T-IBE-T Identity-Based Encryption for Inter-Tile Communication 12th European Workshop on Systems Security (EuroSec ’19) 2019-03-25, Dresden, Germany Alexander Würstlein, Wolfgang Schröder-Preikschat Friedrich-Alexander-Universität Erlangen-Nürnberg Chair in Distributed Systems and Operating Systems SFB/TRR 89 Chair in Distributed Systems and Operating Systems
Tile-Based Architectures: Invasive Computing The way to 1000 cores: tiled multicore architectures Tile = cores + shared mem + NoC interface NoC: network on chip, grid network connecting tiles Needs novel approach: Invasive Computing Location-awareness and regionality Microparallelism Flexible and on-demand Alexander Würstlein (arw@cs.fau.de) T-IBE-T 1
Tile-Based Architectures: Invasive Computing Network on Chip: Attacker model Tile-to-tile communication grid Multiple users and applications, possibly Eve Routing and OS are trusted Network interfaces (and Eve) may read messages passing them Needed: secure sensitive messages Alexander Würstlein (arw@cs.fau.de) T-IBE-T 2 A E B
Goals Our Goals Frame 0 contains payload No prior connection to Bob necessary Minimal-overhead central authority Tailored to tiled architectures Alexander Würstlein (arw@cs.fau.de) T-IBE-T 3
Possible solutions agreement T-IBE-T Alexander Würstlein (arw@cs.fau.de) T-IBE-T: Identity-Based Encryption for Inter-Tile Communication Our Answer before first data Synchronous roundtrip Symmetric key after key Symmetric keys exchange RSA or Diffie-Hellman key ”Just use TLS”? Trent Pregenerated or created by Fast 4 One key per pair, O ( n 2 )
Possible solutions agreement T-IBE-T Alexander Würstlein (arw@cs.fau.de) T-IBE-T: Identity-Based Encryption for Inter-Tile Communication Our Answer before first data Synchronous roundtrip Symmetric key after key Symmetric keys exchange RSA or Diffie-Hellman key ”Just use TLS”? Trent Pregenerated or created by Fast 4 One key per pair, O ( n 2 )
Identity-Based Encryption Alice just needs Bob’s name: "Bob" T-IBE-T Alexander Würstlein (arw@cs.fau.de) Key escrow: Trent knows secret keys Maximum asynchronicity: Bob need not even exist yet Bob’s secret key only needed at decryption time 5 3. send msg to "B" "B" A B "B" "B" T 2. obtain secret key for "B" 1. generate master secret
Identity-Based Encryption Alice just needs Bob’s name: "Bob" T-IBE-T Alexander Würstlein (arw@cs.fau.de) Key escrow: Trent knows secret keys Maximum asynchronicity: Bob need not even exist yet Bob’s secret key only needed at decryption time 5 3. send msg to "B" "B" A B "B" "B" T 2. obtain secret key for "B" 1. generate master secret
Specifics of T-IBE-T application T-IBE-T Alexander Würstlein (arw@cs.fau.de) S PKGS service type I 17,3 B 5 task no. tile How T-IBE-T works type Identity Examples: task & global service Identity/name from address Key escrow useful: debugging, tracing Hybrid: IBE encrypts symmetric message key Tile OS creates local task and gets task privkeys Global OS service generates private keys 6
T-IBE-T system operation constant parameter generation master secret creation tile key distribution tile bootup task key generation task operation task completion setup boot operation Alexander Würstlein (arw@cs.fau.de) T-IBE-T 7
Comparison of T-IBE-T with traditional solutions symmetric T-IBE-T Alexander Würstlein (arw@cs.fau.de) IBE T-IBE-T CA DH + RSA CA RSA key local dir. RSA local dir. 8 symmetric # frames distrib. # frames global dir. dir. size key async? A ↔ T A ↔ B O ( n 2 ) ✗ sync ✗ 2 ✗ 1 ✓ O ( n ) ✗ async ✓ 0 ✓ 1 ✓ O ( n ) ✗ async ✓ 0 ✓ 1 ✓ O ( 1 ) ✓ sync ✗ 0 ✓ 3 ✗ O ( 1 ) ✓ sync ✗ 0 ✓ 3 ✗ O ( 1 ) ✓ async ✓ 0 ✓ 1 ✓
Next Steps Prototype Create a prototype for evaluations Benchmark Compare prototype with other approaches Prove Create and prove formal definition Improve Hierarchical IBE? Alexander Würstlein (arw@cs.fau.de) T-IBE-T 9
Conclusion T-IBE-T idea: Identity-Based Encryption for Inter-Tile Communication Questions? Alexander Würstlein (arw@cs.fau.de) T-IBE-T 10 ✓ Tailored to OS and hardware ✓ Asynchronicity ✓ Data in Frame 0 ✓ Minimal resources
Conclusion T-IBE-T idea: Identity-Based Encryption for Inter-Tile Communication Questions? Alexander Würstlein (arw@cs.fau.de) T-IBE-T 10 ✓ Tailored to OS and hardware ✓ Asynchronicity ✓ Data in Frame 0 ✓ Minimal resources
Recommend
More recommend