1 / 27

Security: Packet Level Authentication and Pub/Sub Security Solution

Security: Packet Level Authentication and Pub/Sub Security Solution. Dr. Dmitrij Lagutin Helsinki Institute for Information Technology (HIIT) 4.10.2011. Contents. Security goals in a clean slate publish/subscribe network Packet Level Authentication (PLA)

cameo
Download Presentation

Security: Packet Level Authentication and Pub/Sub Security Solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security: Packet Level Authentication and Pub/Sub Security Solution Dr. Dmitrij Lagutin Helsinki Institute for Information Technology (HIIT) 4.10.2011

  2. Contents • Security goals in a clean slate publish/subscribe network • Packet Level Authentication (PLA) • Securing rendezvous process in PURSUIT • Conclusions

  3. Security goals in a clean slate publish/subscribe network • We want to avoid problems of the original Internet, security should be considered in every part of the network design from the start • Identifiers, rendezvous, forwarding, etc. • Attacker can be anywhere in the network • Basic security goals for the network • Availability, unwanted traffic should be prevented on all levels, as close to the source as possible • Integrity • Reasonable trade-off between privacy and accountability • Scalability

  4. Security goals in a clean slate publish/subscribe network • Clean slate publish/subscribe approach makes security somehow easier compared to IP • Self-certifying identifiers • Authenticity and integrity of the publication can be independently verified • Publish and subscribe operations instead of connections • Receiver, instead of the sender, is in control • No data should be transmitted without an explicit subscription

  5. Contents • Security goals in a clean slate publish/subscribe network • Packet Level Authentication (PLA) • Securing rendezvous process in PURSUIT • Conclusions

  6. Packet Level Authentication (PLA) • Traditional end-to-end solutions such as IPSec and HIP do not offer enough protection, they are not effective if the network infrastructure is attacked and is unable to deliver packets • Capability-based solutions (SIFF, TVA, Fastpass) establish a single protected path in the network • Require state in routers • Not effective if some packets take alternative paths • There is a clear need for hop-by-hop security solution, where security policies can be enforced at every hop in the network

  7. Packet Level Authentication (PLA) • PLA is a novel method for providing availability on the network layer • Originally PLA was designed for IP networks, however it can be used with any network layer protocol • Good analogy is a paper currency: authenticity of the paper bill can be verified using built-in security measures (watermark, hologram, etc..)‏ • Similarly, PLA allows any node to independently verify authenticity and validity of any packet

  8. Packet Level Authentication (PLA) • Sender adds an own header to packets, containing sender’s cryptographic identity, certificate from the trusted third party, signature over the packet and other fields • Using this information, intermediate nodes can verify integrity and authenticity of the traffic • Is the packet original and unique? • Has it been sent by an authorized sender? • PLA header is added on top of the network layer (e.g., IP) header • PLA is transparent to higher layer protocols and can be used with other security solutions such as IPSec and HIP

  9. PLA: Header • PLA offers two levels of protection • Cryptographic signatures provide integrity protection on the network layer • Trust management system provides accountability, and allows removal of malicious nodes from the network • All users in the network are authorized by trusted third parties

  10. PLA Header

  11. PLA Header • Signature by sender's private key together with a sender's public key are used to check authenticity of the packet • Trusted third party (TTP) authorizes the sender through the certificate • Timestamp is used to detect delayed packets which may be a sign of a replay attack • Monotonically increasing sequence number is used to detect duplicated packets

  12. PLA: Trusted Third Parties • Simply signing packets is not enough by itself • Attacker may generate a large amount of identities • Trusted Third Party (TTP) provides higher layer protection • Authorizes the user's public key, i.e., permission to use the network • Binds cryptographic identity with a real identity • Allows more efficient trust management, no need to trust in individual users, trusting in a TTP is enough in most cases • Various organizations (operator, company, country) may have an own TTP

  13. PLA: Trusted Third Parties • TTP certificates use standard certificate format with rights, validity time, and so on • TTP certificate types • Normal traffic certificate, short validity time (hours or minutes)‏ • Priority certificate, for network management and authorities • Signalling certificate, limited rights, long validity time (years)‏ • Self-signed certificate, used in the very beginning of the bootstrapping phase

  14. PLA: Cryptographic solutions and performance • PLA uses elliptic curve cryptography (ECC) due to its compact keys • 163-bit ECC key is as strong as 1024-bit RSA key • The total size of the PLA header is about 1000 bits • A dedicated hardware is necessary for verifying signatures at wire speed • FPGA based proof-of-concept accelerator can perform 166,000 verifications per second • Hardcopy based 90 nm ASIC can verify 850,000 packets/s, corresponding to 5 Gbps of average traffic • Power consumption is only 26 μJ/verification (less than the cost of wireless communication)‏

