Download
security packet level authentication and pub sub security solution n.
Skip this Video
Loading SlideShow in 5 Seconds..
Security: Packet Level Authentication and Pub/Sub Security Solution PowerPoint Presentation
Download Presentation
Security: Packet Level Authentication and Pub/Sub Security Solution

Security: Packet Level Authentication and Pub/Sub Security Solution

152 Views Download Presentation
Download Presentation

Security: Packet Level Authentication and Pub/Sub Security Solution

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Security: Packet Level Authentication and Pub/Sub Security Solution Dr. Dmitrij Lagutin Helsinki Institute for Information Technology (HIIT) 4.10.2011

  2. Contents • Security goals in a clean slate publish/subscribe network • Packet Level Authentication (PLA) • Securing rendezvous process in PURSUIT • Conclusions

  3. Security goals in a clean slate publish/subscribe network • We want to avoid problems of the original Internet, security should be considered in every part of the network design from the start • Identifiers, rendezvous, forwarding, etc. • Attacker can be anywhere in the network • Basic security goals for the network • Availability, unwanted traffic should be prevented on all levels, as close to the source as possible • Integrity • Reasonable trade-off between privacy and accountability • Scalability

  4. Security goals in a clean slate publish/subscribe network • Clean slate publish/subscribe approach makes security somehow easier compared to IP • Self-certifying identifiers • Authenticity and integrity of the publication can be independently verified • Publish and subscribe operations instead of connections • Receiver, instead of the sender, is in control • No data should be transmitted without an explicit subscription

  5. Contents • Security goals in a clean slate publish/subscribe network • Packet Level Authentication (PLA) • Securing rendezvous process in PURSUIT • Conclusions

  6. Packet Level Authentication (PLA) • Traditional end-to-end solutions such as IPSec and HIP do not offer enough protection, they are not effective if the network infrastructure is attacked and is unable to deliver packets • Capability-based solutions (SIFF, TVA, Fastpass) establish a single protected path in the network • Require state in routers • Not effective if some packets take alternative paths • There is a clear need for hop-by-hop security solution, where security policies can be enforced at every hop in the network

  7. Packet Level Authentication (PLA) • PLA is a novel method for providing availability on the network layer • Originally PLA was designed for IP networks, however it can be used with any network layer protocol • Good analogy is a paper currency: authenticity of the paper bill can be verified using built-in security measures (watermark, hologram, etc..)‏ • Similarly, PLA allows any node to independently verify authenticity and validity of any packet

  8. Packet Level Authentication (PLA) • Sender adds an own header to packets, containing sender’s cryptographic identity, certificate from the trusted third party, signature over the packet and other fields • Using this information, intermediate nodes can verify integrity and authenticity of the traffic • Is the packet original and unique? • Has it been sent by an authorized sender? • PLA header is added on top of the network layer (e.g., IP) header • PLA is transparent to higher layer protocols and can be used with other security solutions such as IPSec and HIP

  9. PLA: Header • PLA offers two levels of protection • Cryptographic signatures provide integrity protection on the network layer • Trust management system provides accountability, and allows removal of malicious nodes from the network • All users in the network are authorized by trusted third parties

  10. PLA Header

  11. PLA Header • Signature by sender's private key together with a sender's public key are used to check authenticity of the packet • Trusted third party (TTP) authorizes the sender through the certificate • Timestamp is used to detect delayed packets which may be a sign of a replay attack • Monotonically increasing sequence number is used to detect duplicated packets

  12. PLA: Trusted Third Parties • Simply signing packets is not enough by itself • Attacker may generate a large amount of identities • Trusted Third Party (TTP) provides higher layer protection • Authorizes the user's public key, i.e., permission to use the network • Binds cryptographic identity with a real identity • Allows more efficient trust management, no need to trust in individual users, trusting in a TTP is enough in most cases • Various organizations (operator, company, country) may have an own TTP

  13. PLA: Trusted Third Parties • TTP certificates use standard certificate format with rights, validity time, and so on • TTP certificate types • Normal traffic certificate, short validity time (hours or minutes)‏ • Priority certificate, for network management and authorities • Signalling certificate, limited rights, long validity time (years)‏ • Self-signed certificate, used in the very beginning of the bootstrapping phase

  14. PLA: Cryptographic solutions and performance • PLA uses elliptic curve cryptography (ECC) due to its compact keys • 163-bit ECC key is as strong as 1024-bit RSA key • The total size of the PLA header is about 1000 bits • A dedicated hardware is necessary for verifying signatures at wire speed • FPGA based proof-of-concept accelerator can perform 166,000 verifications per second • Hardcopy based 90 nm ASIC can verify 850,000 packets/s, corresponding to 5 Gbps of average traffic • Power consumption is only 26 μJ/verification (less than the cost of wireless communication)‏

