Schematizing Trust in Named Data Networking Yingdi Yu 1 , Alex - PowerPoint PPT Presentation

� Schematizing Trust in Named Data Networking Yingdi Yu 1 , Alex Afanasyev 1 , David Clark 2 , kc claffy 3 , Van Jacobson 1 , Lixia Zhang 1 � 1. UCLA 2. MIT 3. CAIDA � 1

Motivation • Usability is critical to security solutions � • Tool to explicitly express trust model � • Mechanism to automate trust management � 2

� Data Authentication in NDN • Data-centric authenticity � retrieve data retrieve public key • mandate signature on every data packet � • Data authentication needs public key only � Data packet Data packet (key) Data packet (key) Name Name Name Content Content Content … Signature Signature Signature KeyLocator KeyLocator KeyLocator • independent from where/how data packet is retrieved � • privilege of online signing key can be restricted � 3

Trust Model • Data signing and verification require a trust model � • one or more pre-trusted keys � • which key is authorized to sign/verify which data � • key is just another type of data � • defines strict authentication path for each data � • Trust model is application specific � • keys may have different privileges � • Trust may go across different namespaces � 4

NDN Insight • Trust model can be defined in a set of relationships between data names and key names � /a/blog/admin/Bob/KEY/5 / a / b l o g / a r t i c l e / f o o d / 2 0 1 5 / 3 Trust Schema to Schematize and C o n t e n t ( p u b l i c k e y ) C o n t e n t ( a r t i c l e ) Generalize Trust Model S i g n a t u r e S i g n a t u r e / a / b l o g / a u t h o r / A l i c e / K E Y / 2 2 /a/blog/admin/Carl/KEY/37 /a/blog/KEY/1 / a / b l o g / a u t h o r / A l i c e / K E Y / 2 2 / a / b l o g / a d m i n / C a r l / K E Y / 3 7 C o n t e n t ( p u b l i c k e y ) Content (public key) S i g n a t u r e Signature / a / b l o g / a d m i n / B o b / K E Y / 5 / a / b l o g / K E Y / 1 5

Usable Security • Need to be easily expressible � • trust model is application specific � • given a trust schema, anyone can authenticate data � • consumers, dedicated storages, routers, … � • help producers to sign data � • Need to be automated � • otherwise developers will “temporarily” disable security � • fake signature, no authentication � • Better to be re-usable � • applications may share the same trust model � 6

Trust Between Entities • Blog website framework � • used by many people to set their own website � configured by authorize to publish Blog Website Admins Authors Articles enable other • authors can publish articles � • admins can create author account � • blog configuration and admins can designate other admins � 7

Name-based Trust • Blog framework namespaces � /a/blog/KEY /1 /a/blog signs /a/blog /article /a/blog /author /a/blog /admin Articles Authors Admins /a/blog/ article/food/2015/1 /a/blog/ author/Alice/KEY /22 /a/blog /admin/Carl/KEY /37 signs signs /a/blog /admin/Bob/KEY /5 signs 8

Generalize Trust Relationship • Relationship between data and key names � /a/blog/article/food/2015/3 /a/blog/author/Alice/KEY/22 /a/blog/article/drink/2014/9 /a/blog/author/Zach/KEY/5 /a/blog/KEY /1 /a/blog signs /a/blog /article /a/blog /author /a/blog /admin Articles Authors Admins /a/blog/ article/food/2015/1 /a/blog/ author/Alice/KEY /22 /a/blog /admin/Carl/KEY /37 signs signs /a/blog /admin/Bob/KEY /5 signs 9

Generalize Trust Relationship • Relationship between data and key names � /a /blog /article/food/2015/3 /a /blog /author/Alice /KEY/22 /a /blog /article/drink/2014/9 /a /blog /author/Zach /KEY/5 • Generalize relationship � blog_prefix + "blog" + "article" + category + misc_info blog_prefix + "blog" + "author" + name + "KEY" + key_id • Regex-based syntax � (<>*) <blog> <article>[category]<><> \1 <blog> <author>[user] <KEY>[Id] 10

Key Name Pattern Derivation Data Name � Key Name � article (<>*) <blog><article>[category]<><> � author ( \1 ) � author (<>*) <blog><author>[user]<KEY>[id] � <a> <blog><author>[user]<KEY>[id] � /a/blog/KEY /1 /a/blog / a / b l o g / a r t i c l e / f o o d / 2 0 1 5 / 3 signs C o n t e n t ( a r t i c l e ) /a/blog /article /a/blog /author /a/blog /admin S i g n a t u r e / a / b l o g / a u t h o r / A l i c e / K E Y / 2 2 Articles Authors Admins /a/blog/ article/food/2015/1 /a/blog/ author/Alice/KEY /22 /a/blog /admin/Carl/KEY /37 signs signs /a/blog /admin/Bob/KEY /5 signs 11

