slides - NSF Future Internet Architecture Project

advertisement
Security and Mobility First: Looking
Back and Looking Forward
The Mobility First Team
Particular thanks to:
Arun Venkataramani (UMass)
Z. Morley Mao (UMich)
Mike Reiter (UNC)
Wade Trappe (Rutgers)
[1]
Introduction: FIA-NP Collaborating Institutions
(LEAD)
D. Raychaudhuri, W. Trappe,
R, Martin, Y. Zhang, I. Seskar
S. Bannerjee
X. Yang
A. Venkataramani, (J. Kurose), P. Shenoy
B. Ramamurthy
Z. Morley Mao
W. Lehr
WINLAB
Talk Roadmap… Where are we going?

MobilityFirst Overview
– Brief (I hope!): motivation and overall design objectives

Dave’s Questions

Rewind: Behind closed doors, what the team was thinking
– Initial security discussions
– Amusing philosophical points of views

MobilityFirst’s Security Design
– Objectives, toolbox and wishlist
– Highlights of what we actually did…
– Half-baked things that are unfinished

Dave’s questions, answered directly…
[3]
WINLAB
Ultra-quick recap: the original design
concepts

Mobility as a basic service (location tracking; fast address
assignment, handoff, network mobiilty)

Robustness with respect to intrinsic properties of wireless
medium (disconnection, varying bandwidth, high error rates)

Support for anticipated mobile/pervasive applications
(requiring features such as location or context awareness)

Enhanced trust models suitable for open wireless channels
and mobile end-users (strong authentication, resistance to
eavesdropping, DDoS and routing attacks)

General usability requirements (such as evolvability, ease and
trustworthiness of management, backwards compatibility,
technology neutrality, economic viability, universal access)
[4]
WINLAB
Concepts led to design goals…

Host and network mobility (G1): End-to-end communication must continue
(i) despite frequent mobility of end-hosts or networks; (ii) despite the absence
of a contemporaneous end-to-end path.

No global root of trust (G2): Correct network behavior must not depend on
a single root of global trust.

Intentional data receipt (G3): An end-host must receive data only if the
transmission is consistent with its receipt policy.

Byzantine robustness (G4): End-to-end communication must continue
despite the compromise of (a small fraction of) routers or end-hosts.

Location-independent content (G5): The network should assist with
content retrieval in addition to enabling host-to-host communication.

Evolvable network services (G6): The architecture should allow for the coexistence or rapid creation of alternate network services.
[5]
WINLAB
And what we got is… The MobilityFirst Future
Internet Architecture
Named devices, content,
and context
Human-readable
name
End-Point mobility
with multi-homing
Strong authentication, privacy
Global Name
11001101011100100…0011
Resolution Service
Public Key Based
Global Identifier (GUID)
Service API with
Routers with Integrated
unicast, multi-homing,
Heterogeneous
Storage & Computing
mcast, anycast, content
Wireless Access
query, etc.
•In-network
•content cache
Storage-aware
Intra-domain
routing
•MobilityFirst Protocol Design Goals:
-
10B+ mobile/wireless devices
Mobility as a basic service
BW variation & disconnection tolerance
Ad-hoc edge networks & network mobility
Multihoming, multipath, multicast
Content & context-aware services
Network
Strong security/trust and privacy model
•Edge-aware
•Inter-domain
•routing
•Hop-by-hop
•file transport
Connectionless Packet Switched Network
with hybrid name/address routing
Mobility &
Disconnected Mode
•Ad-hoc p2p
•mode
WINLAB
MobilityFirst Concepts: Protocol Stack
App 1
Name
Certification
& Assignment
Service
Global Name
Resolution
Service
NCS
App 3
E2E TP1
E2E TP2
E2E TP3
E2E TP4
Optional Compute
Layer
Plug-In A
GUID Service Layer
GSTAR Routing
Link Layer 1
(802.11)
Link Layer 2
(LTE)
Narrow Waist
MF Inter-Domain
Hop-by-Hop Block Transfer
Control Plane
App 4
Socket API
GNRS
MF Routing
Control Protocol
App 2
Link Layer 3
(Ethernet)
IP
Switching
Option
Link Layer 4
(SONET)
Data Plane
WINLAB
Link Layer 5
(etc.)
MobilityFirst Concepts: GUID Service
Example
Service API capabilities:
- send (GUID, options, data)
Options = anycast, mcast, time, ..
- get (content_GUID, options)
Options = nearest, all, ..
Name Certification
Services (NCS)
Register “John Smith22’s devices” with NCS
GUID assigned
GUID lookup
from directory
NA99
MobilityFirst Network
(Data Plane)
Send (GUID = 11011..011, SID=01, data)
GUID <-> NA lookup
GNRS query
Send (GUID = 11011..011, SID=01, NA99, NA32, data)
GNRS update
(after link-layer association)
NA32
GNRS
GUID = 11011..011
Represents network
object with 2 devices
DATA
GUID SID
NAs
Packet sent out by host
WINLAB
Architecture: Name-Address Separation


