Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
WAVE: A Decentralized Authorization Framework with Transitive Delegation Michael P Andersen, Sam Kumar , Hyung-Sin Kim, John Kolb, Kai fe i Chen, Moustafa AbdelBaky, Gabe Fierro, David E. Cul ler, Raluca Ada Popa
ThismaterialisbasedonworksupportedbytheNationalScienceFoundationGraduateResearchFellowshipProgramunderGrantNo.DGE-1752814.Anyopinions,findings,andconclusionsorrecommendationsexpressedinthismaterialarethoseoftheauthorsanddonotnecessarilyreflecttheviewsoftheNationalScienceFoundation.
Roadmap 1. TheProblem
2. WAVE’sApproach
3. WAVE’sStorageLayer
4. WAVE’sPrivacylayer
5. ImplementationandEvaluation
Authorization for IoT
“Settemperatureto80F”
Authorization for IoT
“Settemperatureto80F”
Authorization
1. Howdoesthetenantreceivepermissiontoadjustthetemperature?
2. Howdoesthethermostatknowthattherequestwassentbysomeonewhohaspermission?
Authorization for IoT: Status Quo
Ownergivesusername:passwordtoairbnb
Owner Tenant
Airbnbperformsactionwhentenantrequests
• Sharesidentity,notjustpermission• Notrevocable• Ad-hoc
The Problems Existingauthenticationsystemsarecentralized(oftenmonolithic)
Transitivedelegationisrare,leadingtoover-sharing Attacksoncentralizedsystemsarecommon,andaffectalltheusers
Roadmap 1. TheProblem
2. WAVE’sApproach
3. WAVE’sStorageLayer
4. WAVE’sPrivacylayer
5. ImplementationandEvaluation
WAVE’s Approach
Maketheflowoftrustfine-grained.
WAVE Captures Trust Relations
Owner Tenant
Attestation 1!
Policy:“AirbnbcansetOwner’sthermostatsetpoint,andcandelegate”(SignedbyOwner)!
Attestation 2!
Policy:“TenantcansetOwner’sthermostatsetpoint,foronlythedurationoftheirstay”(SignedbyAirbnb)
Attestation 2!Attestation 1!
PROOF● Allows delegation of a subset of permissions
● Prevents needing to share identity
● Cryptographically enforced
Global Permissions Graph
1.Entityreceivespermissionviaachainofattestations
2.Entitypresentsapaththroughthegraphasproofitisauthorized
Authorization
1. Howdoesonereceivepermission?
2. Howdoesthedeviceknowthattherequestwassentbysomeonewhohaspermission?
Two Technical Challenges in WAVE 1. Howareattestationsstored,disseminated,anddiscovered,without
relyingonasingletrustedparty?
◦ Storagelayer
2. Howtoprotecttheprivacyofattestations?◦ Privacylayer
Roadmap 1. TheProblem
2. WAVE’sApproach
3. WAVE’sStorageLayer
4. WAVE’sPrivacylayer
5. ImplementationandEvaluation
Storage Layer Goals Storageproviderisuntrusted,soitmustbeverifiablethatitisnot:
◦ Hidingobjects(suchasrevocationentries)
◦ Forgingexistenceofnon-existentobjects
Blockchainisanaturalsolutionbutunfortunatelydoesn’tscale
WAVE’s Storage Layer (First Try) UselogofoperationsbackedbyMerkleTree[CertificateTransparency,Laurieetal.2013]
Howtomakesuretheservercan’thideobjects?◦ Servermustbeabletoprovethatanobjectdoesn’texist◦ NotsupportedbyMerkleTreeLog!
MerkleTreeLogofoperations
Containsalltheauthorizationobjects
Canprove:-Append-only-Valueexistsinlog
WAVE’s Storage Layer (Second Try) UseanotherMerkletreetoconstructmapofobjects[VerifiableLog-DerivedMap,Eijdenbergetal.2015]
However,servercouldserverequestsusinganolderversionofthemap◦ Howtofixthis?
