Abstract
In this article, we address the problem of scaling authentication for naming, routing, and end-entity (EE) certification to a global environment in which authentication policies and users’ sets of trust roots vary widely. The current mechanisms for authenticating names (DNSSEC), routes (BGPSEC), and EE certificates (TLS) do not support a coexistence of authentication policies, affect the entire Internet when compromised, cannot update trust root information efficiently, and do not provide users with the ability to make flexible trust decisions. We propose the Scalable Authentication Infrastructure for Next-generation Trust (SAINT), which partitions the Internet into groups with common, local trust roots and isolates the effects of a compromised trust root. SAINT requires groups with direct routing connections to cross-sign each other for authentication purposes, allowing diverse authentication policies while keeping all entities’ authentication information globally discoverable. SAINT makes trust root management a central part of the network architecture, enabling trust root updates within seconds and allowing users to make flexible trust decisions. SAINT operates without a significant performance penalty and can be deployed alongside existing infrastructures.
- Martin Abadi, Andrew Birrel, Ilya Mironov, Ted Wobber, and Yinglian Xie. 2013. Global authentication in an untrustworthy world. In Proceedings of the 14th USENIX Conference on Hot Topics in Operating Systems (HotOS’13). 19. Google ScholarDigital Library
- David G. Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, and Scott Shenker. 2008. Accountable Internet protocol (AIP). In Proceedings of the ACM SIGCOMM 2008 Conference on Data Communication (SIGCOMM’08). 339--350. Google ScholarDigital Library
- R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. 2005. DNS Security Introduction and Requirements. RFC 4033. Available at https://www.ietf.org/rfc/rfc4033.txt.Google Scholar
- David Barrera, Raphael M. Reischuk, Pawel Szalachowski, and Adrian Perrig. 2015. SCION five years later: Revisiting scalability, control, and isolation on next-generation networks. arXiv:1508.01651.Google Scholar
- David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. 2014. ARPKI: Attack resilient public-key infrastructure. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, 382--393. Google ScholarDigital Library
- Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. 2012. High-speed high-security signatures. Journal of Cryptographic Engineering 2, 2, 77--89.Google ScholarCross Ref
- Andrew D. Birrell, Butler W. Lampson, Roger M. Needham, and Michael D. Schroeder. 1986. A global authentication service without global trust. In Proceedings of the 1986 Symposium on Security and Privacy (SP’86). 223.Google Scholar
- Julian Borger. 2013. GCHQ and European Spy Agencies Worked Together on Mass Surveillance. Retrieved December 4, 2016, from http://www.theguardian.com/uk-news/2013/nov/01/gchq-europe-spy-agencies-mass-surveillance-snowden.Google Scholar
- CAIDA. 2014. The CAIDA AS Relationships Dataset. Available at http://www.caida.org/data/as-relationships/.Google Scholar
- Ran Canetti, Juan Garay, Gene Itkis, Daniele Micciancio, Moni Naor, and Benny Pinkas. 1999. Multicast security: A taxonomy and some efficient constructions. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’99), Vol. 2. 708--716.Google ScholarCross Ref
- I. Castineyra, N. Chiappa, and M. Steenstrup. 1996. The Nimrod Routing Architecture. RFC 1992. Available at https://tools.ietf.org/html/rfc1992. Google ScholarDigital Library
- Miguel Castro and Barbara Liskov. 1999. Practical Byzantine fault tolerance. In Proceedings of the 3rd Symposium on Operating System Design and Implementation (OSDI’99). Google ScholarDigital Library
- David Chaum and Eugène Van Heyst. 1991. Group signatures. In Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT’91). 257--265. Google ScholarDigital Library
