a consumer-driven access control approach to censorship...
TRANSCRIPT
A consumer-driven access control approachto censorship circumvention
in content-centric networking
Jun Kurihara, Kenji Yokota and Atsushi Tagami
KDDI R&D Laborator ies , Inc .
ACM ICN 2016Kyoto, Japan, Sep. 28, 2016
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 1
Outline of my talk1. Introduction
2. Censorship circumvention in CCN3. Basics of consumer-driven access control approach
4. Enhancement using manifest and nameless object5. Conclusion
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 2
Introduction
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 3
Censorship: A serious problem in networking
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 4
Censorship in a network:Monitoring network messages, checking ‘what is requested’, and dropping messages in the blacklist by a certain authority.
Censorship is widely spread now and serious problem in the Internet
Censorship is easily enforceable in CCN
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 5
consumer domain: /kddi
publisher
routerCensorshipauthority
• Capture and analyze interests; and• Drop any interests by checking only their
names “democracy”
Explicitly-given and semantic name in CCN made censorship trivial.
domain: /kyoto
Content data itself can be encrypted in a certain AC, but interest name is not.
Censorship circumvention in CCN
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 6
Two types of countermeasures in CCN
•Tor-like scheme• Multi-layered encryption at
anonymizing routers• Significant overhead and delay
•Proxy-based scheme• Establishing anonymized channel
between proxy and consumer• Simpler and faster than Tor-like
scheme
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 7
R. Tourani, S. Misra, J. Kliewer, S. Ortegel, and T. Mick, “Catch me if you can: A practical framework to evade censorship in information-centric networks,” in Proc. ACM ICN 2015.C. Ghali, M. A. Schlosberg, G. Tsudik, and C. A. Wood, “Interest-based access control for content centric networks,” in Proc. ACM ICN 2015.
S. DiBenedetto, P. Gasti, G. Tsudik, and E. Uzun, “ANDāNA: Anonymous named data networking application,” in Proc. NDSS 2012.
Proxy-based approach
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 8
?domain: /kddi
(/kddi/democracy.mpg)
/kddi/democracy.mpg
encrypt!
decypt!
Trusted proxy
Communicationviaencryptedname plaintextname
Our scheme is basically categorized as a proxy–based scheme
Anonymized interest(/<routable prefix>/ + encrypted name)
interest
Cache recycling problem of proxy-based approachesAnonymized communication is established between each consumer and a proxy under distinct encryption key.
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 9
Anonymized communication channel
Consumer A
Consumer B
Cached content never be recycled
Standard CCN behind the proxyThe same content is queried via
different names by different users
Basics of consumer-driven access control approach
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 10
System model
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 11
anonymizer A(trusted proxy)
cache enabler E2(as a router)
attacker(as a router)
consumers
CCNrouter
publisher
cache enabler E1(as a router)
domain: /kddi
• Content names follow a conventional (ICN) hierarchical naming scheme like URL (e.g., /kddi/demo/video.mpg).
• Entity: CCN basic parties + cache enablers Ei + anonymizer A + attacker
Capture/analyze interests
Attacker definitionsWe consider two types of attackers.
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 12
Passive Attacker Active Attacker
Modify interests
• Learn “what is requested” and “who is requesting”;
• Drop/filter interests
*Passive ⊃ Active
Stronger version
Masquerade as legitimate consumers
Capture/analyze interests
Key elements of our approach
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 13
(1) Encryption-based access control to interest names for cache enablers and anonymizer
(2) Authentication and decryption with hidden consumer ID at cache enablers and anonymizer
[Against passive/active attacker]
[Against passive attacker]
(1) Encryption-based access control to names:PreliminaryAccess control:A technique used to regulate who or what can view raw/original data in a computing environment.
Encryption-based access control:Data is encrypted in such a way that only authorized users are allowed to decrypt the encrypted data and obtain the raw data.
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 14
Assigned decryption keys are identified as access rights
Encrypted data
With no key
With valid key
With valid key
Possibly different
(1) Encryption-based access control to names:Overview of the approach
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 15
anonymizerA
cache enablerE1
domain: /kddi
Consumer grants access rights to original interest names to cache enablers Ei and anonymizer A via the encryption-based access control
Assign key for E2
Assign key for E1
E2
Assign key for A
(1) Decrypt
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 16
(/kddi/democracy.mpg)(/kddi/democracy.mpg)
/kddi/democracy.mpg
(2) CS search with original name
/kddi/democracy.mpgCS
(3) Respond by encrypted name
(/kddi/democracy.mpg)content object
[Processing incoming interest at Ei]
*** illustrated only the case of cache hit for simplicity. ***
Qualified cache enabler
Ei
Anonymized interest(/routable prefix/ + encrypted name)
Consumers encrypts interest names in such a way that pre-authorized Ei and A can decrypt them and obtain original names.
