1 / 13

Agenda

CS G513 / SS G513 Network Security. Agenda. Security in (Distributed) Applications Group Access Control Use of Shared Secret Techniques Byzantine Agreement Problem Fault-tolerance vs. Security Models and feasible solutions. Group Access Control. The Scenario:

berg
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS G513 / SS G513 Network Security Agenda Security in (Distributed) Applications Group Access Control Use of Shared Secret Techniques Byzantine Agreement Problem Fault-tolerance vs. Security Models and feasible solutions

  2. Group Access Control • The Scenario: • One or more files in a repository is shared by a group of principals. • Access should be granted only to the group (i.e. not to individuals) • Contexts (e.g.): • Multi-owner bank accounts • Safety vaults (deposit boxes) in banks • Decision making by Business partners (say a board) • Changes to source code owned by a team of programmers Sundar B.

  3. Shared Secret Schemes • A.k.a Threshold scheme • A (k,n) shared secret scheme divides a secret S into n pieces S1,S2,…,Sn so that: • Reconstruction of S requires at least k of the Si pieces. • Knowledge of any k-1 or fewer Si pieces leaves S undetermined in the sense that all possible values are equally likely. Sundar B.

  4. Shared Secret Scheme • Solution: • Given a random polynomial of degree k-1 • f(x) = a0 + a1x + … + ak-1xk-1 • such that a0 = f(0) = S. • Let A be { (Xi,Si) | Si = f(Xi) 0<i<=n }, • Then knowing any subset B of A, where |B| >= k allows one to determine S. • But knowing only k-1 of these values does not lead to S. • To make it computationally infeasible, use • f(x) = (a0 + a1x + … + ak-1xk-1) mod p for large prime p.

  5. Group Access Control • Reverting to our scenario: • The secret S is required (as password or key) for accessing the file • The secret S is distributed among n users and if k of them submit their parts (say through a login scheme), then the file can be accessed. • Pragmatic issues: • The distributed parts should not be leaked (to each other of the principals) • The computed secret should not be “replayable” for access. • Exercise: Design a protocol to do this. Sundar B.

  6. Byzantine Agreement • Problem Definition: • Several (say N) divisions of the Byzantine army are camped around a city – each division under a general. • After observing the enemy they need to reach a consensus (on a plan of action). • They can only communicate with each other by sending a messenger. • Some of the generals may be traitors and they wouldn’t want the loyal generals to reach an agreement. Sundar B.

  7. Byzantine Agreement • Protocol Requirements • All loyal generals must agree on the same plan • A small number of traitors cannot cause the loyals to agree upon a bad plan. • Assumption: • The plan is a binary choice: attack OR retreat Sundar B.

  8. Byzantine Agreement • Basic (insecure protocol): • Each general sends his plan to all other generals. • Each (loyal) general follows the same method for combining the results – of the plans obtained from other generals. • E.g. a majority vote (of the plans received) • Insecure: • A traitor may send different values to different receivers. • Modified requirement A: • Any two loyal generals use the same votei for each i. Sundar B.

  9. Byzantine Agreement • Fault vs. Attack • The Byzantine Agreement problem can be formulated as fault-tolerance problem (say mentally ill generals) or as a security problem (traitorous generals). • The requirement B is a robustness requirement: • What is a bad plan? • How small is “small” group (of traitors)? Sundar B.

  10. Byzantine Agreement • Simple case: 3 generals • G2: receives “attack” from G1 • G2: receives “G1 said retreat” from G3 • What does G2 decide? • Inexplicable for G2 whether G1 is a traitor or G3 is a traitor even • knowing that he is loyal and at most one of the other two is a traitor • More importantly, requirement A is violated • Verify this! • This argument can be extended to 3n generals and n traitors Sundar B.

  11. Byzantine Agreement • Theorem: • A group of at least 3n+1 generals can cope with (i.e. there exists an algorithm to meet requirement A and B) at most n traitors. • Algorithm: • Receive message vectors from everyone and perform a majority vote. • Security Observations: • The problem lies in the ability of a general to forge a message (purportedly from another general). Sundar B.

  12. Byzantine Agreement • Security Measure: • Require that messages be signed by generals • Signatures should be verifiable by any of the generals. • A loyal general’s signature cannot be forged and the signed message cannot be changed (i.e. a change can be detected) • Theorem: • There exists an algorithm to arrive at a Byz. Agr. between any number of generals given that N of them traitors. Sundar B.

  13. Byzantine Agreement • Other Issues: • Consensus under Link Failures • Link Disruptions (Availability) • Real-time consensus • Complexity of algorithm • Time taken for security operations • Embedding constraints • Systems with low memory and/or power Sundar B.

More Related