1 / 11

OptIPuter Information Security Issues

OptIPuter Information Security Issues. Michael T. Goodrich University of California, Irvine Joint project with Sid Karin, UCSD. Minimum Round-Trip Latencies. (Milliseconds at speed of light). Nome. 41. or. (Lost Megabits at 1 Gb/sec). 53. 31. 9. 22. 32. New York. Chicago. LA.

ashleea
Download Presentation

OptIPuter Information Security Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OptIPuter Information Security Issues Michael T. GoodrichUniversity of California, Irvine Joint project with Sid Karin, UCSD

  2. Minimum Round-Trip Latencies (Milliseconds at speed of light) Nome 41 or (Lost Megabits at 1 Gb/sec) 53 31 9 22 32 New York Chicago LA 14 28 Miami 29 Honolulu

  3. Implications of Latency • Observations: • The cost of latency cannot be eliminated (except on Star Trek) • Each doubling of bandwidth doubles the cost of latency • Protocols with fewer round-trips should be preferred, even if the messages per trip are larger than corresponding many-round protocols Nome 41 53 31 9 22 32 New York Chicago LA 14 28 Miami Honolulu 29 • The OptIPuter difference: What else can we do now that we have “unlimited” bandwidth and control the entire network ourselves from the hardware and protocols to the application?

  4. Efficient Information Security • Security solutions should strive not to add to the latency problem: • Symmetric-key encryption is faster than public-key • One-way hash functions are faster than encryption In information security, speed is a safety feature ^ really

  5. End-to-End Secure Lambdas (Karin) • End-to-end security over a lambda of light, not just between networks but complete to the application layer. • In the OptIPuter, we have more than just a tightly-networked computer. We have an entire computer system including the network, including unlimited bandwidth and an ability to “throw away” antiquated assumptions. • Security question: How can we design systems so that individual applications running across the fiber network can be secure from external factors, such as a virus that has even penetrated the OptIPuter’s OS layer?

  6. Multi-Lambda Security (Goodrich, Karin) • Security is frequently defined through three measures: integrity, confidentiality, and reliability (”uptime”). • We are investigating to see if all three of these measures can be enhanced by routing transmissions over multiple lambdas of light. • Can confidentiality be improved by dividing the transmission over multiple lambdas and using “cheap” encryption? • Can integrity be ensured or reliability be improved through sending redundant transmissions and comparing?

  7. Distributing Security Services (Goodrich) • Latency can be moderated by pipelining data and distributing computations • But even as we distribute computations, we must strive to conserve trust • Placing trust in many increases the possibility for a malicious insider

  8. Authenticated Data Structures • An authenticated data structure is maintained by a trusted source and is replicated at several untrusted responders • A responder answers queries about the data structure on behalf of the source and provides a proof of the answer User 1 Responder A DS Source User 2 Responder B DS User 3 DS

  9. Strengths of Authenticated Data Structures • Centralized trust (users trust only the source) • Distributed service (the responders are distributed around the network) • Low deployment cost (the responders do not require secure installations) • Resiliency to denial-of-service attacks (the source does not answer queries)

  10. Prooflets Framework Server-side Responders Client-side Source prooflets extracted and queried against responder prooflet content prooflet content Responder prooflet content Browser Toolbar Responder prooflet-tagged document prooflets integrity status visually rendered in browser Publisher HTTP request prooflet-taggeddocument Web Server

  11. Future Work • We can offset some of the costs of latency through data and computation distribution, while conserving trust • There are many directions for future work: • Privacy protection (esp. for medical data) • Process delegation and control in GRID computing • New techniques for lambda stream security • Visualizing security and making information security visible to the user (e.g., going beyond the padlock) • Digital rights management for scientific data • Secure distributed data storage and retrieval (e.g., encrypted data)

More Related