Decentralized security

Securing communication in a peer-to-peer messaging middleware

24 September 2013

Péter Szilágyi

European Institute for Innovation and Technology

Eötvös Loránd University, Budapest, Hungary

Babeş-Bolyai University, Cluj-Napoca, Romania

Note, these are the offline slides of the presentation. For executable codes, please check playground availability at http://iris.karalabe.com/talks.

Scenario

Peer-to-peer based messaging middleware for backend decentralization.

Why peer-to-peer? Prevalent MOMs:

Security

Unintelligible transmission with a verifiable originator and unhideable tampering.

Peer-to-peer "security" in the literature*:

Conceptual mismatch: correct functionality in the presence of malicious nodes.

*Except the Skype protocol (proprietary)

Environment and threat model

Operational environment (compute cloud):

Possible attack vectors:

Unit of security

Overlay network of – possibly different – instances, that collectively provide some service to outside entities, where all members within the same network are trusted.

Handshake – Establish master key

[ Diffie+ ] Station-to-station key exchange (STS)

Handshake – Derive operation keys

[ Krawczyk+ ] HMAC based extract-and-expand key derivation function (HKDF)

Transmission

[ NIST ] Encryption – Advanced encryption standard (AES)

[ Bellare+] Authetication – Hash-based message authentication code (HMAC)

HMAC(key, msg) = H(key ⊕ opad ‖ H(key ⊕ ipad‖msg))

Point-to-point encryption

Secure against all identified threats:

Expensive re-crypts during P2P transit

Optimal point-to-point encryption

Forwarding nodes don't need the data! Why decrypt it?

Only endpoints process the full payload! How much better?

Performance evaluation

Throughput comparison:

Verdict: if ‖message‖ < 4096 bytes use PPE, otherwise OPPE.

Thank you

Péter Szilágyi

European Institute for Innovation and Technology

Eötvös Loránd University, Budapest, Hungary

Babeş-Bolyai University, Cluj-Napoca, Romania