Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System

Multiple Selective Mutual Authentication Multiple Selective Mutual Authentication Protocol for Peer-to-Peer SystemProtocol for Peer-to-Peer System

School of Engineering

2001099

Hyunrok Lee

2

ContentsContents

1. Introduction

2. The Problem

3. Preliminaries

4. Proposed Scheme

5. Comparison

6. Conclusion

7. Reference

3

1. 1. IntroductionIntroduction

The Internet three valuable fundamental assets A huge amount of information Increasing bandwidth Growing power of computing resources

Limitation of client-server model P2P model

Peer-to-peer computing Peer

A principal that simultaneously can have both client and server processes.

Sharing of computing resources and services by direct exchange or share between arbitrary network peers[2]

Pure P2P Hybrid P2P

4

1. 1. Introduction (cont.)Introduction (cont.)

Trust model Trust modeling

Web of Trust model Hierarchical Trust (PKI) model

Trust quantifying Trust computation

5

2. 2. The ProblemThe Problem

Different security problem between client-server model and peer-to-peer model

Most of P2P systems provide no provisions for mutual authentication or private information.[6][7][8][9]

Weak authentication mechanism PGP-based Freenet[12] does not have legal force.

P2P model may have temporary association P2P model should provide anonymity

Except the case of serious commercial transaction.

No authentication protocol based on view of trust model Trust between peers begins to mirror those real-world relationships. SMAP[1] did not consider trust model.

6

3. 3. PreliminariesPreliminaries

Key feature of peer-to-peer model[4] Discovering other peers Querying peers for resources Sharing resource with other peers

Pure peer-to-peer model

7

3. 3. Preliminaries (cont.)Preliminaries (cont.) Hybrid peer-to-peer

A simple discovery server Discovery and lookup server

Discovery, lookup, and content server

8

3. 3. Preliminaries (cont.)Preliminaries (cont.)

Well-known insecure peer-to-peer file sharing Napster[10]

Central discovery and lookup server Weak authentication

Gnutella[11] Pure p2p Provide only anonymity.

Freenet Pure p2p PGP based authentication

No legal force Retrieving user’s public key every operation

Require specific server – Key Distribution Center

9


Selective authentication scheme[1] Two main technique

Mutual authentication based on X.509 certificate Key establishment protocol based on public-key encryption

Support Anonymity Support Strong Authentication

Selective mechanism Two Procedure

Exclusion Protocol Authentication scheme is excluded. Communicate with each other (without session key)

Inclusion Protocol Mutually strong authentication is included. Communicate with each other (with time-invariant session key)

10


Protocol. Selective mutual authentication protocol (SMAP) SUMMARY: A sends B one message, and B responds with one message that

include extra selective field. And then key establishment is performed. RESULT: (according to user choice)

(1) Mutual peer authentication and time-variant session key transport with key authentication(2) Peer authentication exclusion

1. Notation. PX(y) denotes the result of applying X’s encryption public key to data y. SX(y) denotes the result of applying X’s signature private key to y. rA, rB are never re-used numbers (to detect replay and impersonation). certX is a certificate binding peer X to a public key suitable for both encryption and

signature verification. selE is a selective field that notifies peer authentication exclusion. selS is a selective field that notifies mutual peer authentication inclusion. null denotes the confirmation about communication.(without authentication) reqcert denotes more information, such as X.509 certificate, is required.

11


2. System setup. (a) Peer chooses a value of selective field. (b) Each peer has its public key pair for signatures and encryption. (c) A must acquire (and authenticate) the encryption public key of B. (This may

require additional messages and computation.)

3. Protocol messages. (An asterisk denotes items are optional.) First of all initiator must choose given two operations selE, selS.

Exclusion protocol:

A B: selE (1-E)

A B: null (2-E) Inclusion protocol: Let DA = (tA, rA, B, data1

*, PB(k1)*), DB = (tB, rB, A, rA, data2

*, PA(k2)*).

A B: selS (1-S)

A B: reqcert (2-S)

A B: certA, DA, SA(DA) (3)

A B: certB, DB, SB(DB) (4)

12


Trust Model in PGP [3] Web of trust No Legal force

Trust Values Complete trust

Fully trusted to certify others public keys Marginal trust

Marginally trusted to certify others public keys Not trusted

?

AliceAlice

CharlieCharlie BobBob

DavidDavid

13


Trust Model in PKI [5] Hierarchical Trust Model

Strict rule Cross Certificate for performance Hard to reflect trust relationship of real world

Legal Force RootRootCACA

CA4CA4 CA5CA5

CA2CA2CA1CA1 CA3CA3

CA6CA6

User DUser DUser BUser BUser CUser CUser AUser A

14


Trust Model in distributed computing [13] Propose a model for trust based on distributed

recommendations.

