PRIVACY IN CONTENT DISTRIBUTION NETWORKS

Similar documents
Development of new security infrastructure design principles for distributed computing systems based on open protocols

Grid Security Infrastructure

ShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS

UNICORE Globus: Interoperability of Grid Infrastructures

Delegated Access Control Extension

J. Basney, NCSA Category: Experimental October 10, MyProxy Protocol

Identity Provider for SAP Single Sign-On and SAP Identity Management

Credentials Management for Authentication in a Grid-Based E-Learning Platform

DEPLOYING MULTI-TIER APPLICATIONS ACROSS MULTIPLE SECURITY DOMAINS

Network Working Group Request for Comments: 3820 Category: Standards Track. NCSA D. Engert ANL. L. Pearlman USC/ISI M. Thompson LBNL June 2004

GSI Online Credential Retrieval Requirements. Jim Basney

A Novel Adaptive Proxy Certificates Management Scheme in Military Grid Environment*

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

Covert Identity Information in Direct Anonymous Attestation (DAA)

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Identity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014

Managing Certificates

Technical Overview. Version March 2018 Author: Vittorio Bertola

National Identity Exchange Federation. Terminology Reference. Version 1.0

Why the end-to-end principle matters for privacy

DIRAC Distributed Secure Framework

Security Digital Certificate Manager

SERVICE DESCRIPTION. Population Register Centre s online services

IBM. Security Digital Certificate Manager. IBM i 7.1

Partner Center: Secure application model

SAML-Based SSO Solution

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy

ISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University

Credential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003

Participant Portal. User s Guide. 25/10/2010 (version 2.2.1) Participant Portal User s Guide ( ) Release 2.2.

GLOBUS TOOLKIT SECURITY

Picshare Party Privacy Policy

ALG Associates, LLC ( ALG Associates ) operates a website under. and has created this privacy policy to demonstrate its

THEBES: THE GRID MIDDLEWARE PROJECT Project Overview, Status Report and Roadmap

A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography

Geolocation and Application Delivery

SAML-Based SSO Solution

Certificate Enrollment for the Atlas Platform

OneID An architectural overview

W H IT E P A P E R. Salesforce Security for the IT Executive

Security Provider Integration SAML Single Sign-On

ETSI TS V7.1.0 ( )

XVSecurity. Security 1083

Secure Web Fingerprint Transaction (SWFT) Access, Registration, and Testing Procedures

Morningstar ByAllAccounts Service Security & Privacy Overview

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

Security Provider Integration: SAML Single Sign-On

DIRAC distributed secure framework

We will ask you for certain kinds of personal information ( Personal Information ) to provide the services you request. This information includes:

Xerox Connect for Dropbox App

FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?

Information technology Security techniques Blind digital signatures. Part 1: General

Document Cloud (including Adobe Sign) Additional Terms of Use. Last updated June 5, Replaces all prior versions.

Create Decryption Policies to Control HTTPS Traffic

MediaAUTH Draft Proposal

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

GMO Register User Guide

Technical Requirements of the GDPR

Features of a proxy server: - Nowadays, by using TCP/IP within local area networks, the relaying role that the proxy

A SIMPLE INTRODUCTION TO TOR

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

AUTHENTICATION AND LOOKUP FOR NETWORK SERVICES

CSC 774 Advanced Network Security

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Oracle Tuxedo. Using Security in CORBA Applications 11g Release 1 ( ) March 2010

FPKIPA CPWG Antecedent, In-Person Task Group

Security Architecture for Open Grid Services

(2½ hours) Total Marks: 75

SAML V2.0 Profile for Token Correlation

WHITE PAPER. ENSURING SECURITY WITH OPEN APIs. Scott Biesterveld, Lead Solution Architect Senthil Senthil, Development Manager IBS Open APIs

Privacy Policy Mobiliya Technologies. All Rights Reserved. Last Modified: June, 2016

Security Device Roles

Trusted Identities. Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN

Overview. SSL Cryptography Overview CHAPTER 1

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT

ECA Trusted Agent Handbook

Attribute-based encryption with encryption and decryption outsourcing

General website Privacy

Privacy Policy. Optimizely, Inc. 1. Information We Collect

GOCO.IO, INC TERMS OF SERVICE

Open Caching CDNI extensions proposals. Sanjay Mishra, Ori Finkelman IETF-100, Singapore November 2017

An Architecture For Computational Grids Based On Proxy Servers

ISO INTERNATIONAL STANDARD. Road vehicles Extended data link security. Véhicules routiers Sécurité étendue de liaison de données

TEOCO Data Center Connectivity. Overview

Configuring Request Authentication and Authorization

ECE646 Fall Lab 1: Pretty Good Privacy. Instruction

IBM i Version 7.2. Security Digital Certificate Manager IBM

Configuring SSL Security

DRAFT REVISIONS BR DOMAIN VALIDATION

SMKI Code of Connection

Introduction. The Safe-T Solution

PRIVACY POLICY Let us summarize this for you...

