Nikos Fotiou, George C. Polyzos -...
Transcript of Nikos Fotiou, George C. Polyzos -...
![Page 1: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/1.jpg)
Securing Content Sharing over ICN
Nikos Fotiou, George C. [email protected], [email protected]
Mobile Multimedia Laboratory, Department of Informatics
School of Information Sciences and TechnologyAthens University of Economics and Business
113 62 Athens, Greece
http://mm.aueb.gr/
![Page 2: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/2.jpg)
At a glance
• We consider a network of storage nodes
interconnected using an ICN network
• Content owners store content items in storage nodes
in order to share them with subscribers
• We provide
– Content confidentiality using Identity-Based Encryption
– Low overhead per user using Proxy Re-Encryption
– Protection against malicious proxies
– Subscriber authentication and
– A novel form of storage node authentication
![Page 3: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/3.jpg)
BACKGROUND
![Page 4: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/4.jpg)
Identity-Based Encryption
• A public key encryption scheme in which an
arbitrary string can be used as a public key
• Keys are generated by a Private Key Generator
(PKG)
– Key escrow problem
![Page 5: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/5.jpg)
Identity-based encryption
![Page 6: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/6.jpg)
Identity-based encryption
System
Parameters
(SP)
Public!
(k)
Master Secret Key
![Page 7: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/7.jpg)
Identity-based encryption
![Page 8: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/8.jpg)
Identity-based encryption
![Page 9: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/9.jpg)
Identity-based encryption
![Page 10: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/10.jpg)
Identity-based encryption
![Page 11: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/11.jpg)
Proxy Re-Encryption
• A semi-trusted proxy
– is allowed to alter a ciphertext
– encrypted with the public key of user A
– in a way that another user B can decrypt it
• The proxy learns nothing about the plaintext
or the secret keys of the user
![Page 12: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/12.jpg)
Identity-based Proxy Re-Encryption*
* Our system uses M. Green, G. Ateniese, “Identity-Based Proxy Re-encryption,” in Applied Cryptography and
Network Security, Katz, J., Yung, M. (eds.), Lecture Notes in Computer Science, vol. 4521, pp. 288-306, 2007
![Page 13: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/13.jpg)
Identity-based proxy re-encryption
![Page 14: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/14.jpg)
Identity-based proxy re-encryption
![Page 15: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/15.jpg)
Identity-based proxy re-encryption
![Page 16: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/16.jpg)
SYSTEM DESIGN
![Page 17: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/17.jpg)
Entities
Known
![Page 18: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/18.jpg)
First construction
• Content owners encrypt items using
symmetric encryption and a key K
– Each item is encrypted with a different key
• Each key is encrypted using IBE with the
identity of the content owner as key
![Page 19: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/19.jpg)
First construction
![Page 20: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/20.jpg)
First construction
![Page 21: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/21.jpg)
First construction
![Page 22: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/22.jpg)
Content request
![Page 23: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/23.jpg)
Content request
![Page 24: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/24.jpg)
Content request
![Page 25: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/25.jpg)
Content request
![Page 26: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/26.jpg)
Content request
![Page 27: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/27.jpg)
Content request
![Page 28: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/28.jpg)
Content request
![Page 29: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/29.jpg)
We need trusted proxies
• … a malicious proxy can use a re-encryption
key no matter whether the user is authorized
or not to access a content item
![Page 30: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/30.jpg)
Second construction
• Content owners encrypt items using
symmetric encryption and a key K
– Each item is encrypted with a different key
• Each key is encrypted using IBE with the
name of the policy that protects the item
as key
![Page 31: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/31.jpg)
Second construction
![Page 32: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/32.jpg)
Second construction
![Page 33: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/33.jpg)
Second construction
![Page 34: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/34.jpg)
Content request
![Page 35: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/35.jpg)
Content request
![Page 36: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/36.jpg)
Content request
![Page 37: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/37.jpg)
Content request
![Page 38: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/38.jpg)
Trust to proxies is relaxed
• … a re-encryption key can be used only for
authorized users
![Page 39: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/39.jpg)
Security properties
Does
• Content confidentiality is
protected
• If content confidentiality is
the only requirement then
no further mechanisms are
required
– Even if a subscriber lies about
his identity he won’t be able
to decrypt the file
Does NOT
• Authenticate subscribers
-> May result in unnecessary
transmissions, re-encryptions
• Authenticate the storage
node
-> Possible privacy risk
• Secure the communication
channel
-> Possible privacy risk
![Page 40: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/40.jpg)
Endpoints authentication
and secure channel setup*
• It leverages existing IBE mechanisms
• It provides subscriber authentication
• It enables the creation of an ephemeral
symmetric encryption key
• It provides a proof that a storage node is
authorized to store a particular content item
* High level description
![Page 41: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/41.jpg)
Endpoints authentication and secure
channel setup
• Let F be the name of a content item
• Content owner generates SKF and stores it in
the proxy
• A subscriber encrypts using IBE and F as key,
some D-H key exchange parameters
• Only “authorized” nodes are able to decrypt
the parameters and proceed with the D-H key
establishment
![Page 42: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/42.jpg)
DISCUSSION
![Page 43: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/43.jpg)
Performance considerations
Storage overhead
– size of SP: 2048 bits
– size of CID(key): 2048 bits
– size of re-encryption key: 3027 bits
Computational overhead
– encryption of key: 40 ms
– re-encryption key creation: 20 ms
– re-encryption of a ciphertext: 31 ms
– decryption of a ciphertext: 28 ms
Python-based implementation in a single core of an Intel i5-4440 3.1 GHz processor and
with 2GB of RAM with security equivalent to RSA 1024 bits and 128 bit symmetric keys
![Page 44: Nikos Fotiou, George C. Polyzos - conferences.sigcomm.orgconferences.sigcomm.org/acm-icn/2016/slides/Session5/fotiou.pdf · Nikos Fotiou, George C. Polyzos fotiou@aueb.gr, polyzos@acm.org](https://reader033.fdocuments.net/reader033/viewer/2022041609/5e369a42b18f3700f8153983/html5/thumbnails/44.jpg)
Per user PKG vs. (almost) Global PKG
Per user PKG
+ When a private key is lost
updating SP is enough
+ No key escrow
- Need for SP storage
- Need for SP resolution
– some keys share the same SP,
e.g., same owner keys
Global PKG
+ No need for SP retrieval
+ No need for SP storage
- When a private key is lost
identity needs to change
- Key escrow problem