MerkleTreeLogofoperations
Containsalltheauthorizationobjects
Canprove:-Append-only-Valueexistsinlog
MerkleTreeMapofobjects
Containsobjectsindexedbytheirhash
Canprove:-Valuedoesnotexist-Valueexists
WAVE’s Storage Layer (Final) Useanotherlogtostoreprogressionofmaproothashes
Auditorsmakesurethateachrequestisservedusingthelatestmapversion
MerkleTreeLogofoperations
Containsalltheauthorizationobjects
Canprove:-Append-only-Valueexistsinlog
MerkleTreeMapofobjects
Containsobjectsindexedbytheirhash
Canprove:-Valuedoesnotexist-Valueexists
MerkleTreeLogofmaproots
Containsalltheroothashesofthemap
Canprove:-Append-only-Valueexistsinlog
Roadmap 1. TheProblem
2. WAVE’sApproach
3. WAVE’sStorageLayer
4. WAVE’sPrivacylayer
5. ImplementationandEvaluation
Private Attestations Withthisstoragemodel,globalpermissionsgraphispubliclyaccessible◦ Leaks,e.g.,whoisrentingwhichhouseonAirbnb
Storageisuntrusted;can’trelyonitforaccesscontrol Insteadwerelyoncryptography◦ Attestationsareencrypted◦ Theycanonlybedecryptedbyanentitywhocanusetheminaproof
Encrypt Attestations
Provingentity
Encrypt Attestations
Provingentity
Hiddenattestations
Decryptableattestations
Encrypt Attestations
Provingentity
Hiddenattestations
Decryptableattestations
Our Technique: Reverse-Discoverable Encryption (simplified) Attestationsareencryptedusingrecipient’spublickey Attestationsincludesecretkeyofgranter◦ Allowsdecryptionofupstreamattestations
Ownersignsstatementsaying“Airbnbhaspermissiontosetmythermostatsetpoint,andcandelegate”
Attestation 1!Signed policy!
Airbnbsignsstatementsaying“TenanthaspermissiontoadjustOwner’sthermostatsetpoint”
Attestation 2!Signed policy!
Tenant
We actually use policy-aware
encryption to restrict access further.!
Our Technique: Reverse-Discoverable Encryption (simplified) Eachentityhasakeypairforencryptingattestations Attestationsareencryptedusingrecipient’spublickey Attestationsincludesecretkeyofgranter◦ Allowsdecryptionofupstreamattestations Tenant
We actually use policy-aware
encryption to restrict access further.!
Attestation 1!
Policy:“AirbnbcansetOwner’sthermostatsetpoint,andcandelegate”(SignedbyOwner)!
Attestation 2!
Policy:“TenantcansetOwner’sthermostatsetpoint,duringtheirstay”(SignedbyAirbnb)
Reverse-Discoverable Encryption
Provingentity
Roadmap 1. TheProblem
2. WAVE’sApproach
3. WAVE’sStorageLayer
4. WAVE’sPrivacylayer
5. ImplementationandEvaluation
First Release of WAVE Version 3 Feature WAVE2 WAVE3Delegation Yes YesDecentralized Yes YesScalable No(blockchain) YesEncryptedAttestations No YesFullyGeneral No(IoTpubsub) YesFullImplementation Yes Yes
WAVEVersion2:github.com/immesys/bw2
WAVEVersion3:github.com/immesys/wave
Operation Times [ms]
Grantingpermissions
Creatingaccounts
Discoveringnewattestations
Verifyingproofs
Use Case Comparison (Critical Path) 1. Authenticate◦ LDAPBind
2. CheckAuthPolicy◦ SQLLookup
Total:7.5ms
Appserver
LDAP
SQLDB
6.3ms
1.2ms
User:pass
Use Case Comparison (Critical Path)
1. Validateproof(yieldspolicy)Total:<7msforcommonpatterns
Appserver
WAVEagent
Proof
ProofTimes:Length1:2.8msLength3:6.2ms
Conclusion WAVEisanauthentication/verificationenginethatmakestrustrelationshipsfine-grained
Itcanrunatglobalscalewithoutacentraltrustedparty
ItisaREALartifactwehaveoperatedfor2years,securingover800IoTdevicesinCalifornia!