Separation of names (ID) from
network addresses (NA)
Sue’s_mobile_2
Server_1234
Media File_ABC
Taxis in NB
John’s _laptop_1Sensor@XYZ
Globally unique name (GUID)
for network attached objects
– User name, device ID, content, context, AS
name, and so on
– Multiple domain-specific naming services

Global Name Resolution Service for
GUID  NA mappings

Hybrid GUID/NA approach
Host
Naming
Service
Sensor
Naming
Service
Content
Naming
Service
Context
Naming
Service
Globally Unique Flat Identifier (GUID)
Global Name Resolution Service
Network
– Both name/address headers in PDU
– “Fast path” when NA is available
– GUID resolution, late binding option
Network address
Net1.local_ID
Net2.local_ID
WINLAB
BACK AT THE SECURITY
RANCH…
[11]
WINLAB
Dave’s Questions, up front…

What were the security requirements that the project set itself?

How were these requirements developed?

Which aspects of the system were expected to deal with which
security requirements? Core architecture?

Did any features of the new architecture lead to a material
change with respect to the security landscape?

Did the project require or lead to innovations in security
thinking, or the development of new mechanisms?
[12]
WINLAB
The team’s security discussions…
philosophical viewpoints

Looking back, the MF team had some interesting philosophical discussions
about security:
– Is security design like network design?
– Could one “ARCHITECT” security?
– Weren’t all the security exploits a consequence of “devil in the details”
associated with protocols, implementations, etc?

What we all agreed upon was something along the lines:
– Proper network architecture and design does not achieve security, but
creates a toolbox that facilitates the ability to have security
– A bad network design would be one that left out key “tools” that one
needs to then later build (in detail) solutions that address security
problems and are themselves complete.

So: What should we put in the toolbox?

And: Would our toolbox even work?
[13]
WINLAB
The toolbox should have…

No single root of trust:
– We wanted to move away from the single root of trust (c.f. ICANN)
– This gives a decentralized model of trust, e.g. each country manages its own
NCS, or one can shop around for the NCS that meets their needs.

Self-authenticating names
– Public key cryptography provides the ability to prove ownership of the
address if the public key is associated with the address

Apply access control to information that could facilitate attacks

Intentional receipt: recipients should be able to specify what reaches it
– Support intrusion detection and prevention

Disruption tolerance as a means to withstand “broken” or “being damaged”
parts of the network

