Multiple Selective Mutual Authentication Protocol for PeertoPeer System

1
Multiple Selective Mutual Authentication Protocol
for Peer-to-Peer System

• School of Engineering
• 2001099
• Hyunrok Lee

2
Contents

• 1. Introduction
• 2. The Problem
• 3. Preliminaries
• 4. Proposed Scheme
• 5. Comparison
• 6. Conclusion
• 7. Reference

3
1. Introduction

• The Internet three valuable fundamental assets
• A huge amount of information
• Increasing bandwidth
• Growing power of computing resources
• Limitation of client-server model
• P2P model
• Peer-to-peer computing
• Peer
• A principal that simultaneously can have both
  client and server processes.
• Sharing of computing resources and services by
  direct exchange or share between arbitrary
  network peers2
• Pure P2P
• Hybrid P2P

4
1. Introduction (cont.)

• Trust model
• Trust modeling
• Web of Trust model
• Hierarchical Trust (PKI) model
• Trust quantifying
• Trust computation

5
2. The Problem

• Different security problem between client-server
  model and peer-to-peer model
• Most of P2P systems provide no provisions for
  mutual authentication or private
  information.6789
• Weak authentication mechanism
• PGP-based Freenet12 does not have legal force.
• P2P model may have temporary association
• P2P model should provide anonymity
• Except the case of serious commercial
  transaction.
• No authentication protocol based on view of trust
  model
• Trust between peers begins to mirror those
  real-world relationships.
• SMAP1 did not consider trust model.

6
3. Preliminaries

• Key feature of peer-to-peer model4
• Discovering other peers
• Querying peers for resources
• Sharing resource with other peers
• Pure peer-to-peer model

7
3. Preliminaries (cont.)

• Hybrid peer-to-peer
• A simple discovery server
• Discovery and lookup server

• Discovery, lookup, and content server

8
3. Preliminaries (cont.)

• Well-known insecure peer-to-peer file sharing
• Napster10
• Central discovery and lookup server
• Weak authentication
• Gnutella11
• Pure p2p
• Provide only anonymity.
• Freenet
• Pure p2p
• PGP based authentication
• No legal force
• Retrieving users public key every operation
• Require specific server Key Distribution Center

9
3. Preliminaries (cont.)

• Selective authentication scheme1
• Two main technique
• Mutual authentication based on X.509 certificate
• Key establishment protocol based on public-key
  encryption
• Support Anonymity
• Support Strong Authentication
• Selective mechanism
• Two Procedure
• Exclusion Protocol
• Authentication scheme is excluded.
• Communicate with each other (without session key)
• Inclusion Protocol
• Mutually strong authentication is included.
• Communicate with each other (with time-invariant
  session key)

10
3. Preliminaries (cont.)

• Protocol. Selective mutual authentication
  protocol (SMAP)
• SUMMARY A sends B one message, and B responds
  with one message that include extra selective
  field. And then key establishment is performed.
• RESULT (according to user choice)
• (1) Mutual peer authentication and time-variant
  session key transport with key authentication
• (2) Peer authentication exclusion
• 1. Notation.
• PX(y) denotes the result of applying Xs
  encryption public key to data y.
• SX(y) denotes the result of applying Xs
  signature private key to y.
• rA, rB are never re-used numbers (to detect
  replay and impersonation).
• certX is a certificate binding peer X to a public
  key suitable for both encryption and signature
  verification.
• selE is a selective field that notifies peer
  authentication exclusion.
• selS is a selective field that notifies mutual
  peer authentication inclusion.
• null denotes the confirmation about
  communication.(without authentication)
• reqcert denotes more information, such as X.509
  certificate, is required.

11
3. Preliminaries (cont.)

• 2. System setup.
• (a) Peer chooses a value of selective field.
• (b) Each peer has its public key pair for
  signatures and encryption.
• (c) A must acquire (and authenticate) the
  encryption public key of B. (This may require
  additional messages and computation.)
• 3. Protocol messages. (An asterisk denotes items
  are optional.)
• First of all initiator must choose given two
  operations selE, selS.
• Exclusion protocol
• A ? B selE (1-E)
• A ? B null (2-E)
• Inclusion protocol
• Let DA (tA, rA, B, data1, PB(k1)), DB (tB,
  rB, A, rA, data2, PA(k2)).
• A ? B selS (1-S)
• A ? B reqcert (2-S)
• A ? B certA, DA, SA(DA) (3)
• A ? B certB, DB, SB(DB) (4)

12
3. Preliminaries (cont.)

