scalable identity and key management for publish
play

Scalable Identity and Key Management for Publish-Subscribe Protocols - PowerPoint PPT Presentation

Sep 23, 2022 •255 likes •635 views

Scalable Identity and Key Management for Publish-Subscribe Protocols in EDS Prashant Anantharaman, Dartmouth College https://cs.dartmouth.edu/~pa pa@cs.dartmouth.edu Funded by the U.S. Department of Energy and the U.S. Department of Homeland

  1. Scalable Identity and Key Management for Publish-Subscribe Protocols in EDS Prashant Anantharaman, Dartmouth College https://cs.dartmouth.edu/~pa pa@cs.dartmouth.edu Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security | cred-c.org

  2. Joint work with • Kartik @ Illinois • Elizabeth @ Illinois • David @ Illinois • Jason • Sean cred-c.org | 2

  3. Overview • Introduction • What are Publish-subscribe protocols? • Issues in publish-subscribe protocols • Contributions • Proposed Architecture • Goals • Assumptions • Our Approach • PKI vs Macaroons • Protocols • Implementation • Results and Discussion • Conclusions

  4. Publish Subscribe Protocols • Producers publish messages • Consumers wait for certain messages by making use of subscriptions • The routing of these messages to consumers is handled by a broker Most widely used protocols include • MQTT - 47,993 implementations on the internet • • AMQP - 194,989 implementations • STOMP - 60 implementations • GOOSE - ethernet layer protocol within a substation, most SEL and ABB devices come with an option to enable GOOSE Data source: shodan.io

  5. Subscription cred-c.org | 5

  6. Controller publishing commands cred-c.org | 6

  7. Controller receiving data cred-c.org | 7

  8. The MQTT Protocol • Our industry partners use MQTT as a SCADA protocol. • Smart meters - It is being used to enable communications between smart meters and controllers • Grid control - manages control devices ranging from generators, thermostats and other sensors • Our partners acknowledge the issues in MQTT implementations pointed out by us, and are working with us for a key management scheme • Limited messages - connect, subscribe, unsubscribe, push • Everyone subscribed on a channel will get the message No details of sender • • Subscribe to ‘#’ • TLS is optional • The image is from a scan we ran using shodan.io

  9. The MQTT Protocol (contd.) Issues identified: No senders identification • • Active broker compromise is an issue • No real key management solution for MQTT • Existing solutions talk about lightweight crypto solutions, but not key management or revocation

  10. The MQTT Protocol (contd.) Data source: shodan.io

  11. GOOSE Protocol • Replay attacks and Spoofing attacks are very easy to perform due to the lack of identification and confidentiality mechanisms. • It is an ethernet layer protocol, and all the attacks on the ethernet layer are still possible, and we can do very little to mitigate them. • Packet Spoofing is a major issue, since GOOSE ignores packets based on SqNum field. In case the packet is less than the SqNum field in the previous spoofed packet, it is ignored, leading to several packets to be ignored.

  12. Contributions • We provide results from measurements of the authentication (or lack thereof) of publish-subscribe protocols appearing on the internet. Demonstrate the effectiveness of our macaroon-based key • management scheme in the context of publish-subscribe schemes. • We built a toolkit for our scheme, and run experiments on an implementation of MQTT. We show that in terms of CPU- time and developer effort, our systems performs well within the acceptable latency bounds. cred-c.org | 12

  13. Overview • Introduction • What are Publish-subscribe protocols? • Issues in publish-subscribe protocols • Contributions • Proposed Architecture • Goals • Assumptions • Our Approach • PKI vs Macaroons • Protocols • Implementation • Results and Discussion • Conclusions

  14. Goals • Build a system resilient to active server compromises • Assign separate keys for long lasting assertions like the identity, and short lasting ones like accesses to channels • Broker doesn’t see any raw messages, and hence any clients connected without keys won’t see them either • In case of device compromise, only the channels the device has access to are compromised • Release the toolkit for the controller and the individual devices

  15. Assumptions • We can install keys securely during deployment of a device • The cryptographic primitives are bug-free • The devices can securely store the identity and attribute channel specific keys

