Security for Dynamic Groups - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Security for Dynamic Groups

Description:

What about outside agencies whom it might be useful to share data with. ... sharing mechanisms. TCFS has a quorum rule for permitting access to a shared ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 28
Provided by: ecs4
Category:

less

Transcript and Presenter's Notes

Title: Security for Dynamic Groups


1
Security for Dynamic Groups
Final Report By Prabhu Ram Raghunathan
2
(No Transcript)
3
Objectives
  • Design a Secure protocol for
  • P2P file sharing with
  • Concern for overhead
  • Extrapolation for ad hoc networks ?
  • Survey analougues
  • Specify protocol

4
Why is it useful
  • Consider Security approaches studied in the
    course thus far.
  • They are based on the notion of a well defined,
    single local group.
  • We have policies within organisations
  • What about outside agencies whom it might be
    useful to share data with.
  • How to ensure secure access intrinsically
  • Secure group communication is not a simple
    extension of secure two-party communication.
    Two-party communication can be viewed as a
    discrete phenomenon it starts, lasts for a while
    and ends. Instead, group communication starts,
    the group mutates (members leave and join) and
    there might not be well-defined end.

5
P2P
  • A P2P is a small network amongst users without a
    central server
  • A P2P network is still one physical network
  • Where Open Source coding, B2B,Napster etc.
  • Other methods Client/Server, Dedicated
    Computers
  • Quorum formation

6
ISSUES
  • Different Oses, different network protocols
  • Mechanism for inter-domain sharing
  • Insecure- Tapping possible on local domains
  • How does an arbitrary user start a group without
    admin rights over several domains and designate
    resource privileges
  • No central machine, to monitor accounts
  • Security Mechanisms

7
Steps
  • Extensive Background study - Done
  • Literature Survey - Done
  • Notation and Target systems - Inherited
  • Security aspects - Analysed
  • Design and Ratification Reviewed and Used
  • Implementation considerations Too much
  • Difficulty Implementation oriented topic

8
Popluar Apps
  • Napster Central database and search server for
    audio files requires login Insecure
  • Aimster Share files with people on AOL buddy
    list
  • Gnutella allows anything to be shared.
    Decentralized. Clients found by diffusion. No
    central user index
  • Freenet Large Scale Encrypted,signed,replicated
    and anonymized- claims to be immune to attack.

9
Inter Domain
  • Security oriented towards broadcast situations
    and static groups. Dynamic groups require
    reassignments. Controller oriented
  • Kerberos like patterns require setup for
    inter-domain activity
  • Authentication alone is treated
  • Significant Message Overhead
  • Admin Admin Admin

10
The works
  • Design a solution with a Group leader
  • Group leader issues term licenses- authentication
  • Peer interactions start with handshakes
  • RSA core for acquisition and and handshake
  • Deja vu ? SSL
  • Open Eliminate the leader with an embedded
    mechanism
  • Without limiting the number or peers.
  • Gauge overhead

11
Related Work
  • Napster random assignment on login, hot list
    for files shared
  • CuteMX enemy list Aimster Buddy list no
    group semantics one-one neither is secure
  • Gnutella- decentralized. Uses broadcasts,
    anonymizes queries.
  • Adar and Huberman 98 files shared by 20
    hosts. Ergo- these are central servers.
  • Spontaneous collaboration in large anonymous
    groups is tough.

12
Related Work P2P
  • Freenet similar to gnutella better caching,
    routing.
  • Onshare, globedrive etc. central server
  • Filetopia access to one file list on a peer
    access to all lists on that peer.
  • Distributary uses Packages analogous to CVS on
    Unix machines. Changes are propogated to the
    group of each package.
  • Some use sesions keys and 256 bit encryption.

13
Related work Crypto file systems
  • SFS, CFS, CSFS
  • Secure data by automatically encrpyting/
    decrypting data while reading and writing from
    disk.
  • Varying or no group sharing mechanisms
  • TCFS has a quorum rule for permitting access to a
    shared directory.

14
Related Work Formal Protocols
  • Most work is on securing broadcasts/multicasts
  • Key agreement Each member cintributes a piece
    of info to the group key for a session
  • Constraints number , identification of all
    members known apriori. Total ordering.
  • Group Leader needed to start process.
  • Rekey for every entry/exit Overhead
  • Use subgroups to reduce number of messages

15
Related work Protocols
  • Cascaded Event When one entry/exit is
    simultaneous with another such event. Not handled
  • Kerberos tough for multi-domain systems
  • Admins exchange inter-realm keys apriori
  • Considerable message overhead
  • Good for authentication
  • Several known dictionary attacks

16
Protocol Overview
  • Based on group sharing
  • DPGs are small
  • One Group Authority per group.
  • Peer presents credentials to GA to get a GMC
  • GMC is a certificate for interaction with others.
  • Initial handshake starts a secure channel
  • Unique session not group key.
  • No unrelated group member can eavesdrop

17
GMCs
  • GMCs have a specific life time.
  • ACLs have passwords for getting GMCs.
  • ACL records also have max. life for each , times
    for pwd .Pwds dont match.
  • GA need not be part of any group.
  • Gas can delegate , creater other Gas
  • Distribute Controls and Distirbute ACLs
  • For remote collaboration, raise life times.

