• No results found

F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services"

Copied!
33
0
0

Loading.... (view fulltext now)

Download now ( 33 Page )

Full text

(1)

F3ildCrypt: End-to-End Protection of Sensitive

Information in Web Services

Matthew Burnside and Angelos D. Keromytis

Department of Computer Science Columbia University {mb, angelos}@cs.columbia.edu

(2)

Motivation

Identity-related information is valuable

You must provide such information when using an online merchant

This information is vulnerable to disclosure at the endpoints and in transit

Can we protect this information end-to-end without revealing details of the logical corporate architecture?

(3)

Outline

1 Introduction 2 Related work 3 Architecture 4 Evaluation 5 Conclusion

(4)
(5)

Merchant trust

Users have to trust online merchants: Merchant is not malicious

Merchant will protect sensitive information for its lifetime Merchant site is maintained by diligent sysadmins

(6)

Service-oriented architecture

In this work, we focus on SOAs:

Requests to a network have a single entry point

A parent SOA may make requests on multiple child SOAs SOAs may operate under differing legal and corporate policies toward private data

(7)

SOA trust

In Service Oriented Architectures, users have to trust: Merchant and peer SOAs are not malicious

Merchant and peer SOAs will protect sensitive information for its lifetime

(8)

Data in transit

We consider only data in transit across the SOA pipeline We protect the data between the web browser and the back-end database

Our approach does not protect against nodes with legitimate access to the data

(9)

Design alternative

Pair-wise key distribution

Generate a public key for each potential destination host in the SOA pipeline

Deliver public keys to each web browser

(10)

Design alternative (cont.)

Issues with pair-wise key distribution

Public keys for all hosts in any partner SOAs must also be delivered

Public keys must be updated each time the architecture of the SOA or its partners varies

Reveals the logical architecture of the SOA and its SOA partners

(11)
(12)

Proxy re-encryption

Given plaintext P, Alice hpkA, skAi, and Bob hpkB, skBi

There exists some rkA→B = F (skA, pkB) such that:

pkB(P) = rkA→B(pkA(P))

(13)

W3bCrypt

Introduced end-to-end encryption in web pipelines “Encryption as a stylesheet”

Firefox plugin for application-level crypto Requires disclosure of corporate network details [Stavrou et al., 2006]

(14)
(15)

Architecture

Network model Design goals

(16)

Network model

SOA-style network

Each SOA may have multiple partner SOAs

SOAs wish to prevent disclosure of logical architecture and peering

(17)

Design goals

End-to-end protection of fields – even across SOA boundaries Confidentiality of logical architecture of each SOA must be respected

This work does not focus on providing protection against compromise or failure of entities with legitimate access to sensitive information.

(18)

F3ieldCrypt architecture

Each SOA s publishes a public key pkEs

Browser b generates plaintext P b sends C = pkEs(P) to s

Gateway at s re-encrypts C to internal hosts and partner SOAs I0...In

(19)

Key generation

Key pair hpkEs, skEsi generated at the external-key holder

skEs used in conjunction with internal application keys

(20)

External-key holder

External-key holder has skEs and pkI0...pkIn — its compromise

could be dangerous. However:

Very low bandwidth requirements

Only needed at setup and when adding new internal hosts Can be kept offline!

(21)

Key distribution

pkEs is publicized

rkE →I0...rkE →In transmitted toproxy re-encryption engine

By proxy re-encryption:

(22)

Proxy re-encryption engine

Fields arrive at proxy re-encryption engine encrypted under pkEs

Each field f is re-encrypted to pkIj

The mapping f → j is determined by an admin-defined XACML policy

(23)

Browser engine

Browsergenerates plaintext P containing a set of fields f0...fn

(24)

Architecture summary

browser → proxy re-encryption engine: pkEs(fi)

proxy re-encryption engine: pkIj(fi) = rkE →Ij(pkEs(fi))

(25)
(26)

Implementation

Java-based re-crypto engine uses JHU-MIT Proxy Re-cryptography Library for each browser

XML gateway at the SOA stores the re-encryption engine Python-based XML proxy for each internal application to store keys and unwrap XML

(27)

Testbed servers

Dell PowerEdge 2650 Servers

2.0GHz Intel Zeon processor, 1GB RAM, Gigabit Ethernet OpenBSD 4.2

OpenBSD PF firewall, Apache 1.3.29, PHP 4.4.1, MySQL 5.0.45

(28)

Testbed client

Macbook Pro

2.4 GHz Intel Core 2 Duo, 2GB RAM, Gigabit Ethernet OS X 10.5.2, Darwin kernel 9.2.2, Mozilla Firefox 2.0.0.13

(29)

Block encryption on the client

0 50 100 150 200 1 2 3 4 5 6 7 8 9 10 Time (ms)

(30)

Re-encryption rate at an XML gateway

0 50 100 150 200 10 20 100 1000 10000 Fields/s Field size (B)

(31)

Decryption rate at an XML proxy

0 50 100 150 200 10 20 100 1000 10000 Fields/s Field size (B)

(32)

Conclusion

End-to-end protection to users

(33)

References

Matt Blaze, G. Bleumer, and M. Strauss.

Divertible protocols and atomic proxy cryptography.

In Proceedings of Eurocrypt ’98, pages 127–144, 1998. Angelos Stavrou, Michael Locasto, and Angelos Keromytis.

W3bcrypt: Encryption as a stylesheet.

In Proceedings of the 4th Applied Cryptography and Network Security Conference (ACNS 2006), pages 349–364, 2006.

References

Download now ( PDF - 33 Page - 259.61 KB )

Related documents

Deictic tools can limit the emergence of referential symbol systems

In addition, we predicted that participants in the gesture-plus condition would not use their extra communication channel to develop a referential symbol system (though they might

INDOOR AGILITY LADDER

Step forward with the right foot into the second square (3) and then laterally move the left foot next to the right foot (4). Step with the right foot, placing it outside the

Using surplus nuclear power for hydrogen mobility and power-to-gas in France

Electrolysers, power-to-gas, hydrogen mobility, demand side management, nuclear power utilisation

OFFICE OF INSPECTOR GENERAL OCTOBER 1, 2012 MARCH 31, 2013 U.S. DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT

OIG initially recommended and the Director of HUD’s Jacksonville Office of Public Housing agreed to assess the $1.2 million (recommendations 1C, 1E, 1F, 1G, and 1H) questioned by

A disaster resilient built environment in urban cities

Therefore, in making the municipal council responsible for making their built environment resilient to disasters it is important to provide them with the required authority

CYBERSECURITY MANAGEMENT

In this course, the students will be introduced to a professionally developed learning framework that will help them to thoroughly and critically assess organizational

OpenSSL User Manual and Data Format. Vittorio Giovara

So if we want to verify the file file.txt with its signature (file.sign), we need the related public key (public.key) and file in the same form of the original form of when the

Substitute 4 for x in the function, Simplify.

Identification/Analysis Use the definition of a logarithm to write the expression in exponential form.. The base on the logarithm is 3, so the base for exponential form is