Tamper-resistant creation of integrity tokens for trustworthy - - PowerPoint PPT Presentation

tamper resistant creation of integrity tokens for
SMART_READER_LITE
LIVE PREVIEW

Tamper-resistant creation of integrity tokens for trustworthy - - PowerPoint PPT Presentation

Jan 02, 2023 482 likes •743 views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Tamper-resistant creation of integrity tokens for trustworthy communication in cyber-physical systems Intermediate talk for the Masters

slide-1
SLIDE 1

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Tamper-resistant creation of integrity tokens for trustworthy communication in cyber-physical systems

Intermediate talk for the Master’s Thesis by

Christoph Rudolf

advised by Dr. Holger Kinkelin and Richard von Seck Wednesday 17th July, 2019 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

slide-2
SLIDE 2

Motivation

Problem statement by example

  • Cars communicating via ad-hoc networks
  • Received data impacts traffic behavior

Christoph Rudolf — Tamper-resistant creation of integrity tokens 2

slide-3
SLIDE 3

Motivation

Problem statement by example

Christoph Rudolf — Tamper-resistant creation of integrity tokens 3

slide-4
SLIDE 4

Solution Proposal

Integrity Token Enable vehicles, cyber-physical systems or generic entities to sign their data

  • Similar to a certificate issuance process
  • Attestation of integrity and trustworthiness of the entity
  • Issue generic integrity token as integrity proof towards peers
  • Generalize process as much as possible

Christoph Rudolf — Tamper-resistant creation of integrity tokens 4

slide-5
SLIDE 5

Solution Proposal

Research Questions Q1 How can multiple collaborators work together in order to verify the validity of an entity? Q2 How can the necessary data for such an attestation be exchanged in a generic and secure manner? Q3 How is the distributed integrity data maintained to have a scalable solution? Q4 How can the privacy of entities be ensured despite public verification? Q5 What can we do to ensure the integrity of the validating system itself?

Christoph Rudolf — Tamper-resistant creation of integrity tokens 5

slide-6
SLIDE 6

Solution Proposal

Requirements R1 Offline Integrity Check R2 Multi-Party Authorization R3 Permissioned System R4 Process Tracing R5 Privacy R6 Distributability

Christoph Rudolf — Tamper-resistant creation of integrity tokens 6

slide-7
SLIDE 7

Solution Proposal

Related Work

  • Related work on traditional PKI utilizing DLT exists [7, 1]
  • Previous work at the Chair targets two specific scenarios:
  • PKI in the DFN (Deutsches Forschungsnetz, German Research Network) [3, 6]
  • Configuration Management for Networked Devices [2, 5, 4]

Christoph Rudolf — Tamper-resistant creation of integrity tokens 7

slide-8
SLIDE 8

Solution Proposal

Related Work

  • Related work on traditional PKI utilizing DLT exists [7, 1]
  • Previous work at the Chair targets two specific scenarios:
  • PKI in the DFN (Deutsches Forschungsnetz, German Research Network) [3, 6]
  • Configuration Management for Networked Devices [2, 5, 4]

→ solutions are highly domain-specific and cannot be adapted to new environments (e.g. automotive systems) → Good: Some of the concepts can be adapted

Christoph Rudolf — Tamper-resistant creation of integrity tokens 7

slide-9
SLIDE 9

Solution Proposal

Design

Distributed Ledger Platform

(e. g. Hyperledger Fabric) Node1 {} Node2 {} Node3 Node4 Node5 {} Entity1 Entity2 Entity3

Proxy Administration

Data Storage Approver1 Approver2 Approver3

different thesis

Signer1 Signer2 Signer3

Christoph Rudolf — Tamper-resistant creation of integrity tokens 8

slide-10
SLIDE 10

Solution Proposal

Process

Ledger – Assets for one process run

Approvers Signers

Entity1

Proxy

Christoph Rudolf — Tamper-resistant creation of integrity tokens 9

slide-11
SLIDE 11

Solution Proposal

Process

Ledger – Assets for one process run

Approvers Signers

Entity1

Proxy

r1

pending

event

Christoph Rudolf — Tamper-resistant creation of integrity tokens 9

slide-12
SLIDE 12

Solution Proposal

Process

Ledger – Assets for one process run

Approvers Signers

Entity1

Proxy

r1

pending

a1

event

Christoph Rudolf — Tamper-resistant creation of integrity tokens 9

slide-13
SLIDE 13

Solution Proposal

Process

Ledger – Assets for one process run

Approvers Signers

Entity1

Proxy

r1

pending

a1

event

enough approvals?

Christoph Rudolf — Tamper-resistant creation of integrity tokens 9

slide-14
SLIDE 14

Solution Proposal

Process

Ledger – Assets for one process run

Approvers Signers

Entity1

Proxy

r1

pending

a1 a2

event

enough approvals?

Christoph Rudolf — Tamper-resistant creation of integrity tokens 9

slide-15
SLIDE 15

Solution Proposal

Process

Ledger – Assets for one process run

Approvers Signers

Entity1

Proxy

r1

approved

a1 a2 a3

event

enough approvals!