Understanding the applications that run on top of the network
– Network traffic as a signature for intrusions and bad traffic
[14]
WINLAB
A Wishlist of Mobility First Security
Mechanisms (circa MF Year 1)
Access Control
• GNRS access control mechanisms can support white-listing/black-listing, as well
as multi-grade security policies
• Network capabilities will be integrated into routing to ensure only capable entities
can participate
• Public key identifiers provide automatic means for access control
Service
Integrity
• Secure routing protocols will address black hole, replay and misrouting
• Watchdog processes running on network routers will share information, detect
network anomalies, and enforce policies
• Multipath routing and network coding will be explored to ensure resilience in the
presence of selective forwarding by corrupted nodes
Confidentiality/
Privacy
• Secure storage and key management mechanisms will be developed to ensure
confidentiality of cached information
• Randomization of paths will be integrated into routing to support location privacy
• Pseudonymous variant of public key addresses will allow for disposable
identifiers
WINLAB
The core security work followed a nice
“hindsight” flow

GUIDs and the GNS:
– The public key as an identifier that can allow for us to rapidly resolve
was paramount to MF
– But is the introduction of a GNS “feasible”? (c.f. Auspice and Caesar)
– What are the security concerns associated with such a new service?

Recipient-driven regulation
– Leverage the GNS to regulate who gets to look GUID-to-NA mappings
(access control at the GNS)
– Issue policies that tell the network “here is how I want you to process
traffic for me”




Could be something like “only certain protocols for me”
On-path and off-path filtering as an allocation problem
Finding signatures for mobile traffic
Securing interdomain routing– attacks exist beyond the cryptographic routing
protocols
[16]
WINLAB
Key Architectural Features: Named
Objects




Globally unique identifiers
(GUID) used to define all
network-attached objects
Key design choice: flat identifier
vs. hierarchical semantic
identifier….
MobilityFirst uses a flat public
key as the GUID
NDN uses domain
name/hierarchical descriptor
Sue’s phone
John’s laptop
Media file M
Context C
Host Naming
Service
Content
Naming
Service
Context
Naming
Service
Globally Unique Flat Identifiers
Global Name Resolution Service
Routers with
integrated storage
and computing
Integrated
storage and
computing
Hop-by-hop
transport
WINLAB
Wait: GUIDs… aren’t they big? Could we ever
use them for real?

How to reduce GUID size: elliptic curve cryptography
– ECC P-256 of FIPS PUB186-3 DSS




Protection for classified information is up to the secret level
Has security strength comparable to RSA with key size of 3072 bits
But one might want to keep crypto choice flexible for future-proofing
Even so, is the whole concept of public keys as a name ever
going to be able to be realized in practical, real router
deployments?
– And what about flat vs. non-flat GUIDs?

The team was aware of this challenge and the team developed fast
and memory-efficient forwarding engine for border routers
(CAESAR)

Key contribution: scalable Bloom filters that support not only
MobilityFirst, but also XIA and other AIP-like architectures
[18]
WINLAB
A quick look at CAESAR…

A forwarding and routing architecture
– For future Internet architectures
– Memory-efficient and high-speed


Scalable and reliable Bloom filters
Two forwarding pipelines
– Performance and correctness
– Multi-match (MM) line

Reliable Bloom Filters)
Common
Path
Primary for vast majority of packets
– Compress states using Bloom filters
– Encode filters in TCAMs for speed

Primary
Path (Scalable and
Backup for very rare cases
Backup Path
– Correct false positives at high speed
– Use a hardware flag


Optimize hash computations
Optimize route updates support
WINLAB
19
CAESAR: Performance comparison
• The total cost is stable for various address lengths
o nmax=4, w = 288
Estimated total cost ($)
16000
Caesar Router
IP Router
12000
8000
4000
0
0
200
400
600
Address length (bit)
800
1000
WINLAB
Overview of Two-Tier Name Resolution: GUIDs,
NCS, GNS
• Network Entity’s Three
Attributes:
- User-level descriptor
- Network-level identifier
- Routable Topological address
• Two Core Services:
- Name Certificate &
Resolution Service (NCRS)
- Global Name Resolution
Service (GNRS)
Obligatory
caveat: At some point
we had a slight divergence in names…
GNS/GNRS, NCS/NCRS… this talk does not address this…
Call it Multi-homing. 
[21]
WINLAB
GNS: Decoupling certification and resolution
Root name service (ICANN,
US. Dept. of Commerce)
2
3
3
1
Managed
DNS
services
Auth.
name
services
4
Name
certification
services
Certificate
search
services
Auspice-like
global name
services
1
4
Local name
services
Local name
services
0
WINLAB
GUID=X, GNS=Auspice
TLD
name
services
Global name system
Name: “Alice’s phone”
Domain name system
Implementation

