Title: Multiple Selective Mutual Authentication Protocol for PeertoPeer System
1Multiple Selective Mutual Authentication Protocol
for Peer-to-Peer System
- School of Engineering
- 2001099
- Hyunrok Lee
2Contents
- 1. Introduction
- 2. The Problem
- 3. Preliminaries
- 4. Proposed Scheme
- 5. Comparison
- 6. Conclusion
- 7. Reference
31. Introduction
- The Internet three valuable fundamental assets
- A huge amount of information
- Increasing bandwidth
- Growing power of computing resources
- Limitation of client-server model
- P2P model
- Peer-to-peer computing
- Peer
- A principal that simultaneously can have both
client and server processes. - Sharing of computing resources and services by
direct exchange or share between arbitrary
network peers2 - Pure P2P
- Hybrid P2P
41. Introduction (cont.)
- Trust model
- Trust modeling
- Web of Trust model
- Hierarchical Trust (PKI) model
- Trust quantifying
- Trust computation
-
52. The Problem
- Different security problem between client-server
model and peer-to-peer model - Most of P2P systems provide no provisions for
mutual authentication or private
information.6789 - Weak authentication mechanism
- PGP-based Freenet12 does not have legal force.
- P2P model may have temporary association
- P2P model should provide anonymity
- Except the case of serious commercial
transaction. - No authentication protocol based on view of trust
model - Trust between peers begins to mirror those
real-world relationships. - SMAP1 did not consider trust model.
63. Preliminaries
- Key feature of peer-to-peer model4
- Discovering other peers
- Querying peers for resources
- Sharing resource with other peers
- Pure peer-to-peer model
73. Preliminaries (cont.)
- Hybrid peer-to-peer
- A simple discovery server
- Discovery and lookup server
- Discovery, lookup, and content server
83. Preliminaries (cont.)
- Well-known insecure peer-to-peer file sharing
- Napster10
- Central discovery and lookup server
- Weak authentication
- Gnutella11
- Pure p2p
- Provide only anonymity.
- Freenet
- Pure p2p
- PGP based authentication
- No legal force
- Retrieving users public key every operation
- Require specific server Key Distribution Center
93. Preliminaries (cont.)
- Selective authentication scheme1
- Two main technique
- Mutual authentication based on X.509 certificate
- Key establishment protocol based on public-key
encryption - Support Anonymity
- Support Strong Authentication
- Selective mechanism
- Two Procedure
- Exclusion Protocol
- Authentication scheme is excluded.
- Communicate with each other (without session key)
- Inclusion Protocol
- Mutually strong authentication is included.
- Communicate with each other (with time-invariant
session key)
103. Preliminaries (cont.)
- Protocol. Selective mutual authentication
protocol (SMAP) - SUMMARY A sends B one message, and B responds
with one message that include extra selective
field. And then key establishment is performed. - RESULT (according to user choice)
- (1) Mutual peer authentication and time-variant
session key transport with key authentication - (2) Peer authentication exclusion
- 1. Notation.
- PX(y) denotes the result of applying Xs
encryption public key to data y. - SX(y) denotes the result of applying Xs
signature private key to y. - rA, rB are never re-used numbers (to detect
replay and impersonation). - certX is a certificate binding peer X to a public
key suitable for both encryption and signature
verification. - selE is a selective field that notifies peer
authentication exclusion. - selS is a selective field that notifies mutual
peer authentication inclusion. - null denotes the confirmation about
communication.(without authentication) - reqcert denotes more information, such as X.509
certificate, is required.
113. Preliminaries (cont.)
- 2. System setup.
- (a) Peer chooses a value of selective field.
- (b) Each peer has its public key pair for
signatures and encryption. - (c) A must acquire (and authenticate) the
encryption public key of B. (This may require
additional messages and computation.) - 3. Protocol messages. (An asterisk denotes items
are optional.) - First of all initiator must choose given two
operations selE, selS. - Exclusion protocol
- A ? B selE (1-E)
- A ? B null (2-E)
- Inclusion protocol
- Let DA (tA, rA, B, data1, PB(k1)), DB (tB,
rB, A, rA, data2, PA(k2)). - A ? B selS (1-S)
- A ? B reqcert (2-S)
- A ? B certA, DA, SA(DA) (3)
- A ? B certB, DB, SB(DB) (4)
123. Preliminaries (cont.)
- Trust Model in PGP 3
- Web of trust
- No Legal force
- Trust Values
- Complete trust
- Fully trusted to certify others public keys
- Marginal trust
- Marginally trusted to certify others public keys
- Not trusted
?
