Controlled Sharing of Sensitive Content NDN Case Study Yingdi Yu - - PowerPoint PPT Presentation

controlled sharing of sensitive content ndn case study
SMART_READER_LITE
LIVE PREVIEW

Controlled Sharing of Sensitive Content NDN Case Study Yingdi Yu - - PowerPoint PPT Presentation

Mar 08, 2024 542 likes •647 views

Controlled Sharing of Sensitive Content NDN Case Study Yingdi Yu UCLA 10/3/15 1 Content-based confidentiality Confidentiality stays with content independent from where the content is independent from how it is

slide-1
SLIDE 1

Controlled Sharing of Sensitive Content NDN Case Study

  • 1

Yingdi Yu

UCLA

10/3/15

slide-2
SLIDE 2

Content-based confidentiality

  • Confidentiality stays with content
  • independent from where the content is
  • independent from how it is delivered
  • content are produced in encrypted format
  • only authorized consumers are able to access the content
  • Application-level end-to-end confidentiality
  • not just the end of a connection
  • multi-party communication

Producer Consumer encrypt decrypt 2 10/3/15

slide-3
SLIDE 3
  • Req. on confidentiality
  • Encryption requires careful design
  • differential confidentiality
  • different content may be visible to different groups of

consumers

  • flexibility
  • retain the ability of changing access
  • scalability
  • keep reasonable number of encryption keys
  • avoid unnecessary re-encryption/signing
  • forward secrecy
  • make encryption keys less dependent on other keys
  • Content encryption should not block data production

3 10/3/15

slide-4
SLIDE 4

Application driven approach

  • NdnFit
  • distributed production
  • a group of producers

under the same name space

  • differential confidentiality
  • different consumers may

access different content

  • online data sharing
  • producer can freely produce

encrypted content without knowing who can access the content

4

Alice David Bob Cathy Activity sensor Blood sugar sensor Data Storage Data Producers Data Owner Data Consumers

10/3/15

alice health samples medical activity bloodsugar step location

slide-5
SLIDE 5

Encryption Scheme

  • Separate content production from

access control

  • producer-created content key
  • Control access through a group

key

  • created by namespace manager
  • distributed by namespace manager
  • public key in current implementation
  • Producers retrieve group

encryption key (public key), encrypt content key properly

  • Consumers retrieve group

decryption key (encrypted private key)

10/3/15 5 group encryption key data content key encrypts encrypts decrypts decrypts Producer Consumer consumer public key consumer private key group private key decrypts Namespace Manager encrypts group decryption key

slide-6
SLIDE 6

Name-based Access Control

  • Name of group encryption key serves as access control

instruction

  • /<data_prefix>/E-KEY

E-KEY/<additional_restriction>

  • /alice/health/read/activity/E-KEY

E-KEY/ 20150930160000/20150930180000

  • scope: any Alice’s activity data produced during Sep 30,

4pm-6pm

  • Producer retrieves group encryption key, encrypts

content keys falling into the scope

  • /alice/health/samples/activity/steps/C-KEY

C-KEY/ 20150930170000/20150930180000

  • encrypt Alice’s step data produced during Sep 30, 5pm-6pm

6 10/3/15

slide-7
SLIDE 7

Encrypted Content Format

  • Data packet must carry enough information for authorized

consumers to decrypt content

  • Experiment as application semantics
  • content encoding
  • not a part of architecture yet
  • Three sub-TLVs:
  • EncryptionAlgorithm
  • may also algorithm-specific fields,
  • e.g., Initial Vector
  • DecryptionKeyName
  • facilitate decryption key retrieval
  • EncryptedContent
  • When a data has more than one encrypted copies
  • each encrypted copy is an independent data packet
  • naming convention: /<content_name>/FOR

FOR/<decrypt_key_name>

  • 10/3/15

NDN Tutorial – ACM ICN 2015 (http:// named-data.net/icn2015-tutorial) 7 Name: data name Content DecryptionKeyName EncryptionAlgorithm EncryptedContent Signature content key

slide-8
SLIDE 8

Content production/consuming

  • Producer create a symmetric key (content key) to encrypt content
  • content key has the minimum granularity, e.g. one hour
  • /alice/health/samples/activity/steps/C-KEY/20150928080000/20150928090000
  • Producer retrieves group encryption key from namespace manager
  • encrypt content key using a group encryption key if the content key name falls into

the scope of the group encryption key

  • /alice/health/samples/activity/steps/C-KEY/20150928080000/20150928090000/FOR/

alice/health/read/activity

  • Consumer decrypts content by constructing a decryption key chain
  • retrieve encrypted content, encrypted content key, encrypted group decryption key
  • Application library will be available in next NDN platform release

8 10/3/15

Name: /alice/health/samples/activity/step Content DecryptionKeyName: C-KEY name EncryptionAlgorithm: AES_CBC, IV=b43d... EncryptedContent: Signature content key Name: /<C-KEY name>/FOR/<group key name> Content DecryptionKeyName: group decryption key name EncryptionAlgorithm: RSA Signature EncryptedContent: group decrypt key Name: /<group key name>/FOR/<bob key name> Content DecryptionKeyName: bob key name EncryptionAlgorithm: RSA Signature EncryptedContent: consumer decrypt key

slide-9
SLIDE 9

Open questions

  • Enable forward secrecy: decouple consumer private key with

content key

  • key distribution services
  • Name privacy
  • Convert key exchange between namespace manager and

producers to identity-based encryption, attribute-based encryption

  • Access revocation
  • Secure multi-party computing

9 10/3/15

slide-10
SLIDE 10

Summary

  • Content-based confidentiality makes confidentiality of

content location-independent

  • Content should be carefully encrypted to achieve

flexible and scalable access control at fine granularity

  • Expressive NDN name can be leveraged for efficient

access control

  • More encryption schemes need to be explored to

address remaining issues

10 10/3/15