Enforce Least Privilege Data Name � Key Name � article (<>*) <blog><article>[category]<><> � author ( \1 ) � author (<>*) <blog><author>[user]<KEY>[id] � /a/blog/KEY /1 /a/blog / a / b l o g / a u t h o r / E v e / K E Y / 1 1 signs C o n t e n t ( a r t i c l e ) /a/blog /article /a/blog /author /a/blog /admin S i g n a t u r e / a / b l o g / a u t h o r / A l i c e / K E Y / 2 2 Articles Authors Admins /a/blog/ article/food/2015/1 /a/blog/ author/Alice/KEY /22 /a/blog /admin/Carl/KEY /37 signs signs /a/blog /admin/Bob/KEY /5 signs 12

Link Trust Relationship Data Name � Key Name � article (<>*)<blog><article>[category]<><> � author (\1) � author (<>*) <blog><author>[user]<KEY>[id] � admin ( \1 ) � admin (<>*) <blog><admin>[user]<KEY>[id] � /a/blog/KEY /1 /a/blog / a / b l o g / a u t h o r / A l i c e / K E Y / 2 2 signs Content (public key) /a/blog /article /a/blog /author /a/blog /admin Signature / a / b l o g / a d m i n / B o b / K E Y / 5 Articles Authors Admins /a/blog/ article/food/2015/1 /a/blog/ author/Alice/KEY /22 /a/blog /admin/Carl/KEY /37 signs signs /a/blog /admin/Bob/KEY /5 signs 13

Multiple Trusted Signers Data Name � Key Name � article (<>*)<blog><article>[category]<><> � author (\1) � author (<>*)<blog><author>[user]<KEY>[id] � admin (\1) � admin (<>*) <blog><admin>[user]<KEY>[id] � admin ( \1 ) � /a/blog/KEY /1 /a/blog /a/blog/admin/Bob/KEY/5 signs Content (public key) /a/blog /article /a/blog /author /a/blog /admin Signature /a/blog/admin/Carl/KEY/37 Articles Authors Admins /a/blog/ article/food/2015/1 /a/blog/ author/Alice/KEY /22 /a/blog /admin/Carl/KEY /37 signs signs /a/blog /admin/Bob/KEY /5 signs 14

Link Trust Anchor Data Name � Key Name � article (<>*)<blog><article>[category]<><> � author (\1) � author (<>*)<blog><author>[user]<KEY>[id] � admin (\1) � admin (<>*) <blog><admin>[user]<KEY>[id] � admin ( \1 ) � /a/blog/KEY /1 /a/blog / a / b l o g / a d m i n / C a r l / K E Y / 3 7 signs C o n t e n t ( p u b l i c k e y ) /a/blog /article /a/blog /author /a/blog /admin S i g n a t u r e / a / b l o g / K E Y / 1 Articles Authors Admins /a/blog/ article/food/2015/1 /a/blog/ author/Alice/KEY /22 /a/blog /admin/Carl/KEY /37 signs signs /a/blog /admin/Bob/KEY /5 signs 15

Trust Schema Data Name � Key Name � article (<>*)<blog><article>[category]<><> � author (\1) � author (<>*)<blog><author>[user]<KEY>[id] � admin (\1) � admin (<>*) <blog><admin>[user]<KEY>[id] � admin (\1) � root ( \1 ) � Key Name � Key � /a/blog/KEY/1 (0x30 0x82 ...) root (<>*) <blog><KEY>[id] � Different trust anchor for � different blog website � 16

Re-usability Data Name � Key Name � / another /blog/article/drink/ article (<>*)<blog><article>[category]<><> � author (\1) � 2014/3 / another /blog/author/Jason/ author (<>*)<blog><author>[user]<KEY>[id] � admin (\1) � KEY/25 / another /blog/admin/Mark/ admin (<>*) <blog><admin>[user]<KEY>[id] � admin (\1) � root ( \1 ) � KEY/2 / another /blog/admin/Karl/ KEY/73 Key Name � Key � / another /blog/KEY/1 (0x43 0x5a ...) root (<>*) <blog><KEY>[id] � 17

Automation • Trust schema à FSM � Authenticating Interpreter Signing Interpreter root signed article root article signed data data requests for unsigned ... author admin public keys data author admin public keys private key TPM operations Authentication � Signing � 18

Automated Signing /a/blog/article/snacks/2015/3 /a/blog/article/snacks/2015/3 Sign data 6 Derive key name for the article 1 article <a><blog><author>[user]<KEY>[id] /a/blog/author/Alex/KEY/40 Lookup key in TPM 2 Expand author’s key Derive key name for author’s key 5 3 name and generate key author <a><blog><admin>[user]<KEY>[id] /a/blog/admin/Alex/KEY/5 Lookup key in TPM 4 19