A consumer-driven access control approach to censorship circumvention in content-centric networking
|
|
- Christopher Paul
- 5 years ago
- Views:
Transcription
1 A consumer-driven access control approach to censorship circumvention in content-centric networking Jun Kurihara, Kenji Yokota and Atsushi Tagami KDDI R&D Laboratories, Inc. ACM ICN 2016 Kyoto, Japan, Sep. 28, 2016 Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 1
2 Outline of my talk 1. Introduction 2. Censorship circumvention in CCN 3. Basics of consumer-driven access control approach 4. Enhancement using manifest and nameless object 5. Conclusion Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 2
3 Introduction Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 3
4 Censorship: A serious problem in networking Censorship in a network: Monitoring network messages, checking what is requested, and dropping messages in the blacklist by a certain authority. Censorship is widely spread now and serious problem in the Internet Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 4
5 Censorship is easily enforceable in CCN Content data itself can be encrypted in a certain AC, but interest name is not. Explicitly-given and semantic name in CCN made censorship trivial. consumer Censorship authority router domain: /kddi publisher Capture and analyze interests; and Drop any interests by checking only their names democracy domain: /kyoto Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 5
6 Censorship circumvention in CCN Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 6
7 Two types of countermeasures in CCN Tor-like scheme Multi-layered encryption at anonymizing routers Significant overhead and delay Proxy-based scheme Establishing anonymized channel between proxy and consumer Simpler and faster than Tor-like scheme S. DiBenedetto, P. Gasti, G. Tsudik, and E. Uzun, ANDāNA: Anonymous named data networking application, in Proc. NDSS R. Tourani, S. Misra, J. Kliewer, S. Ortegel, and T. Mick, Catch me if you can: A practical framework to evade censorship in information-centric networks, in Proc. ACM ICN C. Ghali, M. A. Schlosberg, G. Tsudik, and C. A. Wood, Interest-based access control for content centric networks, in Proc. ACM ICN Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 7
8 Proxy-based approach Our scheme is basically categorized as a proxy based scheme Anonymized interest (/<routable prefix>/ + encrypted name) (/kddi/democracy.mpg) encrypt!? Trusted proxy domain: /kddi decypt! interest /kddi/democracy.mpg Communication via encrypted name plaintext name Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 8
9 Cache recycling problem of proxy-based approaches Anonymized communication is established between each consumer and a proxy under distinct encryption key. Anonymized communication channel Consumer A Consumer B The same content is queried via different names by different users Standard CCN behind the proxy Cached content never be recycled Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 9
10 Basics of consumer-driven access control approach Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 10
11 System model Entity: CCN basic parties + cache enablers E i + anonymizer A + attacker cache enabler E 2 (as a router) anonymizer A (trusted proxy) consumers attacker (as a router) publisher cache enabler E 1 (as a router) CCN router domain: /kddi Content names follow a conventional (ICN) hierarchical naming scheme like URL (e.g., /kddi/demo/video.mpg). Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 11
12 Attacker definitions We consider two types of attackers. Passive Attacker Capture/analyze interests Stronger version Active Attacker Capture/analyze interests Modify interests Learn what is requested and who is requesting ; Drop/filter interests Masquerade as legitimate consumers *Passive Active Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 12
13 Key elements of our approach [Against passive attacker] (1) Encryption-based access control to interest names for cache enablers and anonymizer [Against passive/active attacker] (2) Authentication and decryption with hidden consumer ID at cache enablers and anonymizer Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 13