Geo-distributed key-value store
GUID: {
{IPs: [123.45.67.89, 98.76.54.321]},
{geoloc:[lat, long]},
{TE_prefs: [“prefer WiFi”,…]},
{ACL: {whitelist: […]}},
}

Name certification service
Human-readable name: abhigyan@cs.umass.edu:phone
GUID: 21EC2020-3AEA-4069-A2DD-08002B30309D

msocket user-level socket library with Auspice integration
MSocket socket = new
MSocket(abhigyan@cs.umass.edu:phone);
MServerSocket socket = new MServerSocket(8080);
WINLAB
23
Managed DNS comparison
•Ultra DNS (16 replicas) vs. Auspice 5/10/15 replicas out of 80 locations
240
120
Ultra DNS
(16 replicas)
150
Auspice
(15 replica)
180
•Auspice reduces cost/latency over
•today’s managed DNS
Auspice
(5 replica)
Lookup latency (ms)
210
Auspice
(10 replica)
•One-third replication cost, similar latency
90
60
30
•60% less latency,
•similar cost
0
WINLAB
24
Back to the NCRS & GNRS: We also looked at
the “dirty” security details…
NCRS
Server
NCRS
Server
NCRS
Server
GNRS
Server
1. NCRS
Insert
2. GNRS
Insert
NA1
Jim’s phone
GNRS
Server
GNRS
Server
5. GNRS
3. GNRS
Query
Update
NA2
6. Communication
4. NCRS
Query
NA3
Annie’s car
Jim’s phone
[25]
WINLAB
NCRS Functionalities

Name Translation
– Provide translation between Human
Readable Keywords and Globally Unique
Identifier (GUID)

Certificate Registry
– Analogous to Public Key
Infrastructure (PKI)
– Define certificate format
– Allow self-certifying & certificate assignment
– Certificate registry operations:




Insert (self-certifying) / Certificate request (certificate assignment)
Query
Update
Revoke
[26]
WINLAB
Potential GNRS Attacks

GUID Spoofing Attack:
– A masquerading threat
– A malicious user A claims another user B's GUID and attempts to
associate it with A's own network address by announcing the mapping
(GUIDB, NAA).
– Consequence: denial of service

Stale Mapping Attack:
– A message manipulation attack
– A device moves and issues an update, the malicious GNRS server can
purposely ignore the update and claim it still has the most recent mapping.
Perhaps worse, a GNRS server can selectively choose which (possibly
stale) mapping to give out during queries.
– Consequence: denial of service
[27]
WINLAB
Potential GNRS Attacks

False Announcement Attack:
– A information modification attack
– User A, which is in network NAA, claims its GUIDA binds to a different
network address, (GUIDA, NAB).
– Consequence: illegitimate resource consumption

