Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated...
Transcript of Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated...
![Page 1: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/1.jpg)
Lehrstuhl für Netzarchitekturen und NetzdiensteInstitut für InformatikTechnische Universität München
Authenticated addressing in networks
Supervisors TUM:MarcOliver Pahl,Heiko Niedermayer,Andreas Müller,Holger Kinkelin
Diploma thesis semifinal presentation
Blaž Primc, University of Ljubljana
![Page 2: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/2.jpg)
2Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Presentation overview
Motivation Goals
Diploma thesis Concepts
• Home network• Identities• Addressing
Tasks• Task 1• Task 2• Task 3• Task 4
Outlook
![Page 3: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/3.jpg)
3Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Presentation overview
Motivation Goals
Diploma thesis Concepts
• Home network• Identities• Addressing
Tasks• Task 1• Task 2• Task 3• Task 4
Outlook
![Page 4: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/4.jpg)
4Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Goals
Authone project Autonomous functionality inside (home)networks
• Prerequisites– Network entity addressing– Network entity identification
Diploma thesis Goal: provide Authone framework with capabilities for
• Network entity addressing• Network entity identification
![Page 5: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/5.jpg)
5Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Presentation overview
Motivation Goals
Diploma thesis Concepts
• Home network• Identities• Addressing
Tasks• Task 1• Task 2• Task 3• Task 4
Outlook
![Page 6: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/6.jpg)
6Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Home network
Network entities Users Devices Home gateway
![Page 7: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/7.jpg)
7Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Identities
Identity is... based on public key cryptography signed by issuing special node
Special node(s) (e.g. home gateway) Issues identities Each network entity must be registered Provides lookup service
![Page 8: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/8.jpg)
8Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Home BBobPDA
Addressing
EntityID is... hash over entity’s public key
Authone address... consists of entityIDs
• entityID.homeID.authone is bounded to identity supports interhome addressing
Lookup service Translates Authone address to IP address Provided by special node(s) (e.g. home gateway)
BobPDAID = hash(pubkeyBobPDA)HomeBID = hash(pubkeyHomeB)
Authone address = BobPDAID.HomeBID.authone
IP address
Identity
EntityID
![Page 9: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/9.jpg)
9Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Presentation overview
Motivation Goals
Diploma thesis Concepts
• Home network• Identities• Addressing
Tasks• Task 1: entity registration• Task 2: address lookup inside home network• Task 3: establish trust relationship between homes • Task 4: address lookup outside home network
Outlook
![Page 10: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/10.jpg)
10Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Task 1: entity registration
Goals Register new device at home network
Procedure User
• Fills new device registration request details Unregistered device
• Sends registration request details to home gateway Home gateway
• Creates identity• Updates DNS records• Sends identity to the new device
![Page 11: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/11.jpg)
11Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Task 1: entity registration
Goals Register new device at home network
Afterwards we can Address the new device using the Authone address Identify the new device
BobLaptopUnregistered device
![Page 12: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/12.jpg)
12Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Presentation overview
Motivation Goals
Diploma thesis Concepts
• Home network• Identities• Addressing
Tasks• Task 1: entity registration• Task 2: address lookup inside home network• Task 3: establish trust relationship between homes • Task 4: address lookup outside home network
Outlook
![Page 13: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/13.jpg)
13Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Task 2: address lookup inside home network
Goals Resolve Authone address to IP address
Procedure Registered device
• Sends DNS query to home gateway Special node (e.g. home gateway)
• Local DNS answers
DNS query
DNS response
Logged on BobLaptop at Home B:$ dig @HomeB BobPDA.authone
BobPDA
BobLaptop
![Page 14: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/14.jpg)
14Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Presentation overview
Motivation Goals
Diploma thesis Concepts
• Home network• Identities• Addressing
Tasks• Task 1: entity registration• Task 2: address lookup inside home network• Task 3: establish trust relationship between homes • Task 4: address lookup outside home network
Outlook
![Page 15: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/15.jpg)
15Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Task 3: establish trust relationship between homes
Goals Securely exchange identities between homes
Challenges No preestablished security context Secure exchange of information over wireless
Procedure Authenticated DiffieHellman key exchange Identity exchange and verification
Home A
Home B
Device A
Home A
Device B
Home B
![Page 16: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/16.jpg)
16Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Task 3: establish trust relationship between homes
Goals Securely exchange identities between homes
Procedure: Authenticated DiffeHellman key exchange Device A and Device B perform DH key exchange and hash DH secret key
• Device A displays 1st part of hash (ABCD) • Device B displays 2nd part of hash (EFGH)
User A and User B verbally exchange hashes and enter them into devices• User A enters 2st part of hash to Device A (EFGH)• User B enters 1st part of hash to Device B (ABCD)
Device A and Device B verify if input matches the calculated hash
Home A Home B
DH key exchange
ABCD EFGHABCD EFGHVerbal exchange
OK.