14 (1) Encryption-based access control to names: Preliminary Access control: A technique used to regulate who or what can view raw/original data in a computing environment. Encryption-based access control: Data is encrypted in such a way that only authorized users are allowed to decrypt the encrypted data and obtain the raw data. Encrypted data With valid key With no key Possibly different With valid key Assigned decryption keys are identified as access rights Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 14
15 (1) Encryption-based access control to names: Overview of the approach Consumer grants access rights to original interest names to cache enablers E i and anonymizer A via the encryption-based access control Assign key for E 2 Assign key for A Assign key for E 1 E 2 anonymizer A domain: /kddi cache enabler E 1 Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 15
16 Consumers encrypts interest names in such a way that pre-authorized E i and A can decrypt them and obtain original names. [Processing incoming interest at E i ] Anonymized interest (/routable prefix/ + encrypted name) (/kddi/democracy.mpg) (1) Decrypt (/kddi/democracy.mpg) Qualified cache enabler E i /kddi/democracy.mpg (2) CS search with original name CS /kddi/democracy.mpg (3) Respond by encrypted name content object (/kddi/democracy.mpg) *** illustrated only the case of cache hit for simplicity. *** Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 16
17 [Processing incoming content at E i ] (simply the dual of interest case) content object (/kddi/democracy.mpg) Qualified cache enabler E i (1) Decrypt (/kddi/democracy.mpg) /kddi/democracy.mpg (2) Cache with original name for recycle CS /kddi/democracy.mpg [Key observation] Access control to interest names Access control to cache-recycling opportunities *** omitted the process of PIT entry consumption for simplicity. *** Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 17
18 (2) Authentication and decryption with hidden ID: Preliminary [Observations] E i and A must learn the consumer ID from an interest to find a consumer specific key(s) for name decryption and interest authentication via HMAC/signature Consumer ID itself leaks the consumer information to attackers [Requirements] Consumer ID must be included and hidden in interests Only cache enablers and anonymizer learn the ID from an interest for decryption and authentication Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 18
19 (2) Authentication and decryption with hidden ID: Overview of the approach Anonymizer uses a public key broadcast encryption for hiding IDs in interests. Decryption keys are assigned to cache enablers Public (encryption) key is published. Having public key Assign key for E 2 Store key for A Assign key for E 1 E 2 anonymizer A Having public key E 1 domain: /kddi Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 19
20 Consumer generates the anonymizing interest from the encrypted name as: Broadcast public key from A (/kddi/democracy.mpg) Encrypted name (Consumer ID) Encrypted ID HMAC HMAC generation by name encryption key Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 20
21 E i and A authenticate and generate the incoming interest as: (/kddi/democracy.mpg) Encrypted name (Consumer ID) Encrypted ID HMAC Assigned broadcast decryption key Consumer ID Decrypt! Retrieve the name encryption key associated to the ID from key storage Authenticate! Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 21
22 Advantage and disadvantage [Security for passive attacker] No leakage about content name (what) No leakage about consumer identity (who) [Security for active attacker] Interest modification can be detected Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 22
23 [Efficiency] In-network caching can be fully leveraged at cache enablers E i s and anonymizer A More beneficial as # of E i s increases. trade-off between cache recycling opportunity and overhead Cryptographic operations (access control and authentication) at E i and A may involve serious computational cost. More serious overhead as # of E i s increase. Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 23
24 This problem is solved by combining our approach with manifest and nameless objects. We minimize the overhead with maintaining the security and maximizing the benefit of in-network caching. Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 24
25 Enhancement using manifest and nameless object Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 25