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 17
content object(/kddi/democracy.mpg)
(1) Decrypt (/kddi/democracy.mpg)
/kddi/democracy.mpg
(2) Cache with original name for recycle
CS /kddi/democracy.mpg
[Processing incoming content at Ei] (simply the dual of interest case)
Access control to interest names↔ Access control to cache-recycling opportunities
*** omitted the process of PIT entry consumption for simplicity. ***
[Key observation]
Qualified cache enabler
Ei
Ei and A must learn the consumer ID from an interest to find a consumer specific key(s) for name decryption and interest authentication via HMAC/signature
Consumer ID itself leaks the consumer information to attackers
(2) Authentication and decryption with hidden ID:Preliminary
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 18
[Observations]
[Requirements]
• Consumer ID must be included and hidden in interests• Only cache enablers and anonymizer learn the ID from an interest for
decryption and authentication
(2) Authentication and decryption with hidden ID:Overview of the approach
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 19
anonymizerA
domain: /kddi
Assign key for E1
E2
Anonymizer uses a public key broadcast encryption for hiding IDs in interests.• Decryption keys are assigned to cache enablers• Public (encryption) key is published.
Store key for A
Having public key
Having public key Assign key
for E2
E1
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 20
Consumer generates the anonymizing interest from the encrypted name as:
Broadcast public key from A
(/kddi/democracy.mpg) (Consumer ID)Encrypted IDEncrypted name
HMAC generation by name encryption key
HMAC
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 21
Ei and A authenticate and generate the incoming interest as:
Assigned broadcast decryption key
(/kddi/democracy.mpg) (Consumer ID)Encrypted IDEncrypted name
Retrieve the name encryption key associated to the ID from
key storage
HMAC
Consumer ID
Authenticate!Decrypt!
Advantage and disadvantage
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 22
• No leakage about content name (what)• No leakage about consumer identity (who)
[Security for passive attacker]
• Interest modification can be detected
[Security for active attacker]
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 23
• In-network caching can be fully leveraged at cache enablers Ei’s and anonymizer A
• More beneficial as # of Ei’s increases.
[Efficiency]
• Cryptographic operations (access control and authentication)at Ei and A may involve serious computational cost.
• More serious overhead as # of Ei’s increase.
trade-off between cache recycling opportunity and overhead
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 24
This problem is solved by combining our approach with manifest and nameless objects.
We minimize the overhead with maintaining the security and maximizing the benefit of in-network caching.
Enhancement using manifest and nameless object
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 25
Preliminary: Manifest and nameless objects in CCNx
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 26
Manifest: Content object providing a list of content objects (names and hashes)
Names Hashes/kddi/democracy.mpg/1 0xABCD/kddi/democracy.mpg/2 0x1234/kddi/democracy.mpg/3 0xA1B2
… …
Manifest structurecontent object catalog
signature
Guarantee of integrity and unforgeability
Manifest-based content retrieval: Consumer first obtain and parse manifest, then retrieve listed content objects.
Listed items can be authenticated only by lightweight hash verification.
Additional information(e.g., decryption key name/hash)
Nameless object: a variant of content object◦ Content object payload is decoupled with name.◦ Queried by arbitrary-given but correctly-routable name + its hash value.
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 27
Content replica redirection can be easily realized.
hash
name
Used forinterest routing
Used for CS/PIT search
/anonymized/v.mpg/1
/kddi/democracy.mpg/1
0x1234ABCD/kyoto/movie.mpg/1
**Decoupled from name**
May have multiple combinations
Note: Consumer needs to first retrieve a manifest in order to learn routable names and hashes for nameless objects.
original
replica
replica
Maximizing benefit of in-network caching with minimizing computational overhead
Assumption: Desired content objects are encrypted under appropriate access control (like CCN-AC*), and attacker does not know their hashes.
Assumption: Desired content objects are nameless objects and hosted at a certain consumer-reachable replication server with meaningless (uncensored) names.
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 28
Important observation: The name of replicated content object itself is semantically meaningless.
-> Nameless objects are never filtered based on name.
• J. Kurihara, E. Uzun, and C. A. Wood. An encryption-based access control framework for content-centric networking. In Proc. IFIP Networking 2015
The 2-phased strategy of enhancement:
• [Phase 1]Manifest and non-replicated extra information (e.g., decryption keys) are retrieved by consumer-driven access control approach.
• [Phase 2]Replicated nameless content objects are simply queried in the standard manner of content retrieval.
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 29
-> Our secure but heavy approach is used only for manifest + α
-> Large number of objects are never be filtered even in the standard manner.
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 30
anonymizer a.k.a. replication server
anonymized interestfor a manifest
publisher
manifest
interest for a manifest
Cryptographic operations on interest name
interests for listed nameless objects
listed nameless objects
replicating nameless objects
Phase 1
Phase 2
Example of minimization of computational cost in flow:
No cryptographic operations at intermediate nodes in phase 2!
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 31
anonymizer a.k.a. replication server
anonymized interestfor a manifest
publisher
manifest
interest for a manifest
opportunity to respond from cache
interests for listed nameless objects
listed nameless objects
replicating nameless objects
Example of cache recycling opportunities in flow:
Phase 1
Phase 2
Every node has recycling opportunity in phase 2!
Conclusion
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 32
Conclusion and future work•In this talk:• We introduced a proxy-based censorship circumvention approach
enabling in-network caching.• Consumer-driven access control to interest names• Authentication and decryption with hidden consumer ID
• We enhanced the approach by using manifest and nameless objects• Maximizing the cache recycling opportunity• Minimizing the overhead of cryptographic computation at intermediate nodes
•Future work:• Implementation and performance evaluation in realistic environment with specific
settings.• etc.
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 33
Thank you!
Sep. 28, 2016 Jun Kurihara (KDDI R&D Labs.) 34
Comment and question...?
e-mail: [email protected]