Survey Paper on Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Security & Privacy. Larry Rudolph. Pervasive Computing MIT SMA 5508 Spring 2006 Larry Rudolph

Globus Toolkit Firewall Requirements. Abstract

LightGig Communications, LLC Privacy Policy

ETSI TS V6.1.0 ( )

TABLE OF CONTENTS 1.OVERVIEW 2.PREREQUISITES AT USER SIDE 3.INTRODUCTION TO THE BROWSER 4.REGISTRATION PROCESS 5.LOGIN PROCEDURE 6.

Transcription:

PRIVACY IN CONTENT DISTRIBUTION NETWORKS Aframework description R.I. Hulsebosch Telelllnlica Institllllt, PO Box 589, 7500 AN, Ellschede, The Netherlal/ds e-mail: Boh.Hulschosch@tclm.nl; phone: +31 (0)534850498; fax: +31 (0)534850400 Abstract: Key words: A ti'amework is proposed for secure delivery of personalized content in the presence of a transparent intennediary while the privacy of the user is being preserved. The framework includes delegation of authority to the intennediary content distributor allowing him to act all behalf of the content provider. To maximize privacy. the framework enables users to control their profile and the ability to manage which personal infolmation gets disclosed in the presence of a transparent intennediary. Privacy. Proxy Certificate. Content Distribution. Identity management. 1. INTRODUCTION Network edge caching proxies have been successfully deployed to accelerate web content delivery towards the user and reduce the load on origin web servers of the content provider (CP). In these so-called Content Distribution Networks (CDNs [1]), the intermediary edge caching proxies act as a gateway between web users and CPs and are nowadays more and more utilized with intelligent services other than simple caching. Userdemanded services like virus scanning, content adaptation for personalization, and insertion of advertisements are suitable for such proxy servers and fit very well in the CDN model. The increased need for intermediaries to acquire access to security-related information. personal information about individual users and organizations, and proprietary information belonging to users and CPs, however. introduces new risks. The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35691-4_52 D. Gritzalis et al. (eds.), Security and Privacy in the Age of Uncertainty IFIP International Federation for Information Processing 2003

436 SECURITY AND PRIVACY IN THE AGE OF UNCERTAINTY Several problems have to be tackled for delivering personalized content to the user in a CDN. The intermediary CD is dealing with both the CP and the user. For personalized content adaptation the CD must obtain infonnation about the user and must use this information in delivering and adapting the content and services that the user chooses. The main problem is related to the fact that the CD often operates transparently for the user and on behalf of the CPo The user does not have any knowledge of the existence of the CD. Normally. a user enters the URL of the CP in his web browser. If this CP has an agreement with a CD, the request will be (almost) transparently redirected to this intermediary. The user usually is not aware of this and shall only allow the CP insight in some of his profile attributes in return for content, not the CD. Therefore the CD requires credentials of the CP to convince the user he is acting on behalf of the CP in order to obtain the user credentials. A solid framework for authentication and authorization is required to allow end-points to delegate authoiity to intermediaries so that they can adapt content on behalf of them. The framework must also facilitate secure handling of user information required for content adaptation services. In this communication we describe a certificate-based framework for secure content adaptation by the intermediary CD in a CDN. The framework enables delegation of authority to the CD allowing him to act on behalf of the CPo A Profile Manager (PM) is introduced for management and selective dissemination of the personal profile of the user. A scenario for anonymous browsing while personalized content is being delivered is discussed. 2. FRAMEWORK FOR SECURE PERSONALIZED CONTENT ADAPTATION AND DELIVERY We propose a framework that is an extension of the IDsec concept for viltual identities on the Intemet [2,3]. IDsec introduces a Profile Manager (PM) that allows the user to manage and control the distribution of personal credentials to the CP. Digital certificates are used as a tool for access to these credentials. Session Certificates (SCs) are introduced to provide for a pointer to the profile located at the PM. These SCs do not contain any other information. Access to profile information is based on the elements in the digital certificate of the CPo The high-level basic framework constituting the actors. their relations. and the most important attributes is shown in Figure 1. The user logs in at the PM and alters his profile (l). When he logs off, a SC is returned (2). When the user requests for content, a SC is included in the request (3). The CD receives the request. Prior to sending the content. the CD wants to adapt the content he has ohtained from the CPo In order to do this. the CD needs to know the preferences and capabilities of the user, i.e.,

