese Wall model Aggressive Chinese Wall model May 3, 2017 ECS 235B Spring Quarter 2017 Slide #1 Types of Trust Models Policy-based trust management Recommendation-based trust

714 views • 37 slides
Topic Models for Word Sense Disambiguation and Token-based Idiom Detection Linlin Li, Benjamin

Topic Models for Word Sense Disambiguation and Token-based Idiom Detection Linlin Li, Benjamin

Introduction The Sense Disambiguation Model Experimental Setup Experiments Conclusion Topic Models for Word Sense Disambiguation and Token-based Idiom Detection Linlin Li, Benjamin Roth and Caroline Sporleder Cluster of Excellence, MMCI

543 views • 35 slides
Model-based Security Engineering: Models vs. Code Jan Jrjens Department of Computing The

Model-based Security Engineering: Models vs. Code Jan Jrjens Department of Computing The

Model-based Security Engineering: Models vs. Code Jan Jrjens Department of Computing The Open University, GB http://www.umlsec.org Challenge: Security Security is holistic property: Attackers often circumvent (not: break) mechanisms.

639 views • 36 slides
Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of

Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of

Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of Internet Speaking to a host end-to-end channel Communication security container-based authenticity: X.509, Certificate

678 views • 57 slides
Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully

Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully

P R E S E N T A T I O N B Y A M I B E N D A V I D Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully tokenized VC fund 4 th ever Security Token 1 st Regulation-enforcing Token (DS Protocol) Focused on

488 views • 21 slides
Extended hybrid inflationary Extended hybrid inflationary models models Partly based on works

Extended hybrid inflationary Extended hybrid inflationary models models Partly based on works

Francis Bernardeau IHP, 2006 SPhT Saclay Extended hybrid inflationary Extended hybrid inflationary models models Partly based on works in collaboration with Partly based on works in collaboration with Tristan Brunier Brunier ( (SPhT

938 views • 25 slides
Mobile Token-Based Authentication e t u p m On a Budget o C d r o f Hristo Bojinov

Mobile Token-Based Authentication e t u p m On a Budget o C d r o f Hristo Bojinov

b a L y t i r u c e S r Mobile Token-Based Authentication e t u p m On a Budget o C d r o f Hristo Bojinov Dan Boneh n a Stanford Computer Security Lab t S Tuesday, March 1, 2011 The future of keys? Motivation #1

1.21k views • 31 slides
Security and Networking Basics Security and Networking Basics Internet Security [1] VU Engin

Security and Networking Basics Security and Networking Basics Internet Security [1] VU Engin

Security and Networking Basics Security and Networking Basics Internet Security [1] VU Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Outline Introduction and Motivation Security Threats Open

725 views • 46 slides
HYCOM is a hybrid coordinate model based on MICOM and is able to interchange between different

HYCOM is a hybrid coordinate model based on MICOM and is able to interchange between different

HYCOM is a hybrid coordinate model based on MICOM and is able to interchange between different coordinate schemes. It is a primitive equation general circulation model. The vertical coordinates remain isopycnic in the open stratified ocean. In

707 views • 48 slides
Network dynamics: advanced models Marta Arias, Ramon Ferrer-i-Cancho, Argimiro Arratia

Network dynamics: advanced models Marta Arias, Ramon Ferrer-i-Cancho, Argimiro Arratia

Outline Introduction Liu et als hybrid model Bianconi-Barab asi hybrid model Dorogovtsev-Mendes model More models Network dynamics: advanced models Marta Arias, Ramon Ferrer-i-Cancho, Argimiro Arratia Universitat Polit` ecnica de

549 views • 19 slides
Widget security model based on MIDP and Web Application based on a security model with TLS/SSL

Widget security model based on MIDP and Web Application based on a security model with TLS/SSL

Widget security model based on MIDP and Web Application based on a security model with TLS/SSL and XMLDsig Claes Nilsson Technology Area Group Leader Web Browsing Marcus Liwell Technology Area Group Leader Security and DRM Rev 1

576 views • 12 slides
Kidnapping's Cesar Cerrudo Revenge Argeniss Token Token Who am I? Who am I? Argeniss

Kidnapping's Cesar Cerrudo Revenge Argeniss Token Token Who am I? Who am I? Argeniss

Kidnapping's Cesar Cerrudo Revenge Argeniss Token Token Who am I? Who am I? Argeniss Founder and CEO A i F d d CEO I have been working on security for + 8 years I have found and helped to fix hundreds of

335 views • 16 slides
Hybrid Risk Assessment Model based on Bayesian Networks Francois-Xavier Aguessy, Olivier Bettan,

Hybrid Risk Assessment Model based on Bayesian Networks Francois-Xavier Aguessy, Olivier Bettan,

Introduction State of the art Hybrid Risk Assessment Model Conclusion Hybrid Risk Assessment Model based on Bayesian Networks Francois-Xavier Aguessy, Olivier Bettan, Gregory Blanc, Vania Conan, and Herve Debar

