1 / 20

User Scenarios & Security Considerations in APPAGG part 2/2

User Scenarios & Security Considerations in APPAGG part 2/2. 2003.03.31 Nobuhiro Kobayashi@Mitsubishi Electric Corp. n-koba@iss.isl.melco.co.jp. Solution. Who grants the rights to the subject ? Who stores the rights ? How describe the rights ? Who authenticates the subject ?

kim
Download Presentation

User Scenarios & Security Considerations in APPAGG part 2/2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. User Scenarios&Security ConsiderationsinAPPAGGpart 2/2 2003.03.31 Nobuhiro Kobayashi@Mitsubishi Electric Corp. n-koba@iss.isl.melco.co.jp 1

  2. Solution • Who grants the rights to the subject ? • Who stores the rights ? • How describe the rights ? • Who authenticates the subject ? • Who authenticates the object ? • Who authorizes the subject ? • (? Any other items ? ) 2

  3. Solution (cont.) • Who grants the rights to the subject ? • Owner • (? default settings by manufacturer ) 3

  4. Solution (cont.) • Who stores the rights ? • ? each appliance • ? Owner’s wearable appliance(ex. watch) 4

  5. Solution (cont.) • How describe the rights ? • ? XML • ? original format 5

  6. Solution (cont.) • Who authenticates the subject ? • Owner • ? Owner’s wearable appliance • ? each appliance • ? Trusted third party 6

  7. Solution (cont.) • Who authenticates the object ? • Owner • ? Owner’s wearable appliance • ? each appliance • ? Trusted third party 7

  8. Solution (cont.) • Who authorizes the subject ? • Owner • ? Owner’s wearable appliance • ? each appliance • ? Trusted third party 8

  9. Example. John’s wearable appliance “watch” has the rights list. The “watch” sends command to the light. How to set the rights to the lights ? John grants the rights to the light. John grants the rights to his watch. Rights List for light Owner is John. Rights List for watch Owner is John. Owner can turn on the lights. Owner can use the laptop. command Turn ON the light. 9

  10. A( watch ) C( attacker ) B( light ) normal attack Version 1 command command command command command command success replay attack 10

  11. Solution (cont.) • To protect from replay attack. • Use Random Number • Use HMAC( Keyed-Hashing for Message Authentication) • It is more lightweightthan other cryptographic routines. 11

  12. A( watch ) C( attacker ) B( light ) normal attack Version 2 start request generate Random Number ( RN ). start request start request RN RN check RN RN RN command RN command key key HMAC HMAC command HMAC tmp HMAC compute HMAC with key check start request start request ERROR RN2 RN2 RN RN command command HMAC HMAC cannot replay attack 12

  13. A( watch ) C( attacker ) B( light ) normal attack Version 2’ start request start request start request RN RN check RN RN RN key command key RN command HMAC HMAC command HMAC tmp HMAC check start request start request RN RN RN RN command command HMAC HMAC 13 doesn’t execute command

  14. A( watch ) C( attacker ) B( light ) normal attack Version 3 start request start request start request RN_A RN_A RN_A key key RN_B RN_B RN_B HMAC_B HMAC_B HMAC_B HMAC tmp check RN_B RN_B command key command key HMAC_A HMAC_A HMAC tmp check start request start request RN_A2 RN_A2 key RN_B RN_B HMAC_B HMAC_B HMAC tmp check ERROR attack detected 14

  15. References • Appliance Aggregation Architecture Terminology, Survey, and Scenarioshttp://www.hpl.hp.com/hosted/ggf/AppAggSurvery.doc, March 2003 • terminology translation ( English <-> Japanese )http://www.ipa.go.jp/security/ciadr/word_idx.htmlhttp://www.ipa.go.jp/security/ciadr/crword.htmlhttp://www.sisnet.or.jp/sis/dokuhon/p10.htm 15

  16. END Thank you. 16

  17. NOT USE 17

  18. A A Example. (cont.) John sets “secret key” to the “watch” and the light. The “watch” make HMAC from the command by “secret key”, and sends the command and HMAC to the light. The lights make HMAC from the received command by “secret key”, and compares this HMAC and the received HMAC. John sets “secret key”. John sets “secret key”. Rights List for light Owner is John. Rights List for watch Owner is John. Owner can turn on the lights. Owner can use the laptop. command Turn ON the light. HMAC made by watch HMAC made by light command Turn ON the light. HMAC made by watch compare the HMAC 18

  19. A A W L Example. (cont.) To against “replay attack”, use 3 handshakes and random numbers. Session Start Request Generate random number. HMAC_W (R.N.) HMAC_W (R.N.) R.N. compare the HMAC HMAC_W (R.N.) Generate random number. HMAC_L (R.N.) HMAC_L (R.N.) R.N. compare the HMAC HMAC_L (R.N.) command Turn ON the light. HMAC_L (R.N.) HMAC made by light HMAC made by watch HMAC made by watch command Turn ON the light. compare the HMAC 19

  20. Terminology translation ( English <-> Japanese ) • Impersonation, spoof なりすまし • authentication 認証 • replay attack 再送攻撃 • eavesdrop 盗聴 • encryption 暗号化 • alteration 改ざん • Integrity 完全性 • hash ハッシュ • message digest メッセージ・ダイジェスト • digital signature デジタル証明 • repudiation 否認(事後否認) • non-repudiation 否認拒否 • authorization 認可 • access control アクセス制御 • privilege control 特権制御 • principal 認証をうける単位(ユーザ、ホスト、アプリケーション等) 20

More Related