A consumer-driven access control approach to censorship circumvention in content-centric networking

Transcription

1 A consumer-driven access control approach to censorship circumvention in content-centric networking Jun Kurihara, Kenji Yokota and Atsushi Tagami KDDI R&D Laboratories, Inc. ACM ICN 2016 Kyoto, Japan, Sep. 28, 2016 Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 1

2 Outline of my talk 1. Introduction 2. Censorship circumvention in CCN 3. Basics of consumer-driven access control approach 4. Enhancement using manifest and nameless object 5. Conclusion Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 2

3 Introduction Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 3

4 Censorship: A serious problem in networking Censorship in a network: Monitoring network messages, checking what is requested, and dropping messages in the blacklist by a certain authority. Censorship is widely spread now and serious problem in the Internet Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 4

5 Censorship is easily enforceable in CCN Content data itself can be encrypted in a certain AC, but interest name is not. Explicitly-given and semantic name in CCN made censorship trivial. consumer Censorship authority router domain: /kddi publisher Capture and analyze interests; and Drop any interests by checking only their names democracy domain: /kyoto Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 5

6 Censorship circumvention in CCN Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 6

7 Two types of countermeasures in CCN Tor-like scheme Multi-layered encryption at anonymizing routers Significant overhead and delay Proxy-based scheme Establishing anonymized channel between proxy and consumer Simpler and faster than Tor-like scheme S. DiBenedetto, P. Gasti, G. Tsudik, and E. Uzun, ANDāNA: Anonymous named data networking application, in Proc. NDSS R. Tourani, S. Misra, J. Kliewer, S. Ortegel, and T. Mick, Catch me if you can: A practical framework to evade censorship in information-centric networks, in Proc. ACM ICN C. Ghali, M. A. Schlosberg, G. Tsudik, and C. A. Wood, Interest-based access control for content centric networks, in Proc. ACM ICN Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 7

8 Proxy-based approach Our scheme is basically categorized as a proxy based scheme Anonymized interest (/<routable prefix>/ + encrypted name) (/kddi/democracy.mpg) encrypt!? Trusted proxy domain: /kddi decypt! interest /kddi/democracy.mpg Communication via encrypted name plaintext name Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 8

9 Cache recycling problem of proxy-based approaches Anonymized communication is established between each consumer and a proxy under distinct encryption key. Anonymized communication channel Consumer A Consumer B The same content is queried via different names by different users Standard CCN behind the proxy Cached content never be recycled Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 9

10 Basics of consumer-driven access control approach Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 10

11 System model Entity: CCN basic parties + cache enablers E i + anonymizer A + attacker cache enabler E 2 (as a router) anonymizer A (trusted proxy) consumers attacker (as a router) publisher cache enabler E 1 (as a router) CCN router domain: /kddi Content names follow a conventional (ICN) hierarchical naming scheme like URL (e.g., /kddi/demo/video.mpg). Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 11

12 Attacker definitions We consider two types of attackers. Passive Attacker Capture/analyze interests Stronger version Active Attacker Capture/analyze interests Modify interests Learn what is requested and who is requesting ; Drop/filter interests Masquerade as legitimate consumers *Passive Active Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 12

13 Key elements of our approach [Against passive attacker] (1) Encryption-based access control to interest names for cache enablers and anonymizer [Against passive/active attacker] (2) Authentication and decryption with hidden consumer ID at cache enablers and anonymizer Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 13

14 (1) Encryption-based access control to names: Preliminary Access control: A technique used to regulate who or what can view raw/original data in a computing environment. Encryption-based access control: Data is encrypted in such a way that only authorized users are allowed to decrypt the encrypted data and obtain the raw data. Encrypted data With valid key With no key Possibly different With valid key Assigned decryption keys are identified as access rights Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 14

15 (1) Encryption-based access control to names: Overview of the approach Consumer grants access rights to original interest names to cache enablers E i and anonymizer A via the encryption-based access control Assign key for E 2 Assign key for A Assign key for E 1 E 2 anonymizer A domain: /kddi cache enabler E 1 Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 15

16 Consumers encrypts interest names in such a way that pre-authorized E i and A can decrypt them and obtain original names. [Processing incoming interest at E i ] Anonymized interest (/routable prefix/ + encrypted name) (/kddi/democracy.mpg) (1) Decrypt (/kddi/democracy.mpg) Qualified cache enabler E i /kddi/democracy.mpg (2) CS search with original name CS /kddi/democracy.mpg (3) Respond by encrypted name content object (/kddi/democracy.mpg) *** illustrated only the case of cache hit for simplicity. *** Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 16

17 [Processing incoming content at E i ] (simply the dual of interest case) content object (/kddi/democracy.mpg) Qualified cache enabler E i (1) Decrypt (/kddi/democracy.mpg) /kddi/democracy.mpg (2) Cache with original name for recycle CS /kddi/democracy.mpg [Key observation] Access control to interest names Access control to cache-recycling opportunities *** omitted the process of PIT entry consumption for simplicity. *** Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 17