  15. PLA: Cryptographic solutions and performance • Worldwide bandwidth consumption was 21,367 PB per month in 2010 • If we assume: 4,650 bits per packet, 12 hops per route • Then signing and verifying every packet at every hop in the Internet using Hardcopy ASIC would consume about 4.5 MW of power (output of a large wind turbine) • 65 nm ASIC with some optimization produces significantly better performance and power consumption • 1.12 mm2 block running at 600 MHz, can perform 195,000 verifications with a power consumption of 500 mW => 2.56 μJ/verification • Power consumption of cryptographic operations would drop to 450 kW for the whole Internet

  16. PLA: Other applications • Having strong per-packet signatures allows PLA to be used for several other applications • Sequence number can be used for secure per-packet and per-bandwidth billing • Securing higher level protocols such as MIH (media independent handover) without excessive signalling • Controlling incoming connections, no data connection can be established without an explicit permission from the receiver • Good balance between a privacy and accountability without extensive data retention by operators

  17. PLA: Wireless authentication • User authentication and roaming, especially useful in wireless networks, for example: • Network bootstrapping messages are protected by PLA. Base stations would check if the user is authorized by a trusted TTP (e.g. Aalto's TTP)‏ • Authentication is done at the bootstrapping phase. Afterwards, a symmetric session key can be used to secure further traffic. • No manual intervention, such as entering passwords or credit card information, is needed from users • No signalling to the external authentication server is necessary if the TTP is known by the base station

  18. Contents • Security goals in a clean slate publish/subscribe network • Packet Level Authentication (PLA) • Securing rendezvous process in PURSUIT • Conclusions

  19. Securing the rendezvous process in PURSUIT • Main concepts revisited • Publisher creates the publication, which is delivered to the subscriber • Data source serves the publication • Scopes control how publications are disseminated • Rendezvous system serves scopes, data sources and subscribers • Data source and publisher are often the same entity • Self-certifying (P:L) identifiers for Rid and Sid

  20. Securing the rendezvous process in PURSUIT

  21. Securing the rendezvous process in PURSUIT • Goal: protect the data source and rendezvous system from unwanted traffic • Rendezvous signalling messages are protected by PLA • Standard certificates between various parties are used, in the following example: • CX denotes the certificate from the access network the to the subscriber (permission to use the network and a proof of a topological location)‏ • CY denotes a similar certificate given to the data source

  22. Securing the rendezvous process in PURSUIT

  23. Securing the rendezvous process in PURSUIT • 0. Scope and data source mutually authenticate each other (to host publication <Sid:Rid>)‏ • 1. Publication is published by the data source • 2. & 3. Subscriber receives data source's location with all relevant certificates from the rendezvous system • 4. Subscription request is sent towards the data source with all relevant certificates • 5. Publication is transmitted

  24. Securing the rendezvous process in PURSUIT • Using certificates included in the subscription messages, intermediate nodes can verify that: • Subscriber and data source are valid entities in the network • Subscriber wants to receive the publication • Data source has been authorized by the scope and is willing to host the publication • Optionally: subscriber has a right to request the publication • Invalid subscription requests are dropped before they reach the data source

  25. Securing the rendezvous process in PURSUIT • ECC allows inclusion of full keys in Rid/Sids • Less bandwidth overhead • Fully independent verification of rendezvous and subscription messages • Access control is also supported • The network can easily limit the amount of allowed rendezvous or subscription messages • Protects the rendezvous system and data sources • zFilters can be used to prevent DoS attacks on the forwarding layer

  26. Conclusions • A good network layer security is necessary in addition to the end-to-end security • PLA is novel security solution for providing availability on the network layer • Allow independent verification of packets • Suitable for different kinds of networks (IP, PURSUIT, etc.)‏ • Main security components of PURSUIT • Self-certifying identifiers • Securing rendezvous process through certificates and PLA • Forwarding security through zFilters

  27. References • D. Lagutin. Securing the Internet with Digital Signatures, Doctoral dissertation. • http://lib.tkk.fi/Diss/2010/isbn9789526034652/ • Overview of the PLA • D. Lagutin and S. Tarkoma. Cryptographic signatures on the network layer - an alternative to the ISP data retention, ISCC 2010. • http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5546745 • Using PLA to achieve balance between security and accountability, removing the need for extensive data retention • D. Lagutin, et al. Roles and security in a publish/subscribe network architecture, ISCC 2010. • http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5546746 • Security solution for a clean-slate publish/subscribe network

More Related