Authentication Challenges in a Global Environment

Authors:
Stephanos Matsumoto

Carnegie Mellon University/ETH Zurich, Pittsburgh, PA

Carnegie Mellon University/ETH Zurich, Pittsburgh, PA

0000-0002-4659-054X
View Profile

,
Raphael M. Reischuk

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

,
Pawel Szalachowski

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

,
Tiffany Hyun-Jin Kim

HRL Laboratories, Malibu, CA

HRL Laboratories, Malibu, CA
View Profile

,
Adrian Perrig

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

Authors Info & Claims

ACM Transactions on Privacy and Security Volume 20 Issue 1Article No.: 1pp 1–34https://doi.org/10.1145/3007208

Published:09 January 2017Publication History

ACM Transactions on Privacy and Security

Abstract

In this article, we address the problem of scaling authentication for naming, routing, and end-entity (EE) certification to a global environment in which authentication policies and users’ sets of trust roots vary widely. The current mechanisms for authenticating names (DNSSEC), routes (BGPSEC), and EE certificates (TLS) do not support a coexistence of authentication policies, affect the entire Internet when compromised, cannot update trust root information efficiently, and do not provide users with the ability to make flexible trust decisions. We propose the Scalable Authentication Infrastructure for Next-generation Trust (SAINT), which partitions the Internet into groups with common, local trust roots and isolates the effects of a compromised trust root. SAINT requires groups with direct routing connections to cross-sign each other for authentication purposes, allowing diverse authentication policies while keeping all entities’ authentication information globally discoverable. SAINT makes trust root management a central part of the network architecture, enabling trust root updates within seconds and allowing users to make flexible trust decisions. SAINT operates without a significant performance penalty and can be deployed alongside existing infrastructures.