  16. Our Approach • Each device has two kinds of identities - • A core identity - installed either during manufacturing or during deployment. • Association attributes - one macaroon per channel. These are shorter lived, and need to be changed frequently. An attribute can be formalized as a tuple ( P , O , Δ). • Property P holds for Object O for Time Δ. • • The core identity assertions are made by the manufacturer or deployer, and are verified by the controller. • The attribute assertions are made by the controller, when provided with the identity assertion. cred-c.org | 16

  17. Macaroons • A macaroon consists of two parts • A public part: consisting a random nonce and a set of caveats A secret part: the final HMAC value generated by iteratively computing the • HMAC on individual caveats. This secret is used as a shared secret to compute subsequent session keys

  18. Macaroons (contd.)

  19. PKI vs Macaroons

  20. Our scheme in the lifecycle of a device in EDS cred-c.org | 20

  21. Who makes the assertions? cred-c.org | 21

  22. Who makes the assertions? cred-c.org | 22

  23. Who makes the assertions? (contd.) cred-c.org | 23

  24. Session Keys We make use of the J-PAKE algorithm to establish a session • key between the device and the controller • The J-PAKE algorithm is resilient to Known-key attacks, online and offline dictionary attacks, and provides forward secrecy • It generates a high entropy cryptographic key from a low entropy secret • This session key is then used to set up the channel specific macaroons cred-c.org | 24

  25. Short Lived Macaroons cred-c.org | 25

  26. Operation cred-c.org | 26

  27. Revocation • The short-lived keys expire soon, and are subsequently blacklisted. When the channel keys to a particular device need to be • revoked, the channel keys given to all the other devices with access to the channel are also revoked. Hence, there is a list maintained of what devices are connected to what channels. • A whitelist of all the manufacturer keys is maintained, so that the macaroons can be verified, and session keys can be generated from the verified macaroons. cred-c.org | 27

  28. Overview • Introduction • What are Publish-subscribe protocols? • Issues in publish-subscribe protocols • Contributions • Proposed Architecture • Goals • Assumptions • Our Approach • PKI vs Macaroons • Protocols • Implementation • Results and Discussion • Conclusions

  29. Implementation • The device and the controller have been implemented in ruby. Web Server in Ruby on • Rails is a work in progress. • We made use of Mosquitto MQTT Broker and client off-the-shelf, and built our layer of security on top of it.

  30. Verification • We made use of Proverif 1.98pl1 to verify our cryptographic protocol. • We were able to prove that the shared secret k used in the session key establishment, is never leaked by the protocol.

  31. Overview • Introduction • What are Publish-subscribe protocols? • Issues in publish-subscribe protocols • Contributions • Proposed Architecture • Goals • Assumptions • Our Approach • PKI vs Macaroons • Protocols • Implementation • Results and Discussion • Conclusions

  32. Preliminary Results Our experiments were performed on an ARM Firefly RK3288 development board. • The GOOSE protocol has a prescribed maximum latency of 4ms . • Since all the other schemes make use of elliptic curves, we show that elliptic curves are highly infeasible for such constrained devices and show that macaroons are much more usable. Algorithm Creation time Verification time Elliptic Curves Ed25519-256 bits 25.79 ms 29.34 ms Macaroons 662 μs 513 μs SHA-1-HMAC 761 μs 566 μs SHA-256-HMAC

  33. Developer Effort • The device specific programs would have to be instrumented with our macaroon generation and verification protocols. • In our experimental setup, we only had to add 20 lines of python code to the device clients for MQTT. • The biggest development effort in similar architectures, is re-creating the MQTT broker. Our scheme does not require any broker changes.

