• No results found

Rethinking Identity Management for Large-scale Distributed Systems

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Rethinking Identity Management for Large-scale Distributed Systems"

Copied!
28
0
0

Loading.... (view fulltext now)

Download now ( 28 Page )

Full text

(1)

Rethinking Identity Management for

Large-scale Distributed Systems

Weverton Luis da Costa Cordeiro weverton cordeiro@inf ufrgs br [email protected]

(2)

Agenda

Identity management todayy g yWhat we think about it…

What we see (as prominent solutions) about it…What we envisage about it…

Our framework for it…The road ahead for it…

(3)

Identity management today…

Online systems offer a lightweight processy g g p so that user can create identities

Such convenience comes with a price: with minimum Such convenience comes with a price: with minimum

(4)

Identity management today…

Fake accounts can serve for a variety of purposes, y p p which mainly depend on the system nature

Promote people and advertisements

Promote words and tweets

(5)

Identity management today…

The problem of creation of fake accounts is toughp g

No solution can be achieved without some degree of centralization (Douceur, 2002)

centralization (Douceur, 2002)

There can be no “one-size-fits-all” solution

i t ith di it f i t

environments with a diversity of requirements

varied user constraints

Existing solutions fall in either of two categories

Strong-based identity schemes

(6)

What we think about identity

management

management…

It should preserve the users’ privacyp p y

Obtaining a single identity

should be cheap for honest users

(7)

What we see as prominent directions

for identity management

for identity management…

CAPTCHAs

The attacker can redirect them for some other user to solve for some other user to solve

Computational puzzles

Existing approaches use puzzles of fixed capacity

Waste of processing cycles for computing useless information

(8)

What we envisage as a prominent

framework for identity management

framework for identity management…

Focus on those distributed systemsy based on the peer-to-peer paradigm

W k id tit h ( t th ti ti )

Weak identity schemes (no strong authentication)

We hypothesize that the attacker recurs much moreWe hypothesize that the attacker recurs much more

frequently than a honest user to obtain identities

Tracking back these identity requests to their

(9)

What we envisage as a prominent

framework for identity management

framework for identity management…

Identity requests Bootstrap y Bootstrap service Identity requests Bootstrap service service

(10)

What we envisage as a prominent

framework for identity management

framework for identity management…

Identity requests Bootstrap y Bootstrap service Identity requests Bootstrap service service

The challenge is that sources cannot be reliably tracked, and may change overtime

(11)

What we envisage as a prominent

framework for identity management

(12)

What we envisage as a prominent

framework for identity management

framework for identity management…

Trust score Trust score

Trust score Trust score

Trust score

Trust score Trust score

Trust score

(13)

What we envisage as a prominent

framework for identity management

framework for identity management…

Trust score Trust score

Trust score Trust score

Trust score

Trust score Trust score

Trust score

(14)

What we envisage as a prominent

framework for identity management

framework for identity management…

Trust score Trust score

Trust score Trust score

Trust score

Trust score Trust score

Trust score

(15)

Our framework…

Preserves the user privacy (primary goal)p y (p y g )

Evaluates the likeliness of an ongoing attack during

th d i i h ( b h i l i )

the admission phase (no user behavior analysis)

Relies on the concept of sources of identity requestsRelies on the concept of sources of identity requests,

not on the strategies that can materialize them

Can accommodate any strategy for pricing identity requests (in terms of effort or computational cost)

(16)

Our framework…

Trust Scores (CNSM 2011)

( )

Trust score derived from a relationship between the source and

(17)

Our framework…

Trust Scores (CNSM 2011) Adaptive Puzzles (COMNET 2012) ( ) ( )

Trust score derived from a relationship between the source and

network recurrence rates

Puzzles of adaptive complexity defined as a function of the

(18)

Our framework…

Trust Scores (CNSM 2011) Adaptive Puzzles (COMNET 2012) Green and Useful Puzzles ( ) ( ) (IM 2013)

Trust score derived from a relationship between the source and

network recurrence rates

Puzzles of adaptive complexity defined as a function of the

source trust score, and assigned to users

Traditional puzzles reshaped into simulation jobs (following theTraditional puzzles reshaped into simulation jobs (following the

ReCAPTCHA project philosophy) and wait time

reduces energy consumption

make puzzle-processing useful

(19)

