Scalability in a Secure Distributed Proof System Kazuhiro Minami and David Kotz May 9, 2006 Institute for Security Technology Studies Dartmouth College
Institute for Security Technology Studies, Dartmouth College1 Context-sensitive authorization Consider a requester’s context (e.g., location) to make an authorization decision –Support unregistered users –Non-intrusive access to resources Authorization system Request Granting decision (TRUE or FALSE) Context information
Institute for Security Technology Studies, Dartmouth College2 Emergency response system First responder Situation monitor server Request Responder assistance Critical incident Access is granted if a requester is located at the scene, and holds the role ``fire fighter.’’ Context-sensitive authorization policy
Institute for Security Technology Studies, Dartmouth College3 Logic-based approach Inference engine Authorization Server ?grant(Bob) TRUE Knowledge base Proof Tree Rules Facts
Institute for Security Technology Studies, Dartmouth College4 Secure distributed proof system [Minami and Kotz 2005] Host A Host B Host C Sub-Proof Tree Sub-Proof Tree Sub-Proof Tree Authorization Query Logical Query Protect confidential rules and facts in each host Proof decomposition on multiple hosts Each host returns an encrypted result (or subproof)
Institute for Security Technology Studies, Dartmouth College5 Performance consideration Handling a query could involve long latency –Cryptographic operations –Transmission of data over a network Can we build a practical system with reasonable performance?
Institute for Security Technology Studies, Dartmouth College6 Caching and revocation Speed –Reduce average latency for handling a query Freshness –Keep cached information fresh Fault tolerance –Not give unauthorized access based on stale cached information
Institute for Security Technology Studies, Dartmouth College7 Caching mechanism In many pervasive applications, users access a same resource continuously Can avoid issuing subsequent queries with caching Support both positive and negative caching
Institute for Security Technology Studies, Dartmouth College8 Positive and negative caching A fact that is proven goes to the positive KB. Positive KB Negative KB Inference engine ?loc(Bob, room12) TRUE loc(Bob,room12) Host A Host B
Institute for Security Technology Studies, Dartmouth College9 Positive and negative caching A fact that is not provable is stored in the negative KB. Positive KB Negative KB Inference engine ?loc(Alice, room12) FALSE loc(Bob,room12) Host A Host B loc(Alice,room12)
Institute for Security Technology Studies, Dartmouth College10 Capability-based revocation Some facts in a proof are dynamic Multiple hosts can revoke cached information A query result contains a capability (random number) Each host maintains dependencies among local and remote facts
Institute for Security Technology Studies, Dartmouth College11 Capability-based revocation H0H0 H3H3 H2H2 H1H1 ?loc(bob, hospital) (TRUE, c 2 ) (TRUE, c 3 ) ?owner(bob, pda11) ?loc(pda11, hospital) (TRUE, c 1 ) Positive KB owner(bob, pda11), c 2 loc(pda11, hospital), c 3 Positive KB loc(bob, hospital), c 1
Institute for Security Technology Studies, Dartmouth College12 Capability-based revocation H0H0 H3H3 H2H2 H1H1 c3c3 Positive KB owner(bob, pda11), c 2 loc(pda11, hospital), c 3 Positive KB loc(bob, hospital), c 1 c1c1
Institute for Security Technology Studies, Dartmouth College13 Semantics of revocation Positive KB Negative KB Revocation handler loc(Bob,room12), C 1 Host A Host B loc(Alice,room12), C 2 C1C1
Institute for Security Technology Studies, Dartmouth College14 Semantics of revocation Positive KB Negative KB Revocation handler Host A Host B loc(Alice,room12), C 2 C2C2
Institute for Security Technology Studies, Dartmouth College15 Semantics of revocation Positive KB Negative KB Revocation handler Host A Host B loc(Alice,room12), C 2 We cannot use the same capability c2c2 Adversary
Institute for Security Technology Studies, Dartmouth College16 Semantics of revocation Positive KB Negative KB Revocation handler Host A Host B Adversary
Institute for Security Technology Studies, Dartmouth College17 Additional measures for revocation Establish a secure channel for sending revocation messages Generate a new capability for switched cached information
Institute for Security Technology Studies, Dartmouth College18 Evaluation Is our system scalable to a large number of servers? Does our revocation mechanism keep cached information fresh?