Collusion Attack:
– A information modification attack
– A malicious user, its network and the location where the mapping is stored
collude with each other to allow a fake mapping involving a false network
address to pass the verification and become stored in the storage location.
– Consequence: denial of service
[28]
WINLAB
And we got stuff like: Securing GNRS Update
Main network components: updater, local router, border gateway
More
where
that
camestorage
from…
router,
DHCP
server,
mapping
location.
But let’s save that for the student talk tomorrow…
DHCP
Server D
3. G to D: {GUIDG, [Ng, GUIDA,
(GUIDA, NA1, TA, EA)A-1]D}
NA2
4. D to G: {Ng+1, (GUIDA,
NA1, TA’, EA’)D-1}G
5. G to L:
{Nl+1}G-1
NA1
6. L to A:
{Na+1}L-1
A
Local
Router L
Border
Gateway
Router G
8. X to G: {Ng’+1}X-1
X
7. G to X:
{GUIDG, { [GUIDA, Ng’, (GUIDA, NA1, TA,
EA)A-1,G-1 ]G-1}x}
2. L to G:
{GUIDL, [Nl, GUIDA, GUIDG, (GUIDA, NA1, TA, EA)A-1]L-1 }G
1. A to L:
{GUIDA, [Na, GUIDL, (GUIDA, NA1, TA, EA)A-1 ]L}
[29]
WINLAB
Revisiting recipient control: Controlling Access
to GNRS Information

User (the recipient) should be able to specify:
– Which people can see what information about the user’s name
– Which people can see which set of available interfaces mapped to the
user’s name
– How frequently people are allowed to receive information about the user’s
name (similar to location privacy)

User-initiated cryptographic techniques:
– Encrypt specific updates with a group key only available to a target group


Leads to key distribution problems
GNRS-based access control:
– Updates contain a policy that specifies who can access what
– Queries contain an authentication token that can be used in conjunction
with the policy to supply appropriate information
Update
Query
Cryptographic Package
Name
Address
List
Timestamps
Cryptographic Package
Policy
Name
Authentication
Token
WINLAB
Further problems and why “Access Control in
GNRS” is good…

Problem
– No protection for the mapping from being queried by illegitimate
users.

Consequences
– Information/privacy leakage.
– Attacks, e.g. DoS attack.
– Track users’ behavior, etc.

Solution
– Integrating access control to the GNRS.

Benefits
– Protect mapping information from unauthorized access.
– Support advanced services and fine-grained functionalities.
[31]
WINLAB
Overview of Access Control in GNRS

Access control language
– eXtensible Access Control Markup Language (XACML)
– Can handle basic GNRS access control, identity-based access control
(IBAC) and attribute-based access control (ABAC)

Policy format
– Basic format: (GUIDB,TB, EB )A-1
– Whitelist/backlist: {(W,GUID1,T1, E1 ),(B,GUID2 ,T2, E2 ), }A-1
[32]
WINLAB
Spatio-temporal Access Control in GNRS

General Spatio-temporal access control (STAC)
– Target

Grant the mapping based on spatio-temporal (ST) characteristics.
– Challenge



A malicious user may lie about its location.
No guarantee for the correctness of the ST information.
Little support for the security of submission process
– What our team managed to do:


Incorporate ST verification to ensure the correctness of ST
information.
Adopt various security mechanisms to secure the query process.
[33]
WINLAB
Spatio-temporal Access Control in GNRS

Spatio-temporal access control with state transitions
– Definition of state


Being at a specific location in a specific time interval.
Is represented by a location L and time interval (T, E) as <L,T,E>.
– Target: A stateful form of access control

Accessibility to the mapping depends on not only the current state,
but also the previous state.
– Challenge

Scalability & efficiency issue: a large burden for distributed
servers to maintain users’ state records in a large scale mobile
network.
– Solution

Introduce a token-based approach to handle the state verification
process.
[34]
WINLAB
Back to intentional receipt and NIDS/NIPS

AC at the GNRS does not completely remove adversaries from knowing
network addresses

“Intentional receipt” (versus receiver control) was one of the goals that was
set out at the beginning of the project:
– Each end-user device or neighbor network attached to network X ought
to be able to express policies (that X should enforce) about the traffic that
X passes along to it.

These policies could be rich (e.g., content-based, not just address-based).

With potentially every end-user device expressing such policies, the real
challenge for network X is how to scalably enforce those policies.