- Laurent Chuat, Pawel Szalachowski, Adrian Perrig, Ben Laurie, and Eran Messeri. 2015. Efficient gossip protocols for verifying the consistency of certificate logs. In Proceedings of the IEEE Conference on Communications and Network Security (CNS’15). 415--423.Google ScholarCross Ref
- D. Clark, R. Braden, A. Falk, and V. Pingali. 2003. FARA: Reorganizing the addressing architecture. ACM SIGCOMM Computer Communication Review 33, 4, 313--321. Google ScholarDigital Library
- Danny Cooper, Ethan Heilman, Kyle Brogle, Leonid Reyzin, and Sharon Goldberg. 2013. On the risk of misbehaving RPKI authorities. In Proceedings of the 12th ACM Workshop on Hot Topics in Networks (HotNets-XII). ACM, New York, NY, Article No. 16. Google ScholarDigital Library
- David Cooper, Stefan Santesson, Stephen Farrell, Sharon Boeyen, Russell Housley, and Tim Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280. Available at https://tools.ietf.org/html/rfc5280.Google Scholar
- Tim Dierks and Eric Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. Available at https://tools.ietf.org/html/rfc5246.Google Scholar
- C. Dillow. 2010. An Order of Seven Global Cyber-Guardians Now Hold Keys to the Internet. Retrieved December 4, 2016, from http://www.popsci.com/technology/article/2010-07/order-seven-cyber-guardians-around-world-now-hold-keys-internet.Google Scholar
- Peter Eckersley and Jesse Burns. 2010. Is the SSLiverse a Safe Place? In Proceedings of the 2010 Chaos Communication Congress.Google Scholar
- Barton Gellman and Laura Poitras. 2013. U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program. Washington Post. Retrieved December 4, 2016, from http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html.Google Scholar
- Virgil D. Gligor, Shyh-Wei Luan, and Joseph N. Pato. 1992. On inter-realm authentication in large distributed systems. In Proceedings of the 1992 IEEE Symposium on Security and Privacy (SP’92). 2 Google ScholarDigital Library
- P. Hoffman and J. Schlyter. 2012. The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698. Available at https://tools.ietf.org/html/rfc6698.Google Scholar
- ICANN. 2012. gTLD Applicant Guidebook. Available at https://newgtlds.icann.org/en/applicants/agb.Google Scholar
- James Kasten, Eric Wustrow, and J. Alex Halderman. 2013. CAge: Taming certificate authorities by inferring restricted scopes. In Financial Cryptography and Data Security. Lecture Notes in Computer Science, Vol. 7859. Springer, 329--337.Google Scholar
- Stephen Kent, Charles Lynn, and Karen Seo. 2000. Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18, 4, 582--592. Google ScholarDigital Library
- Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perrig, Collin Jackson, and Virgil Gligor. 2013. Accountable key infrastructure (AKI): A proposal for a public-key validation infrastructure. In Proceedings of the 22nd International Conference on World Wide Web (WWW’13). 679--690. Google ScholarDigital Library
- Leslie Lamport. 1998. The part-time parliament. ACM Transactions on Computer Systems 16, 2, 133--169. Google ScholarDigital Library
- Butler Lampson, Martin Abadi, Michael Burrows, and Edward Wober. 1991. Authentication in distributed systems: Theory and practice. In Proceedings of the 13th ACM Symposium on Operating Systems Principles (SOSP’91. 165--182. Google ScholarDigital Library
- Ben Laurie, Adam Langley, and Emilia Kasper. 2013. Certificate Transparency. RFC 6962. Available at https://tools.ietf.org/html/rfc6962.Google Scholar
- M. Lepinski. 2013. BGPSEC Protocol Specification. Retrieved December 4, 2016, from https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-protocol-07.Google Scholar
- M. Lepinski and S. Kent. 2012. An Infrastructure to Support Secure Internet Routing. RFC 6480. Available at https://tools.ietf.org/html/rfc6480.Google Scholar
- Ang Li, Xin Liu, and Xiaowei Yang. 2011. Bootstrapping accountability in the Internet we have. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation (NSDI’11). 155--168. Google ScholarDigital Library
