Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System
description
Transcript of Multiple Selective Mutual Authentication Protocol for Peer-to-Peer System
Multiple Selective Mutual Authentication Multiple Selective Mutual Authentication Protocol for Peer-to-Peer SystemProtocol for Peer-to-Peer System
School of Engineering
2001099
Hyunrok Lee
2
ContentsContents
1. Introduction
2. The Problem
3. Preliminaries
4. Proposed Scheme
5. Comparison
6. Conclusion
7. Reference
3
1. 1. IntroductionIntroduction
The Internet three valuable fundamental assets A huge amount of information Increasing bandwidth Growing power of computing resources
Limitation of client-server model P2P model
Peer-to-peer computing Peer
A principal that simultaneously can have both client and server processes.
Sharing of computing resources and services by direct exchange or share between arbitrary network peers[2]
Pure P2P Hybrid P2P
4
1. 1. Introduction (cont.)Introduction (cont.)
Trust model Trust modeling
Web of Trust model Hierarchical Trust (PKI) model
Trust quantifying Trust computation
5
2. 2. The ProblemThe Problem
Different security problem between client-server model and peer-to-peer model
Most of P2P systems provide no provisions for mutual authentication or private information.[6][7][8][9]
Weak authentication mechanism PGP-based Freenet[12] does not have legal force.
P2P model may have temporary association P2P model should provide anonymity
Except the case of serious commercial transaction.
No authentication protocol based on view of trust model Trust between peers begins to mirror those real-world relationships. SMAP[1] did not consider trust model.
6
3. 3. PreliminariesPreliminaries
Key feature of peer-to-peer model[4] Discovering other peers Querying peers for resources Sharing resource with other peers
Pure peer-to-peer model
7
3. 3. Preliminaries (cont.)Preliminaries (cont.) Hybrid peer-to-peer
A simple discovery server Discovery and lookup server
Discovery, lookup, and content server
8
3. 3. Preliminaries (cont.)Preliminaries (cont.)
Well-known insecure peer-to-peer file sharing Napster[10]
Central discovery and lookup server Weak authentication
Gnutella[11] Pure p2p Provide only anonymity.
Freenet Pure p2p PGP based authentication
No legal force Retrieving user’s public key every operation
Require specific server – Key Distribution Center
9
3. 3. Preliminaries (cont.)Preliminaries (cont.)
Selective authentication scheme[1] Two main technique
Mutual authentication based on X.509 certificate Key establishment protocol based on public-key encryption
Support Anonymity Support Strong Authentication
Selective mechanism Two Procedure
Exclusion Protocol Authentication scheme is excluded. Communicate with each other (without session key)
Inclusion Protocol Mutually strong authentication is included. Communicate with each other (with time-invariant session key)
10
3. 3. Preliminaries (cont.)Preliminaries (cont.)
Protocol. Selective mutual authentication protocol (SMAP) SUMMARY: A sends B one message, and B responds with one message that
include extra selective field. And then key establishment is performed. RESULT: (according to user choice)
(1) Mutual peer authentication and time-variant session key transport with key authentication(2) Peer authentication exclusion
1. Notation. PX(y) denotes the result of applying X’s encryption public key to data y. SX(y) denotes the result of applying X’s signature private key to y. rA, rB are never re-used numbers (to detect replay and impersonation). certX is a certificate binding peer X to a public key suitable for both encryption and
signature verification. selE is a selective field that notifies peer authentication exclusion. selS is a selective field that notifies mutual peer authentication inclusion. null denotes the confirmation about communication.(without authentication) reqcert denotes more information, such as X.509 certificate, is required.
11
3. 3. Preliminaries (cont.)Preliminaries (cont.)
2. System setup. (a) Peer chooses a value of selective field. (b) Each peer has its public key pair for signatures and encryption. (c) A must acquire (and authenticate) the encryption public key of B. (This may
require additional messages and computation.)
3. Protocol messages. (An asterisk denotes items are optional.) First of all initiator must choose given two operations selE, selS.
Exclusion protocol:
A B: selE (1-E)
A B: null (2-E) Inclusion protocol: Let DA = (tA, rA, B, data1
*, PB(k1)*), DB = (tB, rB, A, rA, data2
*, PA(k2)*).
A B: selS (1-S)
A B: reqcert (2-S)
A B: certA, DA, SA(DA) (3)
A B: certB, DB, SB(DB) (4)
12
3. 3. Preliminaries (cont.)Preliminaries (cont.)
Trust Model in PGP [3] Web of trust No Legal force
Trust Values Complete trust
Fully trusted to certify others public keys Marginal trust
Marginally trusted to certify others public keys Not trusted
?
AliceAlice
CharlieCharlie BobBob
DavidDavid
13
3. 3. Preliminaries (cont.)Preliminaries (cont.)
Trust Model in PKI [5] Hierarchical Trust Model
Strict rule Cross Certificate for performance Hard to reflect trust relationship of real world
Legal Force RootRootCACA
CA4CA4 CA5CA5
CA2CA2CA1CA1 CA3CA3
CA6CA6
User DUser DUser BUser BUser CUser CUser AUser A
14
3. 3. Preliminaries (cont.)Preliminaries (cont.)
Trust Model in distributed computing [13] Propose a model for trust based on distributed
recommendations.
Consider reputation of each entity based on multi-domain
Support dynamic revocation / refresh
Propose Trust quantifying / calculation method
Trust is divided into Direct Indirect ( Recommendation )
Multiple trust value
Recommendation protocol ONLY
15
3. 3. Preliminaries (cont.)Preliminaries (cont.) Direct Trust Value semantics
Recommender Trust Value Semantics
16
3. 3. Preliminaries (cont.)Preliminaries (cont.)
Recommendation Protocol
RRQ ::= Requestor_ID, Rquest_ID, Target_ID, Categories, RequestorPKC, GetPKC, Expiry
Categories ::= SET OF {Category Name}
Recommendation ::= Requestor_ID, Request_ID, Rec_Path, [SEQUENCE OF {Recommendation_Set, TargetPKC} | NULL]
Rec_Path ::= SEQUENCE OF {Recommender_ID}Recommendation_Set ::= SET OF Recommendation_SlipRecommendation_Slip ::= SET OF SEQUENCE {Target_ID, Category_Name,
Trust_Value, Expiry}
RRQ ::= Requestor_ID, Rquest_ID, Target_ID, Categories, RequestorPKC, GetPKC, Expiry
Categories ::= SET OF {Category Name}
Recommendation ::= Requestor_ID, Request_ID, Rec_Path, [SEQUENCE OF {Recommendation_Set, TargetPKC} | NULL]
Rec_Path ::= SEQUENCE OF {Recommender_ID}Recommendation_Set ::= SET OF Recommendation_SlipRecommendation_Slip ::= SET OF SEQUENCE {Target_ID, Category_Name,
Trust_Value, Expiry}
17
3. 3. Preliminaries (cont.)Preliminaries (cont.)
Recommendation Protocol Example Alice Bob Cathy Eric
Recommender trust relationship Direct trust relationship
Request recommendation1. Alice Bob : Alice, rrqA01, Eric, [Car_Service], T, 200112312. Bob Cathy : Bob, rrqB01, Eric, [Car_Service], T, 200112313. Cathy Bob : Bob, rrqB01, [Cathy], [ (Eric, Car_Service, 3, 20011231) ]4. Bob Alice : Alice, rrqA01, [Cathy, Bob], [ (Eric, Car_Service, 3, 20011231) ] , PKERIC
If change trustworthy,5. Cathy Bob : [Cathy], [ (Eric, Car_Service, 1, 20011231) ]6. Bob Alice : [Cathy, Bob], [ (Eric, Car_Service, 1, 20011231) ]
Request recommendation1. Alice Bob : Alice, rrqA01, Eric, [Car_Service], T, 200112312. Bob Cathy : Bob, rrqB01, Eric, [Car_Service], T, 200112313. Cathy Bob : Bob, rrqB01, [Cathy], [ (Eric, Car_Service, 3, 20011231) ]4. Bob Alice : Alice, rrqA01, [Cathy, Bob], [ (Eric, Car_Service, 3, 20011231) ] , PKERIC
If change trustworthy,5. Cathy Bob : [Cathy], [ (Eric, Car_Service, 1, 20011231) ]6. Bob Alice : [Cathy, Bob], [ (Eric, Car_Service, 1, 20011231) ]
18
3. 3. Preliminaries (cont.)Preliminaries (cont.)
Trust Quantifying & Computation
Computing Trusttvp(T) = tv(R1)/4 X tv(R2)/4 X … X tv(Rn)/4 X rtv(T)Where
tv(Ri) : recommenders trust valuertv(T) : The recommended trust value of target T given in the recommendationtvp(T) : The trust value of target T derived from recommendation received through return path p.
tv(T) = Average (tv1(T), … , tvp(T))
Ex)tv1(Eric) = tv(Bob)/4 X tv(Cathy)/4 X rtv(Eric) = 2/4 X 3/4 X 3 = 1.125tv2(Eric) = 2.500tv(Eric) = Average( tv1(Eric), tv2(Eric)) = Average( 1.125, 2.500 ) = 2.375
Computing Trusttvp(T) = tv(R1)/4 X tv(R2)/4 X … X tv(Rn)/4 X rtv(T)Where
tv(Ri) : recommenders trust valuertv(T) : The recommended trust value of target T given in the recommendationtvp(T) : The trust value of target T derived from recommendation received through return path p.
tv(T) = Average (tv1(T), … , tvp(T))
Ex)tv1(Eric) = tv(Bob)/4 X tv(Cathy)/4 X rtv(Eric) = 2/4 X 3/4 X 3 = 1.125tv2(Eric) = 2.500tv(Eric) = Average( tv1(Eric), tv2(Eric)) = Average( 1.125, 2.500 ) = 2.375
19
4. 4. Proposed SchemeProposed Scheme Trust model RootRoot
CACA
CA1CA1 CA2CA2
SysopSysopPeerPeer
ServiceProvider
ServiceProvider
ServiceProvider
Community 1
PeerPeer
PeerPeer
PeerPeer
PeerPeer PeerPeer
PeerPeer
PeerPeerPeerPeer
PeerPeer
PeerPeer
PeerPeerPeerPeer
PeerPeer
PeerPeer
PeerPeer
PeerPeer
SysopSysop Community 2SysopSysop
……
…
…
…
……
…
HierarchicalModel
Web of Trust
20
4. 4. Proposed Scheme (cont.)Proposed Scheme (cont.)
Multiple Selective Mutual Authentication Protocol(MSMAP) Overview
Based on SMAP[1] Hybrid Trust Multiple Selective Mutual Authentication under view of hybrid trust Use the result of trust value computation
Assume that Standard P2P Protocol is established All peer CAN communicate with each other
Result of trust value computation tv(peer) < 0 refuse all process0 ≤ tv(peer) < 1.5 request formal certificate from CA1.5 ≤ tv(peer) < 3 request informal certificate from Service Provider3 ≤ tv(peer) ≤ 4 request self-signed certificate (Public Key)
Result of trust value computation tv(peer) < 0 refuse all process0 ≤ tv(peer) < 1.5 request formal certificate from CA1.5 ≤ tv(peer) < 3 request informal certificate from Service Provider3 ≤ tv(peer) ≤ 4 request self-signed certificate (Public Key)
21
4. 4. Proposed Scheme (cont.)Proposed Scheme (cont.)
SUMMARY: A sends B one message, and B responds with one message that include extra selective field. After B request recommendation to peers and then key establishment is performed.
RESULT: (according to user choice)(1) Mutual peer authentication and time-variant session key transport with key authentication using different source of certificate based on trustworthy.(2) Peer authentication exclusion
1. System setup. (a) Peer chooses a value of selective field. (b) Peer request and response recommendation to other peers (c) Each peer has its public key pair for signatures and encryption. (d) A must acquire (and authenticate) the encryption public key of B. (This may
require additional messages and computation.)
Multiple Selective mutual authentication protocol (MSMAP)Multiple Selective mutual authentication protocol (MSMAP)Multiple Selective mutual authentication protocol (MSMAP)Multiple Selective mutual authentication protocol (MSMAP)
22
4. 4. Proposed Scheme (cont.)Proposed Scheme (cont.)2 . Notation.
PX(y) denotes the result of applying X’s encryption public key to data y. SX(y) denotes the result of applying X’s signature private key to y. rA, rB are never re-used numbers (to detect replay and impersonation). certX is a certificate binding peer X to a public key suitable for both encryption and
signature verification. selE is a selective field that notifies peer authentication exclusion. selS is a selective field that notifies mutual peer authentication inclusion. null denotes the confirmation about communication.(without authentication) reqFcert denotes more information, such as X.509 certificate from legal CA, is
required. reqIcert denotes more information, such as informal certificate from service provider,
is required. reqScert denotes more information, such as self-signed certificate, is required. peers are arbitrary peers between community members refuse denote that stop all mutual authentication process. So it means refuse
communication with that peer
23
4. 4. Proposed Scheme (cont.)Proposed Scheme (cont.)
3. Protocol messages. (An asterisk denotes items are optional.) First of all initiator must choose given two operations selE, selS. Exclusion protocolExclusion protocol:
A B: selE (1-E)A B: null (2-E)
Inclusion protocolInclusion protocol: Let DA = (tA, rA, B, data1
*, PB(k1)*), DB = (tB, rB, A, rA, data2
*, PA(k2)*).
A B : selS (1-S)peers B : Request trust recommendation (2-S)peers B : Recommendation result (3-S)
computing trustA B : refuse when tv(peer) < 0 (4-S)
reqFcert when 0≤ tv(peer) < 1.5
reqIcert when 1.5 ≤ tv(peer) < 3
reqScert when 3 ≤ tv(peer) ≤ 4
A B : certA, DA, SA(DA) (5)
A B : certB, DB, SB(DB) (6)
24
5. Comparison5. Comparison
25
6. 6. ConclusionConclusion
P2P computing rapidly span. Lack of security of P2P Proposed Multiple Selective Mutual Authentication
Protocol (MSMAP) support Strong authentication Legal force Real trust relationships Anonymity Cost effective
Future Work Formalized trust quantifying and calculation are needed Span the proposed scheme generally.
26
7. 7. ReferencesReferences [1] Hyun-rok Lee “Selective mutual authentication scheme for peer-to-peer system.”
2001 Spring semester Modern cryptology term paper in ICU [2] P2P Working Group Homepage “http://www.peer-to-peerwg.org/whatis/index.html” [3] P.Zimmermann, “Why do you need PGP ?” “http://www.pgpi.org/doc/whypgp/en” [4] Lance Olson .NET P2P: Writing Peer-to-Peer Networked Apps with the Microsoft .NET
Framework, MSDN magazine 2001.2. [5] R.Perlman, “An Overview of PKI Trust Models,” IEEE Network Magazine, 1999 [6] Soribada Homepage “http://www.soribada.com” [7] Open4u Homepage “http://www.open4u.co.kr” [8] CuteMX Homepage “http://www.cutemx.com” [9] Aimster Homepage “http://www.aimster.com” [10] Napster Homepage “http://www.napster.com” [11] Gnutella Homepage “http://gnutella.wego.com” [12] Freenet Homepage “http://freenet.sourceforge.net” [13] Alfarez Abdul-Rahman and Stephen Hailes, “A Distributed Trust Model”
Proceedings of the workshop on New security paradigms workshop, 1997, Pages 48 – 60 [14] Alfred J. Manezes, Paul C.van Oorschot, Scott A. Vanstone, Handbook of Applied
Cryptography, CRC press [15] W. Stallings, Cryptography and Network Security, Prentice Hall, 1999