References

Martin Abadi, Andrew Birrel, Ilya Mironov, Ted Wobber, and Yinglian Xie. 2013. Global authentication in an untrustworthy world. In Proceedings of the 14th USENIX Conference on Hot Topics in Operating Systems (HotOS’13). 19. Google ScholarDigital Library
David G. Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, and Scott Shenker. 2008. Accountable Internet protocol (AIP). In Proceedings of the ACM SIGCOMM 2008 Conference on Data Communication (SIGCOMM’08). 339--350. Google ScholarDigital Library
R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. 2005. DNS Security Introduction and Requirements. RFC 4033. Available at https://www.ietf.org/rfc/rfc4033.txt.Google Scholar
David Barrera, Raphael M. Reischuk, Pawel Szalachowski, and Adrian Perrig. 2015. SCION five years later: Revisiting scalability, control, and isolation on next-generation networks. arXiv:1508.01651.Google Scholar
David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. 2014. ARPKI: Attack resilient public-key infrastructure. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, 382--393. Google ScholarDigital Library
Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. 2012. High-speed high-security signatures. Journal of Cryptographic Engineering 2, 2, 77--89.Google ScholarCross Ref
Andrew D. Birrell, Butler W. Lampson, Roger M. Needham, and Michael D. Schroeder. 1986. A global authentication service without global trust. In Proceedings of the 1986 Symposium on Security and Privacy (SP’86). 223.Google Scholar
Julian Borger. 2013. GCHQ and European Spy Agencies Worked Together on Mass Surveillance. Retrieved December 4, 2016, from http://www.theguardian.com/uk-news/2013/nov/01/gchq-europe-spy-agencies-mass-surveillance-snowden.Google Scholar
CAIDA. 2014. The CAIDA AS Relationships Dataset. Available at http://www.caida.org/data/as-relationships/.Google Scholar
Ran Canetti, Juan Garay, Gene Itkis, Daniele Micciancio, Moni Naor, and Benny Pinkas. 1999. Multicast security: A taxonomy and some efficient constructions. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’99), Vol. 2. 708--716.Google ScholarCross Ref
I. Castineyra, N. Chiappa, and M. Steenstrup. 1996. The Nimrod Routing Architecture. RFC 1992. Available at https://tools.ietf.org/html/rfc1992. Google ScholarDigital Library
Miguel Castro and Barbara Liskov. 1999. Practical Byzantine fault tolerance. In Proceedings of the 3rd Symposium on Operating System Design and Implementation (OSDI’99). Google ScholarDigital Library
David Chaum and Eugène Van Heyst. 1991. Group signatures. In Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT’91). 257--265. Google ScholarDigital Library
Laurent Chuat, Pawel Szalachowski, Adrian Perrig, Ben Laurie, and Eran Messeri. 2015. Efficient gossip protocols for verifying the consistency of certificate logs. In Proceedings of the IEEE Conference on Communications and Network Security (CNS’15). 415--423.Google ScholarCross Ref
D. Clark, R. Braden, A. Falk, and V. Pingali. 2003. FARA: Reorganizing the addressing architecture. ACM SIGCOMM Computer Communication Review 33, 4, 313--321. Google ScholarDigital Library
Danny Cooper, Ethan Heilman, Kyle Brogle, Leonid Reyzin, and Sharon Goldberg. 2013. On the risk of misbehaving RPKI authorities. In Proceedings of the 12th ACM Workshop on Hot Topics in Networks (HotNets-XII). ACM, New York, NY, Article No. 16. Google ScholarDigital Library
David Cooper, Stefan Santesson, Stephen Farrell, Sharon Boeyen, Russell Housley, and Tim Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280. Available at https://tools.ietf.org/html/rfc5280.Google Scholar
Tim Dierks and Eric Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. Available at https://tools.ietf.org/html/rfc5246.Google Scholar
C. Dillow. 2010. An Order of Seven Global Cyber-Guardians Now Hold Keys to the Internet. Retrieved December 4, 2016, from http://www.popsci.com/technology/article/2010-07/order-seven-cyber-guardians-around-world-now-hold-keys-internet.Google Scholar
Peter Eckersley and Jesse Burns. 2010. Is the SSLiverse a Safe Place? In Proceedings of the 2010 Chaos Communication Congress.Google Scholar
Barton Gellman and Laura Poitras. 2013. U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program. Washington Post. Retrieved December 4, 2016, from http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html.Google Scholar
Virgil D. Gligor, Shyh-Wei Luan, and Joseph N. Pato. 1992. On inter-realm authentication in large distributed systems. In Proceedings of the 1992 IEEE Symposium on Security and Privacy (SP’92). 2 Google ScholarDigital Library
P. Hoffman and J. Schlyter. 2012. The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698. Available at https://tools.ietf.org/html/rfc6698.Google Scholar
ICANN. 2012. gTLD Applicant Guidebook. Available at https://newgtlds.icann.org/en/applicants/agb.Google Scholar
James Kasten, Eric Wustrow, and J. Alex Halderman. 2013. CAge: Taming certificate authorities by inferring restricted scopes. In Financial Cryptography and Data Security. Lecture Notes in Computer Science, Vol. 7859. Springer, 329--337.Google Scholar
Stephen Kent, Charles Lynn, and Karen Seo. 2000. Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18, 4, 582--592. Google ScholarDigital Library
Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perrig, Collin Jackson, and Virgil Gligor. 2013. Accountable key infrastructure (AKI): A proposal for a public-key validation infrastructure. In Proceedings of the 22nd International Conference on World Wide Web (WWW’13). 679--690. Google ScholarDigital Library
Leslie Lamport. 1998. The part-time parliament. ACM Transactions on Computer Systems 16, 2, 133--169. Google ScholarDigital Library
Butler Lampson, Martin Abadi, Michael Burrows, and Edward Wober. 1991. Authentication in distributed systems: Theory and practice. In Proceedings of the 13th ACM Symposium on Operating Systems Principles (SOSP’91. 165--182. Google ScholarDigital Library
Ben Laurie, Adam Langley, and Emilia Kasper. 2013. Certificate Transparency. RFC 6962. Available at https://tools.ietf.org/html/rfc6962.Google Scholar
M. Lepinski. 2013. BGPSEC Protocol Specification. Retrieved December 4, 2016, from https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-protocol-07.Google Scholar
M. Lepinski and S. Kent. 2012. An Infrastructure to Support Secure Internet Routing. RFC 6480. Available at https://tools.ietf.org/html/rfc6480.Google Scholar
Ang Li, Xin Liu, and Xiaowei Yang. 2011. Bootstrapping accountability in the Internet we have. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation (NSDI’11). 155--168. Google ScholarDigital Library
Moxie Marlinspike. 2011. SSL and the Future of Authenticity. Retrieved December 4, 2016, from http://www.thoughtcrime.org/blog/ssl-and-the-future-of-authenticity/.Google Scholar
Stephanos Matsumoto and Raphael M. Reischuk. 2015. Certificates-as-an-insurance: Incentivizing accountability in SSL/TLS. Internet Society. Retrieved December 4, 2016, from http://internetsociety.org/sites/default/files/01_6.pdf.Google Scholar
David Mazieres, Michael Kaminsky, M. Frans Kaashoek, and Emmett Witchel. 1999. Separating key management from file system security. In Proceedings of the 17th ACM Symposium on Operating Systems Principles (SOSP’99). 124--139. Google ScholarDigital Library
R. Moskowitz, T. Heer, P. Jokela, and T. Henderson. 2008. Host Identity Protocol. RFC 5201. Available at https://tools.ietf.org/html/rfc5201.Google Scholar
Diego Ongaro and John Ousterhout. 2014. In search of an understandable consensus algorithm. In Proceedings of the USENIX Annual Technical Conference (ATC’14). 305--319. Google ScholarDigital Library
Michael K. Reiter and Stuart G. Stubblebine. 1998. Resilient authentication using path independence. IEEE Transactions on Computers 47, 12, 1351--1362. Google ScholarDigital Library
Mark D. Ryan. 2014. Enhanced certificate transparency and end-to-end encrypted mail. In Proceedings of the 2014 Network and Distributed System Security Symposium (NDSS’14).Google ScholarCross Ref
Aaron Schulman, Dave Levin, and Neil Spring. 2014. RevCert: Fast, private certificate revocation over FM radio. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’14). Google ScholarDigital Library
Victor Shoup. 2000. Practical threshold signatures. In Proceedings of the 19th International Conference on Theory and Application of Cryptographic Techniques (EUROCRYPT’00). 207--220. Google ScholarDigital Library
Pawel Szalachowski, Stephanos Matsumoto, and Adrian Perrig. 2014. PoliCert: Secure and flexible TLS certificate management. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’14). Google ScholarDigital Library
Fred Upton, Tim Murphy, Greg Walden, and Michael C. Burgess. 2015. Letters to Browsers Regarding Government Certificate Authorities. Retrieved December 4, 2016, from https://energycommerce.house.gov/news-center/letters/letters-browsers-regarding-government-certificate-authorities.Google Scholar
Greg Weston, Glenn Greenwald, and Ryan Gallagher. 2013. Snowden document shows Canada set up spy posts for NSA. CBC News. Retrieved December 4, 2016, from http://www.cbc.ca/news/politics/snowden-document-shows-canada-set-up-spy-posts-for-nsa-1.2456886.Google Scholar
Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig, and David G. Andersen. 2011. SCION: Scalability, control, and isolation on next-generation networks. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP’11). Google ScholarDigital Library