- Moxie Marlinspike. 2011. SSL and the Future of Authenticity. Retrieved December 4, 2016, from http://www.thoughtcrime.org/blog/ssl-and-the-future-of-authenticity/.Google Scholar
- Stephanos Matsumoto and Raphael M. Reischuk. 2015. Certificates-as-an-insurance: Incentivizing accountability in SSL/TLS. Internet Society. Retrieved December 4, 2016, from http://internetsociety.org/sites/default/files/01_6.pdf.Google Scholar
- David Mazieres, Michael Kaminsky, M. Frans Kaashoek, and Emmett Witchel. 1999. Separating key management from file system security. In Proceedings of the 17th ACM Symposium on Operating Systems Principles (SOSP’99). 124--139. Google ScholarDigital Library
- R. Moskowitz, T. Heer, P. Jokela, and T. Henderson. 2008. Host Identity Protocol. RFC 5201. Available at https://tools.ietf.org/html/rfc5201.Google Scholar
- Diego Ongaro and John Ousterhout. 2014. In search of an understandable consensus algorithm. In Proceedings of the USENIX Annual Technical Conference (ATC’14). 305--319. Google ScholarDigital Library
- Michael K. Reiter and Stuart G. Stubblebine. 1998. Resilient authentication using path independence. IEEE Transactions on Computers 47, 12, 1351--1362. Google ScholarDigital Library
- Mark D. Ryan. 2014. Enhanced certificate transparency and end-to-end encrypted mail. In Proceedings of the 2014 Network and Distributed System Security Symposium (NDSS’14).Google ScholarCross Ref
- Aaron Schulman, Dave Levin, and Neil Spring. 2014. RevCert: Fast, private certificate revocation over FM radio. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’14). Google ScholarDigital Library
- Victor Shoup. 2000. Practical threshold signatures. In Proceedings of the 19th International Conference on Theory and Application of Cryptographic Techniques (EUROCRYPT’00). 207--220. Google ScholarDigital Library
- Pawel Szalachowski, Stephanos Matsumoto, and Adrian Perrig. 2014. PoliCert: Secure and flexible TLS certificate management. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’14). Google ScholarDigital Library
- Fred Upton, Tim Murphy, Greg Walden, and Michael C. Burgess. 2015. Letters to Browsers Regarding Government Certificate Authorities. Retrieved December 4, 2016, from https://energycommerce.house.gov/news-center/letters/letters-browsers-regarding-government-certificate-authorities.Google Scholar
- Greg Weston, Glenn Greenwald, and Ryan Gallagher. 2013. Snowden document shows Canada set up spy posts for NSA. CBC News. Retrieved December 4, 2016, from http://www.cbc.ca/news/politics/snowden-document-shows-canada-set-up-spy-posts-for-nsa-1.2456886.Google Scholar
- Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig, and David G. Andersen. 2011. SCION: Scalability, control, and isolation on next-generation networks. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP’11). Google ScholarDigital Library
Index Terms
- Authentication Challenges in a Global Environment
Recommendations
Efficient and secure self-escrowed public-key infrastructures
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications securityA self-escrowed public key infrastructure (SE-PKI) combines the usual functionality of a public-key infrastructure with the ability to recover private keys given some trap-door information. We present an additively homomorphic variant of an existing SE-...
An Identity-Based Authentication Model for Multi-domain in Grid Environment
CSSE '08: Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 03In the grid security infrastructure (GSI), cross-domain authentication is based on traditional PKI cross certificate, which brings about problems of certificates management. Encouragingly, identity-based cryptography (IBC) can overcome these problems ...
A non-interactive deniable authentication scheme based on designated verifier proofs
A deniable authentication protocol enables a receiver to identify the source of the given messages but unable to prove to a third party the identity of the sender. In recent years, several non-interactive deniable authentication schemes have been ...
Comments