26 Preliminary: Manifest and nameless objects in CCNx Manifest: Content object providing a list of content objects (names and hashes) Manifest structure content object catalog Names /kddi/democracy.mpg/1 /kddi/democracy.mpg/2 /kddi/democracy.mpg/3 Hashes 0xABCD 0x1234 0xA1B2 Additional information (e.g., decryption key name/hash) Guarantee of integrity and unforgeability signature Listed items can be authenticated only by lightweight hash verification. Manifest-based content retrieval: Consumer first obtain and parse manifest, then retrieve listed content objects. Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 26
27 Nameless object: a variant of content object Content object payload is decoupled with name. Queried by arbitrary-given but correctly-routable name + its hash value. original replica name /kddi/democracy.mpg/1 /kyoto/movie.mpg/1 hash 0x1234ABCD replica /anonymized/v.mpg/1 May have multiple combinations Used for interest routing Content replica redirection can be easily realized. Used for CS/PIT search **Decoupled from name** Note: Consumer needs to first retrieve a manifest in order to learn routable names and hashes for nameless objects. Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 27
28 Maximizing benefit of in-network caching with minimizing computational overhead Assumption: Desired content objects are encrypted under appropriate access control (like CCN-AC*), and attacker does not know their hashes. Assumption: Desired content objects are nameless objects and hosted at a certain consumer-reachable replication server with meaningless (uncensored) names. Important observation: The name of replicated content object itself is semantically meaningless. -> Nameless objects are never filtered based on name. J. Kurihara, E. Uzun, and C. A. Wood. An encryption-based access control framework for content-centric networking. In Proc. IFIP Networking 2015 Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 28
29 The 2-phased strategy of enhancement: [Phase 1] Manifest and non-replicated extra information (e.g., decryption keys) are retrieved by consumer-driven access control approach. -> Our secure but heavy approach is used only for manifest + α [Phase 2] Replicated nameless content objects are simply queried in the standard manner of content retrieval. -> Large number of objects are never be filtered even in the standard manner. Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 29
30 Example of minimization of computational cost in flow: replicating nameless objects Phase 1 anonymized interest for a manifest interests for listed nameless objects anonymizer a.k.a. replication server interest for a manifest manifest publisher No cryptographic operations at intermediate nodes in phase 2! Phase 2 listed nameless objects Cryptographic operations on interest name Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 30
31 Example of cache recycling opportunities in flow: replicating nameless objects Phase 1 anonymized interest for a manifest anonymizer a.k.a. replication server interest for a manifest manifest publisher interests for listed nameless objects Every node has recycling opportunity in phase 2! Phase 2 listed nameless objects opportunity to respond from cache Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 31
32 Conclusion Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 32
33 Conclusion and future work In this talk: We introduced a proxy-based censorship circumvention approach enabling in-network caching. Consumer-driven access control to interest names Authentication and decryption with hidden consumer ID We enhanced the approach by using manifest and nameless objects Maximizing the cache recycling opportunity Minimizing the overhead of cryptographic computation at intermediate nodes Future work: Implementation and performance evaluation in realistic environment with specific settings. etc. Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 33
34 Thank you! Comment and question...? Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 34
ICN Content Security Using Encrypted Manifest and Encrypted Content Chunks
ICN Content Security Using Encrypted Manifest and Encrypted Content Chunks Dante Pacella dante@verizon.com Ashish Sardesai ashish.sardesai@verizon.com Mani Tadayon mani.tadayon@verizon.com Venkat Josyula