Index Terms

Authentication Challenges in a Global Environment
1. Networks
2. Security and privacy

Recommendations

Efficient and secure self-escrowed public-key infrastructures
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications security

A self-escrowed public key infrastructure (SE-PKI) combines the usual functionality of a public-key infrastructure with the ability to recover private keys given some trap-door information. We present an additively homomorphic variant of an existing SE-...
Read More
An Identity-Based Authentication Model for Multi-domain in Grid Environment
CSSE '08: Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 03

In the grid security infrastructure (GSI), cross-domain authentication is based on traditional PKI cross certificate, which brings about problems of certificates management. Encouragingly, identity-based cryptography (IBC) can overcome these problems ...
Read More
A non-interactive deniable authentication scheme based on designated verifier proofs

A deniable authentication protocol enables a receiver to identify the source of the given messages but unable to prove to a third party the identity of the sender. In recent years, several non-interactive deniable authentication schemes have been ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Privacy and Security Volume 20, Issue 1
February 2017
99 pages
ISSN:2471-2566
EISSN:2471-2574
DOI:10.1145/3038258
Editor:
David Basin
ETH Zurich, Switzerland
Issue’s Table of Contents
Copyright © 2017 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 9 January 2017
- Revised: 1 October 2016
- Accepted: 1 October 2016
- Received: 1 November 2015
Published in tops Volume 20, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Public-key infrastructures
authentication
future internet architectures
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 10
  Total Citations
  View Citations
- 911
  Total Downloads
- Downloads (Last 12 months)62
- Downloads (Last 6 weeks)13
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Authentication Challenges in a Global Environment

ACM Transactions on Privacy and Security

Abstract

References

Cited By

Index Terms

Recommendations

Efficient and secure self-escrowed public-key infrastructures

An Identity-Based Authentication Model for Multi-domain in Grid Environment

A non-interactive deniable authentication scheme based on designated verifier proofs