Consider reputation of each entity based on multi-domain

Support dynamic revocation / refresh

Propose Trust quantifying / calculation method

Trust is divided into Direct Indirect ( Recommendation )

Multiple trust value

Recommendation protocol ONLY

15

3. 3. Preliminaries (cont.)Preliminaries (cont.) Direct Trust Value semantics

Recommender Trust Value Semantics

16


Recommendation Protocol

RRQ ::= Requestor_ID, Rquest_ID, Target_ID, Categories, RequestorPKC, GetPKC, Expiry

Categories ::= SET OF {Category Name}

Recommendation ::= Requestor_ID, Request_ID, Rec_Path, [SEQUENCE OF {Recommendation_Set, TargetPKC} | NULL]

Rec_Path ::= SEQUENCE OF {Recommender_ID}Recommendation_Set ::= SET OF Recommendation_SlipRecommendation_Slip ::= SET OF SEQUENCE {Target_ID, Category_Name,

Trust_Value, Expiry}

RRQ ::= Requestor_ID, Rquest_ID, Target_ID, Categories, RequestorPKC, GetPKC, Expiry

Categories ::= SET OF {Category Name}

Recommendation ::= Requestor_ID, Request_ID, Rec_Path, [SEQUENCE OF {Recommendation_Set, TargetPKC} | NULL]

Rec_Path ::= SEQUENCE OF {Recommender_ID}Recommendation_Set ::= SET OF Recommendation_SlipRecommendation_Slip ::= SET OF SEQUENCE {Target_ID, Category_Name,

Trust_Value, Expiry}

17


Recommendation Protocol Example Alice Bob Cathy Eric

Recommender trust relationship Direct trust relationship

Request recommendation1. Alice Bob : Alice, rrqA01, Eric, [Car_Service], T, 200112312. Bob Cathy : Bob, rrqB01, Eric, [Car_Service], T, 200112313. Cathy Bob : Bob, rrqB01, [Cathy], [ (Eric, Car_Service, 3, 20011231) ]4. Bob Alice : Alice, rrqA01, [Cathy, Bob], [ (Eric, Car_Service, 3, 20011231) ] , PKERIC

If change trustworthy,5. Cathy Bob : [Cathy], [ (Eric, Car_Service, 1, 20011231) ]6. Bob Alice : [Cathy, Bob], [ (Eric, Car_Service, 1, 20011231) ]

Request recommendation1. Alice Bob : Alice, rrqA01, Eric, [Car_Service], T, 200112312. Bob Cathy : Bob, rrqB01, Eric, [Car_Service], T, 200112313. Cathy Bob : Bob, rrqB01, [Cathy], [ (Eric, Car_Service, 3, 20011231) ]4. Bob Alice : Alice, rrqA01, [Cathy, Bob], [ (Eric, Car_Service, 3, 20011231) ] , PKERIC

If change trustworthy,5. Cathy Bob : [Cathy], [ (Eric, Car_Service, 1, 20011231) ]6. Bob Alice : [Cathy, Bob], [ (Eric, Car_Service, 1, 20011231) ]

18


Trust Quantifying & Computation

Computing Trusttvp(T) = tv(R1)/4 X tv(R2)/4 X … X tv(Rn)/4 X rtv(T)Where

tv(Ri) : recommenders trust valuertv(T) : The recommended trust value of target T given in the recommendationtvp(T) : The trust value of target T derived from recommendation received through return path p.

tv(T) = Average (tv1(T), … , tvp(T))

Ex)tv1(Eric) = tv(Bob)/4 X tv(Cathy)/4 X rtv(Eric) = 2/4 X 3/4 X 3 = 1.125tv2(Eric) = 2.500tv(Eric) = Average( tv1(Eric), tv2(Eric)) = Average( 1.125, 2.500 ) = 2.375

Computing Trusttvp(T) = tv(R1)/4 X tv(R2)/4 X … X tv(Rn)/4 X rtv(T)Where

tv(Ri) : recommenders trust valuertv(T) : The recommended trust value of target T given in the recommendationtvp(T) : The trust value of target T derived from recommendation received through return path p.

tv(T) = Average (tv1(T), … , tvp(T))

Ex)tv1(Eric) = tv(Bob)/4 X tv(Cathy)/4 X rtv(Eric) = 2/4 X 3/4 X 3 = 1.125tv2(Eric) = 2.500tv(Eric) = Average( tv1(Eric), tv2(Eric)) = Average( 1.125, 2.500 ) = 2.375

19

4. 4. Proposed SchemeProposed Scheme Trust model RootRoot

CACA

CA1CA1 CA2CA2

SysopSysopPeerPeer

ServiceProvider

ServiceProvider

ServiceProvider

Community 1

PeerPeer

PeerPeer

PeerPeer

PeerPeer PeerPeer

PeerPeer

PeerPeerPeerPeer

PeerPeer

PeerPeer

PeerPeerPeerPeer

PeerPeer

PeerPeer

PeerPeer

PeerPeer

SysopSysop Community 2SysopSysop

……

…

…

…

……

…

HierarchicalModel

Web of Trust

20

4. 4. Proposed Scheme (cont.)Proposed Scheme (cont.)