Christoph Rudolf — Tamper-resistant creation of integrity tokens 9

slide-16
SLIDE 16

Solution Proposal

Process

Ledger – Assets for one process run

Approvers Signers

Entity1

Proxy

r1

finished

a1 a2 a3 t1

Christoph Rudolf — Tamper-resistant creation of integrity tokens 9

slide-17
SLIDE 17

Solution Proposal

Process

Ledger – Assets for one process run

Approvers Signers

Entity1

Proxy

r1

finished

a1 a2 a3 t1

Christoph Rudolf — Tamper-resistant creation of integrity tokens 9

slide-18
SLIDE 18

Solution Proposal

System Integrity Research questions Q5 asks what we can do to ensure the integrity of the system itself.

Christoph Rudolf — Tamper-resistant creation of integrity tokens 10

slide-19
SLIDE 19

Solution Proposal

System Integrity Research questions Q5 asks what we can do to ensure the integrity of the system itself.

  • Analysis of attack vectors on the system

V1 Hardware or system software V2 Network communication V3 DLT framework V4 DLT participants V5 Business logic V6 External components

System Christoph Rudolf — Tamper-resistant creation of integrity tokens 10

slide-20
SLIDE 20

Solution Proposal

System Integrity Research questions Q5 asks what we can do to ensure the integrity of the system itself.

  • Analysis of attack vectors on the system
  • Suggestions for mitigations per vector
  • Multi-party authorization on multiple levels

V1 Hardware or system software V2 Network communication V3 DLT framework V4 DLT participants V5 Business logic V6 External components

System Christoph Rudolf — Tamper-resistant creation of integrity tokens 10

slide-21
SLIDE 21

Solution Proposal

System Integrity Research questions Q5 asks what we can do to ensure the integrity of the system itself.

  • Analysis of attack vectors on the system
  • Suggestions for mitigations per vector
  • Multi-party authorization on multiple levels
  • Critical: Business Logic (Chaincode)
  • Using tools for static analysis [8]
  • Unit tests aiming for high coverage
  • Use- and misuse-cases

V1 Hardware or system software V2 Network communication V3 DLT framework V4 DLT participants V5 Business logic V6 External components

System Christoph Rudolf — Tamper-resistant creation of integrity tokens 10

slide-22
SLIDE 22

Status

Current state and progress Currently in implementation phase:

  • Implementation using Hyperledger Fabric
  • Starting from scratch with most recent Fabric version
  • done: Chaincode implementation of features for standard operation
  • todo: Unit testing and other system integrity measures

Christoph Rudolf — Tamper-resistant creation of integrity tokens 11

slide-23
SLIDE 23

Timeline

Deadline

Apr May Jun Jul Aug Sep Oct Problem analysis Precise definition of requirements Studying previous and related work Design of the solution concept Setup of a test network Implementation Conducting a case study Writing the thesis

Today Christoph Rudolf — Tamper-resistant creation of integrity tokens 12

slide-24
SLIDE 24

Bibliography

[1]

  • L. Axon. and M. Goldsmith.

PB-PKI: A Privacy-aware Blockchain-based PKI. In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications – Volume 6: SECRYPT, (ICETE 2017), pages 311–318. INSTICC, SciTePress, 2017. [2]

  • V. J. Hauner.

Trustworthy Configuration Management with Distributed Ledgers. Master’s thesis, Technische Universität München, 2018. [3]

  • J. F. Hoops.

A Tamper-Proof Certificate Issuance Process Based on Distributed Ledger Technology. Bachelor’s thesis, Technische Universität München, 2018. [4]

  • H. Kinkelin, V. Hauner, H. Niedermayer, and G. Carle.

Trustworthy configuration management for networked devices using distributed ledgers. CoRR, abs/1804.04798, 2018. [5]

  • M. Müller.

Trustworthy and Tamperproof Configuration Management for Networked Devices. Masters’s thesis, Technische Universität München, 2019. [6]

  • J. G. Roos.

Modelling Organizational Structures for a Distributed Ledger-Based Federated Certificate Managment System. Bachelor’s thesis, Technische Universität München, 2019. [7]

  • A. Yakubov, W. M. Shbair, A. Wallbom, D. Sanda, and R. State.

A blockchain-based PKI management framework. In NOMS 2018 – 2018 IEEE/IFIP Network Operations and Management Symposium, pages 1–6, April 2018. [8]

  • K. Yamashita, Y. Nomura, E. Zhou, B. Pi, and S. Jun.

Potential Risks of Hyperledger Fabric Smart Contracts. In 2019 IEEE International Workshop on Blockchain Oriented Software Engineering (IWBOSE), pages 1–10, Feb 2019. Christoph Rudolf — Tamper-resistant creation of integrity tokens 13

slide-25
SLIDE 25

Discussion

Distributed Ledger Platform

(e. g. Hyperledger Fabric) Node1 {} Node2 {} Node3 Node4 Node5 {} Entity1 Entity2 Entity3

Proxy Administration

Data Storage Approver1 Approver2 Approver3

different thesis

Signer1 Signer2 Signer3 Christoph Rudolf — Tamper-resistant creation of integrity tokens 14