Vault: A Secure Binding Service

1
Vault A Secure Binding Service

• Guor-Huar Lu, Changho Choi, Zhi-Li Zhang
• University of Minnesota

2
What are binding services?

• A binding service
• Stores bindings (a pair)
• Translates (binding) key into (binding) values.
• DNS is a good example
• maps hostnames into IP addresses
• Reverse lookup maps IP addresses into hostnames
• Other example SIP registrars, location service
  in MANET, etc.

3
Outline

• Binding Services
• Motivation, Challenges and Approach
• Vault
• Evaluation
• Conclusion

4
Generic Binding Services

• What is generic binding services?
• Internet-scale infrastructure service
• Allows arbitrary key-value pairs
• Many applications can use the same infrastructure
• Why is it different from typical lookup service?
• Ownership is essential
• E.g., in reverse DNS lookup the key (IP address)
  gives no indication of the owner.
• Security is important!

5
Secure Binding Services

• Two minimum requirements
• Only the owner can update or delete its bindings
• The binding returned must be the correct one
  deposited by the owner
• Must be robust against man-in-the-middle
  attacks
• An attacker between users and the service can
  intercept and modify messages

6
Objective

• A generic binding service that is
• Scalable
• Robust
• Secure
• Distributed Hash Table (DHT)
• Takes care of scalability and robustness
• Semantic free, flat id space allows generality
• What about security?
• RSA/PKI enough? Not really..
• Other crypto-mechanisms?

7
Example Binding service using DHT

• Similar to DHTs put/get operations.
• B(k,v), idkH(k)

put(idk, B) get(idk)
root(idk)
User
Return OK or B

• Question how to make it secure?

8
RSA/PKI approach

• Not robust against man-in-the-middle attacks
• Users can sign their requests
• Signatures can be easily replaced
• Using Certificates?
• only if the binding key is part of the owner id.
• Key problem need to verify the association
  between user id and public key
• Need another secure binding service!

9
Our approach using IBE

• In identity-based encryption (IBE)
• identity is the public key!
• Private key can be generated on-demand
• Key idea use IBE to establish secure channels
  between users and the system.
• Robust against MITM attacks

10
DHTIBE an example
DHT System
root(idk)
User
Encrypt data and sk using idk
11
Outline

• Introduction
• Motivation, Challenges and Approach
• Vault
• Evaluation
• Conclusion

12
Vault Architecture overview

• Two-level architecture
• Better control over the service
• Efficient key management
• Pillars issue keys
• Columns handle users and store bindings.

13
Vault Design principles

• Secures user to service communication
• Use IBE to establish secure channels
• Focus on the basic mechanism
• But provide hooks for namespace management
• Secures internal system operations
• Only active columns should serve user requests

14
Vault basic operations

• User Operations
• Registration for owners
• Provides necessary hooks for namespace management
• Establish owner credential with its user id.
• Insertion
• Update and delete
• Query
• Internal Operations
• Key retrieval between column and pillars

15
User operation example insertion

• Binding is sent to home column first.
• Home column verifies ownership and forwards to
  root(idk)
• root(idk) returns encrypted response.

16
Internal operations

• Secure Key retrieval process
• Two way hash-chains allows the pillar to
• Verify a node is currently active
• Verify a nodes id space range

17
Outline

• Introduction
• Motivation, Challenges and Approach
• Vault
• Evaluation
• Conclusion

18
Local Testbed System response time

• The more nodes the better the performance.
• IBE operations are expensive, the price we pay
  for added security.

19
Planetlab

• System response time does not change much.
• Some other factors?

20
Planetlab

• Wide area network latency has large impact.
• Local proxy should help

21
Conclusion

• New approach in constructing generic secure
  binding services.
• DHTIBE
• Cornerstone for future networks and applications.
• Currently building more applications using Vault.

22
Thank You Questions?
23
Extras

• Extra slides follows

24
Example Binding Service using DHT

• Basic operation
• To insert a binding B(k,v)
• Compute idkH(k)
• The owner puts B at a node responsible for idk
• To query B
• Again, compute idkH(k)
• The Querier gets B from the node responsible
  for idk
• Question how to make it secure?

25
DHTIBE an example
26
DHTIBE

• Encrypts data and a symmetric key sk with idk
• Sends encrypted data to the service
• The root node of idk (root(idk)) requests a key
  for idk
• root(idk) decrypts the data, returns a reply
  encrypted using sk

27
User Operation Update and Delete

• Two modes
• direct if symmetric key is still valid, indirect
  if it expires.
• No IBE in direct mode efficient!
• Indirect mode is similar to the insert operation.

28
User Operations Query

• Queriers
• No need to register
• Queries
• Delivered to root(idk) directly.
• Symmetric key
• Prevents MITM attacks
• Nonce
• Prevents reply attacks.

29
Evaluations

• Evaluate computational overhead and system
  response time
• Computation overhead for local testbed

Computational overhead for binding operations
Computational overhead for crypto-primitives
30
Additional Enhancement

• Local Vault Proxy
• Reduce latency
• Binding Delegation
• Reduce Flash crowd effect
• Timed permit
• Defend against DoS attacks