The MF team addressed this problem
– Solution also addresses fundamental challenge in network intrusion prevention
systems (NIPS)
– Validated through an SDN implementation
[35]
WINLAB
Perpetual Scaling Challenge
• Traffic increase  More packets to process
• User applications changing  More functions/modules
• Attacks evolving  Larger set of “rules” to apply
WINLAB
36
SNIPS System Overview
High-level goals:
Latency, Unwanted
Link/Node Load
Administrator/Recipients announce
Policies to SNIPS
Decide local processing
and offloading
SNIPS Network Controller
responsibilities
N1
N2
N3
D1
WINLAB
37
SNIPS Controller Design
High-level goals:
Latency, Unwanted
Link/Node Load
Traffic
Classes
NIPS
Resource Use
Decide local processing
and offloading
responsibilities
NIPS, DC
Hardware
Topology
& Routing
Network-Wide
Optimization
N1
Class c = HTTP, N1  N3
c.in= N1; c.out = N3
c.Path = <N1, N2, N3>
N2
N3
D1
WINLAB
38
SNIPS Offers Better Load Balancing
WINLAB
39
Complementing the work on SNIPS is the
need to be able to characterize traffic

Mobile traffic is difficult to characterize
– Most mobile applications do not use specific protocols or IP ports
with distinctive features
– This makes it hard for “the local network” (e.g. enterprises and
service providers) to regulate the traffic that flows over their
network

In order to support in-network removal of traffic, the team
developed a solution (FLOWR) that identifies apps via traffic
analysis
– FLOWR uses a customized supervised learning approach that can
grow its collection of app signatures
[40]
WINLAB
FLOWR: Basic Principles
1. What to identify?
Bi-directional flows
2. How to identify flows?
Signature matching
KV tokenization
3. How to extract signatures?
HTTP metadata can be indicative to app identities
4. How to construct a knowledge base?flow regression
Flow signatures from the same app often co-occur
5. How to initialize the knowledge base? a* services
App IDs are always embedded in ad and analytics
•http://api.airpush.com/v2/api.php?...&packageName=zz.rings.rww2&...
41
WINLAB
Key-value (KV) examples
admob.com
&preqs=0&u_sd=1&slotname=a14d9cfab0d6002&u_w=320&ms
id=tls.game.fiar&cap=m%2Ca&js=afma-sdk-4.1.1&isu=F139F4FD31A7049ECD
A0C320F96B92CB&format=320x50_mb&net=ed&app_name=9.android.tls.game.fiar&
hl=en&u_h=480&u_audio=1&u_so=p&output=html
scorecardresearch.com
&c1=19&c4=Total%20Beauty&c10=android&c12=5d
30b552b3874617ed84ca2de98c3ff1-a&ns_ap_device=generic&ns_ap_as=13384
40029585&ns_type=View&ns_ts=1338440029626&ns_m2=yes&c2=6035713&name=s
tart&c3=Start&ns_ap_ver=1.5.2&ns_ap_res=480x800
App ID: msid=tls.game.fiar, c12=5d30b552b3874617ed84ca2de98c3ff1-a
Developer ID: c2=6035713
Device ID: isu=F139F4FD31A7049ECDA0C320F96B92CB
General: js=afma-sdk-4.1.1, format=320x50_mb, hl=en, ns_ap_res=480x800
Random: ns_ts=1338440029626, ns_ap_as=1338440029585
42
WINLAB
KV tokenization
•…
•http://airpush.com/?
&sdkapid=67526&zipcode=48109
•…
•http://airpush.com/?
sdkapid=67526&zipcode=48109
•airpush.com:sdkapid=67526
•airpush.com:zipcode=48109
•airpush.com:sdkapid=67526
• ->com.rovio.angrybirds (TP: 99%)
•com.rovio.angrybirds (TP:
99%)
KV tokenization extract KVs from flows into signatures
43
WINLAB
Full picture of FLOWR system
Knowledge base initialized using a* services
with minimal manual effort (seed knowledge)
44
WINLAB
FLOWR: Some results…
t90,95,99: uniquely identify with confidence 90,95,99%
n5: narrow down to 5 candidates with confidence 99%
45
WINLAB
Routing Security: Advancing the science of
secure interdomain routing