More informationReza Tourani, Satyajayant (Jay) Misra, Travis Mick
Application-Specific Secure Gathering of Consumer Preferences and Feedback in Information-Centric Networks Reza Tourani, Satyajayant (Jay) Misra, Travis Mick Computer Science Department New Mexico State
More informationSecure Off-Path Replication in Content-Centric Networks
Secure Off-Path tion in Content-Centric Networks Marc Mosko and Christopher A. Wood Computer Science Laboratory, Palo Alto Research Center Email: mmosko@parc.com, woodc1@uci.edu Abstract We present SCR,
More informationSecurity and Privacy Challenges in Content-Centric Networks
Security and Privacy Challenges in Content-Centric Networks Ph.D. Defense Donald Bren School of Information and Computer Sciences University of California, Irvine November 6, 2016 Security and Privacy
More informationarxiv: v1 [cs.ni] 23 May 2015
Interest-Based Access Control for Content Centric Networks (extended version) Cesar Ghali Marc A. Schlosberg Gene Tsudik Christopher A. Wood University of California Irvine {cghali, marc.schlosberg, gene.tsudik,
More informationRule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs
Rule based Forwarding (RBF): improving the Internet s flexibility and security Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs Motivation Improve network s flexibility Middlebox support,
More informationIntroduction to Information Centric Networking
Introduction to Information Centric Networking... with a Dash of Security Claudio Marxer Computer Networks Group University of Basel Switzerland Open Source IoT & Blockchain
More informationOnboardICNg: a Secure Protocol for On-boarding IoT Devices in ICN
OnboardICNg: a Secure Protocol for On-boarding IoT Devices in ICN Alberto Compagno 1,3, Mauro Conti 2 and Ralph Droms 3 1 Sapienza University of Rome 2 University of Padua 3 Cisco Systems 3rd ACM Conference
More informationPerformance Evaluation of CCN
Performance Evaluation of CCN September 13, 2012 Donghyun Jang, Munyoung Lee, Eunsang Cho, Ted Taekyoung Kwon (Seoul National University), Byoung-Joon Lee, Myeong-Wuk Jang, Sang-Jun Moon (Samsung Electronics),
More informationExpires: February 21, Huawei & USTC G. Wang. Huawei Technologies. August 20, 2013
ICN Research Group Internet-Draft Intended status: Informational Expires: February 21, 2014 X. Zhang R. Ravindran Huawei Technologies H. Xie Huawei & USTC G. Wang Huawei Technologies August 20, 2013 Abstract
More informationAttribute-based encryption with encryption and decryption outsourcing
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2014 Attribute-based encryption with encryption and decryption outsourcing
More informationAn Optimal Statistical Test for Robust Detection against Interest Flooding Attacks in CCN
An Optimal Statistical Test for Robust Detection against Interest Flooding Attacks in CCN Tan NGUYEN Remi COGRANNE Guillaume DOYEN ANR DOCTOR project, number Troyes University of Technology,
More informationInterest-Based Access Control for Content-Centric Networks
Interest-Based Access Control for Content-Centric Networks Cesar Ghali Marc A. Schlosberg Gene Tsudik Christopher A. Wood Computer Science Department, University of California Irvine {cghali, marc.schlosberg,
More informationNaming in Distributed Systems
Naming in Distributed Systems Dr. Yong Guan Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University Outline for Today s Talk Overview: Names, Identifiers,
More informationStateless ICN Forwarding with P4 towards Netronome NFP-based Implementation
Stateless ICN Forwarding with P4 towards Netronome NFP-based Implementation Aytac Azgin, Ravishankar Ravindran, Guo-Qiang Wang aytac.azgin, ravi.ravindran, gq.wang@huawei.com Huawei Research Center, Santa
More informationAnonymous Connections and Onion Routing
Anonymous Connections and Onion Routing David Goldschlag, Michael Reed, and Paul Syverson Center for High Assurance Computer Systems Naval Research Laboratory Washington, D.C. 1 Who is Talking to Whom?
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationCISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues
CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security A Brief Overview of Security & Privacy Issues 1 Topics to Be Covered Cloud computing RFID systems Bitcoin
More informationThe Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science
