Supporting Virtual Organizations Using Attribute-Based Encryption in Named Data Networking

Supporting Virtual Organizations Using Attribute-Based Encryption in Named Data Networking

Supporting Virtual Organizations Using Attribute-Based Encryption in Named Data Networking Craig A. Lee Zhiyi Zhang Yukai Tu Alex Afanasyev Lixia Zhang Comp. Systems Research Department UCLA UCLA Florida Int’l University UCLA The Aerospace Corporation [email protected] [email protected] aa@cs.fiu.edu [email protected] [email protected] Abstract—This paper investigates the use of Named Data Net- At the same time, the abstract VO concept can be used in works (NDNs) and Attribute-Based Encryption (ABE) to support any distributed computing paradigm. VOs can seem logically federations of computing resources managed using the Virtual centralized, but could be highly distributed in implementation. Organization (VO) concept. The NDN architecture focuses on fetching structurally named and secured pieces of application In fact, there is a large design space for VOs depending on data, instead of pushing packets to host IP addresses. The whether centralized or distributed methods are used to validate VO concept allows management of federations across different federated identities or enforce federated resource authorization administrative domains and enable secure collaborations. We policies based on a VO attribute namespace [3]. show how hierarchicallly structured namespaces can be used to This paper investigates the use of VOs in Named Data manage sets of named resources from different VO sites, and make them available to different VO members, based on their Networking (NDN) architecture [4]. NDN represents a fun- authorization attributes. For this initial investigation, we use a damental departure from today’s IP communication model, Two-Tier VO model and develop the associated VO data naming shifting from forwarding packets to destination IP addresses schema. We present an example, discuss outstanding issues, and to fetching named and secured pieces of application data identify future work. (Data packets) based on consumer requests (Interest packets). Index Terms—federation management, named data networks, attribute-based encryption Rather than relying on a secure channel or session, NDN directly secures all communicated data, so that all data can I. INTRODUCTION be properly authenticated and content decrypted by, and only by, authorized parties, independent of from where the data is The need to securely manage on-demand collaborations retrieved: it could be from the original producer, in-network across administrative domains is a fundamental requirement cache, managed storage, or peer datastore. that is widespread across many application domains. We can This property has profound implications for federations and cite supply chain management, international disaster response, VOs. Most security models, including VOs, are based on the and the Internet-of-Things (IoT) as a few examples. In each notion of associating attributes with both users and resources, of these domains, multiple stakeholders need to securely share so that resource providers can enforce access policies prior data, services, and resources to accomplish a common task to returning the requested data to the user based on the at- or goal. While many collaboration needs can be satisfied tributes the user possesses. Current implementation approaches by centralized approaches, e.g., Dropbox, SharePoint, Google typically use standard protocols, such as TSL, to secure the Docs, where files are collected to a logically centralized place channel between two endpoints over which data is encrypted that others can access, there are many other situations where using a shared session key. Resource providers can use SAML this is not possible nor desirable. These are situations where and similar protocols to get a security assertion about the the stakeholders must federate, i.e., they selectively make a user using attribute statements. XACML protocols can also subset of their services or resources available to a set of be used to manage multiple Policy Decision Points and Policy external collaborators for a specific purpose or project. Enforcement Points. We use the term Virtual Organization (VO) to denote any An alternative approach is to use Attribute-Based Encryp- specific federation instance. A VO is a security and collab- tion (ABE) [5]. Rather than using a session key to encrypt oration context wherein stakeholders can define, agree upon, all data between two endpoints during a session, a set of and enforce resource discovery and access policies. The term attributes can be used to manage the encryption and decryption virtual organization was first coined in the grid computing era process, such that only authorized users ever get to see [1] and has been used in RESTful service architectures [2] the data in plaintext. While different ABE approaches will This work is partially supported by US National Science Foundation under be discussed later, the key observation here is that a VO award CNS-1719403. management system, including its attribute namespace, could be used to structure an ABE scheme that is integrated into to support general federations. Managing the membership of a an NDN namespace. That is to say, an arbitrary VO-based federation, and the trust relationship among the members, must federation among stakeholders could be managed by using be addressed. To this end, WSFed was defined that builds on an NDN namespace to manage both the structure of the the WS-Trust and WS-Security standards. Here a federation is dynamically shared resources and the confidentiality of those a set of security realms where a service provider in one realm shared resources by making attribute-based decryption keys can make authorization decisions based on claims asserted by available to only the appropriate users. This approach will an IdP about a principal in another realm. Given that different leverage all of the inherent security properties that NDN has federations may have different “business models” and gover- to support a flexible, attribute-based, on-demand collaboration nance requirements, the Trustmarks project [14] developed an mechanism, i.e., VO-based federations. infrastructure similar to PKI for exchanging signed documents, This paper reports on our initial efforts to integrate these i.e., trustmarks, concerning these operational issues. They three technologies. We begin with a short review of related covered topics such as the meaning of an attribute namespace, work in the area of distributed security and federation ap- password lifespans, and even legal agreements required for proaches. Section III goes into a little more detail about VOs, participation. In the course of the Trustmarks project, 643 NDNs, and ABE. In Section IV, we present our integrated trustmarks were defined and used in different federations. NDN-ABE-VO design. This followed by an evaluation in There are also a number of “end-user” distributed systems Section V. We conclude with a summary and future work. that are tantamount to federations, or addressing a specific federated application domain. The grid computing concept II. FEDERATION RELATED WORK offered institutions a way to make computing resources avail- Federation, in general, and virtual organizations, in specific, able to one another, typically for scientific, high-performance entail a number of necessary capabilities that are inherent computing purposes. A key example is Globus and the Globus in distributed environments and must be addressed. These Grid Security Infrastructure (GSI) [15]. GSI uses X.509 are examined at some length in [3], [6], [7], but can be PKI certificates issued by trusted Certificate Authorities. The summarized as Interoperable Global Trust Federation [16] was established • Federated Identity Management, to enable mutual trust among participating institutions, such • Federation Resource Discovery, and that institutions could trust certificates signed by other insti- • Federation Resource Access Control. tutional CAs. Single sign-on and delegation of trust could There has been on-going work in these and related areas be accomplished by using proxy certs [17] derived from a of distributed systems security since the dawn of distributed user’s original certificate. Over the years, Globus has evolved systems. An early system for managing identity in distributed into Globus Online (or simply “Globus”) that uses Globus systems was Kerberos (circa late 1980s) [8]. Kerberos’ use of Auth [18]. Globus Auth builds on OAuth 2 and OpenID a third-party Authentication Server to secure interactions be- Connect to provide an application-agnostic, authentication and tween a client and a principal was a fundamental development authorization brokerages among client, identity providers, and in network security. The Security Assertion Markup Language resource providers. Resource providers must register their (SAML) [9] from OASIS formalized this by enabling a Service services with Globus Auth based on a uniquely identifiable Provider to securely get an XML-based identity assertion from DNS name. an Identity Provider on behalf of a user. Shibboleth [10] was More recently, the OpenStack Keystone project has been subsequently built on SAML by the Internet2 Middleware building out support for cloud-based federations, e.g., hybrid Initiative, and enabled Service Providers to resolve questions clouds. As the security service for all other services in the such as “Where are you from?”. The eXtensible Access OpenStack suite of open source cloud services, Keystone sup- Control Markup Language (XACML) [11], also from OASIS, ports the notion of federating in and federating out [19],

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    9 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us