  34. Overview • Introduction • What are Publish-subscribe protocols? • Issues in publish-subscribe protocols • Contributions • Proposed Architecture • Goals • Assumptions • Our Approach • PKI vs Macaroons • Protocols • Implementation • Results and Discussion • Conclusions

  35. Conclusions and Future work • We built a system that meets our latency and security goals We intend to release our tool by June 2018 • Future work: • Integrating into the shared secret option of SSP21 protocol Working with GE to incorporate our scheme into their MQTT • ecosystem We are also in talks with another potential industrial partner and • already had a few initial discussions

  36. Thank you • Toolkit will be available soon. Prashant pa@cs.dartmouth.edu Kartik palani2@illinois.edu Elizabeth ereed@illinois.edu Jason reeves@cs.dartmouth.edu Sean sws@cs.dartmouth.edu cred-c.org | 36

Recommend

Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management

Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management

Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management Infrastructure M. Khodaei, H. Jin, and P. Papadimitratos Networked Systems Security Group www.ee.kth.se/nss Royal Institute of Technology (KTH) Stockholm,

302 views • 26 slides
SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular

SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular

KTH ROYAL INSTITUTE OF TECHNOLOGY SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems M. Khodaei, H. Jin and P . Papadimitratos Networked Systems Security Group (NSS) In IEEE

464 views • 42 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
BEYOND FLUX BEYOND FLUX SCALABLE FRONTEND ARCHITECTURES SCALABLE FRONTEND ARCHITECTURES USING

BEYOND FLUX BEYOND FLUX SCALABLE FRONTEND ARCHITECTURES SCALABLE FRONTEND ARCHITECTURES USING

BEYOND FLUX BEYOND FLUX SCALABLE FRONTEND ARCHITECTURES SCALABLE FRONTEND ARCHITECTURES USING PUBLISH/SUBSCRIBE USING PUBLISH/SUBSCRIBE Michael Kurze @ goto Amsterdam 2016 1 WHY ARCHITECTURE? WHY ARCHITECTURE? IT'S ABOUT TIME! IT'S ABOUT

520 views • 38 slides
Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity

Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity

Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity Management Engineering, Red Hat jpazdziora@redhat.com 15 th October 2014 Identity Users; user groups. Hosts; host groups; services. Identities

700 views • 18 slides
SECMACE: Scalable and Robust Identity and Credential Infrastructure in Vehicular Communication

SECMACE: Scalable and Robust Identity and Credential Infrastructure in Vehicular Communication

SECMACE: Scalable and Robust Identity and Credential Infrastructure in Vehicular Communication IEEE Transactions on Intelligent Transportation Systems (IEEE ITS), vol. 19, no. 5, May 2018 Mohammad Khodaei, Hongyu Jin, and Panos Papadimitratos

689 views • 54 slides
Trust, Identity Management and GENI Dr. Ken Klingenstein, Senior Director, Middleware and

Trust, Identity Management and GENI Dr. Ken Klingenstein, Senior Director, Middleware and

Trust, Identity Management and GENI Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder Topics Internet identity update Technology updates ISOC, IETF Identity,

601 views • 23 slides
Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients & partners Conclusion Identity management System Requester Users admin Approver Application Application Provisioning system Identity A

826 views • 45 slides
IDENTITY MANAGEMENT Presentation at EuroCAMP 2009-05-17 by Roland Hedberg

IDENTITY MANAGEMENT Presentation at EuroCAMP 2009-05-17 by Roland Hedberg

IDENTITY MANAGEMENT Presentation at EuroCAMP 2009-05-17 by Roland Hedberg <roland.hedberg@adm.umu.se> Tuesday, May 19, 2009 WHAT IS IDM ? Identity management is the management of the identity life cycle of entities. --- wikipedia

534 views • 26 slides
Publish/Subscribe Publish/Subscribe Model Producers publish information Consumers

Publish/Subscribe Publish/Subscribe Model Producers publish information Consumers

Publish/Subscribe Publish/Subscribe Model Producers publish information Consumers subscribe to information Usually producers and consumers both in push mode Decoupling of participants In time In space In flow

653 views • 27 slides
Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online

Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online

Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online identity management (OIM) - Online personal/business branding also known as personal reputation management -The created presence of a person on the

471 views • 8 slides
Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti

Identity and Access Management with the INDIGO IAM service Andrea Ceccanti andrea.ceccanti@cnaf.infn.it EOSC-Hub AAI Tech Talk Europe, Earth, June 15th 2018 INDIGO Identity and Access Management service Flexible authentication support (SAML,

430 views • 24 slides
Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto,

Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto,

Authoritative Quality From Campus Identity Management to a Federated Solution EuroCAMP, Porto, 2005-11-07 Ingrid Melve, FEIDE manager From campus identity management to a federated solution Case: FEIDE Campus Identity Management 2