• Trust Model in PGP 3
• Web of trust
• No Legal force
• Trust Values
• Complete trust
• Fully trusted to certify others public keys
• Marginal trust
• Marginally trusted to certify others public keys
• Not trusted

?
13
3. Preliminaries (cont.)

• Trust Model in PKI 5
• Hierarchical Trust Model
• Strict rule
• Cross Certificate for performance
• Hard to reflect trust relationship of real world
• Legal Force

14
3. Preliminaries (cont.)

• Trust Model in distributed computing 13
• Propose a model for trust based on distributed
  recommendations.
• Consider reputation of each entity based on
  multi-domain
• Support dynamic revocation / refresh
• Propose Trust quantifying / calculation method
• Trust is divided into
• Direct
• Indirect ( Recommendation )
• Multiple trust value
• Recommendation protocol ONLY

15
3. Preliminaries (cont.)

• Direct Trust Value semantics
• Recommender Trust Value Semantics

16
3. Preliminaries (cont.)

• Recommendation Protocol

RRQ Requestor_ID, Rquest_ID, Target_ID,
Categories, RequestorPKC, GetPKC,
Expiry Categories SET OF Category
Name Recommendation Requestor_ID,
Request_ID, Rec_Path, SEQUENCE OF
Recommendation_Set, TargetPKC NULL Rec_Path
SEQUENCE OF Recommender_ID Recommendation_Se
t SET OF Recommendation_Slip Recommendation_Sl
ip SET OF SEQUENCE Target_ID, Category_Name,
Trust_Value, Expiry
17
3. Preliminaries (cont.)

• Recommendation Protocol Example
• Alice ? Bob ? Cathy ? Eric
• ? Recommender trust relationship
• ? Direct trust relationship

Request recommendation 1. Alice ? Bob Alice,
rrqA01, Eric, Car_Service, T, 20011231 2. Bob ?
Cathy Bob, rrqB01, Eric, Car_Service, T,
20011231 3. Cathy ? Bob Bob, rrqB01, Cathy,
(Eric, Car_Service, 3, 20011231) 4. Bob ? Alice
Alice, rrqA01, Cathy, Bob, (Eric,
Car_Service, 3, 20011231) , PKERIC If change
trustworthy, 5. Cathy ? Bob Cathy, (Eric,
Car_Service, 1, 20011231) 6. Bob ? Alice
Cathy, Bob, (Eric, Car_Service, 1, 20011231)

18
3. Preliminaries (cont.)

• Trust Quantifying Computation

Computing Trust tvp(T) tv(R1)/4 X tv(R2)/4 X
X tv(Rn)/4 X rtv(T) Where tv(Ri) recommenders
trust value rtv(T) The recommended trust value
of target T given in the
recommendation tvp(T) The trust value of
target T derived from
recommendation received through return path
p. tv(T) Average (tv1(T), ,
tvp(T)) Ex) tv1(Eric) tv(Bob)/4 X tv(Cathy)/4
X rtv(Eric) 2/4 X 3/4 X 3 1.125 tv2(Eric)
2.500 tv(Eric) Average( tv1(Eric), tv2(Eric))
Average( 1.125, 2.500 ) 2.375
19
4. Proposed Scheme

• Trust model

Hierarchical Model




Web of Trust
Community 1
Community 2




20
4. Proposed Scheme (cont.)

• Multiple Selective Mutual Authentication
  Protocol(MSMAP)
• Overview
• Based on SMAP1
• Hybrid Trust
• Multiple Selective Mutual Authentication under
  view of hybrid trust
• Use the result of trust value computation
• Assume that Standard P2P Protocol is established
• All peer CAN communicate with each other

Result of trust value computation
tv(peer) lt 0 ? refuse all process 0
tv(peer) lt 1.5 ? request formal certificate from
CA 1.5 tv(peer) lt 3 ? request informal
certificate from Service Provider 3 tv(peer)
4 ? request self-signed certificate (Public Key)
21
4. Proposed Scheme (cont.)

