Access Control Integration on NextShare. Master Thesis Final Presentation

IntroductionDeveloped system

Future workConclusions

Access Control Integration on NextShare

Jorge Sainz Raso

KTH - TSLab

July 26, 2009

Examiner: Bjorn Knutsson Supervisor: Raul Jimenez

Jorge Sainz Raso Access Control Integration on NextShare



OutlineIntroduction

Broadcasting on The InternetNextShareDefinitionsSatellite approachGoal

Developed systemOutlineACFACS 1: passwordACS 2: sAccess Control Scheme

Future workWork that can be done!Extend the sACSAdapt the framework to the new SwarmPlayerNew Access Control Schemes

ConclusionsJorge Sainz Raso Access Control Integration on NextShare




Introduction

Broadcasting on the Internet

I Internet has a great potentialI Not fully exploited!

I Distribution restrictionsI Imposed by the Content Owners

I Distribution Control vs. Distribution CostsI No well-balanced





Introduction

Broadcasting on the Internet

I Currently, use of client-server architectureI High Distribution Control

I Server denies the connection.I High Distribution Costs

I Client-server does not scale well.I Each user consumes bandwidth from the server.I bandwidth per user ∗ number of users





Introduction

P2P NetworksI P2P Networks for Internet media streaming.

I Match with the requirementsI Lower Distribution Costs

I Scale better than client-serverI Peers share their downloaded data.I Costs will not be totally in the broadcaster.

I Little Distribution ControlI Most P2P Networks are not designed for this.I Difficult to stop the content distribution.





Introduction

NextShareI Content delivery platformI P2P based.I Developed by P2P-Next consortium

I Universities like KTH.I Broadcasters like BBC or EBU.





Introduction

NextShare - Requirements

I Restrict distribution is requiredI Technical requirements

I Efficient distributionI Caching

I Cannot be sacrificed only for access restriction.





Introduction

NextShare - Requirements

I Restrict distribution is requiredI Technical requirements

I Efficient distributionI CachingI Cannot be sacrificed only for access restriction.





Introduction

DefinitionsI Restrict distribution

I Do not allow downloadingI Restrict access

I Allow downloadingI Do not allow consumption





Introduction

Access Restriction on Satellite TV





Introduction

GoalI Access Control outside the core

I Distribution mechanism untouchedI Caching support

I Develop a frameworkI Flexibility

I BenefitsI Distribution Core unaffectedI Easy to support different ACSsI Should ACS be compromised

I Can easily be replaced




OutlineACFACS 1: passwordACS 2: sAccess Control Scheme

Developed system

Access Control Integrationon NextShare

I Access Control FrameworkI Integrated in

I TriblerI SwarmPlayer

I Implement sample ACSsI PasswordI sACS





ACF — Creating the torrent in Tribler





Access Control Framework

Information Added to the torrentI Data added:

Protected:ProtectedMethod=<kind of protection><extra data needed for the ACS layer>






Detecting an ACS in SwarmPlayer






Playing Files in SwarmPlayer






Playing Protected Files in SwarmPlayer





Access Control Schemes

ACS 1: Protection by Password


















ACS 2: simple Access Control SchemeSupports

I Key deliveringI GeoIPI IP RangeI Other Access token mechanism

I Payment system





Existing approaches

Satellite TV





Existing approaches

sACS advantage: bidirectional comunication





Existing approaches

DRM for a P2P sharing architecture

11

Chun Yuan et al. Implementing Digital Right Management in P2P Content Sharing SystemJorge Sainz Raso Access Control Integration on NextShare





simple Access Control System (sACS)









sACS — PoliciesI XACML language

I Define policiesI Ask for authorization to a remote server

I This thesis: sXACML: simplified version of XACMLI Contains functions to specify

I IP RangeI Geolocation












Work that can be done!Extend the sACSAdapt the framework to the new SwarmPlayerNew Access Control Schemes

This system developed...

I Fully usable!I Proof of conceptI A lot of work can be done





Future work

Extend the sACS: Payment system

22

R. Jimenez, L-E. Eriksson, and B. Knutsson.P2P-Next: Technical and Legal Challenges. SNCNW09, Uppsala, May. 2009





Future work

Extend the sACS: use a Tamper proof device

I Example: smart cardsI Similar to satellite TVI The smart card could

I Authenticate to the access control serverI Decrypt the content

I The key remains hided in the card





Future work

Adapt the framework to the new SwarmPlayer

I The ACF developed works in SwarmPlayer 1.1.0I It does not in SwarmPlayer 1.0.13

3This is not a typo. Apparently, SwarmPlayer is not following versioningconventions





Future work

Plug New Access Control Schemes

I Just follow the few ACF restrictionsI More functionalities

I Like payment systemI Other access control policy language




Conclusions

Access Control Integrationon NextShare

I Flexible frameworkI Completely integratedI Multiple ACS plugged in

I AC independent from the CoreI Distribution Mechanism

untouchedI Caching

I Fully usable but...I Proof of concept




Thank you!any questions?

Jorge Sainz RasoWebsite of the project: http://www.tslab.ssvl.kth.se/thesis/node/1168

[email protected]


Business

Access Control Integration on NextShare. Master Thesis Final Presentation