  15. PLA: Cryptographic solutions and performance • Worldwide bandwidth consumption was 21,367 PB per month in 2010 • If we assume: 4,650 bits per packet, 12 hops per route • Then signing and verifying every packet at every hop in the Internet using Hardcopy ASIC would consume about 4.5 MW of power (output of a large wind turbine) • 65 nm ASIC with some optimization produces significantly better performance and power consumption • 1.12 mm2 block running at 600 MHz, can perform 195,000 verifications with a power consumption of 500 mW => 2.56 μJ/verification • Power consumption of cryptographic operations would drop to 450 kW for the whole Internet

  16. PLA: Other applications • Having strong per-packet signatures allows PLA to be used for several other applications • Sequence number can be used for secure per-packet and per-bandwidth billing • Securing higher level protocols such as MIH (media independent handover) without excessive signalling • Controlling incoming connections, no data connection can be established without an explicit permission from the receiver • Good balance between a privacy and accountability without extensive data retention by operators

  17. PLA: Wireless authentication • User authentication and roaming, especially useful in wireless networks, for example: • Network bootstrapping messages are protected by PLA. Base stations would check if the user is authorized by a trusted TTP (e.g. Aalto's TTP)‏ • Authentication is done at the bootstrapping phase. Afterwards, a symmetric session key can be used to secure further traffic. • No manual intervention, such as entering passwords or credit card information, is needed from users • No signalling to the external authentication server is necessary if the TTP is known by the base station

  18. Contents • Security goals in a clean slate publish/subscribe network • Packet Level Authentication (PLA) • Securing rendezvous process in PURSUIT • Conclusions

  19. Securing the rendezvous process in PURSUIT • Main concepts revisited • Publisher creates the publication, which is delivered to the subscriber • Data source serves the publication • Scopes control how publications are disseminated • Rendezvous system serves scopes, data sources and subscribers • Data source and publisher are often the same entity • Self-certifying (P:L) identifiers for Rid and Sid

  20. Securing the rendezvous process in PURSUIT

  21. Securing the rendezvous process in PURSUIT • Goal: protect the data source and rendezvous system from unwanted traffic • Rendezvous signalling messages are protected by PLA • Standard certificates between various parties are used, in the following example: • CX denotes the certificate from the access network the to the subscriber (permission to use the network and a proof of a topological location)‏ • CY denotes a similar certificate given to the data source

  22. Securing the rendezvous process in PURSUIT

  23. Securing the rendezvous process in PURSUIT • 0. Scope and data source mutually authenticate each other (to host publication <Sid:Rid>)‏ • 1. Publication is published by the data source • 2. & 3. Subscriber receives data source's location with all relevant certificates from the rendezvous system • 4. Subscription request is sent towards the data source with all relevant certificates • 5. Publication is transmitted

  24. Securing the rendezvous process in PURSUIT • Using certificates included in the subscription messages, intermediate nodes can verify that: • Subscriber and data source are valid entities in the network • Subscriber wants to receive the publication • Data source has been authorized by the scope and is willing to host the publication • Optionally: subscriber has a right to request the publication • Invalid subscription requests are dropped before they reach the data source

  25. Securing the rendezvous process in PURSUIT • ECC allows inclusion of full keys in Rid/Sids • Less bandwidth overhead • Fully independent verification of rendezvous and subscription messages • Access control is also supported • The network can easily limit the amount of allowed rendezvous or subscription messages • Protects the rendezvous system and data sources • zFilters can be used to prevent DoS attacks on the forwarding layer

  26. Conclusions • A good network layer security is necessary in addition to the end-to-end security • PLA is novel security solution for providing availability on the network layer • Allow independent verification of packets • Suitable for different kinds of networks (IP, PURSUIT, etc.)‏ • Main security components of PURSUIT • Self-certifying identifiers • Securing rendezvous process through certificates and PLA • Forwarding security through zFilters

  27. References • D. Lagutin. Securing the Internet with Digital Signatures, Doctoral dissertation. • http://lib.tkk.fi/Diss/2010/isbn9789526034652/ • Overview of the PLA • D. Lagutin and S. Tarkoma. Cryptographic signatures on the network layer - an alternative to the ISP data retention, ISCC 2010. • http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5546745 • Using PLA to achieve balance between security and accountability, removing the need for extensive data retention • D. Lagutin, et al. Roles and security in a publish/subscribe network architecture, ISCC 2010. • http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5546746 • Security solution for a clean-slate publish/subscribe network