privacy preserving enforcement of sensitive …asghar/talks/pidgin.pdftop right corner for field...

26
Privacy Preserving Enforcement of Sensitive Policies in Distributed Environments Muhammad Rizwan Asghar Saarbrücken, Germany March 20, 2014 Researcher CREATE-NET Italy

Upload: others

Post on 26-Jul-2020

1 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Slide title

In CAPITALS

50 pt

Slide subtitle

32 pt

Privacy Preserving Enforcement

of Sensitive Policies in

Distributed Environments

Muhammad Rizwan Asghar

Saarbrücken, Germany

March 20, 2014

Researcher

CREATE-NET

Italy

Page 2: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

2

26.2

41.3

52.3

63.4

73.9

83

89.7

0

20

40

60

80

100

2011 2012 2013 2014 2015 2016 2017

Number of Smartphone Buyers

in millions

Growth of Smartphones

Source: EMarketer, April 2013

Page 3: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

3

What is an Opportunistic Network?

A network where nodes connect intermittently and

communicate even when no direct path exists

It enables content exchange in a pub-sub fashion

– Publishers publish content

– Subscribers express interest

– Brokers disseminate and match interest and content

Typically short-range communication

E.g., Haggle (an EU project from 2006 to 2010)

DARPA - Content-Based Mobile Edge Networking (CBMEN)

Subscriber

Interest

Broker Publisher

Content Content

Page 4: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

4

Use case Scenario:

Curiosity – A Military Mission

No Internet connectivity in the battlefield

Every Soldier is equipped with a smartphone

A Scout collects and shares sensitive information

– For instance, enemy positioning

Only short-range communication is possible

We can leverage opportunistic networks

– such as Haggle

Subscriber

Interest = {‘Curiosity’}

+ Broker Publisher

Tags = {‘Curiosity’}

Page 5: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

5

Privacy and Confidentiality Issues

Brokers (or attackers) may easily learn

– interest of subscribers

privacy issue

– published content

confidentiality issue

Subscriber

Interest = {‘Curiosity’}

+ Broker Publisher

Tags = {‘Curiosity’}

Page 6: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

6

Research Challenges

C1: In the presence of unauthorised brokers, how to

regulate access to disseminated content?

C2: Considering curious brokers, how to exchange content

without compromising privacy of subscribers?

C3: How can subscribers subscribe without exposing

interest to routing brokers?

C4: For avoiding network flooding, how do we ensure that

a subscriber receives content that she can decrypt?

C5: Assuming the loosely-coupled pub-sub model, how to

address C1-C4 without sharing keys?

Page 7: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

7

Threat Model

Honest but curious brokers

Nodes may collude

– Broker-broker collusion

– Broker-subscriber collusion

– Subscriber-subscriber collusion

Trusted key management authority

– distributes key material to nodes out of the band

– can stay offline

Passive adversaries

Page 8: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

8

CP-ABE Policy: Building Blocks

Ciphertext-Policy Attribute-Based Encryption (CP-ABE)

Data encrypting entity exerts control over who can gain

access

E.g., a Major or a Soldier from the Infantry unit can get

access

P =

Major

V

Soldier Infantry

Λ

{Content} P

Page 9: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

9

Scheme I: Regulate Access to Content

Publishers encrypt content using CP-ABE policies

Subscribers may decrypt if they satisfy policies

It regulates access to content (C1)

Issue: subscribers may receive content that they

cannot decrypt – the network flooding issue (C4)

Subscriber

Interest = {‘Curiosity’} P =

P

+ P

Major

V

Soldier Infantry

Λ

Broker Publisher Tags = {‘Curiosity’} + + P

No Attributes = {‘Soldier’}

Page 10: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

10

Scheme II: Authorisation Check

Subscribers send attributes along with interest

Brokers forward content if attributes satisfy policy, as

well as interest matches with content

It resolves the network flooding issue (C4)

Issue: cleartext interest, attributes and policy leak

privacy of subscribers (C2 & C3)

Subscriber

Interest = { ‘Curiosity’} P =

+ P

Major

V

Soldier Infantry

Λ

Broker Publisher Tags = {‘Curiosity’} +

Attributes = { ‘Soldier’, ‘Infantry’}

+

P + P

Page 11: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

11

Scheme III: Hiding Private Information

using a Hash

Replace cleartext elements with hash

Brokers matches hash values

Issue: pre-computed dictionary attack

Subscriber

Interest = {H(‘Curiosity’)} P’ =

+ P

H(‘Major’)

V

H(‘Soldier’) H(‘Infantry’)

Λ

Broker Publisher Tags = {H(‘Curiosity’)} +

Attributes = {H(‘Soldier’), H(‘Infantry’)}

+

P + P’

Page 12: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

12

Scheme IV: Harden against a Pre-

computed Dictionary Attack

Publishers replace each leave node with a hash of

concatenated pair of a tag and an attribute

Subscribers subscribe using the hash of a

concatenated pair of an interest item and an attribute

It decreases number of comparisons at brokers

Issue: still vulnerable to a pre-computed dictionary

attack

Subscriber

Subscription = { H(‘Curiosity’ || ‘Soldier’), H(‘Curiosity’ || ‘Infantry’)}

P’ =

+ P

H(‘Curiosity’ || ‘Major’)

V

H(‘Curiosity’ || ‘Soldier’)

H(‘Curiosity’ || ‘Infantry’)