Multiple Selective Mutual Authentication Protocol(MSMAP) Overview

Based on SMAP[1] Hybrid Trust Multiple Selective Mutual Authentication under view of hybrid trust Use the result of trust value computation

Assume that Standard P2P Protocol is established All peer CAN communicate with each other

Result of trust value computation tv(peer) ＜ 0 refuse all process0 ≤ tv(peer) ＜ 1.5 request formal certificate from CA1.5 ≤ tv(peer) ＜ 3 request informal certificate from Service Provider3 ≤ tv(peer) ≤ 4 request self-signed certificate (Public Key)

Result of trust value computation tv(peer) ＜ 0 refuse all process0 ≤ tv(peer) ＜ 1.5 request formal certificate from CA1.5 ≤ tv(peer) ＜ 3 request informal certificate from Service Provider3 ≤ tv(peer) ≤ 4 request self-signed certificate (Public Key)

21


SUMMARY: A sends B one message, and B responds with one message that include extra selective field. After B request recommendation to peers and then key establishment is performed.

RESULT: (according to user choice)(1) Mutual peer authentication and time-variant session key transport with key authentication using different source of certificate based on trustworthy.(2) Peer authentication exclusion

1. System setup. (a) Peer chooses a value of selective field. (b) Peer request and response recommendation to other peers (c) Each peer has its public key pair for signatures and encryption. (d) A must acquire (and authenticate) the encryption public key of B. (This may

require additional messages and computation.)

Multiple Selective mutual authentication protocol (MSMAP)Multiple Selective mutual authentication protocol (MSMAP)Multiple Selective mutual authentication protocol (MSMAP)Multiple Selective mutual authentication protocol (MSMAP)

22

4. 4. Proposed Scheme (cont.)Proposed Scheme (cont.)2 . Notation.

PX(y) denotes the result of applying X’s encryption public key to data y. SX(y) denotes the result of applying X’s signature private key to y. rA, rB are never re-used numbers (to detect replay and impersonation). certX is a certificate binding peer X to a public key suitable for both encryption and

signature verification. selE is a selective field that notifies peer authentication exclusion. selS is a selective field that notifies mutual peer authentication inclusion. null denotes the confirmation about communication.(without authentication) reqFcert denotes more information, such as X.509 certificate from legal CA, is

required. reqIcert denotes more information, such as informal certificate from service provider,

is required. reqScert denotes more information, such as self-signed certificate, is required. peers are arbitrary peers between community members refuse denote that stop all mutual authentication process. So it means refuse

communication with that peer

23


3. Protocol messages. (An asterisk denotes items are optional.) First of all initiator must choose given two operations selE, selS. Exclusion protocolExclusion protocol:

A B: selE (1-E)A B: null (2-E)

Inclusion protocolInclusion protocol: Let DA = (tA, rA, B, data1

*, PB(k1)*), DB = (tB, rB, A, rA, data2

*, PA(k2)*).

A B : selS (1-S)peers B : Request trust recommendation (2-S)peers B : Recommendation result (3-S)

computing trustA B : refuse when tv(peer) ＜ 0 (4-S)

reqFcert when 0≤ tv(peer) ＜ 1.5

reqIcert when 1.5 ≤ tv(peer) ＜ 3

reqScert when 3 ≤ tv(peer) ≤ 4

A B : certA, DA, SA(DA) (5)

A B : certB, DB, SB(DB) (6)

24

5. Comparison5. Comparison

25

6. 6. ConclusionConclusion

P2P computing rapidly span. Lack of security of P2P Proposed Multiple Selective Mutual Authentication

Protocol (MSMAP) support Strong authentication Legal force Real trust relationships Anonymity Cost effective

Future Work Formalized trust quantifying and calculation are needed Span the proposed scheme generally.

26

7. 7. ReferencesReferences [1] Hyun-rok Lee “Selective mutual authentication scheme for peer-to-peer system.”

2001 Spring semester Modern cryptology term paper in ICU [2] P2P Working Group Homepage “http://www.peer-to-peerwg.org/whatis/index.html” [3] P.Zimmermann, “Why do you need PGP ?” “http://www.pgpi.org/doc/whypgp/en” [4] Lance Olson .NET P2P: Writing Peer-to-Peer Networked Apps with the Microsoft .NET

Framework, MSDN magazine 2001.2. [5] R.Perlman, “An Overview of PKI Trust Models,” IEEE Network Magazine, 1999 [6] Soribada Homepage “http://www.soribada.com” [7] Open4u Homepage “http://www.open4u.co.kr” [8] CuteMX Homepage “http://www.cutemx.com” [9] Aimster Homepage “http://www.aimster.com” [10] Napster Homepage “http://www.napster.com” [11] Gnutella Homepage “http://gnutella.wego.com” [12] Freenet Homepage “http://freenet.sourceforge.net” [13] Alfarez Abdul-Rahman and Stephen Hailes, “A Distributed Trust Model”

Proceedings of the workshop on New security paradigms workshop, 1997, Pages 48 – 60 [14] Alfred J. Manezes, Paul C.van Oorschot, Scott A. Vanstone, Handbook of Applied

Cryptography, CRC press [15] W. Stallings, Cryptography and Network Security, Prentice Hall, 1999

Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System

Documents

Transcript of Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System