T-IBE-T Identity-Based Encryption for Inter-Tile Communication 12th - - PowerPoint PPT Presentation

t ibe t
SMART_READER_LITE
LIVE PREVIEW

T-IBE-T Identity-Based Encryption for Inter-Tile Communication 12th - - PowerPoint PPT Presentation

Aug 17, 2022 287 likes •444 views

T-IBE-T Identity-Based Encryption for Inter-Tile Communication 12th European Workshop on Systems Security (EuroSec 19) 2019-03-25, Dresden, Germany Alexander Wrstlein, Wolfgang Schrder-Preikschat Friedrich-Alexander-Universitt

slide-1
SLIDE 1

T-IBE-T

Identity-Based Encryption for Inter-Tile Communication

12th European Workshop on Systems Security (EuroSec ’19) 2019-03-25, Dresden, Germany Alexander Würstlein, Wolfgang Schröder-Preikschat

Friedrich-Alexander-Universität Erlangen-Nürnberg Chair in Distributed Systems and Operating Systems

Chair in Distributed Systems and Operating Systems

SFB/TRR 89

slide-2
SLIDE 2

Tile-Based Architectures: Invasive Computing

The way to 1000 cores: tiled multicore architectures

Tile = cores + shared mem + NoC interface NoC: network on chip, grid network connecting tiles

Needs novel approach: Invasive Computing

Location-awareness and regionality Microparallelism Flexible and on-demand

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 1

slide-3
SLIDE 3

Tile-Based Architectures: Invasive Computing

Network on Chip: Attacker model Tile-to-tile communication grid Multiple users and applications, possibly Eve Routing and OS are trusted Network interfaces (and Eve) may read messages passing them Needed: secure sensitive messages

A E B

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 2

slide-4
SLIDE 4

Goals

Our Goals Frame 0 contains payload No prior connection to Bob necessary Minimal-overhead central authority Tailored to tiled architectures

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 3

slide-5
SLIDE 5

Possible solutions

Symmetric keys Fast Pregenerated or created by Trent One key per pair, O(n2) ”Just use TLS”? RSA or Diffie-Hellman key exchange Symmetric key after key agreement Synchronous roundtrip before first data Our Answer T-IBE-T: Identity-Based Encryption for Inter-Tile Communication

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 4

slide-6
SLIDE 6

Possible solutions

Symmetric keys Fast Pregenerated or created by Trent One key per pair, O(n2) ”Just use TLS”? RSA or Diffie-Hellman key exchange Symmetric key after key agreement Synchronous roundtrip before first data Our Answer T-IBE-T: Identity-Based Encryption for Inter-Tile Communication

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 4

slide-7
SLIDE 7

Identity-Based Encryption

A B T

  • 1. generate

master secret

  • 2. obtain secret

key for "B"

"B"

  • 3. send msg to "B"

"B" "B"

Alice just needs Bob’s name: "Bob" Bob’s secret key only needed at decryption time Maximum asynchronicity: Bob need not even exist yet Key escrow: Trent knows secret keys

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 5

slide-8
SLIDE 8

Identity-Based Encryption

A B T

  • 1. generate

master secret

  • 2. obtain secret

key for "B"

"B"

  • 3. send msg to "B"

"B" "B"

Alice just needs Bob’s name: "Bob" Bob’s secret key only needed at decryption time Maximum asynchronicity: Bob need not even exist yet Key escrow: Trent knows secret keys

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 5

slide-9
SLIDE 9

Specifics of T-IBE-T

How T-IBE-T works Global OS service generates private keys Tile OS creates local task and gets task privkeys Hybrid: IBE encrypts symmetric message key Key escrow useful: debugging, tracing Identity/name from address Identity Examples: task & global service type tile application task no. I 17,3 B 5 type service S PKGS

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 6

slide-10
SLIDE 10

T-IBE-T system operation

constant parameter generation master secret creation tile key distribution tile bootup task key generation task operation task completion setup boot

  • peration

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 7

slide-11
SLIDE 11

Comparison of T-IBE-T with traditional solutions

key key async? # frames # frames distrib.

  • dir. size

A ↔ T A ↔ B symmetric global dir. O(n2) ✗ sync ✗ 2 ✗ 1 ✓ symmetric local dir. O(n) ✗ async ✓ 0 ✓ 1 ✓ RSA local dir. O(n) ✗ async ✓ 0 ✓ 1 ✓ RSA CA O(1) ✓ sync ✗ 0 ✓ 3 ✗ DH + RSA CA O(1) ✓ sync ✗ 0 ✓ 3 ✗ T-IBE-T IBE O(1) ✓ async ✓ 0 ✓ 1 ✓

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 8

slide-12
SLIDE 12

Next Steps

Prototype Create a prototype for evaluations Benchmark Compare prototype with other approaches Prove Create and prove formal definition Improve Hierarchical IBE?

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 9

slide-13
SLIDE 13

Conclusion

T-IBE-T idea: Identity-Based Encryption for Inter-Tile Communication ✓ Tailored to OS and hardware ✓ Asynchronicity ✓ Data in Frame 0 ✓ Minimal resources Questions?

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 10

slide-14
SLIDE 14

Conclusion

T-IBE-T idea: Identity-Based Encryption for Inter-Tile Communication ✓ Tailored to OS and hardware ✓ Asynchronicity ✓ Data in Frame 0 ✓ Minimal resources Questions?

Alexander Würstlein (arw@cs.fau.de) T-IBE-T 10