Upload
jorgesr86
View
323
Download
1
Tags:
Embed Size (px)
Citation preview
IntroductionDeveloped system
Future workConclusions
Access Control Integration on NextShare
Jorge Sainz Raso
KTH - TSLab
July 26, 2009
Examiner: Bjorn Knutsson Supervisor: Raul Jimenez
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineIntroduction
Broadcasting on The InternetNextShareDefinitionsSatellite approachGoal
Developed systemOutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Future workWork that can be done!Extend the sACSAdapt the framework to the new SwarmPlayerNew Access Control Schemes
ConclusionsJorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Broadcasting on The InternetNextShareDefinitionsSatellite approachGoal
Introduction
Broadcasting on the Internet
I Internet has a great potentialI Not fully exploited!
I Distribution restrictionsI Imposed by the Content Owners
I Distribution Control vs. Distribution CostsI No well-balanced
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Broadcasting on The InternetNextShareDefinitionsSatellite approachGoal
Introduction
Broadcasting on the Internet
I Currently, use of client-server architectureI High Distribution Control
I Server denies the connection.I High Distribution Costs
I Client-server does not scale well.I Each user consumes bandwidth from the server.I bandwidth per user ∗ number of users
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Broadcasting on The InternetNextShareDefinitionsSatellite approachGoal
Introduction
P2P NetworksI P2P Networks for Internet media streaming.
I Match with the requirementsI Lower Distribution Costs
I Scale better than client-serverI Peers share their downloaded data.I Costs will not be totally in the broadcaster.
I Little Distribution ControlI Most P2P Networks are not designed for this.I Difficult to stop the content distribution.
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Broadcasting on The InternetNextShareDefinitionsSatellite approachGoal
Introduction
NextShareI Content delivery platformI P2P based.I Developed by P2P-Next consortium
I Universities like KTH.I Broadcasters like BBC or EBU.
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Broadcasting on The InternetNextShareDefinitionsSatellite approachGoal
Introduction
NextShare - Requirements
I Restrict distribution is requiredI Technical requirements
I Efficient distributionI Caching
I Cannot be sacrificed only for access restriction.
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Broadcasting on The InternetNextShareDefinitionsSatellite approachGoal
Introduction
NextShare - Requirements
I Restrict distribution is requiredI Technical requirements
I Efficient distributionI CachingI Cannot be sacrificed only for access restriction.
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Broadcasting on The InternetNextShareDefinitionsSatellite approachGoal
Introduction
DefinitionsI Restrict distribution
I Do not allow downloadingI Restrict access
I Allow downloadingI Do not allow consumption
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Broadcasting on The InternetNextShareDefinitionsSatellite approachGoal
Introduction
Access Restriction on Satellite TV
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Broadcasting on The InternetNextShareDefinitionsSatellite approachGoal
Introduction
GoalI Access Control outside the core
I Distribution mechanism untouchedI Caching support
I Develop a frameworkI Flexibility
I BenefitsI Distribution Core unaffectedI Easy to support different ACSsI Should ACS be compromised
I Can easily be replaced
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Developed system
Access Control Integrationon NextShare
I Access Control FrameworkI Integrated in
I TriblerI SwarmPlayer
I Implement sample ACSsI PasswordI sACS
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
ACF — Creating the torrent in Tribler
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Access Control Framework
Information Added to the torrentI Data added:
Protected:ProtectedMethod=<kind of protection><extra data needed for the ACS layer>
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Access Control Framework
Detecting an ACS in SwarmPlayer
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Access Control Framework
Playing Files in SwarmPlayer
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Access Control Framework
Playing Protected Files in SwarmPlayer
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Access Control Schemes
ACS 1: Protection by Password
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Access Control Schemes
ACS 2: simple Access Control SchemeSupports
I Key deliveringI GeoIPI IP RangeI Other Access token mechanism
I Payment system
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Existing approaches
Satellite TV
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Existing approaches
sACS advantage: bidirectional comunication
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Existing approaches
DRM for a P2P sharing architecture
11
Chun Yuan et al. Implementing Digital Right Management in P2P Content Sharing SystemJorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Access Control Schemes
simple Access Control System (sACS)
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
sACS — PoliciesI XACML language
I Define policiesI Ask for authorization to a remote server
I This thesis: sXACML: simplified version of XACMLI Contains functions to specify
I IP RangeI Geolocation
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
OutlineACFACS 1: passwordACS 2: sAccess Control Scheme
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Work that can be done!Extend the sACSAdapt the framework to the new SwarmPlayerNew Access Control Schemes
This system developed...
I Fully usable!I Proof of conceptI A lot of work can be done
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Work that can be done!Extend the sACSAdapt the framework to the new SwarmPlayerNew Access Control Schemes
Future work
Extend the sACS: Payment system
22
R. Jimenez, L-E. Eriksson, and B. Knutsson.P2P-Next: Technical and Legal Challenges. SNCNW09, Uppsala, May. 2009
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Work that can be done!Extend the sACSAdapt the framework to the new SwarmPlayerNew Access Control Schemes
Future work
Extend the sACS: use a Tamper proof device
I Example: smart cardsI Similar to satellite TVI The smart card could
I Authenticate to the access control serverI Decrypt the content
I The key remains hided in the card
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Work that can be done!Extend the sACSAdapt the framework to the new SwarmPlayerNew Access Control Schemes
Future work
Adapt the framework to the new SwarmPlayer
I The ACF developed works in SwarmPlayer 1.1.0I It does not in SwarmPlayer 1.0.13
3This is not a typo. Apparently, SwarmPlayer is not following versioningconventions
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Work that can be done!Extend the sACSAdapt the framework to the new SwarmPlayerNew Access Control Schemes
Future work
Plug New Access Control Schemes
I Just follow the few ACF restrictionsI More functionalities
I Like payment systemI Other access control policy language
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Conclusions
Access Control Integrationon NextShare
I Flexible frameworkI Completely integratedI Multiple ACS plugged in
I AC independent from the CoreI Distribution Mechanism
untouchedI Caching
I Fully usable but...I Proof of concept
Jorge Sainz Raso Access Control Integration on NextShare
IntroductionDeveloped system
Future workConclusions
Thank you!any questions?
Jorge Sainz RasoWebsite of the project: http://www.tslab.ssvl.kth.se/thesis/node/1168
Jorge Sainz Raso Access Control Integration on NextShare