Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control Enforcement Delegation for Information-Centric Networking Architectures N. Fotiou, G.F. Marias, G.C Polyzos.

Published byDana Gray Modified over 9 years ago

Similar presentations

Presentation on theme: "Access Control Enforcement Delegation for Information-Centric Networking Architectures N. Fotiou, G.F. Marias, G.C Polyzos."— Presentation transcript:

1 Access Control Enforcement Delegation for Information-Centric Networking Architectures N. Fotiou, G.F. Marias, G.C Polyzos

2 Problem Statement  ICN architectures are expected to leverage CDNs, content caching and replication  What can be done?  Encrypt everything  Give RPs access to “users management system”  Deploy OAuth like solutions 2

3 A closer look at OAuth 3 “Only my friends” “Friends list of Consumer A”

4 Drawbacks  RP has access to some information about Consumer  RP has to implement access control policy enforcement  RP has to understand the attributes provided by the IdP  User intervention makes implementation difficult  Many sites using Facebook, Microsoft and Google OAuth services 1, as well as, Google ID 2, Facebook Connect 2, have already been found vulnerable to severe security attacks 1 Sun and Beznosov The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems, ACM CCS 2012 2 Wang et al. Signing me onto your accounts through Facebook and Google: a traffic- guided security study of commercially deployed single-sign-on web services. IEEE Symposium on Security and Privacy (SP), 2012 4

5 An alternative approach 5 facebook.com/nikos/12fg

6 Benefits  Consumer’s credentials are protected  Minimum user intervention  RP has no access to consumer’s personal information  RP does not have to implement any access control policy  Access control policies can be re-used  Even by users who do not know their content  “Access Control Store”  Access control policies can be easily modified 6

7 An ICN based implementation facebook.com/nikos/pics/IMG32010234  May give a location hint, denote the principal/owner  Associated with an access control policy  Handled by a (set of ) dedicated network node(s)  Identifies uniquely the information object (globally or within the prefix) Information identification PrefixSuffix 7 Users can create prefix, advertise prefix/suffix pairs, request prefix/suffix pairs

8 An ICN based implementation  The PURSUIT approach:  Prefix: Scope Identifier (SId)  Suffix: Rendezvous Identifier (RId)  SIds are managed by the Rendezvous node  Users can advertise data and subscribe to data  Information flow: 8 Define access control policy: who can advertise, who can subscribe Provide Credentials A subscriber has properly authenticated himself and requests item X

9 An ICN based implementation Action ICN Function 9  O: Create access control policy A1  RP: Create secret R1  C: Authenticate  O: Create a scope S1 in which all can advertise but only those who abide by A1 can subscribe  RP: Advertise R1 under S1  C: Subscribe to S1/R1

10 Conclusion 10  We designed an access control enforcement delegation mechanism that:  Can be easily deployed/managed  Offers better privacy  Create opportunities for new applications  We implemented this mechanism using the functions of an ICN architecture  No new message/function/protocol field was added

11 Thank you fotiou@aueb.gr

Download ppt "Access Control Enforcement Delegation for Information-Centric Networking Architectures N. Fotiou, G.F. Marias, G.C Polyzos."

Similar presentations

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
1. 2 Branch Office Network Performance Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache.

1. 2 Branch Office Network Performance Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache.
The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems San-Tsai Sun and Konstantin Beznosov University of British Columbia.

The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems San-Tsai Sun and Konstantin Beznosov University of British Columbia.
Windows Server ® 2008 Active Directory ® Domain Services Infrastructure Planning and Design Series Published: February 2008 Updated: July 2009.

Windows Server ® 2008 Active Directory ® Domain Services Infrastructure Planning and Design Series Published: February 2008 Updated: July 2009.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Illustrating a Publish-Subscribe Internet Architecture Nikolaos Fotiou 1 George C. Polyzos 1 Dirk Trossen 2 Presenter: Konstantinos Katsaros 1 1 Athens.

Illustrating a Publish-Subscribe Internet Architecture Nikolaos Fotiou 1 George C. Polyzos 1 Dirk Trossen 2 Presenter: Konstantinos Katsaros 1 1 Athens.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
The Study of Security and Privacy in Mobile Applications Name: Liang Wei

The Study of Security and Privacy in Mobile Applications Name: Liang Wei
Clouds on IT horizon Faculty of Maritime Studies University of Rijeka Sanja Mohorovičić INFuture 2009, Zagreb, 5 November 2009.

Clouds on IT horizon Faculty of Maritime Studies University of Rijeka Sanja Mohorovičić INFuture 2009, Zagreb, 5 November 2009.
1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
World Class Standards WG8 presentation of current Subscription Management Activities TISPAN WG8 – 3GPP SA#5 Joint meeting Sophia Antipolis, May14th - 15.

World Class Standards WG8 presentation of current Subscription Management Activities TISPAN WG8 – 3GPP SA#5 Joint meeting Sophia Antipolis, May14th - 15.
Identity on Force.com & Benefits of SSO Nick Simha.

Identity on Force.com & Benefits of SSO Nick Simha.
PRIVACY PRESERVING SOCIAL NETWORKING THROUGH DECENTRALIZATION AUTHORS: L.A. CUTILLO, REFIK MOLVA, THORSTEN STRUFE INSTRUCTOR DR. MOHAMMAD ASHIQUR RAHMAN.

PRIVACY PRESERVING SOCIAL NETWORKING THROUGH DECENTRALIZATION AUTHORS: L.A. CUTILLO, REFIK MOLVA, THORSTEN STRUFE INSTRUCTOR DR. MOHAMMAD ASHIQUR RAHMAN.

Similar presentations

Ads by Google