1 / 13

Principles of Policy in Secure Groups

Principles of Policy in Secure Groups. Hugh Harney SPARTA, Inc. Andrea Colegrove SPARTA, Inc. Patrick McDaniel University of Michigan. A secure group is the collection of cooperating entities operating under a shared security policy.

peony
Download Presentation

Principles of Policy in Secure Groups

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Principles of Policy in Secure Groups Hugh Harney SPARTA, Inc. Andrea Colegrove SPARTA, Inc. Patrick McDaniel University of Michigan

  2. A secure group is the collection of cooperating entities operating under a shared security policy Security policies combine elements of Identification and Authentication, Authorization, Access Control, Mechanism Choices, and mechanisms for verifying the Validity of each Definitions

  3. Peer vs. Group Different assumptions can be made for each: • Peers --can determine who they are communicating with, can participate in key exchange, mechanisms negotiated according to local policy • Groups -- security association is greater and more abstract than pair-wise counterpart This difference affects what parts of policy must be explicitly determined and how that policy in enforced.

  4. Explicit Policy Elements • Identification -- Explicitness principle, etc. • Access Control -- Who will you potentially communicate with? • Authorization -- Who can affect the security? • Security Mechanisms -- How is the data protected? • Verification -- Bootstrap

  5. Principle 1 • Enforcement of group policy must be consistent across a group Consistency mechanism equivalence synchronization Consequence: Weakest link concept

  6. Example of Principle 1 • GSAKMP enforces the use of equivalent mechanisms through policy token definition • It provides methods for key and policy synchronization • Joins • Rekey • Compromise Recovery • Policy token updates

  7. Principle 2 • Only authorized entities can affect the security posture of the group • Policy creation, key dissemination, rekey initiation, and group destruction • Actions affect group security posture • Limited to designated authorities • Authorization and Authentication checks

  8. Example of Principle 2 • How GSAKMP limits security posture influence to authorized entities: • Chain of trust • Policy token comes from authorized source and is authenticated • Known group owner, trusted third party, etc. • Authorized entities are identified in the token • Messages identified as affecting security posture are verified to have come from authorized entity

  9. Principle 3 • Group content must be protected • Access control • Secure key possession in accordance with access control policy + secure mechanisms

  10. Example of Principle 3 • How GSAKMP provides group content protection: • Crypto mechanisms specified in token • Access control policy specified in token and enforced through legitimate distribution

  11. Principle 4 • Groups must be capable of recovery from security relevant failures to a secure state • Compromise recovery • Group Deletion • Secure (authenticated) transactions

  12. Example of Principle 4 • How GSAKMP provides recovery: • Aborting failed join exchanges by either parties • Signatures, nonces, id fields, inadequate credentials • Detecting and rejecting counterfeited rekey • Incorrect signatures, timestamps, authorization failures (token mismatch) • Detecting and rejecting fake deletion • Access recovery via key trees such as LKH or OFC

  13. Conclusions • Principles illustrate necessary requirements • Define and enforce policy • Failure recovery • How to ensure that good policy is defined?

More Related