The Tor Network Cryptography 2, Part 2, Lecture 6 Ruben Niederhagen June 16th, 2014 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality, data integrity, authentication, and non-repudiation.
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationSecurity in the CernVM File System and the Frontier Distributed Database Caching System
Security in the CernVM File System and the Frontier Distributed Database Caching System D Dykstra 1 and J Blomer 2 1 Scientific Computing Division, Fermilab, Batavia, IL 60510, USA 2 PH-SFT Department,
More informationPort-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009
Port-Scanning Resistance in Tor Anonymity Network Presented By: Shane Pope (Shane.M.Pope@gmail.com) Dec 04, 2009 In partial fulfillment of the requirements for graduation with the Dean's Scholars Honors
More informationOn the Scalability and Effectiveness of a Cache Pollution based DoS Attack in Information Centric Networks
On the Scalability and Effectiveness of a Cache Pollution based DoS Attack in Information Centric Networks Jeffery Gouge School of Computing University of North Florida Jacksonville, FL Anand Seetharam
More informationDistributed Systems. Fall 2017 Exam 3 Review. Paul Krzyzanowski. Rutgers University. Fall 2017
Distributed Systems Fall 2017 Exam 3 Review Paul Krzyzanowski Rutgers University Fall 2017 December 11, 2017 CS 417 2017 Paul Krzyzanowski 1 Question 1 The core task of the user s map function within a
More informationIN recent years, the amount of traffic has rapidly increased
, March 15-17, 2017, Hong Kong Content Download Method with Distributed Cache Management Masamitsu Iio, Kouji Hirata, and Miki Yamamoto Abstract This paper proposes a content download method with distributed
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 Goals For Today State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored
More informationFormal Expression of BBc-1 Mechanism and Its Security Analysis
Formal Expression of BBc-1 Mechanism and Its Security Analysis Jun KURIHARA and Takeshi KUBO kurihara@ieee.org t-kubo@zettant.com October 31, 2017 1 Introduction Bitcoin and its core database/ledger technology
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner April 29, 2016 Announcements Final exam in RSF Fieldhouse, 5/10, arrive by 7PM HW4 due Monday, 5/2, 11:59pm Review
More informationApplication-Specific Secure Gathering of Consumer Preferences and Feedback in ICNs
Application-Specific Secure Gathering of Consumer Preferences and Feedback in ICNs Reza Tourani New Mexico State University rtourani@cs.nmsu.edu Satyajayant Misra New Mexico State University misra@cs.nmsu.edu
More informationDefinition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party
Definition Anonymous Communication Hiding identities of parties involved in communications from each other, or from third-parties Who you are from the communicating party Who you are talking to from everyone
More informationPart VI. Public-key cryptography
Part VI Public-key cryptography Drawbacks with symmetric-key cryptography Symmetric-key cryptography: Communicating parties a priori share some secret information. Secure Channel Alice Unsecured Channel
More informationPractical Accounting in Content-Centric Networking
Practical Accounting in Content-Centric Networking Cesar Ghali Gene Tsudik Christopher A. Wood + University of California, Irvine {cghali, gene.tsudik, woodc1}@uci.edu Edmund Yeh Northeastern University
More informationCCN. CCNx 1.0 Changes from 0.x. Computer Science Laboratory Networking & Distributed Systems IETF 90 - July 2014
CCN CCNx 1.0 Changes from 0.x Computer Science Laboratory Networking & Distributed Systems Ignacio.Solis@parc.com IETF 90 - July 2014 CCNx 1.0 - changes from 0.x Static header, optional header, message
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationOn NDN and ( lack of ) Measurement
On NDN and ( lack of ) Measurement Thomas Silverston National Institute of Information and Communications Technology (NICT) ICT Testbed Research, Development and Operation Lab P2P-TV Measurement Experiments
More informationdraft-moiseenko-icnrg-flowclass
draft-moiseenko-icnrg-flowclass Dave Oran daveoran@orandom.net Ilya Moiseenko ilmoisee@cisco.com Note: Cisco IPR on this draft Differentiated Services for ICN Problem statement: How do we support multiple
