Embed Size (px)
Citation preview
Decentralized Decentralized authorization and data authorization and data security in web content security in web content
delivery delivery **
Danfeng Yao (Brown University, USA)Danfeng Yao (Brown University, USA)
Yunhua Koglin (Purdue University, USA)Yunhua Koglin (Purdue University, USA)
Elisa Bertino (Purdue University, USA)Elisa Bertino (Purdue University, USA)
Roberto Tamassia (Brown University, USA)Roberto Tamassia (Brown University, USA)
SAC, March, 2007, Seoul, Korea
* Supported by U.S. NSF CCF–0311510, IIS–0324846, 0430274, * Supported by U.S. NSF CCF–0311510, IIS–0324846, 0430274, CERIASCERIAS
2
Content Owner
Web Surfer
Web intermediaries (proxies) in content delivery networkWeb intermediaries (proxies) in content delivery network
Original content
Modified Content
Content Delivery Network Content Delivery Network (CDN)(CDN)
3
Motivations in CDNMotivations in CDN
Contents are delivered by a third-party, Contents are delivered by a third-party, not directly by content ownersnot directly by content owners e.g., Akamai.com’s servers deliver contents for e.g., Akamai.com’s servers deliver contents for
CNN.comCNN.com Delivered contents are usually modified or Delivered contents are usually modified or
transformed by proxiestransformed by proxies e.g., Modify sizes and resolutions of multimedia e.g., Modify sizes and resolutions of multimedia
filesfiles e.g., Customize dynamic web pages based on e.g., Customize dynamic web pages based on
client preferencesclient preferences Data transformations may involve multiple Data transformations may involve multiple
proxiesproxies
4
An example of 2-step data An example of 2-step data transformationstransformations
Transcode
High Medium Low
Customize banner
5
Problem definitionProblem definition
Our goal: to ensure the integrity of data transformations in content delivery networks
The key problem: How to ensure that data transformations are properly authorized?
Our approach: role-based proxy management
Inspired by Role-based access control [Sandhu et al 1996]
6
Overview of our Overview of our role-based role-based authorizationauthorization approach approach
Entities: content owner, proxy, client, Entities: content owner, proxy, client, role authority role authority Role authority is trusted and assigns roles to proxiesRole authority is trusted and assigns roles to proxies Role authority can be the content owner or othersRole authority can be the content owner or others
A A trustworthytrustworthy proxy is authorized to perform proxy is authorized to perform allowed operationsallowed operations Transcoder proxy is authorized to transcode data onlyTranscoder proxy is authorized to transcode data only
The proof of role assignment is the The proof of role assignment is the role certificaterole certificate issued by role authorityissued by role authority
Only contents transformed by authorized proxies Only contents transformed by authorized proxies are acceptedare accepted
RoleCert
7
Illustration of role-based proxy Illustration of role-based proxy managementmanagement
Content OwnerWeb Surfer
Original content
2. Required role sequence2. Required role sequencespecified by content ownerspecified by content owner
Modified Content
3. Data is delivered3. Data is deliveredby proxies with by proxies with specified rolesspecified roles
1. Proxies are assigned roles by a role authority1. Proxies are assigned roles by a role authority
(Different color represents different proxy roles)(Different color represents different proxy roles)
8
Advantages of role-based proxy Advantages of role-based proxy managementmanagement
Easy to manageEasy to manage in a decentralized in a decentralized environmentenvironment The role abstraction is scalable, useful when The role abstraction is scalable, useful when
the number of proxies is highthe number of proxies is high Routing of contents is based on roles, rather Routing of contents is based on roles, rather
than individual identities of proxies (will than individual identities of proxies (will explain later) explain later)
Improves Improves flexibility and fault-toleranceflexibility and fault-tolerance Multiple proxies are assigned to the same role Multiple proxies are assigned to the same role
and provide backups to each otherand provide backups to each other
Proxies with required roles
9
Major operations in our modelMajor operations in our model
1.1. Role certificateRole certificate generation and distribution by generation and distribution by role role authorityauthority
2.2. Control informationControl information generation by generation by content ownercontent owner specifying the sequence of roles required for data specifying the sequence of roles required for data transformationtransformation1.1. E.g., control information E.g., control information
3.3. RoutingRouting of contents to required proxies of contents to required proxies1.1. Performed among proxies in a Performed among proxies in a decentralized decentralized fashionfashion
4.4. Protocols for the Protocols for the verification of integrityverification of integrity by each by each proxy and clientproxy and clientWeb surfer Content
owner
Proxies with required rolesControl info.
10
Main challenge in applying role Main challenge in applying role management to CDNmanagement to CDN
The key problem: How to route contents to required proxies without a centralized map of CDN?
