110 likes | 123 Vues
OptIPuter Information Security Issues. Michael T. Goodrich University of California, Irvine Joint project with Sid Karin, UCSD. Minimum Round-Trip Latencies. (Milliseconds at speed of light). Nome. 41. or. (Lost Megabits at 1 Gb/sec). 53. 31. 9. 22. 32. New York. Chicago. LA.
E N D
OptIPuter Information Security Issues Michael T. GoodrichUniversity of California, Irvine Joint project with Sid Karin, UCSD
Minimum Round-Trip Latencies (Milliseconds at speed of light) Nome 41 or (Lost Megabits at 1 Gb/sec) 53 31 9 22 32 New York Chicago LA 14 28 Miami 29 Honolulu
Implications of Latency • Observations: • The cost of latency cannot be eliminated (except on Star Trek) • Each doubling of bandwidth doubles the cost of latency • Protocols with fewer round-trips should be preferred, even if the messages per trip are larger than corresponding many-round protocols Nome 41 53 31 9 22 32 New York Chicago LA 14 28 Miami Honolulu 29 • The OptIPuter difference: What else can we do now that we have “unlimited” bandwidth and control the entire network ourselves from the hardware and protocols to the application?
Efficient Information Security • Security solutions should strive not to add to the latency problem: • Symmetric-key encryption is faster than public-key • One-way hash functions are faster than encryption In information security, speed is a safety feature ^ really
End-to-End Secure Lambdas (Karin) • End-to-end security over a lambda of light, not just between networks but complete to the application layer. • In the OptIPuter, we have more than just a tightly-networked computer. We have an entire computer system including the network, including unlimited bandwidth and an ability to “throw away” antiquated assumptions. • Security question: How can we design systems so that individual applications running across the fiber network can be secure from external factors, such as a virus that has even penetrated the OptIPuter’s OS layer?
Multi-Lambda Security (Goodrich, Karin) • Security is frequently defined through three measures: integrity, confidentiality, and reliability (”uptime”). • We are investigating to see if all three of these measures can be enhanced by routing transmissions over multiple lambdas of light. • Can confidentiality be improved by dividing the transmission over multiple lambdas and using “cheap” encryption? • Can integrity be ensured or reliability be improved through sending redundant transmissions and comparing?
Distributing Security Services (Goodrich) • Latency can be moderated by pipelining data and distributing computations • But even as we distribute computations, we must strive to conserve trust • Placing trust in many increases the possibility for a malicious insider
Authenticated Data Structures • An authenticated data structure is maintained by a trusted source and is replicated at several untrusted responders • A responder answers queries about the data structure on behalf of the source and provides a proof of the answer User 1 Responder A DS Source User 2 Responder B DS User 3 DS
Strengths of Authenticated Data Structures • Centralized trust (users trust only the source) • Distributed service (the responders are distributed around the network) • Low deployment cost (the responders do not require secure installations) • Resiliency to denial-of-service attacks (the source does not answer queries)
Prooflets Framework Server-side Responders Client-side Source prooflets extracted and queried against responder prooflet content prooflet content Responder prooflet content Browser Toolbar Responder prooflet-tagged document prooflets integrity status visually rendered in browser Publisher HTTP request prooflet-taggeddocument Web Server
Future Work • We can offset some of the costs of latency through data and computation distribution, while conserving trust • There are many directions for future work: • Privacy protection (esp. for medical data) • Process delegation and control in GRID computing • New techniques for lambda stream security • Visualizing security and making information security visible to the user (e.g., going beyond the padlock) • Digital rights management for scientific data • Secure distributed data storage and retrieval (e.g., encrypted data)