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationDistributed ID-based Signature Using Tamper-Resistant Module
, pp.13-18 http://dx.doi.org/10.14257/astl.2013.29.03 Distributed ID-based Signature Using Tamper-Resistant Module Shinsaku Kiyomoto, Tsukasa Ishiguro, and Yutaka Miyake KDDI R & D Laboratories Inc., 2-1-15,
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationProtocols for Anonymous Communication
18734: Foundations of Privacy Protocols for Anonymous Communication Anupam Datta CMU Fall 2016 Privacy on Public Networks } Internet is designed as a public network } Machines on your LAN may see your
More informationSecurity, Privacy, and Access Control in Information-Centric Networking: A Survey
Security, Privacy, and Access Control in Information-Centric Networking: A Survey Reza Tourani, Travis Mick, Satyajayant Misra and Gaurav Panwar Dept. of Computer Science New Mexico State University {rtourani,
More informationENEE 459-C Computer Security. Security protocols (continued)
ENEE 459-C Computer Security Security protocols (continued) Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p
More informationICN Privacy and Name based Security
ICN Privacy and Name based Security Nikos Fotiou, George C. Polyzos Mobile Multimedia Laboratory Department of Informatics School of Information Sciences and Technology Athens University of Economics and
More informationAUTHENTICATION AND LOOKUP FOR NETWORK SERVICES
Vol.5, No.1, pp. 81-90, 2014 doi: 10.7903/ijecs.1040 AUTHENTICATION AND LOOKUP FOR NETWORK SERVICES Daniel J. Buehrer National Chung Cheng University 168 University Rd., Min-Hsiung Township, Chiayi County,
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationKenji Yokota [1] Takuya Asaka [2] Tatsuro Takahashi [1] [1]Kyoto University, Japan [2]Tokyo Metropolitan University, Japan
Kenji Yokota [1] Takuya Asaka [2] Tatsuro Takahashi [1] [1]Kyoto University, Japan [2]Tokyo Metropolitan University, Japan Outline Background Existing approach Proposed system Experiments Conclusion and
More informationNetwork Names in Content-Centric Networking. CCN Names
Network Names in Content-Centric Networking ACM ICN 2016 1 CCN Names Expressed as URIs /a/b/foo /us/edu/uci/cs/tsudik/papers/acm-icn16.pdf Encoded as TLVs 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
More informationSERVICE DISTRIBUTION MECHANISMS IN INFORMATION-CENTRIC NETWORKING
SERVICE DISTRIBUTION MECHANISMS IN INFORMATION-CENTRIC NETWORKING Bachelorarbeit der Philosophisch-naturwissenschaftlichen Fakultät der Universität Bern vorgelegt von Oliver Stapleton 2015 Leiter der Arbeit:
More informationTelex Anticensorship in the
Telex Anticensorship in the Network Infrastructure Eric Wustrow Ian Goldberg * Scott Wolchok J. Alex Halderman University of Michigan University of Michigan * University of Waterloo Background Internet
More informationRule-Based Forwarding
Building Extensible Networks with Rule-Based Forwarding Lucian Popa Norbert Egi Sylvia Ratnasamy Ion Stoica UC Berkeley/ICSI Lancaster Univ. Intel Labs Berkeley UC Berkeley Making Internet forwarding flexible
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationFirmware Updates for Internet of Things Devices
Firmware Updates for Internet of Things Devices Brendan Moran, Milosch Meriac, Hannes Tschofenig Drafts: draft-moran-suit-architecture draft-moran-suit-manifest 1 WHY DO WE CARE? 2 IoT needs a firmware
More informationCRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION
#RSAC SESSION ID: CRYP-W04 CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION Adam Shull Recent Ph.D. Graduate Indiana University Access revocation on the cloud #RSAC sk sk Enc Pub Sym pk k
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationWhite-Box Cryptography State of the Art. Paul Gorissen
White-Box Cryptography State of the Art Paul Gorissen paul.gorissen@philips.com Outline Introduction Attack models White-box cryptography How it is done Interesting properties State of the art Conclusion
More informationPlaintext Awareness via Key Registration
Plaintext Awareness via Key Registration Jonathan Herzog CIS, TOC, CSAIL, MIT Plaintext Awareness via Key Registration p.1/38 Context of this work Originates from work on Dolev-Yao (DY) model Symbolic
More informationENEE 459-C Computer Security. Security protocols
ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.