Privacy in Content Distribution Networks 437 his profile at the PM. For this reason the CD has to identify himself and reassure the PM that he is working on behalf of the CP (4). If this is true, the PM will grant the CD access to the credentials the user has given the CP access to (5). The CP provides the OIiginal content (6). Once the CD has obtained the credentials of the user, content adaptation can be performed (7). The adapted content is returned to the CD (8). and forwarded to the user (9). (j Oligfnel conlenl Adapled c;:onlent o Senion cerlific8te Proxy ce,tihcate o Uurproltle Figure I: Framework for personalized content delivery in a CON environment. The fourth step in this scenario is the most critical one. Here the CD has to assure the PM he is operating on behalf of the CP in order to obtain access to the profile of the user. For this to work out we propose the use of proxy celtificates (PC, [4 n. The use of so-called proxy credentials for impersonation is a common technique to allow entity A to grant another entity B the right for B to authenticate with others as if it were A. In other words, entity B is impersonating entity A. The CD can use a PC to authenticate to the PM on behalf of the CPo The outcome is that the CD obtains access to the profile attributes of the user, which are stored at the PM. The Grid Security Infrastructure (GSI, [5]) for instance has proven the viability of impersonation as a basis for authentication. The delegation process and the X.509 PC profile used in our model have been extensively described in an IETF Internet Draft of the PKlX working group [6]. In the next sections we will have a closer look at the different processes that take place during content adaptation and delivery. Profile Management The PM allows the user to manage his profile attributes and the access to these attributes. The user - PM interactions are as follows (see Figure 2); 1. The user enters the PM via secure channel. Mutual authentication between the user and the PM is essential. Both the user and the PM need to be sure that they are dealing with the real party and not a bogus one.

438 SECURITY AND PRIVACY IN THE AGE OF UNCERTAINTY 2. Via the PM the user is able to structure his profile and to control access to his protile attributes. This means that the user can disclose a specific portion of his protile without revealing any other information. 3. A user-authenticated asymmetric session key pair is generated. This key is pair is used during the Internet session and has a short lifetime. The private key is securely stored while the public session key is sent to the PM via the secure connection. The PM generates a SC including the public session key of the user. 4. The PM returns the SC to the user. The SC identifies/represents the user on the cunen! terminal but does not expose any user identification. fj\ r.;.;r Login I aulhenlieale JF Creale \.Y... Creale Key Pair Edll l manage profile @ Cerllflcale Use,... p,oj;'e., Manager 3 t:\ Receive Session Certlfleale I..V III 0 u... at-o = Privale Key = Public Key = User SC B = PM Cerlineale Figure 2: User profile management. Users will be required to have multiple attributes for a number of different CPs. To assign CPs to the profile attributes they need the user is able to create Access Control Lists (ACLs). Access to the attributes is based on the distinguished name of the entity to which the certificate relates (e.g. the CP) and the digital signature of the certificate issuing party [2]. Delegation of content adaptation rights The CD must be authorized by the CP in order to adapt the original content. In other words, the CP must delegate the content adaptation rights to the CD. Moreover, these delegation rights have to be used by the CD to obtain the profile of the user. Since access to the profile attributes is based on the distinguished name of the CP [2], the CD must convince the PM he is operating on behalf of the CPo The CD therefore must perform several operations that allow him to approach the PM server on behalf of the CP, i.e. the CD must obtain a PC of the CPo The delegation of content adaptation rights from the CP to the CD is depicted in Figure 3. = Private Key =-- = Public Key Content Distributor Requesllor Proxy Certificate Receive Create Proxy Key Pair r5=1 CD., Content Provider Figure 3: Delegation of content adaptation rights. 3 ACI.. Creale Proxy =--