Λ

Broker Publisher P + P’

Page 13: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

13

PEKS: Building Blocks

Public-key Encryption with Keyword Search (PEKS)

contains four algorithms

– Keygen generates public ( ) and private ( ) keys

– Etag encrypts tag given a public key

– Trapdoor transforms a keyword into trapdoor using a

private key

– Test checks whether an encrypted tag matches with the

trapdoor

It performs encrypted matching without revealing

plaintext values

xSoldier hSoldier

Page 14: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

14

Proposed Scheme: PIDGIN

PIDGIN: Privacy Preserving Interest anD content

sharinG in opportunIstic Networks [Asghar et al. ASIACCS’14]

The main idea is to employ PEKS for protecting

policies, tags and subscriptions (C2 & C3)

Publishers encrypt leaf nodes in a policy using Etag

Subscribers protect subscription using Trapdoor

Brokers perform matching using Test

Subscriber

Subscription = { Trapdoor(‘Curiosity’, xSoldier), Trapdoor(‘Curiosity’, xInfantry)}

P’ =

+ P

Etag(‘Curiosity’, hMajor)

V

Etag(‘Curiosity’, hSoldier)

Etag(‘Curiosity’, hInfantry)

Λ

Broker Publisher P + P’

Page 15: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

15

Complex Policies

Policy with multiple tags

E.g., ‘Curiosity’ and ‘Urgent’

Λ

Etag(‘Urgent’, hMajor)

Etag(‘Curiosity’, hMajor)

V

Etag(‘Urgent’, hSoldier)

Etag(‘Curiosity’, hSoldier)

V

Etag(‘Urgent’, hInfantry)

Etag(‘Curiosity’, hInfantry)

V

Λ

Page 16: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

16

PIDGIN – Implementation Details

We developed a prototype of PIDGIN in C

– Using open source libraries: libfenc and pbc

We tested PIDGIN on Samsung Galaxy SIII

– Cross-compiled gmp, pbc, libfenc and PIDGIN

– Ported libraries and binaries on smartphone

Content is encrypted with a symmetric key

Symmetric key is encrypted under a policy

Policy is encrypted using PEKS

{Content} K

{K} P

{P} PEKS

Page 17: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

17

PIDGIN – Overhead

We ran PIDGIN on Samsung

Galaxy SIII

– Operating system: Android

4.1.2

– Processor: 1.4 GHz

– RAM: 1 GB

We considered

– Content: 200 KB file

– Policy: (Soldier Λ Infantry) V

Major

– Attributes: {Soldier, Infantry}

– Tags/Interest items: {Curiosity}

Publisher’s encryption incurs < 0.3 s

Subscriber’s encryption incurs < 0.04 s

Broker’s matching takes ~0.04 s

Subscriber’s decryption takes < 0.05 s

Page 18: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

18

Evaluation: Key Generation

Key generation authority generates search and

decryption keys

Complexity

– Linear

– O ( |Attributes| )

Page 19: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

19

Evaluation: Content Encryption and

Decryption

Encryption and decryption of content using a

symmetric key

Complexity

– Linear

– O ( |Content| )

Page 20: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

20

Performance Analysis: Publisher’s Encryption

Encrypting symmetric key with policy and then

extending policy with tags

– Each Etag is of 256 bytes

Complexity

– Quadratic

– O ( |Tags| *

|Attributes-Pub| )

Page 21: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

21

Performance Analysis: Subscriber’s Encryption

Effect of number of interest items and attributes on

subscriber’s encryption time

– Each Trapdoor of interest item/attribute is of 128 Bytes

Complexity

– Quadratic

– O ( |Interest-Items| *

|Attributes-Sub| )

Page 22: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

22

Performance Analysis: Broker’s Matching

Effect of number of interest items and tags on broker’s

matching time

Complexity

– O ( |Tags| *

|Interest-Items| *

|Attributes-Pub| *

|Attributes-Sub| )

Page 23: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

23

Related Work

Search on encrypted data

– Symmetric encryption schemes are not suitable in opportunistic

environments

– Public-key encryption schemes do not support expressive policies

Attribute-Based Encryption (ABE) support expressive access

control polices

– CP-ABE and KP-ABE reveal policies and attributes, respectively

Predicate encryption and hidden vector schemes assume end-to-

end communication

Shikfa et al. propose content dissemination in opportunistic

networks

– Only uni-directional communication from publishers

Page 24: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

24

Discussion

Optimisation

– Short-circuit evaluation

Scalability

– Time to live

– Content creation time

– Content received time

Key management

– Deployment in practical scenarios

– Distributed authorities

Page 25: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

25

Summary

We proposed PIDGIN that regulates access to content

In PIDGIN, brokers enforce sensitive policies

without compromising privacy of subscribers

Publishers and subscribers do not share keys

We implemented a prototype and measured

performance by running on Samsung Galaxy SIII

It can be applied to a number of other application

scenarios, e.g.,

– Reporting and controlling crimes

– Offloading content delivery networks

Page 26: Privacy Preserving Enforcement of Sensitive …asghar/talks/PIDGIN.pdfTop right corner for field customer or partner logotypes. See Best practice for example. Slide title 40 pt Slide

Top right

corner for

field

customer or

partner logotypes.

See Best practice

for example.

Slide title

40 pt

Slide subtitle

24 pt

Text

24 pt

5

20 pt

26

[email protected]

http://disi.unitn.it/~asghar/