Security Mechanisms and Key Refresh for P2PSIP Overlays draft-birkos-p2psip-security-key-refresh-00 Konstantinos Birkos University of Patras, Greece

Slides:



Advertisements
Similar presentations
U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.
Advertisements

Service Bus Service Bus Access Control.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Chapter 14 – Authentication Applications
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Call Server LIS VPC ESGW SR Manhattan PSAP LO=Wall St Route=Manhattan PSAP The Location Object (LO) is provided in the call setup information to the Call.
SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.
Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Key Establishment Protocols for Secure Mobile Communications A. Aziz and W. Diffie, “Privacy and Authentication for Wireless Local Area Networks”, IEEE.
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Chapter 8 Web Security.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
Domain Name System Security Extensions (DNSSEC) Hackers 2.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Privacy-Preserving P2P Data Sharing with OneSwarm -Piggy.
Secure Electronic Transaction (SET)
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cryptography, Authentication and Digital Signatures
PRIVACY PRESERVING SOCIAL NETWORKING THROUGH DECENTRALIZATION AUTHORS: L.A. CUTILLO, REFIK MOLVA, THORSTEN STRUFE INSTRUCTOR DR. MOHAMMAD ASHIQUR RAHMAN.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
MagicNET: Security System for Protection of Mobile Agents.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Problems in using HIP for P2PSIP Philip Matthews Avaya
Csci5233 computer security & integrity 1 Cryptography: an overview.
Digital Signatures, Message Digest and Authentication Week-9.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
ECE509 Cyber Security : Concept, Theory, and Practice Key Management Spring 2014.
THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Protocol Requirements draft-bryan-p2psip-requirements-00.txt D. Bryan/SIPeerior-editor S. Baset/Columbia University M. Matuszewski/Nokia H. Sinnreich/Adobe.
P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao
The NAT Traversal Problem in P2PSIP Bruce Lowekamp (SIPeerior) Philip Matthews (Avaya)
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System Aameek Singh, Ling Liu College of Computing, Georgia Tech International.
Key Management Network Systems Security Mort Anvari.
The eXtensible Peer Protocol (XPP) Emil Ivov - Enrico Marocco –
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Fall 2006CS 395: Computer Security1 Key Management.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
Cryptography CSS 329 Lecture 13:SSL.
A Security Framework for ROLL draft-tsao-roll-security-framework-00.txt T. Tsao R. Alexander M. Dohler V. Daza A. Lozano.
1 Managing Security Additional notes. 2 Intercepting confidential messages Attacker Taps into the Conversation: Tries to Read Messages Client PC Server.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Confidentiality Using Symmetric Encryption Chapter 7.
LOCSER + HIP draft-hautakorpi-p2psip-peer-protocol-00
S/MIME T ANANDHAN.
Presentation transcript:

Security Mechanisms and Key Refresh for P2PSIP Overlays draft-birkos-p2psip-security-key-refresh-00 Konstantinos Birkos University of Patras, Greece IETF 77, Anaheim, USA

Outline Security Challenges in P2PSIP Overlays Message Encryption Key Refresh Mechanism  Key Refresh supervised by super peers  Key Refresh handled by peers Future directions

Security Challenges in P2PSIP Overlays Protect the structure of the overlay  Attacks can lead in partitioned/partially connected overlays Protect overlay routing  Attackers can drop, delay or forward the requests to wrong destinations Protect stored items in the DHT  Unauthorized access to resources can be used to reduce availability Protect SIP signalling  Attackers can eavesdrop on the exchanged messages or alter their content

Message Encryption Certain RELOAD messages carry crucial information that could be exploited by attackers that could target at the structure of the P2PSIP overlay A general principle: Peers should not by any means be able to obtain global knowledge of the logical topology-at least during the period they are members of the overlay

Message Encryption (2)‏ General Encryption Rules Define what security credentials should be used for the encryption of the bodies of certain message types

Key Refresh Mechanism Delivers fresh keying material to the participating peers Serves two distinct purposes 1. Limits the vulnerability period in case an attacker retrieves a peer's private key 2. Limits the amount of time available for cryptanalysis Peers periodically produce new PPK pairs and new certificates are created and signed in order to bind peers' new public keys with their identity

Key Refresh Mechanism (2)‏ Key Refresh supervised by Super Peers  Two levels of hierarchy Peers < Super Peers  Super peers are higher-level trusted peers that initiate the refresh process and sign certificates A super peer periodically checks the certificates of the peers in its jurisdiction and sends a RefreshReq message to the owner of the certificate which is about to expire The refreshed peer (RP) generates a new PPK pair and sends the new pair to the super peer via a RefreshAns message The super peer signs the certificate, stores a copy of it in the DHT and sends another copy to RP RP informs its neighbors about the refreshed credentials

Key Refresh Mechanism (3)‏ MSC of the refresh process supervised by super peers

Key Refresh Mechanism (4)‏ Key Refresh handled by peers The new certificates are signed by the peers Before RP's certificate is about to expire, RP  Generates a new PPK pair  Generates a certificate that binds its new public key to its ID and signs the certificate with its old private key  Stores the certificate in the DHT  Sends the certificate to its neighbors

Key Refresh Mechanism (5)‏ MSC of the refresh process handled by peers

Future Directions Establishment of secure TLS connections between peers with different keys than the shared secret key IDS suitable for P2PSIP overlays

Thank You! University of Patras & TEI of Mesolonghi, Greece People: Konstantinos Birkos Christos Papageorgiou Panagiotis Galiotos Tasos Dagiuklas Christos Tselios Stavros Kotsopoulos

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.