Download PKI/CKM Scaling Study

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript
SeCol: Secure Collaborative Applications
using Group Communication and
Publish/Subscribe Systems
Himanshu Khurana
NCSA
Project Overview

Goal: develop novel security solutions that
minimize trust liabilities in messaging
infrastructures

Dates: Sep 1, 2005 - Aug 31, 2006

Budget: $200k

Personnel




Himanshu Khurana (PI)
Rakesh Bobba (Security Engineer)
Weiting Cao (PhD Student)
Radostina Koleva (Consultant)
Introduction

Collaborative applications need a messaging
infrastructure


E.g., conferencing uses group communication, tickers (stock,
news, game-score) uses pub/sub
Widespread use requires secure messaging
infrastructures

Integrity and authentication typically provided via CA/PKI


Confidentiality provided by trusted servers


Works but imposes certificate distribution/revocation problems
Servers bear significant trust liability of maintaining
confidentiality of messages and keys
 E.g., group controllers store long term and session keys
Availability provided via replication

However, replicating keys makes the system insecure
Introduction

Challenges for minimizing trust liability

Infrastructure servers must not be able to access messages


Solution should not require establishment of keys between
collaborating entities



However, servers often need to process these messages
O(n2) problem and, furthermore, does not take advantage of
the presence of the messaging infrastructure
Solution must scale to support a large number of users
Approach

Explore novel proxy encryption techniques to address the
problem


Convert ciphertext between keys without access to plaintext
Use techniques to design secure messaging infrastructures

Group communication and Publish/Subscribe infrastructures
Secure Group Communication (SGC)

SGC needed to support many military and commercial
applications; e.g.,


Conferencing (Video and/or Audio), Command-and-Control
Systems, Interactive Distance-Learning
Group Key Management (GKM) cornerstone of SGC


Involves distribution of symmetric key to group members
Must be efficient and scalable


Shared key changed every time a member joins/leaves group
Existing GKM Schemes


Logical Key Hierarchies (LKH) using Group Controllers (GC)
 Advantage: Very efficient, constant number of rounds
 Drawback: GC is completely trusted
Decentralized or Contributory Schemes
 Advantage: Does not involve a GC
 Drawback: Scale poorly
TASK - Tree-based w/
Asymmetric Split Keys

Efficient and Scalable



Log(n) computation and storage
Log(n) message size, constant number of communication
rounds
Partially Trusted GC

GC does not store encryption keys





Confidentiality maintained even if GC is compromised
Therefore, GC no longer single point of security failure
Instead, GC uses proxy encryption to transform messages
between members for key establishment
Simpler recovery from GC compromise
Assumptions

GC and a member are not simultaneously compromised
Difference between LKH & TASK
Goals for Y3

Complete development and testing of
prototype


Extend prototype



9000+ lines code written and partially tested
For wireless communication using Elliptic Curve
Cryptography
Compatibility with other reliable messaging solutions such as
NORM (NRL)
Address collusion problem


Simultaneous compromise of member and GC reveals GKEK
Explore improvements to proxy encryption (known problem)
as well as alternatives
Introduction to Pub/Sub
Pub/Sub Infrastructure (e.g., Gryphon, Siena)
B
Border Broker
Broker
B
PB
B
PB
B
B
PB
B
B
PB
SB
B
B
B
B
Publisher
Subscriber
SB
B
B
SB
B
SB
PB
PB
SB
• Applications: software updates, location-based services, supply chain
management, traffic control, and stock quote dissemination
• Three types: Topic-based, type-based, and content-based
• Content-based considered to be the most general
Security Challenges Addressed for Content-Based
Pub/Sub Systems (CBPS)

Confidentiality, integrity, and authentication of events


Deliver information to authorized subscribers
Usage-based accounting
E.g., for stock quote dissemination

Solution Highlights

Strong adversarial model: PBs & SBs don’t trust broker network




Adversary has access to CBPS network traffic and will attempt to
 Violate confidentiality of events by observing them
 Violate integrity and authentication by inserting/modifying fake
events and subscriptions
No security associations (e.g. keys) needed between PBs and SBs
No modifications needed to existing matching & routing algorithms
Scales to support an Internet-scale pub/sub infrastructure
Confidentiality

Adversary has access to network traffic  contents
cannot be disclosed to brokers

One approach: perform computations on encrypted data



Observation



Difficult to implement in practice
Require modifications to matching and routing techniques
Only selected parts of an event’s content need to be confidential
Matching and routing can be accomplished without these parts
Our Approach


Encode events in XML documents
Selectively encrypt sensitive parts of events


Use Bertino and Ferrari’s XML document dissemination techniques
Distribute keys to authorized subscribers

Using Jakobsson’s proxy encryption techniques
Confidentiality Examples
Message: id 100
<?xml?><stock>
<symbol>YHOO</symbol>
<price> 70.2 </price>
<open>50</open>
<volume>10000</volume>
</stock>
Encrypt
Message: id 100
<?xml?><stock>
<symbol>YHOO</symbol>
<price> Ek(70.2) </price>
<open>50</open>
<volume>10000</volume>
</stock>
EncPK(k)
Message: id 200
<?xml?><gamescore>
<date>8/5/04</date>
<teams>NY-CA</teams>
<score>10-3</score>
</gamescore>
Encrypt
Message: id 200
<?xml?><gamescore>
<date>8/5/04</date>
<teams>NY-CA</teams>
<score>Ek(10-3)</score>
</gamescore>
EncPK(k)
Cleartext Event Contents
Encrypted Packages
Ek()  symmetric key encryption (e.g., AES) using key k
EncPK()  El Gamal public key encryption using key PK
Distributing Keys to Authorized
Subscribers
Proxy Security and Accounting Service (PSAS)
l coordinators with
m of l sharing of KPS
c1
c2
…
n servers with t of n threshold
key sharing of KPS
1
cl
2
3
…
n
m
RSA Signature Key (KPS, PKPS): Kps = 
K where KPSi is a key share held
i=1 PSi
by any coordinator
t
For each EG decryption key (KPS, PKPS): Kps = i=1
 KPSi where KPSi is a key share held by any
server
Transform
Register/
Publish
PB
Border
Broker
B1
…
broker
network
Border
Broker
B2
Register/
Receive
SB
Goals for Y3

Complete scalability analysis


A single PSAS can support 10s of thousands of subscribers
Address potential leakage of sensitive event
contents

Formal security analysis of solution

Implementation of prototype

Leverage existing pub/sub systems


Siena, supports XML encoding of events
Leverage existing threshold cryptographic libraries

CODEX, leverages COCA
Questions?




Himanshu Khurana and Radostina Koleva, “Scalable Security and
Accounting Services in Content-based Publish/Subscribe Systems”,
International Journal of E-Business Research, to appear, 2006.
Himanshu Khurana, “Scalable Security and Accounting Services in
Content-based Publish/Subscribe Systems”, in proceedings of the ECommerce Track of the ACM Symposium on Applied Computing (SAC),
March 2005.
Himanshu Khurana, Rafael Bonilla, Adam Slagell, Raja Afandi, HyungSeok Hahm, and Jim Basney, “Scalable Group Key Management with
Partially Trusted Controllers”, in the International Conference on
Networking, Reunion Island, April 2005.
Himanshu Khurana, Luke St. Clair, and Weiting Cao, “Scalable Group
Key Management with Partially Trusted Controllers”, in preparation for
submission to the Journal of Communication and Networking.