schematized trust
play

Schematized Trust Design and Application NDNcomm 2015 September - PowerPoint PPT Presentation

Dec 07, 2023 •226 likes •385 views

Schematized Trust Design and Application NDNcomm 2015 September 28, 2015 Alex Afanasyev University of California, Los Angeles Overview NDN architecture mandates signature Effectiveness of the mandate depends on the implementation If

  1. Schematized Trust Design and Application NDNcomm 2015 September 28, 2015 Alex Afanasyev University of California, Los Angeles

  2. Overview NDN architecture mandates signature • Effectiveness of the mandate depends on the implementation • If too complex, developers will shortcut • “temporarily” disable • use non-secure/fake signatures Need a tool to make security usable need automation 9/28/15 NDNcomm 2015 2

  3. Data-Centric Security in NDN • Data is named and is retrieved using name • Name and content are bound sign together with a crypto signature retrieve data retrieve key verify • Data packet includes a name of the Consumers Producer public key to verify the signature • Key is also a data packet and retrievable by name Data packet Data packet (key) Data packet (key) Name Name Name Content Content Content … Signature Signature Signature KeyLocator KeyLocator KeyLocator 9/28/15 NDNcomm 2015 3

  4. Data Authentication • To authenticate data, one needs a trust model • which keys are authorized to sign which data (trust rules) • one ore more trusted keys • requires crypto properties • Given trust model, anybody can verify data • applications • dedicated storage • routers • Trust model needs to be easily expressible • help consumer to authenticate data • help producers to sign data 9/28/15 NDNcomm 2015 4

  5. NDN Insight: Trust can be defined as a set of relationships between data and key names /nytimes/tech/2015/08/20/ndn /_v=42/_s=1 /nytimes/tech/2015/08 /KEY/_v=5 Content (article) /nytimes/tech/ KEY/_v=1 Content (public key) Signature /nytimes/tech/2015/08 /KEY Signature Content (public key) Hierarchical /nytimes/tech /KEY Signature /nytimes /KEY/_v=9 /nytimes /KEY trust relations Content (public key) /nytimes/tech/2015/09 /KEY/_v=1 Signature Content (public key) … … Signature /nytimes/tech /KEY … … /a/blog/article/food/2015 / a/blog/admin/Alex/ KEY/_v=1 /a/blog /KEY/_v=22 /_v=42/_s=1 C o n t e n t ( a r t i c l e ) C o n t e n t ( p u b l i c k e y ) C o n t e n t ( p u b l i c k e y ) Cross- S i g n a t u r e S i g n a t u r e S i g n a t u r e /a/blog/author/Yingdi /KEY /a/blog/admin/Yingdi /KEY … namespace trust relations /a/blog/author/Yingdi /KEY/_v=5 / a/blog/admin/Lixia/ KEY/_v=1 C o n t e n t ( p u b l i c k e y ) Content (public key) S i g n a t u r e Signature /a/blog/admin/Alex /KEY /a/blog /KEY 9/28/15 NDNcomm 2015 5

  6. Desired Properties for Trust Policy Definition • Clear definition of relationship rules • Use names and name patterns to define rules • data with /some/site prefix can be only signed with /some/site/key/<any-id> � • keys /some/site/key/<any-id> can be only signed with /another/key/id=5 � • Pre-configured trust anchors to bootstrap trust Trust ¡Schema ¡to ¡Schema.ze ¡and ¡ • /another/key/id=5 is <raw-bytes-of-key-data-packet> • Least privilege principle for keys Generalizing ¡Trust ¡ • Limited usage scope • Limited time-span • Re-use of trust models between applications • Define, debug, and refine common trust models • Make security easy to use 9/28/15 NDNcomm 2015 6

  7. Example: Web Blog configured by authorize to publish Blog Website Admins Authors Articles enable other • Articles authored and signed by authors • Authors are given permissions to publish on the blog by administrators • Administrators are configured by blog configuration or other administrators 9/28/15 NDNcomm 2015 7

  8. Web Blog: Name-Based Trust Relationships /a/blog/KEY /1 Ar#cles ¡authored ¡and ¡ • signed ¡by ¡authors ¡ signs /a/blog Authors ¡are ¡given ¡ • permissions ¡to ¡publish ¡on ¡ the ¡blog ¡by ¡administrators ¡ /a/blog /article /a/blog /author /a/blog /admin Administrators ¡are ¡ • configured ¡by ¡blog ¡ configura#on ¡or ¡other ¡ Articles Authors Admins administrators ¡ /a/blog/ article/food/2015/1 /a/blog/ author/Alice/KEY /22 /a/blog /admin/Carl/KEY /37 signs signs /a/blog /admin/Bob/KEY /5 signs 9/28/15 NDNcomm 2015 8

