vault: a secure binding service guor-huar lu, changho choi, zhi-li zhang university of minnesota
Post on 19-Dec-2015
216 views
TRANSCRIPT
What are binding services? A binding service:
Stores bindings (a <key,value> pair) Translates (binding) key into (binding) values.
DNS is a good example maps hostnames into IP addresses Reverse lookup maps IP addresses into hostnames
Other example: SIP registrars, location service in MANET, etc.
Generic Binding Services What is generic binding services?
Internet-scale infrastructure service Allows arbitrary key-value pairs Many applications can use the same
infrastructure Why is it different from typical lookup
service? Ownership is essential E.g., in reverse DNS lookup the key (IP address)
gives no indication of the owner. Security is important!
Secure Binding Services Two minimum requirements:
Only the owner can update or delete its bindings
The binding returned must be the correct one deposited by the owner
Must be robust against “man-in-the-middle” attacks An attacker between users and the
service can intercept and modify messages
Objective A generic binding service that is
Scalable Robust Secure
Distributed Hash Table (DHT) Takes care of scalability and robustness Semantic free, flat id space allows generality
What about security? RSA/PKI enough? Not really.. Other crypto-mechanisms?
Example: Binding service using DHT
Similar to DHT’s put/get operations. B=(k,v), idk=H(k)
root(idk)
Question: how to make it secure?
put(idk, B)get(idk)
Return OK or BUser
RSA/PKI approach Not robust against “man-in-the-middle”
attacks Users can sign their requests
Signatures can be easily replaced Using Certificates?
only if the binding key is part of the owner id. Key problem: need to verify the association
between user id and public key Need another secure binding service!
Our approach: using IBE
In identity-based encryption (IBE) identity is the public key! Private key can be generated on-demand
Key idea: use IBE to establish secure channels between users and the system.
Robust against MITM attacks
DHT+IBE: an example
Private Key Generator (PKG)
DHT System
User
root(idk)
Encrypt data and sk using idk
Send encrypted data to the service
Return responseencrypted with sk
Retrieves the private key for idk
Vault: Architecture overview Two-level
architecture Better control over
the service Efficient key
management Pillars: issue keys Columns: handle
users and store bindings.
Pillars
Columns
Zone 1Zone 4
Zone 2Zone 3
Vault: Design principles Secures user to service
communication Use IBE to establish secure channels
Focus on the basic mechanism But provide hooks for namespace
management Secures internal system operations
Only active columns should serve user requests
Vault: basic operations User Operations:
Registration for owners Provides necessary hooks for namespace
management Establish owner credential with its user id.
Insertion Update and delete Query
Internal Operations: Key retrieval between column and pillars
User operation example: insertion
Binding is sent to home column first.
Home column verifies ownership and forwards to root(idk)
root(idk) returns encrypted response.
Internal operations Secure Key
retrieval process Two way hash-
chains allows the pillar to: Verify a node is
currently active Verify a node’s
id space range
Local Testbed: System response time
The more nodes the better the performance.
IBE operations are expensive, the price we pay for added security.
Conclusion
New approach in constructing generic secure binding services. DHT+IBE
Cornerstone for future networks and applications.
Currently building more applications using Vault.
Example: Binding Service using DHT
Basic operation To insert a binding B=(k,v)
Compute idk=H(k) The owner “puts” B at a node responsible for idk
To query B Again, compute idk=H(k) The Querier “gets” B from the node responsible for
idk
Question: how to make it secure?
DHT+IBE: an example
User
root(idk)
Private Key Generator (PKG)
2. Send encrypted data to the service
3. Retrieves private key for idk
1. Encrypts data and sk using idk
4. Returns response
encrypted with sk
DHT+IBE Encrypts data and a symmetric key sk with idk
Sends encrypted data to the service The root node of idk (root(idk)) requests a key fo
r idk
root(idk) decrypts the data, returns a reply encrypted using sk
User Operation: Update and Delete Two modes:
direct if symmetric key is still valid, indirect if it expires.
No IBE in direct mode: efficient!
Indirect mode is similar to the insert operation.
User Operations: Query
Queriers: No need to reg
ister Queries:
Delivered to root(idk) directly.
Symmetric key: Prevents MITM
attacks Nonce:
Prevents reply attacks.
Evaluations
Evaluate computational overhead and system response time
Computation overhead for local testbed
Computational overhead for crypto-primitives
Computational overhead for binding operations