Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Mechanisms and Key Refresh for P2PSIP Overlays draft-birkos-p2psip-security-key-refresh-00 Konstantinos Birkos University of Patras, Greece

Similar presentations


Presentation on theme: "Security Mechanisms and Key Refresh for P2PSIP Overlays draft-birkos-p2psip-security-key-refresh-00 Konstantinos Birkos University of Patras, Greece"— Presentation transcript:

1 Security Mechanisms and Key Refresh for P2PSIP Overlays draft-birkos-p2psip-security-key-refresh-00 Konstantinos Birkos University of Patras, Greece kmpirkos@ece.upatras.gr IETF 77, Anaheim, USA

2 Outline Security Challenges in P2PSIP Overlays Message Encryption Key Refresh Mechanism  Key Refresh supervised by super peers  Key Refresh handled by peers Future directions

3 Security Challenges in P2PSIP Overlays Protect the structure of the overlay  Attacks can lead in partitioned/partially connected overlays Protect overlay routing  Attackers can drop, delay or forward the requests to wrong destinations Protect stored items in the DHT  Unauthorized access to resources can be used to reduce availability Protect SIP signalling  Attackers can eavesdrop on the exchanged messages or alter their content

4 Message Encryption Certain RELOAD messages carry crucial information that could be exploited by attackers that could target at the structure of the P2PSIP overlay A general principle: Peers should not by any means be able to obtain global knowledge of the logical topology-at least during the period they are members of the overlay

5 Message Encryption (2)‏ General Encryption Rules Define what security credentials should be used for the encryption of the bodies of certain message types

6 Key Refresh Mechanism Delivers fresh keying material to the participating peers Serves two distinct purposes 1. Limits the vulnerability period in case an attacker retrieves a peer's private key 2. Limits the amount of time available for cryptanalysis Peers periodically produce new PPK pairs and new certificates are created and signed in order to bind peers' new public keys with their identity

7 Key Refresh Mechanism (2)‏ Key Refresh supervised by Super Peers  Two levels of hierarchy Peers < Super Peers  Super peers are higher-level trusted peers that initiate the refresh process and sign certificates A super peer periodically checks the certificates of the peers in its jurisdiction and sends a RefreshReq message to the owner of the certificate which is about to expire The refreshed peer (RP) generates a new PPK pair and sends the new pair to the super peer via a RefreshAns message The super peer signs the certificate, stores a copy of it in the DHT and sends another copy to RP RP informs its neighbors about the refreshed credentials

8 Key Refresh Mechanism (3)‏ MSC of the refresh process supervised by super peers

9 Key Refresh Mechanism (4)‏ Key Refresh handled by peers The new certificates are signed by the peers Before RP's certificate is about to expire, RP  Generates a new PPK pair  Generates a certificate that binds its new public key to its ID and signs the certificate with its old private key  Stores the certificate in the DHT  Sends the certificate to its neighbors

10 Key Refresh Mechanism (5)‏ MSC of the refresh process handled by peers

11 Future Directions Establishment of secure TLS connections between peers with different keys than the shared secret key IDS suitable for P2PSIP overlays

12 Thank You! University of Patras & TEI of Mesolonghi, Greece People: Konstantinos Birkos kmpirkos@ece.upatras.grkmpirkos@ece.upatras.gr Christos Papageorgiou xpapageo@ceid.upatras.grxpapageo@ceid.upatras.gr Panagiotis Galiotos pgaliot@upatras.grpgaliot@upatras.gr Tasos Dagiuklas ntan@teimes.grntan@teimes.gr Christos Tselios tselios@ece.upatras.grtselios@ece.upatras.gr Stavros Kotsopoulos kotsop@ece.upatras.grkotsop@ece.upatras.gr


Download ppt "Security Mechanisms and Key Refresh for P2PSIP Overlays draft-birkos-p2psip-security-key-refresh-00 Konstantinos Birkos University of Patras, Greece"

Similar presentations


Ads by Google