Multiple Selective Mutual Authentication Protocol for PeertoPeer System - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

Multiple Selective Mutual Authentication Protocol for PeertoPeer System

Description:

Sysop. Peer. Service. Provider. Service. Provider. Service. Provider. Community 1. Peer. Peer ... Sysop. Community 2. Sysop. Hierarchical. Model. Web of Trust ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 27
Provided by: tank3
Category:

less

Transcript and Presenter's Notes

Title: Multiple Selective Mutual Authentication Protocol for PeertoPeer System


1
Multiple Selective Mutual Authentication Protocol
for Peer-to-Peer System
  • School of Engineering
  • 2001099
  • Hyunrok Lee

2
Contents
  • 1. Introduction
  • 2. The Problem
  • 3. Preliminaries
  • 4. Proposed Scheme
  • 5. Comparison
  • 6. Conclusion
  • 7. Reference

3
1. Introduction
  • The Internet three valuable fundamental assets
  • A huge amount of information
  • Increasing bandwidth
  • Growing power of computing resources
  • Limitation of client-server model
  • P2P model
  • Peer-to-peer computing
  • Peer
  • A principal that simultaneously can have both
    client and server processes.
  • Sharing of computing resources and services by
    direct exchange or share between arbitrary
    network peers2
  • Pure P2P
  • Hybrid P2P

4
1. Introduction (cont.)
  • Trust model
  • Trust modeling
  • Web of Trust model
  • Hierarchical Trust (PKI) model
  • Trust quantifying
  • Trust computation

5
2. The Problem
  • Different security problem between client-server
    model and peer-to-peer model
  • Most of P2P systems provide no provisions for
    mutual authentication or private
    information.6789
  • Weak authentication mechanism
  • PGP-based Freenet12 does not have legal force.
  • P2P model may have temporary association
  • P2P model should provide anonymity
  • Except the case of serious commercial
    transaction.
  • No authentication protocol based on view of trust
    model
  • Trust between peers begins to mirror those
    real-world relationships.
  • SMAP1 did not consider trust model.

6
3. Preliminaries
  • Key feature of peer-to-peer model4
  • Discovering other peers
  • Querying peers for resources
  • Sharing resource with other peers
  • Pure peer-to-peer model

7
3. Preliminaries (cont.)
  • Hybrid peer-to-peer
  • A simple discovery server
  • Discovery and lookup server
  • Discovery, lookup, and content server

8
3. Preliminaries (cont.)
  • Well-known insecure peer-to-peer file sharing
  • Napster10
  • Central discovery and lookup server
  • Weak authentication
  • Gnutella11
  • Pure p2p
  • Provide only anonymity.
  • Freenet
  • Pure p2p
  • PGP based authentication
  • No legal force
  • Retrieving users public key every operation
  • Require specific server Key Distribution Center

9
3. Preliminaries (cont.)
  • Selective authentication scheme1
  • Two main technique
  • Mutual authentication based on X.509 certificate
  • Key establishment protocol based on public-key
    encryption
  • Support Anonymity
  • Support Strong Authentication
  • Selective mechanism
  • Two Procedure
  • Exclusion Protocol
  • Authentication scheme is excluded.
  • Communicate with each other (without session key)
  • Inclusion Protocol
  • Mutually strong authentication is included.
  • Communicate with each other (with time-invariant
    session key)

10
3. Preliminaries (cont.)
  • Protocol. Selective mutual authentication
    protocol (SMAP)
  • SUMMARY A sends B one message, and B responds
    with one message that include extra selective
    field. And then key establishment is performed.
  • RESULT (according to user choice)
  • (1) Mutual peer authentication and time-variant
    session key transport with key authentication
  • (2) Peer authentication exclusion
  • 1. Notation.
  • PX(y) denotes the result of applying Xs
    encryption public key to data y.
  • SX(y) denotes the result of applying Xs
    signature private key to y.
  • rA, rB are never re-used numbers (to detect
    replay and impersonation).
  • certX is a certificate binding peer X to a public
    key suitable for both encryption and signature
    verification.
  • selE is a selective field that notifies peer
    authentication exclusion.
  • selS is a selective field that notifies mutual
    peer authentication inclusion.
  • null denotes the confirmation about
    communication.(without authentication)
  • reqcert denotes more information, such as X.509
    certificate, is required.