Our framework…

Trust Scores (CNSM 2011) Adaptive Puzzles (COMNET 2012) Green and Useful Puzzles Future (?) ( ) ( ) (IM 2013)

Trust score derived from a relationship between the source and

network recurrence rates

( )

Puzzles of adaptive complexity defined as a function of the

source trust score, and assigned to users

Traditional puzzles reshaped into simulation jobs (following theTraditional puzzles reshaped into simulation jobs (following the

ReCAPTCHA project philosophy) and wait time

reduces energy consumption

make puzzle-processing useful

(20)

The road ahead…

Existing challenges at this stage

Existing challenges at this stage

1 design a decentralized approach e g for 1. design a decentralized approach, e.g. for

super-peers and chord-based architectures

2. obtain recent network profiles to use as 2. obtain recent network profiles to use as

input data for simulation and analysis

3. evaluate our framework in-the-wild

(modeling, simulation, and planetlab so far)

4. coexist with existing identity management

f k ( th b d t ti )

(21)

Rethinking Identity Management for

Large-scale Distributed Systems

Weverton Luis da Costa Cordeiro weverton cordeiro@inf ufrgs br [email protected]

(22)

Eclipse Attack…

Fake accounts can serve for a variety of purposes, y p p which mainly depend on the system nature

(23)

Eclipse Attack…

Fake accounts can serve for a variety of purposes, y p p which mainly depend on the system nature

(24)

Eclipse Attack…

Fake accounts can serve for a variety of purposes, y p p which mainly depend on the system nature

(25)

Eclipse Attack…

Fake accounts can serve for a variety of purposes, y p p which mainly depend on the system nature

(26)

Analytical Model

We demonstrated some important properties that our p p p framework holds (to appear)

Given a set of resources in hands of an attacker, she can only maximize the profit of her attack by evenly dividing the

maximize the profit of her attack by evenly dividing the

number of identities to be requested among these resources

Given a time period for the attack, the attacker can only

maximize the profit of her attack by uniformly distributing the maximize the profit of her attack by uniformly distributing the identity requests to be performed throughout that period

An attacker, sharing sources with honest users, causes minimal impact to their requests; instead, such source sharing even degrades further the attack profit

(27)

Results with simulation

160,000 honest users trying to obtain identities over one week

An attacker, using varying proportions of sources trying proportions of sources, trying to get 80,000 identities in the same period

(28)

Results with PlanetLab

240 honest users trying to obtain 2,400 identities over two hours

An attacker, using 20 sources, trying to get 1 200 identities in trying to get 1,200 identities in the same period

References

Download now ( PDF - 28 Page - 830.63 KB )

Related documents

Understanding Knowledge Sharing in Virtual Communities: An Integration of Expectancy Disconfirmation and Justice Theories

The study holds that three dimensions of positive disconfirmation (i.e., knowledge quality, self-worth, and social interaction), three dimensions of justice (i.e.,

2015 Guide to Classes and Services

Thursday January 8 Sunday January 11 Thursday January 22 Saturday February 7 Tuesday February 17 Thursday February 26 Saturday March 7 Monday March 16 Thursday March

VePAL TX130M+ Platform Highlights. SyncE/IEEE 1588v2. PDH/DSn Features. Ethernet Features

IEEE 1588v2/PTP – Packet based synchronization mechanism: master clock emulation, ordinary/slave clock emulation, capture/analysis of PTP messages, PDV analysis, and wander

168754-tkt-clil-part-1-communication.pdf

Tell participants that the reasons for communication are commonly used in class and that knowledge of these and other communication skills is tested in TKT: CLIL Part 1.. Elicit

NIH Big Data to Knowledge ac

data  sharing and to support  development  of new metrics..          

Criteria-based resource allocation: A tool to improve public health impact

The budget process needs more frequent updates so that Service Areas can seek Board of Health input more quickly and flexibly to react to new information Current Budget

Pharmacy students' attitudes toward pharmaceutical care in Qatar

Professional year and practical experience duration were inversely significantly associated with four and five statements, respectively, out of the 13

TERMS AND CONDITIONS OUTSOURCING / HIRING OF SECURITY SERVICES FOR DHQ-5

The security agency shall indemnify the outsourcing unit against all claims for death or injury caused to any security guards, whether on duty or not and the outsourcing