Institute for Security Technology Studies, Dartmouth College19 Experiment to measure latency for handling a query Measure latency for handling a query whose proof spans across 27 different hosts in a cluster.
Institute for Security Technology Studies, Dartmouth College20 Comparison of latency for handling a query Latency (ms) Number of nodes in a proof tree No caching with RSA No caching with TDES Cold caching Warm caching Local processing With RSA public-key encryption
Institute for Security Technology Studies, Dartmouth College21 Comparison of latency for handling a query Latency (ms) Number of nodes in a proof tree No caching with RSA No caching with TDES Cold caching Warm caching Local processing With TDES encryption
Institute for Security Technology Studies, Dartmouth College22 Comparison of latency for handling a query Latency (ms) Number of nodes in a proof tree No caching with RSA No caching with TDES Cold caching Warm caching Local processing Exclude latency for initial queries
Institute for Security Technology Studies, Dartmouth College23 Comparison of latency for handling a query Latency (ms) Number of nodes in a proof tree No caching with RSA No caching with TDES Cold caching Warm caching Local processing All the policies and facts in a single host
Institute for Security Technology Studies, Dartmouth College24 Latency for revoking cached information Cluster Test driver query host 0 host 1 host n... Event Generator Event Revocation messages Notification Measure round-trip latency of a revocation message
Institute for Security Technology Studies, Dartmouth College25 Latency for revoking cached information Depth of a proof tree and #hosts Latency (ms)
Institute for Security Technology Studies, Dartmouth College26 Summary Novel caching and revocation mechanisms for a secure distributed proof system Positive and negative caching that minimize the number of remote queries Recursive revocation in a distributed environment The amortized performance of our system scales to dozens of servers
Institute for Security Technology Studies, Dartmouth College27 Thank you! Fore related papers For other projects in our group
Institute for Security Technology Studies, Dartmouth College28 Extra slides
Institute for Security Technology Studies, Dartmouth College29 Semantics of negative revocation A revoked negative fact moves to the positive KB Cannot reuse the same capability A revocation message must contain a new capability encrypted with a secret key.
Institute for Security Technology Studies, Dartmouth College30 Implementation 12,000+ lines of code in Java –based on XProlog (3,800 lines of code) Java Cryptographic Extension (JCE) –RSA public-key operations key length: 1024 bits public exponent: MD5 for signing –TDES symmetric-key operations Outer-CBC in EDE mode key length: 192 bits (3 keys)
Institute for Security Technology Studies, Dartmouth College31 Crypto. parameters RSA public-key operations –key length: 1024 bits –public exponent: –EME-PKCS1-v1_5 padding method –MD5 for signing TDES operations –key length: 192 bits (3 keys) –Outer-CBC in EDE mode
Institute for Security Technology Studies, Dartmouth College32 Experiment of measuring latency for handling a query 27-node (2.8GHz Intel XEONs) cluster with Gigabit Ethernet Java Runtime version1.5.0 on RedHat Linux 9 host Policy Generator KB #nodes in a proof rules & facts
Institute for Security Technology Studies, Dartmouth College33 Experiment of measuring latency for handling a query Test driver query host Event Generator KB proof Events 20 events per second for each fact 10 sets of 10 different queries
Institute for Security Technology Studies, Dartmouth College34 Measurements for revoking cached information Cluster Test driver query host 0 host 1 host n... Event Generator Event Revocation messages Notification Measure round-trip latency of a revocation message
Institute for Security Technology Studies, Dartmouth College35 Related Work Context-sensitive authorization systems [ Al-Muhtadi03, Bacon02, Covington01, Hulsebosch05, Kapadia04, Males03 ] –Centralized architecture Distributed logic system [Ranganathan03] –No caching Caching in a distributed logic system [Bauer05,Katsire03] –No revocation mechanism