133. Preliminaries (cont.)
- Trust Model in PKI 5
- Hierarchical Trust Model
- Strict rule
- Cross Certificate for performance
- Hard to reflect trust relationship of real world
- Legal Force
143. Preliminaries (cont.)
- Trust Model in distributed computing 13
- Propose a model for trust based on distributed
recommendations. - Consider reputation of each entity based on
multi-domain - Support dynamic revocation / refresh
- Propose Trust quantifying / calculation method
- Trust is divided into
- Direct
- Indirect ( Recommendation )
- Multiple trust value
- Recommendation protocol ONLY
153. Preliminaries (cont.)
- Direct Trust Value semantics
- Recommender Trust Value Semantics
163. Preliminaries (cont.)
RRQ Requestor_ID, Rquest_ID, Target_ID,
Categories, RequestorPKC, GetPKC,
Expiry Categories SET OF Category
Name Recommendation Requestor_ID,
Request_ID, Rec_Path, SEQUENCE OF
Recommendation_Set, TargetPKC NULL Rec_Path
SEQUENCE OF Recommender_ID Recommendation_Se
t SET OF Recommendation_Slip Recommendation_Sl
ip SET OF SEQUENCE Target_ID, Category_Name,
Trust_Value, Expiry
173. Preliminaries (cont.)
- Recommendation Protocol Example
- Alice ? Bob ? Cathy ? Eric
- ? Recommender trust relationship
- ? Direct trust relationship
Request recommendation 1. Alice ? Bob Alice,
rrqA01, Eric, Car_Service, T, 20011231 2. Bob ?
Cathy Bob, rrqB01, Eric, Car_Service, T,
20011231 3. Cathy ? Bob Bob, rrqB01, Cathy,
(Eric, Car_Service, 3, 20011231) 4. Bob ? Alice
Alice, rrqA01, Cathy, Bob, (Eric,
Car_Service, 3, 20011231) , PKERIC If change
trustworthy, 5. Cathy ? Bob Cathy, (Eric,
Car_Service, 1, 20011231) 6. Bob ? Alice
Cathy, Bob, (Eric, Car_Service, 1, 20011231)
183. Preliminaries (cont.)
- Trust Quantifying Computation
Computing Trust tvp(T) tv(R1)/4 X tv(R2)/4 X
X tv(Rn)/4 X rtv(T) Where tv(Ri) recommenders
trust value rtv(T) The recommended trust value
of target T given in the
recommendation tvp(T) The trust value of
target T derived from
recommendation received through return path
p. tv(T) Average (tv1(T), ,
tvp(T)) Ex) tv1(Eric) tv(Bob)/4 X tv(Cathy)/4
X rtv(Eric) 2/4 X 3/4 X 3 1.125 tv2(Eric)
2.500 tv(Eric) Average( tv1(Eric), tv2(Eric))
Average( 1.125, 2.500 ) 2.375
194. Proposed Scheme
Hierarchical Model
Web of Trust
Community 1
Community 2
204. Proposed Scheme (cont.)
- Multiple Selective Mutual Authentication
Protocol(MSMAP) - Overview
- Based on SMAP1
- Hybrid Trust
- Multiple Selective Mutual Authentication under
view of hybrid trust - Use the result of trust value computation
- Assume that Standard P2P Protocol is established
- All peer CAN communicate with each other
Result of trust value computation
tv(peer) lt 0 ? refuse all process 0
tv(peer) lt 1.5 ? request formal certificate from
CA 1.5 tv(peer) lt 3 ? request informal
certificate from Service Provider 3 tv(peer)
4 ? request self-signed certificate (Public Key)
214. Proposed Scheme (cont.)
- SUMMARY A sends B one message, and B responds
with one message that include extra selective
field. After B request recommendation to peers
and then key establishment is performed. - RESULT (according to user choice)
- (1) Mutual peer authentication and time-variant
session key transport with key authentication
using different source of certificate based on
trustworthy. - (2) Peer authentication exclusion
- 1. System setup.