• SUMMARY A sends B one message, and B responds
  with one message that include extra selective
  field. After B request recommendation to peers
  and then key establishment is performed.
• RESULT (according to user choice)
• (1) Mutual peer authentication and time-variant
  session key transport with key authentication
  using different source of certificate based on
  trustworthy.
• (2) Peer authentication exclusion
• 1. System setup.
• (a) Peer chooses a value of selective field.
• (b) Peer request and response recommendation to
  other peers
• (c) Each peer has its public key pair for
  signatures and encryption.
• (d) A must acquire (and authenticate) the
  encryption public key of B. (This may require
  additional messages and computation.)

Multiple Selective mutual authentication protocol
(MSMAP)
22
4. Proposed Scheme (cont.)

• 2 . Notation.
• PX(y) denotes the result of applying Xs
  encryption public key to data y.
• SX(y) denotes the result of applying Xs
  signature private key to y.
• rA, rB are never re-used numbers (to detect
  replay and impersonation).
• certX is a certificate binding peer X to a public
  key suitable for both encryption and signature
  verification.
• selE is a selective field that notifies peer
  authentication exclusion.
• selS is a selective field that notifies mutual
  peer authentication inclusion.
• null denotes the confirmation about
  communication.(without authentication)
• reqFcert denotes more information, such as X.509
  certificate from legal CA, is required.
• reqIcert denotes more information, such as
  informal certificate from service provider, is
  required.
• reqScert denotes more information, such as
  self-signed certificate, is required.
• peers are arbitrary peers between community
  members
• refuse denote that stop all mutual authentication
  process. So it means refuse communication with
  that peer

23
4. Proposed Scheme (cont.)

• 3. Protocol messages. (An asterisk denotes items
  are optional.)
• First of all initiator must choose given two
  operations selE, selS.
• Exclusion protocol
• A ? B selE (1-E)
• A ? B null (2-E)
• Inclusion protocol
• Let DA (tA, rA, B, data1, PB(k1)), DB (tB,
  rB, A, rA, data2, PA(k2)).
• A ? B selS (1-S)
• peers ? B Request trust recommendation
  (2-S)
• peers ? B Recommendation result (3-S)
• computing trust
• A ? B refuse when tv(peer) lt
  0 (4-S)
• reqFcert when 0 tv(peer) lt 1.5
• reqIcert when 1.5 tv(peer) lt 3
• reqScert when 3 tv(peer) 4
• A ? B certA, DA, SA(DA) (5)
• A ? B certB, DB, SB(DB) (6)

24
5. Comparison
25
6. Conclusion

• P2P computing rapidly span.
• Lack of security of P2P
• Proposed Multiple Selective Mutual Authentication
  Protocol (MSMAP) support
• Strong authentication
• Legal force
• Real trust relationships
• Anonymity
• Cost effective
• Future Work
• Formalized trust quantifying and calculation are
  needed
• Span the proposed scheme generally.

26
7. References

• 1 Hyun-rok Lee Selective mutual authentication
  scheme for peer-to-peer system. 2001 Spring
  semester Modern cryptology term paper in ICU
• 2 P2P Working Group Homepage http//www.peer-to
  -peerwg.org/whatis/index.html
• 3 P.Zimmermann, Why do you need PGP ?
  http//www.pgpi.org/doc/whypgp/en
• 4 Lance Olson .NET P2P Writing Peer-to-Peer
  Networked Apps with the Microsoft .NET Framework,
  MSDN magazine 2001.2.
• 5 R.Perlman, An Overview of PKI Trust Models,
  IEEE Network Magazine, 1999
• 6 Soribada Homepage http//www.soribada.com
• 7 Open4u Homepage http//www.open4u.co.kr
• 8 CuteMX Homepage http//www.cutemx.com
• 9 Aimster Homepage http//www.aimster.com
• 10 Napster Homepage http//www.napster.com
• 11 Gnutella Homepage http//gnutella.wego.com
• 12 Freenet Homepage http//freenet.sourceforge.
  net
• 13 Alfarez Abdul-Rahman and Stephen Hailes, A
  Distributed Trust Model Proceedings of the
  workshop on New security paradigms workshop,
  1997, Pages 48 60
• 14 Alfred J. Manezes, Paul C.van Oorschot,
  Scott A. Vanstone, Handbook of Applied
  Cryptography, CRC press
• 15 W. Stallings, Cryptography and Network
  Security, Prentice Hall, 1999