OK.
![Page 17: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/17.jpg)
17Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Task 3: establish trust relationship between homes
Goals Securely exchange identities between homes
Procedure: Identity exchange and verification Device A sends Home A and Device A identity Device B
• Validates presented identities• Sends a challenge to Device A
Device A responds to challenge Device B verifies response and stores the identities
Home A Home B
Challenge
ResponseDevice A
Home A
![Page 18: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/18.jpg)
18Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Presentation overview
Motivation Goals
Diploma thesis Concepts
• Home network• Identities• Addressing
Tasks• Task 1: entity registration• Task 2: address lookup inside home network• Task 3: establish trust relationship between homes • Task 4: address lookup outside home network
Outlook
![Page 19: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/19.jpg)
19Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Task 4: address lookup outside home network
Goals Resolve foreign home Authone address to IP address
Challenges How do we contact Home B from Home A?
Home A
Home B???THE INTERNET
Logged on AlicePDA at Home A:$ dig @HomeA BobPDA.HomeB.authone
![Page 20: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/20.jpg)
20Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Task 4: address lookup outside home network
Goals Resolve foreign home Authone address to IP address
Solution Distributed Hash Table
• Overlay network• Provides lookup service similar to hash table (key,value)• Keybased addressing of DHT nodes
Put all home gateways in one DHT• HomeID is the home gateway’s address in DHT• Homes with trust relationship can find and securely communicate with one
another– Possession of public key: we can generate entityID, thus we can address home
gateway in DHT
entityID = hash(public_key)
Identity
![Page 21: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/21.jpg)
21Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Home B
BobPDA
Home A
AlicePDA
DHT
Task 4: address lookup outside home network
Goals Resolve foreign home Authone address to IP address
DNS query
DHT query:Home B tell meyour IP and port
DHT reply:My IP and port
DNS query:Forwards Device A’s
DNS query
DNS reply
ForwardDNS reply Logged on AlicePDA at Home A:
$ dig @HomeA BobPDA.HomeB.authone
![Page 22: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/22.jpg)
22Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Task 4: address lookup outside home network
Demo
![Page 23: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/23.jpg)
23Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Presentation overview
Motivation Goals
Diploma thesis Concepts
• Home network• Identities• Addressing
Tasks• Task 1: entity registration• Task 2: address lookup inside home network• Task 3: establish trust relationship between homes • Task 4: address lookup outside home network
Outlook
![Page 24: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/24.jpg)
24Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
Outlook
Work still in progress Authone framework fundamental part
![Page 25: Blaž Primc, University of Ljubljana03... · 2012-06-28 · Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana 13](https://reader033.fdocument.pub/reader033/viewer/2022050307/5f6f8edab4141e6c90118f58/html5/thumbnails/25.jpg)
25Diploma thesis: Authenticated addressing in networks | Oct ‘08 – Feb ‘09 | Blaž Primc, University of Ljubljana
The end
Thank You!