More informationPluggable Transports Roadmap
Pluggable Transports Roadmap Steven J. Murdoch and George Kadianakis steven.murdoch@cl.cam.ac.uk,asn@torproject.org Tor Tech Report 2012-03-003 March 17, 2012 Abstract Of the currently available pluggable
More informationFast and Evasive Attacks: Highlighting the Challenges Ahead
Fast and Evasive Attacks: Highlighting the Challenges Ahead Moheeb Rajab, Fabian Monrose, and Andreas Terzis Computer Science Department Johns Hopkins University Outline Background Related Work Sampling
More information"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary
Course Summary Description Securing.Net Web Applications - Lifecycle is a lab-intensive, hands-on.net security training course, essential for experienced enterprise developers who need to produce secure.net-based
More informationCS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis
CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE
More informationIntegrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services
Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services David Nuñez, Isaac Agudo, and Javier Lopez Network, Information and Computer Security Laboratory (NICS Lab)
More informationGrandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide
Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide Table of Contents INTRODUCTION... 4 SCENARIO OVERVIEW... 5 CONFIGURATION STEPS... 6 Core Site Configuration... 6 Generate Self-Issued Certificate
More informationVerfying the SSH TLP with ProVerif
A Demo Alfredo Pironti Riccardo Sisto Politecnico di Torino, Italy {alfredo.pironti,riccardo.sisto}@polito.it CryptoForma Bristol, 7-8 April, 2010 Outline Introduction 1 Introduction 2 3 4 Introduction
More informationRouting and Forwarding in ntorrent using ndnsim
Routing and Forwarding in ntorrent using ndnsim Akshay Raman University of California, Los Angeles akshay.raman@cs.ucla.edu arxiv:1807.05061v1 [cs.ni] 22 Jun 2018 Abstract BitTorrent is a popular communication
More informationAnonymous communications: Crowds and Tor
Anonymous communications: Crowds and Tor Basic concepts What do we want to hide? sender anonymity attacker cannot determine who the sender of a particular message is receiver anonymity attacker cannot
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationMaster s Thesis 修士論文 論文題目 CACHE CONSISTENCY IN ICN: LEASE 5114FG21-6 THEINT THEINT MYO. Hidenori NAKAZATO. Supervisor 指導教員 年 7 月 1 9 日
Graduate School of Fundamental Science and Engineering Master s Thesis 修士論文 論文題目 CACHE CONSISTENCY IN ICN: LEASE Student ID 学籍番号 5114FG21-6 Name 氏名 THEINT THEINT MYO Supervisor 指導教員 Hidenori NAKAZATO 印
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationNamed Data Networking (NDN) CLASS WEB SITE: NDN. Introduction to NDN. Updated with Lecture Notes. Data-centric addressing
CLASS WEB SITE: http://upmcsms.weebly.com/ Updated with Lecture Notes Named Data Networking (NDN) Introduction to NDN Named Data Networking (NDN) IP NDN Host-centric addressing Data-centric addressing
More informationEmbedding Identity in Mobile Environments
Mobiarch 2007 - Kyoto, August 27 th, 2007 Embedding Identity in Mobile Environments Alfredo Matos Susana Sargento Rui L. Aguiar 2005, it -
More informationEfficient Compilers for Authenticated Group Key Exchange
Efficient Compilers for Authenticated Group Key Exchange Qiang Tang and Chris J. Mitchell Information Security Group, Royal Holloway, University of London Egham, Surrey TW20 0EX, UK {qiang.tang, c.mitchell}@rhul.ac.uk
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationDetecting Attacks, cont.
Detecting Attacks, cont. CS 161: Computer Security Prof. David Wagner April 8, 2016 Special request: Please spread out! Pair up. Each pair, sit far away from anyone else. If you re just arriving, sit next
More informationEmploying Attribute-Based Encryption in Systems with Resource Constrained Devices in an Information-Centric Networking Context
Employing Attribute-Based Encryption in Systems with Resource Constrained Devices in an Information-Centric Networking Context Global IoT Summit (GIoTS) Geneva, June 6-9, 2017 Börje Ohlman Ericsson Research
More informationUntraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms EJ Jung Goals 1. Hide what you wrote encryption of any kind symmetric/asymmetric/stream 2. Hide to whom you sent and when pseudonym?
More information3DS2 and Strong Auth with PR API. Ian Jacobs, April 2018
3DS2 and Strong Auth with PR API Ian Jacobs, April 2018 Overview 3DS2 Summary How best to pair 3DS2 as specified with PR API (e.g., for use cases where already required by regulation). Identify opportunities
More informationM. Arumaithurai. Intended status: Informational Expires: January 16, 2014
ICNRG Internet-Draft Intended status: Informational Expires: January 16, 2014 M. Arumaithurai J. Seedorf NEC A. Tagami KDDI R&D Labs K. Ramakrishnan AT&T N. Blefari Melazzi Univ. Tor Vergata July 15, 2013
More informationSecurity, Privacy, and Access Control in Information-Centric Networking: A Survey
Security, Privacy, and Access Control in Information-Centric Networking: A Survey Reza Tourani, Travis Mick, Satyajayant Misra, Gaurav Panwar Department of Computer Science, New Mexico State University
More informationProxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking
NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other
More informationDatabase data security through the lens of cryptographic engineering
Database data security through the lens of cryptographic engineering Eugene Pilyankevich, Chief Technical officer, Cossack Labs Data breaches, annually 1093 419 447 614 783 781 2011 2012 2013 2014 2015
More informationTor Hidden Services. Roger Dingledine Free Haven Project Electronic Frontier Foundation.