The challenge: proxies do not have the global knowledge of CDN (e.g., who has what roles)
Our approach: use a role-number based routing to locate required proxies
11
Role number for proxiesRole number for proxies Each role is given a Each role is given a role numberrole number
e.g., transcoding role is numbered 2310e.g., transcoding role is numbered 2310
TheThe lookup table lookup table of a proxy is indexed by role of a proxy is indexed by role numbers, and stores pointers to neighboring numbers, and stores pointers to neighboring proxies with indexed role numbersproxies with indexed role numbers
3***3*** 23**23** 233*233* 23132313
2***2*** 22**22** 232*232* 23122312
1***1*** 21**21** 231*231* 23112311
0***0*** 20**20** 230*230* 23102310
Role number lookup table for 2310 Role number lookup table for 2310 (* representing any digit; an (* representing any digit; an arrow represents the address of a proxy with the corresponding arrow represents the address of a proxy with the corresponding role number)role number)
Inspired by distributed hash-tables [Inspired by distributed hash-tables [Zhao Zhao et alet al 2004 2004]]
12
Another example: lookup table for Another example: lookup table for 10211021
3***3*** 13**13** 103*103* 10231023
2***2*** 12**12** 102*102* 10221022
1***1*** 11**11** 101*101* 10211021
0***0*** 10**10** 100*100*10201020
Role number lookup table for 1021 Role number lookup table for 1021 (* representing (* representing any digit; an arrow represents the address of a proxy with any digit; an arrow represents the address of a proxy with the corresponding role number)the corresponding role number)
13
Role-number based routing Role-number based routing (from role-number 2310 to role-number 1021)(from role-number 2310 to role-number 1021)
23101***
102*
1021
10**
1. Prefix-based routing, correcting role-number 1. Prefix-based routing, correcting role-number digit-by-digitdigit-by-digit2. Similar to overlay networks (Distributed Hash Table)2. Similar to overlay networks (Distributed Hash Table)3. Suffix-based routing will work too3. Suffix-based routing will work too4. Further improvement is described in the paper4. Further improvement is described in the paper
Proxies only need to keep the Proxies only need to keep the local routinglocal routing information in information in lookup tables, not the global CDN maplookup tables, not the global CDN map
14
Security protocol for Security protocol for performing transformation performing transformation
and verificationand verification1.1. A proxy with the required role is requested to A proxy with the required role is requested to
perform a perform a transformationtransformation on a requested content on a requested content1.1. The proxyThe proxy verifies verifies the previous transformation is valid the previous transformation is valid
2.2. The proxy performs transformation and The proxy performs transformation and signssigns the hash of the hash of the transformed segmentthe transformed segment
3.3. The proxy appends its The proxy appends its role certificaterole certificate to the segment to the segment
4.4. The proxy consults the The proxy consults the lookup tablelookup table and passes the and passes the segment to the next proxy required by control information segment to the next proxy required by control information
2.2. The client The client verifiesverifies the final transformed content the final transformed content against control information and proxies’ role against control information and proxies’ role credentialscredentials
15
Security of Security of iDeliveryiDelivery
Assumption: Assumption: Certified proxies are trustedCertified proxies are trusted Integrity: Integrity: Delivered content that is modified Delivered content that is modified
by unauthorized entities should not be by unauthorized entities should not be acceptedaccepted
Confidentiality:Confidentiality: The delivered contents The delivered contents cannot be viewed by unauthorized entitiescannot be viewed by unauthorized entities
Theorem Theorem The iDeliver protocol ensures data The iDeliver protocol ensures data integrity and confidentialityintegrity and confidentiality The proof ofThe proof of iDelivery iDelivery’s security is based on standard digital ’s security is based on standard digital
signature and encryption schemes (public-key encryption signature and encryption schemes (public-key encryption and symmetric encryption)and symmetric encryption)
16
Complexity of Complexity of iDeliveryiDelivery
OperationsOperations HashHash Enc/DecEnc/Dec Sign/VerifySign/Verify
Role AuthorityRole Authority O(N)O(N) O(N)O(N) O(N)O(N)
Content Content server*server*
O(m)O(m) O(1)O(1) O(1)O(1)
A proxy*A proxy* O(1)O(1) O(1)O(1) O(1)O(1)
client*client* O(1)O(1) O(1)O(1) O(1)O(1)
N is the total number of proxies. m is the number of roles N is the total number of proxies. m is the number of roles required for processing the content. * This refers to the required for processing the content. * This refers to the operations for one content request.operations for one content request.
17
SummarySummary
Developed a general framework for data integrity in Developed a general framework for data integrity in content delivery networkscontent delivery networks
Developed a role-based proxy management Developed a role-based proxy management approach for the decentralized authorization in CDNapproach for the decentralized authorization in CDN
Role-based proxy management improves the Role-based proxy management improves the flexibility and fault-tolerance of content deliveryflexibility and fault-tolerance of content delivery
Our paper describes our Our paper describes our iDeliveryiDelivery protocolprotocol in detailsin details We also support caching (see paper for details)We also support caching (see paper for details)