Privacy in Content Distribution Nenvorks 439 Content delivery Figure 4 explains the process of personalized content delivery via the CD: 1. The SC is sent to the CD together with the URL request that the user makes. 2. To obtain the user profile attributes the CD must enter the PM. He uses his personal cel1ificate for authentication at the server. 3. The PM authenticates to the CD and a secure channel is established. 4. The SC, PC and the CP certificate are sent to the PM via the secure channel. Both the SC and PC are used by the PM to determine the access rights of the CD. The CP certificate is used for verification of the PC signature. The signature of the CP certificate determines whether the PM trusts the CD - CP relation. If the PM trusts the signature. the SC allows him to perform a lookup for the session and user in order to retrieve the attributes of the user profile that the CP has access to. Access to attributes is controlled by the user and is based on the distinguished name of the PC since the ACL contains these names [2]. 5. The profile is returned to the CD and is used to adapt the content. Naturally, the CP has stated the boundaries for the CD to adapt his content. A negotiation process between the limitations posed by the CP, the capabilities of the CD, and desires posed by the user for content adaptation is started. 6. The adapted content is sent to the user. If confidential information needs to be exchanged between the CD and user, the CD may use the public session key to encrypt the content sent. Only the user will be able to read the messages since he owns the private session key for decryption. If required by the CD, user authentication can be done via the private key of the Sc. This would dynamically prove that the user is the owner of the Sc. Request and send SC Send CD Certificate [3.. CD User CD Send PM Certificate Profile Content Manager Send CP, f.\ DIstributor \V G PC and SC Certificates 7.,,;. Send User Profile Figure 4: Personalized content delivery based on SCs. Note that in this scenario the user has stayed anonymous for the CD and CPo 3. CONCLUSIONS Personalized and localized content adaptation services are hot on the Internet. The rise of CDNs and the proposed value-added edge services fulfill and facilitate this need [7]. As a result, users on the Internet are often

440 SECURITY AND PRIVACY IN THE AGE OF UNCERTAINTY privy to large amounts of personal information, and should be very careful to prevent unintentional leakage of this information to other sources. Therefore. the parameters required for content adaptation need careful handling by an intermediary palty. Though a CD typically operates transparently, the intermediary value-added services provided by a CD must therefore not be transparent: they have to be authorized by either the content requestor or the provider, corresponding to whom the service is being provided for. CPs may have a say on what adaptation is allowed, while on the other hand, the content consumers have the right to authorize services on their behalf. Authentication and (delegation of) authorization are two crucial aspects in establishing a trusted relationship in this complex situation. We have presented a viable framework for a transparent intermediary CD to securely deliver personalized content to an anonymous user. The model allows a user to provide personal information while maintaining privacy by keeping control over its release. As a result the CD can offer services matching the need of each user. The model uses a PM for secure online management and administration of the private credentials of the user and issuing of SCs and encryption keys. The PM allows the user to determine what information gets released to which site. Thus, the responsibility of balancing access and privacy lies ultimately with the user. Since access is based on the distinguished name of the CP, delegation of authority is necessary to allow the CD access. Delegation of authority means that the authenticated identity of the CP must be carried over to the CD. This is accomplished by giving the CD a so-called PC to further perform operations on behalf of the CPo REFERENCES I. B. Hulsebosch. R. Bmssee. H. Eel1ink. W. Huijsen. M. Rougoor. W. Teeuw, M. Wibbels. H. Zandbeit, Content Distribution Networks State of the Alt, Telematica Instituut. 2001, https://doc.tclin.nl/dscgi/ds.py/gctlfile-15534/cdnsota.pdf. 2. H. Zandbelt, B. Hulsebosch, H. Eeltink. IDsec: Vinualldentities on the Internet, Intemet draft. http://idsec.soun:eforge.nelfdraft-7andbelt-idsec-0 I.txt. 3. R.J. Hulsebosch, J.F. Zandbelt, E.H. Eeltink. Virtual Identities on the Internet, submitted to the Proceedings of the Twelfth International World Wide Web Conference, 20-24 May 2003, Budapest, Hungary. 4. B.C. Neuman. Proxy-Based Authorization and Accounting for Distributed Systems, Proc. I 3 1fl International Can ference on Distribu ted Computing Systems, Pittsburg, 1993. 5. Grid Security Infrastructure description: http://www.globus.org(security. 6. S. Tuecke. D. Engelt. I. Foster, V. Welch. M. Thompson, L. Pearlman, C. Kesselman, Internet X.509 Public Key Infrastructure Proxy Certificate Profile, draft-ggf-gsi-proxy- 03,2002. http://www.gridforum.org/security/ggi.5 2002-07/draft-ggf-gsi-proxy-03.PDF. 7. A proposed edge server technology can be found on the web site of the IETF OPES working grou p. h ltp://ww IV. iet Lorglll I.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback