SeCol: Secure Collaborative Applications using Group Communication and Publish/Subscribe Systems
Himanshu KhuranaNCSA
Project Overview
Goal: develop novel security solutions that minimize trust liabilities in messaging infrastructures
Dates: Sep 1, 2005 - Aug 31, 2006
Budget: $200k
Personnel Himanshu Khurana (PI) Rakesh Bobba (Security Engineer) Weiting Cao (PhD Student) Radostina Koleva (Consultant)
Introduction
Collaborative applications need a messaging infrastructure
E.g., conferencing uses group communication, tickers (stock, news, game-score) uses pub/sub
Widespread use requires secure messaging infrastructures
Integrity and authentication typically provided via CA/PKI Works but imposes certificate distribution/revocation
problems Confidentiality provided by trusted servers
Servers bear significant trust liability of maintaining confidentiality of messages and keys
E.g., group controllers store long term and session keys Availability provided via replication
However, replicating keys makes the system insecure
Introduction
Challenges for minimizing trust liability Infrastructure servers must not be able to access
messages However, servers often need to process these messages
Solution should not require establishment of keys between collaborating entities
O(n2) problem and, furthermore, does not take advantage of the presence of the messaging infrastructure
Solution must scale to support a large number of users
Approach Explore novel proxy encryption techniques to address the
problem Convert ciphertext between keys without access to plaintext
Use techniques to design secure messaging infrastructures Group communication and Publish/Subscribe infrastructures
Secure Group Communication (SGC)
SGC needed to support many military and commercial applications; e.g.,
Conferencing (Video and/or Audio), Command-and-Control Systems, Interactive Distance-Learning
Group Key Management (GKM) cornerstone of SGC Involves distribution of symmetric key to group members Must be efficient and scalable
Shared key changed every time a member joins/leaves group Existing GKM Schemes
Logical Key Hierarchies (LKH) using Group Controllers (GC)
Advantage: Very efficient, constant number of rounds Drawback: GC is completely trusted
Decentralized or Contributory Schemes Advantage: Does not involve a GC Drawback: Scale poorly
TASK - Tree-based w/ Asymmetric Split Keys
Efficient and Scalable Log(n) computation and storage Log(n) message size, constant number of
communication rounds Partially Trusted GC
GC does not store encryption keys Confidentiality maintained even if GC is compromised Therefore, GC no longer single point of security failure
Instead, GC uses proxy encryption to transform messages between members for key establishment
Simpler recovery from GC compromise Assumptions
GC and a member are not simultaneously compromised
Difference between LKH & TASK
Goals for Y3
Complete development and testing of prototype
9000+ lines code written and partially tested Extend prototype
For wireless communication using Elliptic Curve Cryptography
Compatibility with other reliable messaging solutions such as NORM (NRL)
Address collusion problem Simultaneous compromise of member and GC
reveals GKEK Explore improvements to proxy encryption (known
problem) as well as alternatives
Introduction to Pub/Sub
B
PB
SB
PB
PB
PB
PB
SB
SBSB
B
B
B
B
B
B
B
B
B
B
B
PB
SB
B
BBorder Broker
Broker Publisher
Subscriber
Pub/Sub Infrastructure (e.g., Gryphon, Siena)
• Applications: software updates, location-based services, supply chain management, traffic control, and stock quote dissemination• Three types: Topic-based, type-based, and content-based
• Content-based considered to be the most general
Security Challenges Addressed for Content-Based Pub/Sub Systems (CBPS)
Confidentiality, integrity, and authentication of events
Deliver information to authorized subscribers
Usage-based accountingE.g., for stock quote dissemination
Solution Highlights Strong adversarial model: PBs & SBs don’t trust broker network
Adversary has access to CBPS network traffic and will attempt to Violate confidentiality of events by observing them Violate integrity and authentication by inserting/modifying fake
events and subscriptions No security associations (e.g. keys) needed between PBs and
SBs No modifications needed to existing matching & routing
algorithms Scales to support an Internet-scale pub/sub infrastructure
Confidentiality Adversary has access to network traffic contents
cannot be disclosed to brokers
One approach: perform computations on encrypted data
Difficult to implement in practice Require modifications to matching and routing techniques
Observation Only selected parts of an event’s content need to be
confidential Matching and routing can be accomplished without these parts
Our Approach Encode events in XML documents Selectively encrypt sensitive parts of events
Use Bertino and Ferrari’s XML document dissemination techniques Distribute keys to authorized subscribers
Using Jakobsson’s proxy encryption techniques
Confidentiality Examples
Encrypted PackagesCleartext Event Contents
Message: id 100<?xml?><stock><symbol>YHOO</symbol><price> 70.2 </price><open>50</open><volume>10000</volume></stock>
Message: id 100<?xml?><stock><symbol>YHOO</symbol><price> Ek(70.2) </price><open>50</open><volume>10000</volume></stock>
Encrypt
Message: id 200<?xml?><gamescore><date>8/5/04</date><teams>NY-CA</teams><score>10-3</score></gamescore>
Message: id 200<?xml?><gamescore><date>8/5/04</date><teams>NY-CA</teams><score>Ek(10-3)</score></gamescore>
Encrypt
EncPK(k)
EncPK(k)
Ek() symmetric key encryption (e.g., AES) using key kEncPK() El Gamal public key encryption using key PK
Distributing Keys to Authorized Subscribers
PB SB
1 2 3 n
Proxy Security and Accounting Service (PSAS)
…
n servers with t of n threshold key sharing of KPS
BorderBroker
B2
BorderBroker
B1
…
brokernetwork
Register/Publish
Transform
Register/Receive
For each EG decryption key (KPS, PKPS): Kps = KPSi where KPSi is a key share held by any server
i=1
t
RSA Signature Key (KPS, PKPS): Kps = KPSi where KPSi is a key share held by any coordinator
i=1
m
cl
l coordinators with m of l sharing of KPS
c1 c2…
Goals for Y3
Complete scalability analysis A single PSAS can support 10s of thousands of
subscribers
Address potential leakage of sensitive event contents
Formal security analysis of solution
Implementation of prototype Leverage existing pub/sub systems
Siena, supports XML encoding of events Leverage existing threshold cryptographic libraries
CODEX, leverages COCA
Questions?
Himanshu Khurana and Radostina Koleva, “Scalable Security and Accounting Services in Content-based Publish/Subscribe Systems”, International Journal of E-Business Research, to appear, 2006.
Himanshu Khurana, “Scalable Security and Accounting Services in Content-based Publish/Subscribe Systems”, in proceedings of the E-Commerce Track of the ACM Symposium on Applied Computing (SAC), March 2005.
Himanshu Khurana, Rafael Bonilla, Adam Slagell, Raja Afandi, Hyung-Seok Hahm, and Jim Basney, “Scalable Group Key Management with Partially Trusted Controllers”, in the International Conference on Networking, Reunion Island, April 2005.
Himanshu Khurana, Luke St. Clair, and Weiting Cao, “Scalable Group Key Management with Partially Trusted Controllers”, in preparation for submission to the Journal of Communication and Networking.
Top Related