- (a) Peer chooses a value of selective field.
- (b) Peer request and response recommendation to
other peers - (c) Each peer has its public key pair for
signatures and encryption. - (d) A must acquire (and authenticate) the
encryption public key of B. (This may require
additional messages and computation.)
Multiple Selective mutual authentication protocol
(MSMAP)
224. Proposed Scheme (cont.)
- 2 . Notation.
- PX(y) denotes the result of applying Xs
encryption public key to data y. - SX(y) denotes the result of applying Xs
signature private key to y. - rA, rB are never re-used numbers (to detect
replay and impersonation). - certX is a certificate binding peer X to a public
key suitable for both encryption and signature
verification. - selE is a selective field that notifies peer
authentication exclusion. - selS is a selective field that notifies mutual
peer authentication inclusion. - null denotes the confirmation about
communication.(without authentication) - reqFcert denotes more information, such as X.509
certificate from legal CA, is required. - reqIcert denotes more information, such as
informal certificate from service provider, is
required. - reqScert denotes more information, such as
self-signed certificate, is required. - peers are arbitrary peers between community
members - refuse denote that stop all mutual authentication
process. So it means refuse communication with
that peer
234. Proposed Scheme (cont.)
- 3. Protocol messages. (An asterisk denotes items
are optional.) - First of all initiator must choose given two
operations selE, selS. - Exclusion protocol
- A ? B selE (1-E)
- A ? B null (2-E)
- Inclusion protocol
- Let DA (tA, rA, B, data1, PB(k1)), DB (tB,
rB, A, rA, data2, PA(k2)). - A ? B selS (1-S)
- peers ? B Request trust recommendation
(2-S) - peers ? B Recommendation result (3-S)
- computing trust
- A ? B refuse when tv(peer) lt
0 (4-S) - reqFcert when 0 tv(peer) lt 1.5
- reqIcert when 1.5 tv(peer) lt 3
- reqScert when 3 tv(peer) 4
- A ? B certA, DA, SA(DA) (5)
- A ? B certB, DB, SB(DB) (6)
245. Comparison
256. Conclusion
- P2P computing rapidly span.
- Lack of security of P2P
- Proposed Multiple Selective Mutual Authentication
Protocol (MSMAP) support - Strong authentication
- Legal force
- Real trust relationships
- Anonymity
- Cost effective
- Future Work
- Formalized trust quantifying and calculation are
needed - Span the proposed scheme generally.
267. References
- 1 Hyun-rok Lee Selective mutual authentication
scheme for peer-to-peer system. 2001 Spring
semester Modern cryptology term paper in ICU - 2 P2P Working Group Homepage http//www.peer-to
-peerwg.org/whatis/index.html - 3 P.Zimmermann, Why do you need PGP ?
http//www.pgpi.org/doc/whypgp/en - 4 Lance Olson .NET P2P Writing Peer-to-Peer
Networked Apps with the Microsoft .NET Framework,
MSDN magazine 2001.2. - 5 R.Perlman, An Overview of PKI Trust Models,
IEEE Network Magazine, 1999 - 6 Soribada Homepage http//www.soribada.com
- 7 Open4u Homepage http//www.open4u.co.kr
- 8 CuteMX Homepage http//www.cutemx.com
- 9 Aimster Homepage http//www.aimster.com
- 10 Napster Homepage http//www.napster.com
- 11 Gnutella Homepage http//gnutella.wego.com
- 12 Freenet Homepage http//freenet.sourceforge.
net - 13 Alfarez Abdul-Rahman and Stephen Hailes, A
Distributed Trust Model Proceedings of the
workshop on New security paradigms workshop,
1997, Pages 48 60 - 14 Alfred J. Manezes, Paul C.van Oorschot,
Scott A. Vanstone, Handbook of Applied
Cryptography, CRC press - 15 W. Stallings, Cryptography and Network
Security, Prentice Hall, 1999