Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fully Decentralised Authentication Scheme for ICN in Disaster Scenarios (Demonstration on Mobile Terminals) Jan Seedorf, Bilal Gill, and Dirk Kutscher.

Published byCrystal Keyte Modified over 9 years ago

Similar presentations

Presentation on theme: "Fully Decentralised Authentication Scheme for ICN in Disaster Scenarios (Demonstration on Mobile Terminals) Jan Seedorf, Bilal Gill, and Dirk Kutscher."— Presentation transcript:

1 Fully Decentralised Authentication Scheme for ICN in Disaster Scenarios (Demonstration on Mobile Terminals) Jan Seedorf, Bilal Gill, and Dirk Kutscher NEC Laboratories Europe Benjamin Schiller and Dirk Kohlweyer Technical University of Darmstadt Contact: Jan.seedorf@neclab.euJan.seedorf@neclab.eu IETF-91 Honolulu, Hawaii, USA

2 Scenario and Use Case Page 2 ▐Disaster Scenario The aftermath of a disaster, e.g. hurricane, earthquake, tsunami, or a human-generated network breakdown E.g. the enormous earthquake which hit Northeastern Japan on March 11, 2011 (causing extensive damages including blackouts, fires, tsunamis and a nuclear crisis) ▐Objective: Message Authentication Assuming that a message can somehow be delivered across fragmented networks (via content-oriented, DTN-like mechanisms), Y still needs to be able to verify that a message published by Z is trustworthy E.g. for “Assessing Warnings“ published by citizens

3 Challenge: Binding in Naming Schemes* Page 3 *Ghodsi et al: “Naming in Content-Oriented Architectures”, SIGCOMM ICN Workshop 2011 Our Scheme: Using a Web-of-Trust in a Decentralised Fashion to Provide this Binding (Decentralised = No Connectivity to any kind of server needed) Our Scheme: Using a Web-of-Trust in a Decentralised Fashion to Provide this Binding (Decentralised = No Connectivity to any kind of server needed)

4 High-Level Overview of Scheme * ▐Based on a Web-of-Trust (WoT) A so-called 'WoT file' is being used by terminals can be retrieved from a WoT keyserver before the disaster takes place contains the veried certicate graph for the whole WoT in a compressed, machine-readable format. Terminals thus  Terminals have the complete trust relationships within the WoT at their disposal in the from of a 'WoT-graph' stored in a file ▐Binding between self-certifying ICN names and a Web-of-Trust The WoT key-ID is equivalent to the self-certifying name part used in the ICN naming scheme This ties the self-certifying name with the ID of the correct public key in the WoT, and thus transitively with the RWI in the WoT (e.g. email address) ▐Assessing information received (as a response to a given request for a certain name) A double-sided Breadth First Search ( dBFS ) algorithm is executed on the WoT-graph to find certificate chains between the initiator of the request and the publisher of the content Depending on a trust metric (see demo for examples) the information received is regarded as trustworthy or not by the initiator of the request trust metric is applied on the result of the dBFS algorithm *J. Seedorf, D. Kutscher, and F. Schneider: „Decentralised binding of self-certifying names to real-world identities for assessment of third-party messages in fragmented mobile networks," 2nd Workshop on Name Oriented Mobility (NOM), 2014

5 Demo Overview ▐Implementation Developed a methodology to synthesize large-scale WoT-graphs maintaining several key graph theoretic properties as prevalent in the PGP Web-of-Trust (degree distribution, path length distribution, …) implemented this WoT-model in the JAVA-based Graph-Theoretic Analysis Framework (GTNA)* Implemented a dBFS-algorithm for finding certificate chains on WoT-graphs Implemented several trust metrics shortest certificate chain found number of certicate chains found with maximum length ▐Demo: Running on Android Pre-loaded WoT-files of different size User can select a) WoT-size, b) trust metric, c) parameters for trust metric Shows runtime of selection when choosing two users in the WoT randomly, thus showing how the dBFS algorithm scales with increasing WoT sizes how the dBFS algorithm scales depending on trust metric how it would perform on common smartphones Page 5 *https://www.p2p.tu-darmstadt.de/research/gtna/

6 Acknowledgements Acknowledgement: This work has been partially supported by the GreenICN project (GreenICN: Architecture and Applications of Green Information Centric Networking ), a research project supported jointly by the European Commission under its 7th Framework Program (contract no. 608518) and the National Institute of Information and Communications Technology (NICT) in Japan (contract no. 167). The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the GreenICN project, the European Commission, or NICT.

7 APPENDIX Page 7

8 ▐Enabling usage of functional parts of the infrastructure, even when these are disconnected from the rest of the network ▐Delivering/obtaining information in (highly) congested networks ▐Decentralised authentication In today’s mobile networks, users are authenticated via central entities In order to communicate in fragmented or disconnected parts of a mobile network, the challenge of decentralising user authentication arises  Data origin authentication of content retrieved from the network is challenging when being 'offline' (e.g. disconnected from servers of a security infrastructure such as a PKI) High-Level Research Challenges* Focus of this Demo *See further M. Arumaithurai, J. Seedorf, et. al: “Using ICN in disaster scenarios”, draft-seedorf-icn-disaster Existing Solutions Assumed Page 8

9 Detailed Scheme Page 9

10 Analytical Estimation of Time & Space Needed ▐Time and Space Requirements for Graph Search b: branching factor; d: the depth of the search In our case: d is the certificate path length and b is the average number of identities a member of the WoT has signed m req (node) refers to the space needed for storing a single node (i.e. as graph vertex) in memory ▐Size of Compressed Certificate Graph n: total number of nodes (i.e. real-world identities) in the WoT m req (name) av : average space needed for storing a real-world identity Page 10

11

Download ppt "Fully Decentralised Authentication Scheme for ICN in Disaster Scenarios (Demonstration on Mobile Terminals) Jan Seedorf, Bilal Gill, and Dirk Kutscher."

Similar presentations

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Using ICN in disaster scenarios (draft-seedorf-icn-disaster-01) M. Arumaithurai, J. Seedorf, A. Tagami, K. Ramakrishnan, N. Blefari Melazzi IETF 88, Vancouver.

Using ICN in disaster scenarios (draft-seedorf-icn-disaster-01) M. Arumaithurai, J. Seedorf, A. Tagami, K. Ramakrishnan, N. Blefari Melazzi IETF 88, Vancouver.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Issues of Security and Privacy in Networking in the CBA Karen Sollins Laboratory for Computer Science July 17, 2002.

Issues of Security and Privacy in Networking in the CBA Karen Sollins Laboratory for Computer Science July 17, 2002.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
MobiShare: Sharing Context-Dependent Data & Services from Mobile Sources Efstratios Valavanis, Christopher Ververidis, Michalis Vazirgianis, George C.

MobiShare: Sharing Context-Dependent Data & Services from Mobile Sources Efstratios Valavanis, Christopher Ververidis, Michalis Vazirgianis, George C.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you.

1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Peer-to-peer archival data trading Brian Cooper Joint work with Hector Garcia-Molina (and others) Stanford University.

Peer-to-peer archival data trading Brian Cooper Joint work with Hector Garcia-Molina (and others) Stanford University.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Similar presentations

Ads by Google