11
3. Preliminaries (cont.)
  • 2. System setup.
  • (a) Peer chooses a value of selective field.
  • (b) Each peer has its public key pair for
    signatures and encryption.
  • (c) A must acquire (and authenticate) the
    encryption public key of B. (This may require
    additional messages and computation.)
  • 3. Protocol messages. (An asterisk denotes items
    are optional.)
  • First of all initiator must choose given two
    operations selE, selS.
  • Exclusion protocol
  • A ? B selE (1-E)
  • A ? B null (2-E)
  • Inclusion protocol
  • Let DA (tA, rA, B, data1, PB(k1)), DB (tB,
    rB, A, rA, data2, PA(k2)).
  • A ? B selS (1-S)
  • A ? B reqcert (2-S)
  • A ? B certA, DA, SA(DA) (3)
  • A ? B certB, DB, SB(DB) (4)

12
3. Preliminaries (cont.)
  • Trust Model in PGP 3
  • Web of trust
  • No Legal force
  • Trust Values
  • Complete trust
  • Fully trusted to certify others public keys
  • Marginal trust
  • Marginally trusted to certify others public keys
  • Not trusted

?
13
3. Preliminaries (cont.)
  • Trust Model in PKI 5
  • Hierarchical Trust Model
  • Strict rule
  • Cross Certificate for performance
  • Hard to reflect trust relationship of real world
  • Legal Force

14
3. Preliminaries (cont.)
  • Trust Model in distributed computing 13
  • Propose a model for trust based on distributed
    recommendations.
  • Consider reputation of each entity based on
    multi-domain
  • Support dynamic revocation / refresh
  • Propose Trust quantifying / calculation method
  • Trust is divided into
  • Direct
  • Indirect ( Recommendation )
  • Multiple trust value
  • Recommendation protocol ONLY

15
3. Preliminaries (cont.)
  • Direct Trust Value semantics
  • Recommender Trust Value Semantics

16
3. Preliminaries (cont.)
  • Recommendation Protocol

RRQ Requestor_ID, Rquest_ID, Target_ID,
Categories, RequestorPKC, GetPKC,
Expiry Categories SET OF Category
Name Recommendation Requestor_ID,
Request_ID, Rec_Path, SEQUENCE OF
Recommendation_Set, TargetPKC NULL Rec_Path
SEQUENCE OF Recommender_ID Recommendation_Se
t SET OF Recommendation_Slip Recommendation_Sl
ip SET OF SEQUENCE Target_ID, Category_Name,
Trust_Value, Expiry
17
3. Preliminaries (cont.)
  • Recommendation Protocol Example
  • Alice ? Bob ? Cathy ? Eric
  • ? Recommender trust relationship
  • ? Direct trust relationship

Request recommendation 1. Alice ? Bob Alice,
rrqA01, Eric, Car_Service, T, 20011231 2. Bob ?
Cathy Bob, rrqB01, Eric, Car_Service, T,
20011231 3. Cathy ? Bob Bob, rrqB01, Cathy,
(Eric, Car_Service, 3, 20011231) 4. Bob ? Alice
Alice, rrqA01, Cathy, Bob, (Eric,
Car_Service, 3, 20011231) , PKERIC If change
trustworthy, 5. Cathy ? Bob Cathy, (Eric,
Car_Service, 1, 20011231) 6. Bob ? Alice
Cathy, Bob, (Eric, Car_Service, 1, 20011231)

18
3. Preliminaries (cont.)
  • Trust Quantifying Computation

Computing Trust tvp(T) tv(R1)/4 X tv(R2)/4 X
X tv(Rn)/4 X rtv(T) Where tv(Ri) recommenders
trust value rtv(T) The recommended trust value
of target T given in the
recommendation tvp(T) The trust value of
target T derived from
recommendation received through return path
p. tv(T) Average (tv1(T), ,
tvp(T)) Ex) tv1(Eric) tv(Bob)/4 X tv(Cathy)/4
X rtv(Eric) 2/4 X 3/4 X 3 1.125 tv2(Eric)
2.500 tv(Eric) Average( tv1(Eric), tv2(Eric))
Average( 1.125, 2.500 ) 2.375
19
4. Proposed Scheme
  • Trust model

Hierarchical Model




Web of Trust
Community 1
Community 2




20
4. Proposed Scheme (cont.)
  • Multiple Selective Mutual Authentication
    Protocol(MSMAP)
  • Overview
  • Based on SMAP1
  • Hybrid Trust
  • Multiple Selective Mutual Authentication under
    view of hybrid trust
  • Use the result of trust value computation
  • Assume that Standard P2P Protocol is established
  • All peer CAN communicate with each other

Result of trust value computation
tv(peer) lt 0 ? refuse all process 0
tv(peer) lt 1.5 ? request formal certificate from
CA 1.5 tv(peer) lt 3 ? request informal
certificate from Service Provider 3 tv(peer)
4 ? request self-signed certificate (Public Key)
21
4. Proposed Scheme (cont.)
  • SUMMARY A sends B one message, and B responds
    with one message that include extra selective
    field. After B request recommendation to peers
    and then key establishment is performed.
  • RESULT (according to user choice)
  • (1) Mutual peer authentication and time-variant
    session key transport with key authentication
    using different source of certificate based on
    trustworthy.
  • (2) Peer authentication exclusion
  • 1. System setup.
  • (a) Peer chooses a value of selective field.
  • (b) Peer request and response recommendation to
    other peers
  • (c) Each peer has its public key pair for
    signatures and encryption.
  • (d) A must acquire (and authenticate) the
    encryption public key of B. (This may require
    additional messages and computation.)