18 (2) Authentication and decryption with hidden ID: Preliminary [Observations] E i and A must learn the consumer ID from an interest to find a consumer specific key(s) for name decryption and interest authentication via HMAC/signature Consumer ID itself leaks the consumer information to attackers [Requirements] Consumer ID must be included and hidden in interests Only cache enablers and anonymizer learn the ID from an interest for decryption and authentication Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 18

19 (2) Authentication and decryption with hidden ID: Overview of the approach Anonymizer uses a public key broadcast encryption for hiding IDs in interests. Decryption keys are assigned to cache enablers Public (encryption) key is published. Having public key Assign key for E 2 Store key for A Assign key for E 1 E 2 anonymizer A Having public key E 1 domain: /kddi Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 19

20 Consumer generates the anonymizing interest from the encrypted name as: Broadcast public key from A (/kddi/democracy.mpg) Encrypted name (Consumer ID) Encrypted ID HMAC HMAC generation by name encryption key Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 20

21 E i and A authenticate and generate the incoming interest as: (/kddi/democracy.mpg) Encrypted name (Consumer ID) Encrypted ID HMAC Assigned broadcast decryption key Consumer ID Decrypt! Retrieve the name encryption key associated to the ID from key storage Authenticate! Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 21

22 Advantage and disadvantage [Security for passive attacker] No leakage about content name (what) No leakage about consumer identity (who) [Security for active attacker] Interest modification can be detected Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 22

23 [Efficiency] In-network caching can be fully leveraged at cache enablers E i s and anonymizer A More beneficial as # of E i s increases. trade-off between cache recycling opportunity and overhead Cryptographic operations (access control and authentication) at E i and A may involve serious computational cost. More serious overhead as # of E i s increase. Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 23

24 This problem is solved by combining our approach with manifest and nameless objects. We minimize the overhead with maintaining the security and maximizing the benefit of in-network caching. Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 24

25 Enhancement using manifest and nameless object Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 25

26 Preliminary: Manifest and nameless objects in CCNx Manifest: Content object providing a list of content objects (names and hashes) Manifest structure content object catalog Names /kddi/democracy.mpg/1 /kddi/democracy.mpg/2 /kddi/democracy.mpg/3 Hashes 0xABCD 0x1234 0xA1B2 Additional information (e.g., decryption key name/hash) Guarantee of integrity and unforgeability signature Listed items can be authenticated only by lightweight hash verification. Manifest-based content retrieval: Consumer first obtain and parse manifest, then retrieve listed content objects. Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 26

27 Nameless object: a variant of content object Content object payload is decoupled with name. Queried by arbitrary-given but correctly-routable name + its hash value. original replica name /kddi/democracy.mpg/1 /kyoto/movie.mpg/1 hash 0x1234ABCD replica /anonymized/v.mpg/1 May have multiple combinations Used for interest routing Content replica redirection can be easily realized. Used for CS/PIT search **Decoupled from name** Note: Consumer needs to first retrieve a manifest in order to learn routable names and hashes for nameless objects. Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 27

28 Maximizing benefit of in-network caching with minimizing computational overhead Assumption: Desired content objects are encrypted under appropriate access control (like CCN-AC*), and attacker does not know their hashes. Assumption: Desired content objects are nameless objects and hosted at a certain consumer-reachable replication server with meaningless (uncensored) names. Important observation: The name of replicated content object itself is semantically meaningless. -> Nameless objects are never filtered based on name. J. Kurihara, E. Uzun, and C. A. Wood. An encryption-based access control framework for content-centric networking. In Proc. IFIP Networking 2015 Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 28

29 The 2-phased strategy of enhancement: [Phase 1] Manifest and non-replicated extra information (e.g., decryption keys) are retrieved by consumer-driven access control approach. -> Our secure but heavy approach is used only for manifest + α [Phase 2] Replicated nameless content objects are simply queried in the standard manner of content retrieval. -> Large number of objects are never be filtered even in the standard manner. Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 29

30 Example of minimization of computational cost in flow: replicating nameless objects Phase 1 anonymized interest for a manifest interests for listed nameless objects anonymizer a.k.a. replication server interest for a manifest manifest publisher No cryptographic operations at intermediate nodes in phase 2! Phase 2 listed nameless objects Cryptographic operations on interest name Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 30

31 Example of cache recycling opportunities in flow: replicating nameless objects Phase 1 anonymized interest for a manifest anonymizer a.k.a. replication server interest for a manifest manifest publisher interests for listed nameless objects Every node has recycling opportunity in phase 2! Phase 2 listed nameless objects opportunity to respond from cache Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 31

32 Conclusion Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 32

33 Conclusion and future work In this talk: We introduced a proxy-based censorship circumvention approach enabling in-network caching. Consumer-driven access control to interest names Authentication and decryption with hidden consumer ID We enhanced the approach by using manifest and nameless objects Maximizing the cache recycling opportunity Minimizing the overhead of cryptographic computation at intermediate nodes Future work: Implementation and performance evaluation in realistic environment with specific settings. etc. Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 33

34 Thank you! Comment and question...? Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 34