Tor Hidden Services Roger Dingledine Free Haven Project Electronic Frontier Foundation http://tor.eff.org/ 31 July 2005 Talk Outline Tor overview Circuit-building in Tor Hidden services in Tor Demo Anonymity
More informationSecurity and Anonymity
Security and Anonymity Distributed Systems need a network to send messages. Any message you send in a network can be looked at by any router or machine it goes through. Further if your machine is on the
More informationScope Statement For Shared Key Authentication and Encryption in Lustre 2.X
For Shared Key Authentication and Encryption in Lustre 2.X Revision History Date Revision Author 2012-07-10 Created Andrew Korty 2012-11-10 Version 2 Stephen Simms Table of Contents Introduction... 2 Problem
More informationOutline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution
Outline V22.0202-001 Computer Systems Organization II (Honors) (Introductory Operating Systems) Lecture 21 Language-Based Protection Security April 29, 2002 Announcements Lab 6 due back on May 6th Final
More informationJonathan Wald and Jason Zigelbaum (A project report written under the guidance of Prof.
1 of 12 Jonathan Wald jwald@wustl.edu and Jason Zigelbaum jczigelb@wustl.edu (A project report written under the guidance of Prof. Raj Jain) Download Table of Content: 1. Introduction 1.1 What is OpenPacketPro
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 6 Week of March 6, 2017 Question 1 Password Hashing (10 min) When storing a password p for user u, a website randomly generates a string s (called
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationSmartSiren: Virus Detection and Alert for Smartphones. Jerry Cheung, Starsky Wong, Hao Yang and Songwu Lu MOBISYS 2007
SmartSiren: Virus Detection and Alert for Smartphones Jerry Cheung, Starsky Wong, Hao Yang and Songwu Lu MOBISYS 2007 Premise Smartphones have become increasingly popular. So have viruses for smartphones
More informationSecure Fragmentation for Content Centric Networking
Secure Fragmentation for Content Centric Networking Marc Mosko Palo Alto Research Center 3333 Coyote Hill Road, Palo Alto, CA 94304 e-mail: mmosko@parc.com Christopher A. Wood Palo Alto Research Center
More informationEfficient Mobile Content-Centric Networking. Using Fast Duplicate Name Prefix Detection. Mechanism
Contemporary Engineering Sciences, Vol. 7, 2014, no. 24, 1345-1353 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.49166 Efficient Mobile Content-Centric Networking Using Fast Duplicate
More informationDecentralised Communication: The challenge of balancing interoperability and privacy.
Decentralised Communication: The challenge of balancing interoperability and privacy. matthew@matrix.org http://www.matrix.org Privacy in Matrix 2 Two basic types of privacy: 1. Can attackers see what
More informationRunning IoT Applications over ICN: A Guided Journey to NDN, RIOT, CCN-lite and NFN
ACM ICN-2017 Tutorial 1 Running IoT Applications over ICN: A Guided Journey to NDN, RIOT, CCN-lite and NFN at the Freie Universität Berlin, Sep 26, 2017 Welcome and a gentle introduction to ICN Alex Afanasyev,
More informationcommunication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.
Introduction to anonymous communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.Leuven) 1 a few words on the scope of the
More informationAccess-Controlled In-Network Processing of Named Data
Access-Controlled In-Network Processing of Named Data Claudio Marxer Christopher Scherb Christian Tschudin Computer
More informationNetwork Names in Content-Centric Networking
Network Names in Content-Centric Networking Cesar Ghali Gene Tsudik Christopher A. Wood Computer Science Department, University of California Irvine {cghali, gene.tsudik, woodc1}@uci.edu ABSTRACT Content-centric
More information