Efficient Fault-Tolerant Certificate Revocation Rebecca Wright Patrick Lincoln Jonathan Millen AT&T Labs SRI International.

Slides:

Advertisements

Similar presentations

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.

Advertisements

Chapter 14 – Authentication Applications

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CS3771 Today: deadlock detection and election algorithms  Previous class Event ordering in distributed systems Various approaches for Mutual Exclusion.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

CS 603 Handling Failure in Commit February 20, 2002.

A responsibility based model EDG CA Managers Meeting June 13, 2003.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Bridging. Bridge Functions To extend size of LANs either geographically or in terms number of users. − Protocols that include collisions can be performed.

TORA! TORA! TORA! By Jansen Cohoon. Developing TORA TORA was funded by the Army Research Laboratory. TORA is presently being transitioned into the commercial.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

1/14 Ad Hoc Networking, Eli M. Gafni and Dimitri P. Bertsekas Distributed Algorithm for Generating Loop-free Routes in Networks With Frequently.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

Scribe: A Large-Scale and Decentralized Application-Level Multicast Infrastructure Miguel Castro, Peter Druschel, Anne-Marie Kermarrec, and Antony L. T.

Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

Lesson 1: Configuring Network Load Balancing

CS401 presentation1 Effective Replica Allocation in Ad Hoc Networks for Improving Data Accessibility Takahiro Hara Presented by Mingsheng Peng (Proc. IEEE.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

1 Lecture 11 Public Key Infrastructure (PKI) CIS CIS 5357 Network Security.

Copyright © 2008, CIBER Norge AS 1 Using eID and PKI – Status from Norway Nina Ingvaldsen and Mona Naomi Lintvedt 22 nd October 2008.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 7 Spanning Tree Protocol.

Network Layer (3). Node lookup in p2p networks Section in the textbook. In a p2p network, each node may provide some kind of service for other.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Network Layer4-1 R1 R2 R3R4 source duplication R1 R2 R3R4 in-network duplication duplicate creation/transmission duplicate Broadcast Routing r Deliver.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking BGP, Flooding, Multicast routing.

1 A Mutual Exclusion Algorithm for Ad Hoc Mobile networks Presentation by Sanjeev Verma For COEN th Nov, 2003 J. E. Walter, J. L. Welch and N. Vaidya.

Overcast: Reliable Multicasting with an Overlay Network CS294 Paul Burstein 9/15/2003.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

A Graph Transformation System Model of Reliable Dynamic Communication Networks for Location Transparent Mobile Agents M. Kurihara (Hokkaido Univ., Japan)

IHEP Grid CA Status Report Gongxing Sun 5 th F2F Meeting 16 Sep Computer Center, IHEP,CAS,China.

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Security fundamentals Topic 5 Using a Public Key Infrastructure.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 7 Spanning Tree Protocol.

1 Version 3.0 Module 7 Spanning Tree Protocol. 2 Version 3.0 Redundancy Redundancy in a network is needed in case there is loss of connectivity in one.

A Framework for Reliable Routing in Mobile Ad Hoc Networks Zhenqiang Ye Srikanth V. Krishnamurthy Satish K. Tripathi.

A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.

LDAP for PKI Problems Cannot search for particular certificates or CRLs Cannot retrieve particular certificates or CRLs.

1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.

CIS 825 Review session. P1: Assume that processes are arranged in a ring topology. Consider the following modification of the Lamport’s mutual exclusion.

CS 6401 Intra-domain Routing Outline Introduction to Routing Distance Vector Algorithm.

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

1 Roie Melamed, Technion AT&T Labs Araneola: A Scalable Reliable Multicast System for Dynamic Wide Area Environments Roie Melamed, Idit Keidar Technion.

Chapter 11. Chapter Summary  Introduction to trees (11.1)  Application of trees (11.2)  Tree traversal (11.3)  Spanning trees (11.4)

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

Public Key Distribution Network (PKDN) for DTN Security Key Management IETF95 DTN Working Group Meeting

Key management issues in PGP

Presented by Edith Ngai MPhil Term 3 Presentation

CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers By Kartik Patel.

Cryptography and Network Security

ECE 544 Protocol Design Project 2016

Distributed Peer-to-peer Name Resolution

Intradomain Routing Outline Introduction to Routing

Digital Certificates and X.509

Presentation transcript:

Efficient Fault-Tolerant Certificate Revocation Rebecca Wright Patrick Lincoln Jonathan Millen AT&T Labs SRI International

Public Key Certificate Revocation Reasons for revocation: Key compromise or loss Change of employment or status Revocation certificate or notice - single ID of invalid certificate Signed by owner or introducer Available in PGP for web of trust Certificate revocation list (CRL) - multiple List of serial numbers of revoked certificates Signed by CA that authorized the certificates Either one must be distributed to relying parties

Owner ServerUser Certificate Owner User Certificate Forwarding - Web of Trust

Depender Graph Model Graph: nodes and directed edges One depender graph for each certificate Graph nodes are certificate holders Graph edges are communication links on which certificates are forwarded Owner of certificate is the graph root Graph is acyclic node edge

Parents and Dependers A B A is a parent of B B is a depender on A

Forwarding Revocation Notices Owner ServerUser Revocation Notice ? ? ? ? First problem: remember to whom the certificate was sent

Non-Redundant Depender Graph Owner ServerUser Revocation Notice - Just like forwarding graph - But what if a node fails? User

Temporary Failure Owner ServerUser Revocation Notice - Some users are not notified - Solution: redundant paths User

Owner ServerUser Theorem: k -1 node failures cannot disconnect any body node Flooding protocol: send revocations to all dependers k parents per body node Example, k = 2 ROOT NODE User k-Redundant Depender Graph (k-RDG)

Depender Graph Construction Construct k-RDG by adding nodes one at a time, starting with root and its dependers Assume each new node can support k dependers More is possible but not required New node added in relation to existing node Nodes have neighbor addresses only k parents must be found... how?

Finding Parents Definition: a node is “available” if its maximum number of dependers has not been allocated Theorem: any k available nodes can be used as the parents of a new node (A poor choice cannot prevent future nodes from being added) Theorem: there are k available nodes below any set of k nodes

Given start set of k nodes If each has an available slot, we are done Else one node has k dependers - use them as new start set recursively Procedure must terminate in finite acyclic graph Proof: Existence of k Available Nodes This is the basis of a protocol for parent search Start set: parents of attachment node Better: use highest available nodes to minimize average path length for forwarding

Finding k Parents 1. Identify attachment node 2. Start with its parents 3. Find available nodes below them

Example: “Triangular” Graph For k = 3

Reconfiguration After Permanent Failure After permanent failures Neighbor (parent, depender) information in each node is duplicated in one parent (or child?) Role of failed node is taken over by one of: last node added next node added a depender (recursive call to replace depender) But how is a failure detected? Unnecessary replacement is OK, restore node as new

Other Issues Protocol design issues Minimization of path length Updating revived nodes Reconfiguration around failed nodes Structure sharing over multiple certificates Multiple root (revocation) authority (in case of lost key, failure of owner, or higher authority) Realistic use of servers Edge failures Underlying network failures may disable many edges Other applications Certificate updates, re-keying, reliable multicast