559 views • 32 slides
Model-based Security Security: ganzheitliche Engineering Eigenschaft: Jan Jrjens

Model-based Security Security: ganzheitliche Engineering Eigenschaft: Jan Jrjens

2 Herausforderung: Security Model-based Security Security: ganzheitliche Engineering Eigenschaft: Jan Jrjens Sicherheits-Mechanismen umgehen statt brechen. Sichere Systems aus Computing Department unsicheren Komponenten ? The

314 views • 6 slides
Business models and options for RE hybrid systems on islands Community-based Renewable Energy

Business models and options for RE hybrid systems on islands Community-based Renewable Energy

Business models and options for RE hybrid systems on islands Community-based Renewable Energy Conference October 18, 2016 Rationale The Project Development Programme (PDP) supports the Ministry of Energy (MoEN) to develop Thai-German

530 views • 20 slides
Deep Hybrid Models: Bridging Discriminative and Generative Approaches Volodymyr Kuleshov and

Deep Hybrid Models: Bridging Discriminative and Generative Approaches Volodymyr Kuleshov and

A New Framework For Hybrid Models An Application: Deep Hybrid Models Supervised and Semi-Supervised Experiments Deep Hybrid Models: Bridging Discriminative and Generative Approaches Volodymyr Kuleshov and Stefano Ermon Department of Computer

523 views • 29 slides
Partnership with Benetech, a non-profit organization that develops and supports Martus, secure

Partnership with Benetech, a non-profit organization that develops and supports Martus, secure

Partnership with Benetech, a non-profit organization that develops and supports Martus, secure information management software for human rights monitoring. 1 Benetech creates and develops new technology solutions that serve humanity, empower

653 views • 39 slides
Security Mechanisms The European DataGrid Project Team http://www.eu-datagrid.org Overview

Security Mechanisms The European DataGrid Project Team http://www.eu-datagrid.org Overview

Security Mechanisms The European DataGrid Project Team http://www.eu-datagrid.org Overview User side Getting a certificate Becoming a member of the VO Server side Authentication / CA Authorization / VO (with some

360 views • 19 slides
Conference Call Q1 2020 Announcement 24 April 2020 1 Volatile market environment thematic

Conference Call Q1 2020 Announcement 24 April 2020 1 Volatile market environment thematic

Conference Call Q1 2020 Announcement 24 April 2020 1 Volatile market environment thematic portfolio relatively stable in Q1 2 Q1 2020 in short Total investments announced by the EQT funds in the first quarter 2020 amounted to EUR

656 views • 19 slides
A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status

A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status

A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status Protocol Satoshi Koga, Kouichi Sakurai Satoshi Koga Kyushu University, Japan Background Background Certificate Revocation Problem Certificate

349 views • 10 slides
Cryptocurrency Surface Web/Deep Web/Dark Web How to Get Data? Where Hacking, Cyber Fraud, and

Cryptocurrency Surface Web/Deep Web/Dark Web How to Get Data? Where Hacking, Cyber Fraud, and

Cryptocurrency Surface Web/Deep Web/Dark Web How to Get Data? Where Hacking, Cyber Fraud, and Money Laundering Intersect How to Pay? Digital Currency What is Bitcoin? https://youtu.be/aeMv9uKpAZg Bitcoin Price Bitcoin Price Jan 2017

1.26k views • 37 slides
RSA_Box Emily Pakulski (enp2111) Jaykar Nayeck (jan2150) Adam Incera (aji2112) Noah Stebbins

RSA_Box Emily Pakulski (enp2111) Jaykar Nayeck (jan2150) Adam Incera (aji2112) Noah Stebbins

RSA_Box Emily Pakulski (enp2111) Jaykar Nayeck (jan2150) Adam Incera (aji2112) Noah Stebbins (nes2137) A fast and secure hardware accelerator for RSA encryption with a clear, simple interface for programmer use. Initial goals Provide

357 views • 12 slides
Packet Radio Email via radio Greg Kruckewi,, ARRL Sacramento Valley Sec:on EC Paul Grose N6DRY

Packet Radio Email via radio Greg Kruckewi,, ARRL Sacramento Valley Sec:on EC Paul Grose N6DRY

Packet Radio Email via radio Greg Kruckewi,, ARRL Sacramento Valley Sec:on EC Paul Grose N6DRY & Dwane Evens KG6KPW 1 Topics Introduc:on What is Packet Radio? Why use Packet Radio? Building a Packet Sta:on SoNware for

521 views • 20 slides
Preliminary Results 2014 Returning to Growth Agenda Introduction Bob Murphy Chief

Preliminary Results 2014 Returning to Growth Agenda Introduction Bob Murphy Chief

The most important thing we build is trust ADVANCED ELECTRONIC SOLUTIONS AVIATION SERVICES COMMUNICATIONS AND CONNECTIVITY MISSION SYSTEMS Preliminary Results 2014 Returning to Growth Agenda Introduction Bob Murphy Chief Executive

687 views • 51 slides

More recommend