The team also explored the problem of secure routing from a
new perspective where the adversary was corrupt AS’s with
Byzantine behavior

BGP, even with S-BGP mechanisms, vulnerable to serious
protocol manipulation attacks

The MF team’s contributions
– Formalized two fundamental correctness properties and show
there are feasible attacks that violate them
– Validated attacks with commodity routers
– Quantified attack vulnerability in the Internet
– Propose RCI-based approach to provably satisfy properties
46
WINLAB
BGP Control Plane Attacks, a solution, but
not enough!

BGP control plane attacks
– Prefix hijack: pretend to own a
prefix
– Path spoofing: announce a
forbidden path

Solution: S-BGP
– Ensures existence
– Ensures authentication

S-BGP (and follow-ons) ensure
verifiability of routing information using
cryptographic techniques

Our main contribution
– Manipulate the complex BGP
protocol to violate two of its most
fundamental goals (even with S-BGP
mechanisms)
AS 2
AS 1
BGP, even with S-BGP mechanisms,
vulnerable to serious protocol manipulation
attacks
Even without breaking any secure protocols,
attacks can permanently cut a connection and
permanently force a victim AS to select a less
preferred path.
WINLAB
Advancement in Security Objectives:
Desired Correctness Properties

Property 1: Eventual Reachability (ER)
Existence of a good path should ensure eventual reachability

Property 2: Policy Prevalence (PP)
Existence of multiple good paths should ensure selection of
the most preferred path
WINLAB
The Soufflé is still in the oven for many
things…

Robust multipath traffic allocation using portfolio theory

Integrating trust assessment into MF: router assessment services, how to
incentivize rating, how does one allow for trust to regrow after losing it,
integrating trust with inter/intra-domain routing

Designing a context-based communication service in a privacy-preserving
manner

Robust network protocol designs to prevent abuses and protocol
manipulation attacks from network services.

Network protocol designs to eliminate side channels for protecting user
privacy and eliminating data injection attacks

Integrating “security as a network service” in order to support IoT security

Storage verification: if in-network caching is being advertised, how do you
trust what you are being told?
[49]
WINLAB
And then there was stuff that just didn’t pan
out… aka, the graveyard of failed research…


Example: It was thought that the use of public key naming addressing
schemes might facilitate access control through pairing-based (ID)
cryptosystems
Using such ID-crypto in public key addressing allows for flexible access
control to data:
– Data is encrypted at the source using the (single) public key that is derived by the
logical conjunction and disjunction of destinations’ identities (public keys)
 Example: Packet payloads can be encrypted so that either Darleen or
Victor can access, but only the Darleen who is at NSF and in DC and
in the USA, or the Victor who is at NSF and also has a Comcast
account

Challenge 1: Does not obviate the need of a structure akin to certificate
authorities (must maintain pairing)

Challenge 2: Does not easily support integration with necessary
timestamping for integrating within GNRS

Challenge 3: Combinatorial operations in crypto domain were not arbitrary
[50]
WINLAB
Dave’s Questions, revisited…

Looking back at Dave’s Questions:
– What were the security requirements that the project set itself?
– How were these requirements developed?
– Which aspects of the system were expected to deal with which security
requirements? Core architecture?
– Did any features of the new architecture lead to a material change with respect to
the security landscape?
– Did the project require or lead to innovations in security thinking, or the
development of new mechanisms?

Our requirements arose out of “design goals” and “philosophy”

We then found places to apply these goals, e.g. intended receipt/recipient
control

We worried about whether our security ideas might be practically realizable
(e.g. CAESAR)

Innovation to secure routing thinking: new correctness metrics that exist
outside the cryptographic framework
[51]
WINLAB
Download