Multiple Selective mutual authentication protocol
(MSMAP)
22
4. Proposed Scheme (cont.)
  • 2 . Notation.
  • PX(y) denotes the result of applying Xs
    encryption public key to data y.
  • SX(y) denotes the result of applying Xs
    signature private key to y.
  • rA, rB are never re-used numbers (to detect
    replay and impersonation).
  • certX is a certificate binding peer X to a public
    key suitable for both encryption and signature
    verification.
  • selE is a selective field that notifies peer
    authentication exclusion.
  • selS is a selective field that notifies mutual
    peer authentication inclusion.
  • null denotes the confirmation about
    communication.(without authentication)
  • reqFcert denotes more information, such as X.509
    certificate from legal CA, is required.
  • reqIcert denotes more information, such as
    informal certificate from service provider, is
    required.
  • reqScert denotes more information, such as
    self-signed certificate, is required.
  • peers are arbitrary peers between community
    members
  • refuse denote that stop all mutual authentication
    process. So it means refuse communication with
    that peer

23
4. Proposed Scheme (cont.)
  • 3. Protocol messages. (An asterisk denotes items
    are optional.)
  • First of all initiator must choose given two
    operations selE, selS.
  • Exclusion protocol
  • A ? B selE (1-E)
  • A ? B null (2-E)
  • Inclusion protocol
  • Let DA (tA, rA, B, data1, PB(k1)), DB (tB,
    rB, A, rA, data2, PA(k2)).
  • A ? B selS (1-S)
  • peers ? B Request trust recommendation
    (2-S)
  • peers ? B Recommendation result (3-S)
  • computing trust
  • A ? B refuse when tv(peer) lt
    0 (4-S)
  • reqFcert when 0 tv(peer) lt 1.5
  • reqIcert when 1.5 tv(peer) lt 3
  • reqScert when 3 tv(peer) 4
  • A ? B certA, DA, SA(DA) (5)
  • A ? B certB, DB, SB(DB) (6)

24
5. Comparison
25
6. Conclusion
  • P2P computing rapidly span.
  • Lack of security of P2P
  • Proposed Multiple Selective Mutual Authentication
    Protocol (MSMAP) support
  • Strong authentication
  • Legal force
  • Real trust relationships
  • Anonymity
  • Cost effective
  • Future Work
  • Formalized trust quantifying and calculation are
    needed
  • Span the proposed scheme generally.

26
7. References
  • 1 Hyun-rok Lee Selective mutual authentication
    scheme for peer-to-peer system. 2001 Spring
    semester Modern cryptology term paper in ICU
  • 2 P2P Working Group Homepage http//www.peer-to
    -peerwg.org/whatis/index.html
  • 3 P.Zimmermann, Why do you need PGP ?
    http//www.pgpi.org/doc/whypgp/en
  • 4 Lance Olson .NET P2P Writing Peer-to-Peer
    Networked Apps with the Microsoft .NET Framework,
    MSDN magazine 2001.2.
  • 5 R.Perlman, An Overview of PKI Trust Models,
    IEEE Network Magazine, 1999
  • 6 Soribada Homepage http//www.soribada.com
  • 7 Open4u Homepage http//www.open4u.co.kr
  • 8 CuteMX Homepage http//www.cutemx.com
  • 9 Aimster Homepage http//www.aimster.com
  • 10 Napster Homepage http//www.napster.com
  • 11 Gnutella Homepage http//gnutella.wego.com
  • 12 Freenet Homepage http//freenet.sourceforge.
    net
  • 13 Alfarez Abdul-Rahman and Stephen Hailes, A
    Distributed Trust Model Proceedings of the
    workshop on New security paradigms workshop,
    1997, Pages 48 60
  • 14 Alfred J. Manezes, Paul C.van Oorschot,
    Scott A. Vanstone, Handbook of Applied
    Cryptography, CRC press
  • 15 W. Stallings, Cryptography and Network
    Security, Prentice Hall, 1999
Write a Comment
User Comments (0)
About PowerShow.com