  9. Generalized Rules for Name-Based Trust Relationship between data and key names • /a /blog/ article / food / 2015 / 3 <-> /a /blog/ author / Alice /KEY/ 22 • /a /blog/ article / drink / 2014 / 9 <-> /a /blog/ author / Zach /KEY/ 5 Generalizing relationship • blogPrefix + “blog” + “ article ” + category + miscInfo <-> • blogPrefix + “blog” + “ author ” + name + “KEY” + keyid Use regular-based syntax to capture the relationship • (<>)* <blog><article> [category] <><> <-> • \1 <blog><author> [user] <KEY>[id] 9/28/15 NDNcomm 2015 9

  10. Web Blog: Trust Schema Regex-­‑like ¡pa<ern ¡with ¡grouping ¡ Name ¡or ¡other ¡rule ¡ (group ¡values ¡accessible ¡as ¡\1, ¡\2, ¡\3 ¡...) ¡ specializa.ons ¡ Data Name � Key Name � /a/blog/article/food/2015/3 article (<>*)<blog><article><><><> � author ( \1 ) � /a/blog/author/Alice/KEY/22 author (<>*) <blog><author>[user]<KEY>[id] � admin ( \1 ) � /a/blog/admin/Bob/KEY/5 admin (<>*) <blog><admin>[user]<KEY>[id] � admin ( \1 ) � root ( \1 ) � /a/blog/admin/Carl/KEY/37 Key Name � Key � /a/blog/KEY/1 (0x30 root (<>*) <blog><KEY>[id] � 0x82 ...) � Different trust anchor for � different blog website � 9/28/15 NDNcomm 2015 10

  11. Trust Rule Processing / a / b l o g / a r t i c l e / f o o d / 2 0 1 5 author (<>*) <blog><author>[user]<KEY>[id] � admin ( \1 ) � / _ v = 4 2 / _ s = 1 Content (article) /a/ blog/article/food/2015/3 =>> \1 = /a Signature / a / b l o g / a u t h o r / Y i n g d i / K E Y article must be signed with the key with name expanded from author(“/a”) [user] -> accepts any user name (auth) -> generates use name (keygen) [id] -> accepts any key id (auth) -> generates unique key id (keygen0 <a> <blog><author>[user]<KEY>[id] � author (<>*) <blog><author>[user]<KEY>[id] � 9/28/15 NDNcomm 2015 11

  12. Trust Rule Processing author (<>*) <blog><author>[user]<KEY>[id] � admin ( \1 ) � /a/blog/author/Yingdi /KEY/_v=5 C o n t e n t ( p u b l i c k e y ) S i g n a t u r e /a/ blog/author/Yingdi/KEY/_v=5 =>> \1 = /a /a/blog/admin/Alex /KEY author key must be signed with the key with name expanded from admin(“/a”) admin (<>*) <blog><admin>[user]<KEY>[id] � <a> <blog><admin>[user]<KEY>[id] � 9/28/15 NDNcomm 2015 12

  13. Trust Schema Implementation Status ndn-cxx: http://www.github.com/named-data/ndn-cxx • old schema (ValidatorConf) • new schema implementation in the upcoming release NDN-CCL: http://named-data.net/codebase/platform/ndn-ccl/ • NDN-CPP, NDN-JS, PyNDN, jNDN Trust schema powers data and interest authentication in • NFD: NDN Forwarding • NLSR: NDN Link State Routing Protocol • Repo-ng: NDN Data Repository Works! ¡ ¡ ¡Even ¡be<er ¡ • ChronoChat: a chat application over NDN implementa.ons ¡coming ¡ • NDNS: NDN Domain Name System really ¡soon ¡ 9/28/15 NDNcomm 2015 13

  14. Making Trust Schema Universal Tool for Trust Captures data/key name relationships using generalizations and patterns • formally describes and defines trust model • enforces trust model in automatic way • both authentication and signing paths Representable in a data packet • can be retrieved and executed by any NDN entity • can be (recursively) authenticated using higher-level schemas Trust schema also defines security design pattern • regulate the behavior of applications • an operating system can define a trust schema to authenticate the trust schema of applications • only install and execute apps with authenticated trust schema 9/28/15 NDNcomm 2015 14