655 views • 30 slides
Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET

Conference 2018 Shift into the future with predictions for Identity & Access Management BCNET Identity & Access Management Community of Practice Panelists: Corey Scholefield Vera Merkusheva Isabel Wong Sabrina da Silva 2 Conference

622 views • 19 slides
Introduction to Identity Management Systems Alan Robiette, JISC (UK)

Introduction to Identity Management Systems Alan Robiette, JISC (UK)

Introduction to Identity Management Systems Alan Robiette, JISC (UK) <a.robiette@jisc.ac.uk> Supporting education and research Overview What is meant by identity management? What are identifiers (IDs) for? How are they

815 views • 22 slides
LIGO Identity Management: Some Status and Trends Scott Koranda for LIGO LIGO and University of

LIGO Identity Management: Some Status and Trends Scott Koranda for LIGO LIGO and University of

LIGO Identity Management: Some Status and Trends Scott Koranda for LIGO LIGO and University of Wisconsin-Milwaukee March 8, 2010 LIGO-XXXXXXXX 1 / 12 Why the LIGO Identity Management Project? Unburden users from requesting, retrieving,

425 views • 13 slides
Identity management and security Could an IdP be considered an OES? www.law.kuleuven.be/citip

Identity management and security Could an IdP be considered an OES? www.law.kuleuven.be/citip

Identity management and security Could an IdP be considered an OES? www.law.kuleuven.be/citip What is an Identity provider (IdP)? 2 Proprietary IdM and PKI IdM e.g. e.g. Belgian eID Facebook IdP IdP Verifies Issues Issues credential

517 views • 22 slides
Identity management in the European Grid Infrastructure Established solutions, new needs, open

Identity management in the European Grid Infrastructure Established solutions, new needs, open

EGI InSPIRE Identity management in the European Grid Infrastructure Established solutions, new needs, open questions Gergely Sipos Technical Outreach Manager EGI.eu, Amsterdam gergely.sipos@egi.eu Identity Management for research and

452 views • 28 slides
To Publish or Not to Publish? CSE545 - Fall 2006 Introduction Computer and Network Security

To Publish or Not to Publish? CSE545 - Fall 2006 Introduction Computer and Network Security

447 views • 12 slides
Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes Identity theft can cost you time and money. Tips for Preventing Identity Theft

322 views • 10 slides
Identity Management Identity Management Alberto Pace Alberto Pace CERN, Information Technology

Identity Management Identity Management Alberto Pace Alberto Pace CERN, Information Technology

Identity Management Identity Management Alberto Pace Alberto Pace CERN, Information Technology Department alberto.pace@cern.ch Computer Security Computer Security The present of computer security Bugs Vulnerabilities Known exploits

506 views • 23 slides
Secure Identity Changes in a Changing World S Id tit Ch i Ch i W ld WG 5 Identity

Secure Identity Changes in a Changing World S Id tit Ch i Ch i W ld WG 5 Identity

ISO/IEC JTC 1/SC 27/WG 5 Identity Management & Privacy Technologies Secure Identity Changes in a Changing World S Id tit Ch i Ch i W ld WG 5 Identity Management & Privacy Technologies Id tit M t & P i T h l i within

831 views • 20 slides
Sun Java TM System Identity Solution Stuart Sim Chief Architect Global Education & Research

Sun Java TM System Identity Solution Stuart Sim Chief Architect Global Education & Research

Sun Java TM System Identity Solution Stuart Sim Chief Architect Global Education & Research Sun Microsystems Agenda Business Drivers for Identity Management Suns Identity Management Solution Sun Java System Access Manager

1.12k views • 87 slides
IDENTITY What is the Relationship Between Identity and the College Experience? What Role

IDENTITY What is the Relationship Between Identity and the College Experience? What Role

2/15/2019 Jordan Truex Agenda or Summary Layout The Road to SelfAuthorship NonTraditional Students Effective Interview Strategies Meeting the Student Where They Are IDENTITY What is the Relationship Between Identity and the

367 views • 10 slides

More recommend