wave: a decentralized authorization ... - stanford...

WAVE: A Decentralized Authorization Framework with Transitive Delegation Michael P Andersen, Sam Kumar , Hyung-Sin Kim, John Kolb, Kai fe i Chen, Moustafa AbdelBaky, Gabe Fierro, David E. Cul ler, Raluca Ada Popa

ThismaterialisbasedonworksupportedbytheNationalScienceFoundationGraduateResearchFellowshipProgramunderGrantNo.DGE-1752814.Anyopinions,findings,andconclusionsorrecommendationsexpressedinthismaterialarethoseoftheauthorsanddonotnecessarilyreflecttheviewsoftheNationalScienceFoundation.

Roadmap 1.  TheProblem

2.  WAVE’sApproach

3.  WAVE’sStorageLayer

4.  WAVE’sPrivacylayer

5.  ImplementationandEvaluation

Authorization for IoT

“Settemperatureto80F”

Authorization for IoT

“Settemperatureto80F”

Authorization

1. Howdoesthetenantreceivepermissiontoadjustthetemperature?

2. Howdoesthethermostatknowthattherequestwassentbysomeonewhohaspermission?

Authorization for IoT: Status Quo

Ownergivesusername:passwordtoairbnb

Owner Tenant

Airbnbperformsactionwhentenantrequests

•  Sharesidentity,notjustpermission•  Notrevocable•  Ad-hoc

The Problems  Existingauthenticationsystemsarecentralized(oftenmonolithic)

 Transitivedelegationisrare,leadingtoover-sharing Attacksoncentralizedsystemsarecommon,andaffectalltheusers

WAVE’s Approach

 Maketheflowoftrustfine-grained.

WAVE Captures Trust Relations

Owner Tenant

Attestation 1!

Policy:“AirbnbcansetOwner’sthermostatsetpoint,andcandelegate”(SignedbyOwner)!

Attestation 2!

Policy:“TenantcansetOwner’sthermostatsetpoint,foronlythedurationoftheirstay”(SignedbyAirbnb)

Attestation 2!Attestation 1!

PROOF●  Allows delegation of a subset of permissions

●  Prevents needing to share identity

●  Cryptographically enforced

Global Permissions Graph

1.Entityreceivespermissionviaachainofattestations

2.Entitypresentsapaththroughthegraphasproofitisauthorized

Authorization

1. Howdoesonereceivepermission?

2. Howdoesthedeviceknowthattherequestwassentbysomeonewhohaspermission?

Two Technical Challenges in WAVE 1. Howareattestationsstored,disseminated,anddiscovered,without

relyingonasingletrustedparty?

◦  Storagelayer

2. Howtoprotecttheprivacyofattestations?◦  Privacylayer

Storage Layer Goals  Storageproviderisuntrusted,soitmustbeverifiablethatitisnot:

◦  Hidingobjects(suchasrevocationentries)

◦  Forgingexistenceofnon-existentobjects

 Blockchainisanaturalsolutionbutunfortunatelydoesn’tscale

WAVE’s Storage Layer (First Try)  UselogofoperationsbackedbyMerkleTree[CertificateTransparency,Laurieetal.2013]

 Howtomakesuretheservercan’thideobjects?◦ Servermustbeabletoprovethatanobjectdoesn’texist◦ NotsupportedbyMerkleTreeLog!

MerkleTreeLogofoperations

Containsalltheauthorizationobjects

Canprove:-Append-only-Valueexistsinlog

WAVE’s Storage Layer (Second Try)  UseanotherMerkletreetoconstructmapofobjects[VerifiableLog-DerivedMap,Eijdenbergetal.2015]

 However,servercouldserverequestsusinganolderversionofthemap◦ Howtofixthis?




MerkleTreeMapofobjects

Containsobjectsindexedbytheirhash

Canprove:-Valuedoesnotexist-Valueexists

WAVE’s Storage Layer (Final)  Useanotherlogtostoreprogressionofmaproothashes

 Auditorsmakesurethateachrequestisservedusingthelatestmapversion




MerkleTreeMapofobjects

Containsobjectsindexedbytheirhash

Canprove:-Valuedoesnotexist-Valueexists

MerkleTreeLogofmaproots

Containsalltheroothashesofthemap


Private Attestations  Withthisstoragemodel,globalpermissionsgraphispubliclyaccessible◦ Leaks,e.g.,whoisrentingwhichhouseonAirbnb

 Storageisuntrusted;can’trelyonitforaccesscontrol Insteadwerelyoncryptography◦ Attestationsareencrypted◦ Theycanonlybedecryptedbyanentitywhocanusetheminaproof

Encrypt Attestations

Provingentity

Encrypt Attestations

Provingentity

Hiddenattestations

Decryptableattestations

Our Technique: Reverse-Discoverable Encryption (simplified)  Attestationsareencryptedusingrecipient’spublickey Attestationsincludesecretkeyofgranter◦ Allowsdecryptionofupstreamattestations

Ownersignsstatementsaying“Airbnbhaspermissiontosetmythermostatsetpoint,andcandelegate”

Attestation 1!Signed policy!

Airbnbsignsstatementsaying“TenanthaspermissiontoadjustOwner’sthermostatsetpoint”

Attestation 2!Signed policy!

Tenant

We actually use policy-aware

encryption to restrict access further.!

Our Technique: Reverse-Discoverable Encryption (simplified)  Eachentityhasakeypairforencryptingattestations Attestationsareencryptedusingrecipient’spublickey Attestationsincludesecretkeyofgranter◦ Allowsdecryptionofupstreamattestations Tenant

We actually use policy-aware

encryption to restrict access further.!

Attestation 1!

Policy:“AirbnbcansetOwner’sthermostatsetpoint,andcandelegate”(SignedbyOwner)!

Attestation 2!

Policy:“TenantcansetOwner’sthermostatsetpoint,duringtheirstay”(SignedbyAirbnb)

Reverse-Discoverable Encryption

Provingentity

First Release of WAVE Version 3 Feature WAVE2 WAVE3Delegation Yes YesDecentralized Yes YesScalable No(blockchain) YesEncryptedAttestations No YesFullyGeneral No(IoTpubsub) YesFullImplementation Yes Yes

WAVEVersion2:github.com/immesys/bw2

WAVEVersion3:github.com/immesys/wave

Operation Times [ms]

Grantingpermissions

Creatingaccounts

Discoveringnewattestations

Verifyingproofs

Use Case Comparison (Critical Path) 1. Authenticate◦  LDAPBind

2. CheckAuthPolicy◦  SQLLookup

Total:7.5ms

Appserver

LDAP

SQLDB

6.3ms

1.2ms

User:pass

Use Case Comparison (Critical Path)

1. Validateproof(yieldspolicy)Total:<7msforcommonpatterns

Appserver

WAVEagent

Proof

ProofTimes:Length1:2.8msLength3:6.2ms

Conclusion  WAVEisanauthentication/verificationenginethatmakestrustrelationshipsfine-grained

 Itcanrunatglobalscalewithoutacentraltrustedparty

 ItisaREALartifactwehaveoperatedfor2years,securingover800IoTdevicesinCalifornia!

wave: a decentralized authorization ... - stanford...

Documents