Recommend

Schematized Trust in NDN Van Jacobson FIA-NP Meeting Arlington, VA May 19-20, 2014

Schematized Trust in NDN Van Jacobson FIA-NP Meeting Arlington, VA May 19-20, 2014

Schematized Trust in NDN Van Jacobson FIA-NP Meeting Arlington, VA May 19-20, 2014 Today we (attempt to) secure the process of communication by adding cryptographic wrappers to the packet transport. This hasnt worked well. One

153 views • 13 slides
Schematized Access Control for Data Cubes and Trees Claudio Marxer Christian Tschudin &lt;

Schematized Access Control for Data Cubes and Trees Claudio Marxer Christian Tschudin &lt;

Schematized Access Control for Data Cubes and Trees Claudio Marxer Christian Tschudin &lt; claudio.marxer@unibas.ch &gt; &lt; christian.tschudin@unibas.ch &gt; Computer Networks Group University of Basel Switzerland ACM ICN 17, Berlin

332 views • 7 slides
FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust

FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust

FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust Your Local Mental Health NHS Trust Implementation of Involvement Agenda National accreditation for Memory Service Team (Bloxwich Hospital)

763 views • 14 slides
PGP web of trust Web of trust From:

PGP web of trust Web of trust From:

PGP web of trust Web of trust From: h2p://pgp.cs.uu.nl/plot/ The PGP web of trust can be viewed as a directed graph where the points are

558 views • 10 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization

Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization

Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization creates opportunities and risks Page 2 And its common truth We cant expect people to actively support the digital transformation if we cannot

499 views • 11 slides
The Economics of Trust in Organisations Trust Trust is the voluntary acceptance of vulnerability

The Economics of Trust in Organisations Trust Trust is the voluntary acceptance of vulnerability

The Economics of Trust in Organisations Trust Trust is the voluntary acceptance of vulnerability based upon positive expectations of the intention or behaviour of another. Key components of TRUST include (1) the recognition of vulnerability

471 views • 13 slides
Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust:

Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust:

Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust: confidence in, or an assured reliance on, the character, integrity, ability, strength, or truth of someone or something faith: Confidence or

784 views • 33 slides
Trust rust What is Trust? A Definition Trust is a phenomenon of reliance on the good intentions

Trust rust What is Trust? A Definition Trust is a phenomenon of reliance on the good intentions

Trust rust What is Trust? A Definition Trust is a phenomenon of reliance on the good intentions and/or adequate competences of others in situations characterized by dependence, vulnerability and risk.* *Luhmann (1968), Baier (1986, 1992),

573 views • 7 slides
Dynamics, robustness and fragility Private trust Public trust of trust Conclusions Dusko

Dynamics, robustness and fragility Private trust Public trust of trust Conclusions Dusko

Dynamics of trust Dusko Pavlovic Introduction Dynamics, robustness and fragility Private trust Public trust of trust Conclusions Dusko Pavlovic Kestrel Institute and Oxford University FAST Malaga, October 2008 Dynamics of trust

596 views • 46 slides
Its all about trust(s) Its all about trust(s) Housekeeping We want you to have a great

Its all about trust(s) Its all about trust(s) Housekeeping We want you to have a great

Its all about trust(s) Its all about trust(s) Housekeeping We want you to have a great experience, so: If youre having any sound or viewing issues during the live webinar, please contact the GoToWebinar support team using the link

945 views • 68 slides
ENLIGHTENED NEGOTIATION Dr. Mehrad Nazari, MBA The Law of Trust Trust is the foundation of

ENLIGHTENED NEGOTIATION Dr. Mehrad Nazari, MBA The Law of Trust Trust is the foundation of

ENLIGHTENED NEGOTIATION Dr. Mehrad Nazari, MBA The Law of Trust Trust is the foundation of any relationship, collaboration, and negotiation Trust is the congruity of words and actions Trust is a moral credit rating; it is the

466 views • 15 slides
Islands Trust Council September 15, 2011 The Islands Trust Trust Council 26 elected

Islands Trust Council September 15, 2011 The Islands Trust Trust Council 26 elected

Islands Trust Council September 15, 2011 The Islands Trust Trust Council 26 elected representatives of island communities The Islands Trust Act To preserve and protect the unique amenities and environment of this area for:

354 views • 31 slides
Trust Speak Overview with dialogue all along the way: Definition of trust Three

Trust Speak Overview with dialogue all along the way: Definition of trust Three

Trust Speak Overview with dialogue all along the way: Definition of trust Three roads to trust: 1. Personal: one-on-one 2. Strategy: confidence in what we are doing 3. Process: how things are done Four principles

529 views • 4 slides
@richardfagerlin I DONT Jim TRUST Larry Gayle THEM 2 | T R U S T O L O G Y

@richardfagerlin I DONT Jim TRUST Larry Gayle THEM 2 | T R U S T O L O G Y

@richardfagerlin I DONT Jim TRUST Larry Gayle THEM 2 | T R U S T O L O G Y IMPACT HIGH TRUST LOW TRUST OF TRUST 3 | T R U S T O L O G Y People at high-trust companies report: LOW 74% less stress

402 views • 19 slides
Session 1 The New Codex Trust Fund Purpose of the Codex Trust Fund? The Codex Trust Fund supports

Session 1 The New Codex Trust Fund Purpose of the Codex Trust Fund? The Codex Trust Fund supports

Session 1 The New Codex Trust Fund Purpose of the Codex Trust Fund? The Codex Trust Fund supports countries to build strong, solid and sustainable national capacity to engage in Codex Scope and focus of support from the Codex Trust Fund Well

679 views • 37 slides
Castle Trust Innovative loans with no monthly payments required 1 Who are Castle Trust? Castle

Castle Trust Innovative loans with no monthly payments required 1 Who are Castle Trust? Castle

Scott Apps Business Development Manager Castle Trust Intermediary use only Castle Trust Innovative loans with no monthly payments required 1 Who are Castle Trust? Castle Trust was launched in October 2012 by an experienced team of senior

152 views • 11 slides
Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization

Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization

Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization creates opportunities and risks Page 2 April 2019 Digitalization creates Opportunities Connected Facilities/Plant/Site Billions of devices are

407 views • 12 slides
Public Trust Trustee 1.1 Public Trust Who we are Crown Entity Public Trust is one

Public Trust Trustee 1.1 Public Trust Who we are Crown Entity Public Trust is one

Public Trust Trustee 1.1 Public Trust Who we are Crown Entity Public Trust is one of the largest trustee organisations in New Zealand Operational independence Governance model Corporate Trustee Services (CTS)

694 views • 9 slides
31 st July 2020 nilesh@nmkca.com Meaning of Trust A trust is a relationship in which :

31 st July 2020 nilesh@nmkca.com Meaning of Trust A trust is a relationship in which :

CA Nilesh M Kapadia 31 st July 2020 nilesh@nmkca.com Meaning of Trust A trust is a relationship in which : a person or entity (the trustee) holds legal title to certain property (the trust property or trust corpus), but is bound by

839 views • 50 slides
Trust but verify: Why and how to establish trust in embedded devices Aurlien Francillon This

Trust but verify: Why and how to establish trust in embedded devices Aurlien Francillon This

Trust but verify: Why and how to establish trust in embedded devices Aurlien Francillon This talk Introduction Economic aspects Why make secure products? Trust in embedded devices Verifying trust Conclusion Aurlien

649 views • 37 slides
Towards a Swiss Trust : Pondering Models Prof. Luc Thvenoz Swiss trust: who for? what

Towards a Swiss Trust : Pondering Models Prof. Luc Thvenoz Swiss trust: who for? what

www.cdbf.ch STEPSATC Lausanne Conference 2015 Towards a Swiss Trust : Pondering Models Prof. Luc Thvenoz Swiss trust: who for? what for? Promoting a Swiss trust requires clear choices: n family planning or commercial

271 views • 14 slides
Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL

Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL

Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL Bob Morgan University of Washington and Internet2 TERENA TF-EMC2 Florence, Italy March 2007 Trust management in SAML Trust management in SAML

566 views • 9 slides
Trust But Verify Trust But Verify Trust But Verify Trust But Verify What Is CEC Entertainment?

Trust But Verify Trust But Verify Trust But Verify Trust But Verify What Is CEC Entertainment?

Trust But Verify Trust But Verify Trust But Verify Trust But Verify What Is CEC Entertainment? CEC Entertainment, Irving TX Founded by Nolan Bushnell Revenue What Is CEC Entertainment? What Is CEC Entertainment? What Is CEC Entertainment?

305 views • 19 slides

More recommend