securing content sharing over icn
play

Securing Content Sharing over ICN Nikos Fotiou, George C. Polyzos - PowerPoint PPT Presentation

Securing Content Sharing over ICN Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org Mobile Multimedia Laboratory, Department of Informatics School of Information Sciences and Technology Athens University of Economics and Business


  1. Securing Content Sharing over ICN Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org Mobile Multimedia Laboratory, Department of Informatics School of Information Sciences and Technology Athens University of Economics and Business 113 62 Athens, Greece http://mm.aueb.gr/

  2. At a glance • We consider a network of storage nodes interconnected using an ICN network • Content owners store content items in storage nodes in order to share them with subscribers • We provide – Content confidentiality using Identity-Based Encryption – Low overhead per user using Proxy Re-Encryption – Protection against malicious proxies – Subscriber authentication and – A novel form of storage node authentication

  3. BACKGROUND

  4. Identity-Based Encryption • A public key encryption scheme in which an arbitrary string can be used as a public key • Keys are generated by a Private Key Generator (PKG) – Key escrow problem

  5. Identity-based encryption

  6. Identity-based encryption Master Secret Key (k) System Parameters (SP) Public!

  7. Identity-based encryption

  8. Identity-based encryption

  9. Identity-based encryption

  10. Identity-based encryption

  11. Proxy Re-Encryption • A semi-trusted proxy – is allowed to alter a ciphertext – encrypted with the public key of user A – in a way that another user B can decrypt it • The proxy learns nothing about the plaintext or the secret keys of the user

  12. Identity-based Proxy Re-Encryption* * Our system uses M. Green, G. Ateniese, “Identity-Based Proxy Re-encryption,” in Applied Cryptography and Network Security, Katz, J., Yung, M. (eds.), Lecture Notes in Computer Science, vol. 4521, pp. 288-306, 2007

  13. Identity-based proxy re-encryption

  14. Identity-based proxy re-encryption

  15. Identity-based proxy re-encryption

  16. SYSTEM DESIGN

  17. Entities Known

  18. First construction • Content owners encrypt items using symmetric encryption and a key K – Each item is encrypted with a different key • Each key is encrypted using IBE with the identity of the content owner as key

  19. First construction

  20. First construction

  21. First construction

  22. Content request

  23. Content request

  24. Content request

  25. Content request

  26. Content request

  27. Content request

  28. Content request

  29. We need trusted proxies • … a malicious proxy can use a re-encryption key no matter whether the user is authorized or not to access a content item

  30. Second construction • Content owners encrypt items using symmetric encryption and a key K – Each item is encrypted with a different key • Each key is encrypted using IBE with the name of the policy that protects the item as key

  31. Second construction

  32. Second construction

  33. Second construction

  34. Content request

  35. Content request

  36. Content request

  37. Content request

  38. Trust to proxies is relaxed • … a re-encryption key can be used only for authorized users

  39. Security properties Does Does NOT • Content confidentiality is • Authenticate subscribers protected -> May result in unnecessary transmissions, re-encryptions • If content confidentiality is • Authenticate the storage the only requirement then node no further mechanisms are -> Possible privacy risk required • Secure the communication – Even if a subscriber lies about his identity he won’t be able channel to decrypt the file -> Possible privacy risk

  40. Endpoints authentication and secure channel setup* • It leverages existing IBE mechanisms • It provides subscriber authentication • It enables the creation of an ephemeral symmetric encryption key • It provides a proof that a storage node is authorized to store a particular content item * High level description

  41. Endpoints authentication and secure channel setup • Let F be the name of a content item • Content owner generates SK F and stores it in the proxy • A subscriber encrypts using IBE and F as key, some D-H key exchange parameters • Only “authorized” nodes are able to decrypt the parameters and proceed with the D-H key establishment

  42. DISCUSSION

  43. Performance considerations Python-based implementation in a single core of an Intel i5-4440 3.1 GHz processor and with 2GB of RAM with security equivalent to RSA 1024 bits and 128 bit symmetric keys Storage overhead Computational overhead – size of SP: 2048 bits – encryption of key: 40 ms – size of C ID (key): 2048 bits – re-encryption key creation: 20 ms – size of re-encryption key: 3027 bits – re-encryption of a ciphertext: 31 ms – decryption of a ciphertext: 28 ms

  44. Per user PKG vs. (almost) Global PKG Per user PKG Global PKG + When a private key is lost + No need for SP retrieval updating SP is enough + No need for SP storage + No key escrow - When a private key is lost - Need for SP storage identity needs to change - Need for SP resolution - Key escrow problem – some keys share the same SP, e.g., same owner keys

  45. Thank you fotiou@aueb.gr polyzos@acm.org

Recommend


More recommend