18
Group Mgmt -Login Protocol
  • Login protocol obtain membership
  • Each peer generates a D-H random exponent and RSA
    public/private keys.
  • Identify source,dest addresses, ports,Seq number.
  • User login, Authority login.
  • Authority login possible only with other GAs.
  • There is a central site which is the first GA.
  • This can be removed by issuing expiring
    authorities. Call the first live site GA. Replace.

19
Login Protocol
  • U sends to A one time DH exp, group Ids, PWD Id,
    Header digest
  • A verifies header,digest,pwd,PID , generates a
    random challenge, decrypts DH exp ,generates the
    session key and sends it to U
  • U reproduces the process with an additional
    REQUEST msg.
  • For authority login, REQUEST is empty
  • A verifies the message and responds with similar
    encryption, a RESPONSE
  • U decryts the msg, checks if challenge was echoed
    correctly and saves the RESPONSE.
  • You are now logged on

20
Mutual Authentication Protocol
  • Establishes a session between two users
  • Uses a secret unique session key for each session
  • U1 sends to U2, Griup id, DH exp, Digest, Group
    Membership Certificate signed by the GA
  • Based on U1's public key, U2 generates session
    key and verifies GMC1, computes a challenge based
    on GMC2,m which it sends to U1
  • U1 verifies and rechallenges
  • U1,U2 check echoes. Session is on.

21
Group Operations
  • Create Group
  • Add Member/Authority Account
  • Remove Account
  • Join Group / Delete Group
  • Submit Local Name
  • Submit Local File Catalog
  • Get Peers File Catalog
  • Search Group Member List
  • Manually Add Peer to Group
  • Get Peers Authority / Get Backup Authority
  • File Search

22
Notation
  • A system principal
  • K initial symmetric session key (not a
    one-time-use key)
  • Krand final, random, one-time-use symmetric
    session key
  • P password
  • PID password ID uniquely identifying a given
    password
  • RA andom, long-lived Diffie-Hellman (DH) exponent
    generated by A
  • Rt A temporary, random, one-time-use DH exponent
    generated by A
  • g, p base and modulus for discrete exponentiation
    in DH algorithm
  • KA long-lived RSA public key of A

23
Notation
  • K-1 A long-lived RSA private key of A
  • CA random challenge generated by A
  • P(M) message encrypted with password P
  • K(M), Krand(M) message encrypted with symmetric
    key K and, respectively, Krand
  • K-1 A(M) message signed with RSA private key of A
  • H message header (opcode, src. IP, src. port,
    dest. IP, dest. port, seqno)
  • D digest over transmitted header and message
  • G group (group name, authority (IP and port)
    granting group account)
  • GMA As group membership K-1 B (G, EXP, gRA mod
    p) signed by authority B

24
Formal Specs - Login
  • U A H, G, PID, P(gRtU mod p), D
  • A U H, P(gRt A mod p), Krand(CA), D
  • U A Krand(H, REQUEST, CA, CU, D)
  • A U Krand(H, CU, RESPONSE, D)
  • Decrypt , Check Echo and Save Request.

25
Formal Specs MAP
  • U1 U2 H, G, GMU1, D
  • U2 U1 H, GMU2, K(CU2), D
  • U1 U2 K(H, CU1 CU2 D)
  • U2 U1 K(H, CU1, D)
  • U1 checks CU1 echo
  • Session key Krand gRU1RU2CU1CU2 mod p

26
Extensions
  • Allow external and not just home GA to allow
    login.
  • External User Caching
  • Session Caching Speed Up connections.
  • To break the hierarchy, round robin Gas
  • Go through firewalls
  • Light, flexible protocol.
  • Easy to implement and Maintain.
  • Scalable and Extensible.

27
Resources
  • Web gnutella,aimster,openp2p,distributary...
  • Key Agreement in Dynamic Peer Groups-Steiner,Tsudi
    k Maidner
  • An Integrated Solution for Secure Group
    Communication in Wide-Area Networks -Agrawal et
    al.
  • Authenticated Group Key Agreement and Friends
    Atienise
  • A Decentralised Architecture for Group Key
    Management -Rafelli
  • Key Establishment in Ad-hoc Networks
    Heitalhatti
  • CLIQUES project page at UCI http//sconce.ics.uc
    i.edu/cliques/
Write a Comment
User Comments (0)
About PowerShow.com