ITU-T Kaleidoscope Conference Innovations in NGN A Self-Encryption Based
advertisement
ITU-T Kaleidoscope Conference Innovations in NGN A Self-Encryption Based Private Storage System over P2P Distributed File Sharing Infrastructure Hiroki Endo The University of Tokyo endo@akg.t.u-tokyo.ac.jp Geneva, 12-13 May 2008 Outline Introduction Security for the lost of the terminal Proposal Self-encryption scheme Distributed Storage System by Selfencryption Problems 1. 2. Large cost for processing for encryption Large cost for Uploading data cR Conclusion Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 2 Introduction The number of the loss of articles(Tokyo, 2007) 12,810,340 400 350 About 1 % of people lost their mobile handsets 300 250 200 124,863 150 100 thousands 50 0 Umbrella Clothes Wallet Securities Certificates Mobile Handsets Bags Camera & Glasses Precious metals Watches Tokyo Metropolitan Police Department http://www.keishicho.metro.tokyo.jp/toukei/kaikei/kaikei.htm Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 3 Purpose Mobile handsets are lost easily! Security for the case of loss Encryption of all internal data of mobile handsets For cases of the loss and theft With Limited terminal resources Computational resource Communication resource Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 4 Outline Introduction Security for the lost of the terminal Proposal Self-encryption scheme Distributed Storage System by Selfencryption Problems 1. 2. Large cost for processing for encryption Large cost for Uploading data cR Conclusion Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 5 Proposal Self-encryption scheme The encryption key is generated from the information contained in the target file itself according to a certain algorithm This scheme outputs some distributed data encrypted with generated keys To decrypt the original file, all distributed data is required Right Low cost processing Wrong Long encryption key Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 6 Self-encryption Scheme Sprit M into s pieces of data Generate s encryption keys from these data by Function F Encrypt s data using these keys M m2 m1 m3 ms F Ek s ks c1 k1 Ek k2 1 Ek F c2 2 k3 k3 F c3 Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN s-1 F Cs-1 Fs Ek cs 7 Key Generation Function Our proposed scrambling algorithm Generate key (K) from key source (Y) Y n byte IV y1 y2 y3 ⊕ ⊕ ⊕ k1 k2 k3 yj ⊕ F kj K ⊕: exclusive OR, IV: initial value Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 8 Distributed Storage by Self-encryption scheme An encrypted part of file (cR) is stored in Remote storage In cases of the loss and theft, the access to Remote storage is blocked This system is effective even if the mobile handset is out of service! Local Storage cR cL Remote Storage Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN M SD SIM 9 Outline Introduction Security for the lost of the terminal Proposal Self-encryption scheme Distributed Storage System by Self-encryption Problems 1. 2. Large cost for processing for encryption Large cost for Uploading data cR Conclusion Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 10 Problem Definitions An encrypted part of file (cR) is stored in network storage In cases of the loss and theft, the access to Network storage is limited Mobile Terminal cL cR Remote Server mR M mL SD SIM Problems 1. Large cost for processing for encryption mL & mR 2. Large cost for Uploading data cR Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 11 Target Environment Distributed Storage System Based on IMS framework Communications are secure Mobile terminals and Servers are authenticated IMS Clients mL mR : Remote Data mL : Local Data Home Server MRFC mR S-CSCF Access NW MRFP Visited NW P-CSCF Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN I-CSCF Home NW IP NW 12 Problem 1 Cost for processing for encryption mL & mR 2 Processing Time [s] 1.8 y = 0.0011x 1.6 AES 1.4 Self-Encryption > 1/3 1.2 1 0.8 y = 0.0003x 0.6 0.4 0.2 0 0 200 400 600 800 1000 1200 1400 1600 1800 2000 Encrypted Data Size [KB] Experimental circumstance Zaurus SL-C760,OS: Linux (OpenPDA), CPU: Intel XScale(PXA255 400MHz),Work area: 64MB Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 13 Answer 1 (1/2) Mobile terminal transmits remote data to the server in plaintext through secure pass The remote server encrypts the remote data stored in the network storage Mobile Terminal cL mR Remote Server M mL SD SIM However, if the server is attacked, mR is leaked out Distribute mR against attacks!! Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 14 Answer 1 (2/2) against server attacks P2P Overlay Network Storage Compose network storage of remote servers managed by each user by P2P overlay NW (DHT). Encrypt mR into s pieces of decryption data (cR1, cR2,…,cRs) in his own server (Server A: Trusted Node[TN]) s pieces of decryption data are uploaded into Foreign Nodes owned by other users (Foreign Node[FN]) Server B (FN) cR2 cR1 Server C (FN) User C cR1 DHT NW cR2 cRs Server D Geneva, 12-13 May 2008 (FN) cRs First ITU-T Kaleidoscope Conference – Innovations in NGN mR Server A (TN) User A cL 15 Problem 2 To Reduce cost for Uploading remote data mR Mobile Terminal cL mR Remote Server Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN M mL SD SIM 16 Answer 2 (1/3) There is large number of common files shared among the users such as music tracks, movie videos and novels . Every file are encrypted into same cR Sharing common cR with other users If cR exists in the network storage, uploading cR is omitted, the processing cost will be reduced User B User A User E User B User D Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 17 Answer 2 (2/3) P2P Overlay Network Storage The trusted node decides which servers in a P2P network manages each distributed data according DHT ID DHT ID is derived from only cL Server B (FN) cR1 Server C (FN) mR User Z cL Server Z cR2 mR cRs Server D (FN) Geneva, 12-13 May 2008 Server A DHT NW First ITU-T Kaleidoscope Conference – Innovations in NGN User A cL 18 Ans. 2 (3/3) - The method for deriving DHT IDs Mobile Terminal names mR “Hash:Size” derived from CL. TN receives the name and derives DHT IDs consisting of the name of mR, the distributing number and the ID of the trusted node If the data does not exist on DHT network storage, TN receives mR and encrypts It and divide it s items (CR1 to CRs) TN stores these s items to the corresponding nodes. 1. 2. 3. 4. Mobile Terminal mR cL Trusted Node mR 3 1 Hash Hash TN Hash 2 Hash 2 cR1 Size 1 cR2 Hash Size Size 2 s cRs Hash Size Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations ins NGNTN FN D FN A Size 1 1 Size 4 cR1 TN FN B TN cR2 FN F Hash FN Z Size 2 TN FN E cRs Hash Size s TN 19 For the Standardization Require the following protocols Authentication of mobile terminals and servers Mobile terminals are authenticated by IP Multimedia Services Identity Module (ISIM) Servers are authenticated by Public Key Infrastructure (PKI) The algorithms in self-encryption scheme and protocols for communication The method for deriving DHT IDs Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 20 Conclusion A Self-encryption based private storage system over p2p distributed file sharing Infrastructure Protect all internal data for cases of loss of the terminal Reduce costs for encryption processing in mobile terminal Reduce costs for upload processing by letting users share common remote data. P2P Overlay Network Storage Protect servers against attacks. Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 21 Thank you for your attention! Geneva, 12-13 May 2008 First ITU-T Kaleidoscope Conference – Innovations in NGN 22
