Software-Defined Location-Enhanced, Multi-Factor Authentication with Attribute-Based Encryption (PhD Dissertation)
When a user wants to access certain services offered by some service provider, typically this user must first authenticate herself with the service provider, such that the service provider may grant authorization to access the services. Authentication is the process through which this user provides confirmation of her identity to the service provider (and, in parallel, the user should receive confirmation that the service provider is legitimate). There are several types (or factors) of authenticators that can be utilized in this process. Each authentication factor has, in terms of security and user experience when compared to other factors, strong and weak aspects (or pros and cons). For instance, passwords must be long and random, but then remembering them can be infeasible; fingerprints are (believed to be) unique and thus form a good authenticator, but they are immutable and hardly confidential; token authenticators and out-of-band tokens (such as SMS tokens) provide an ephemeral value that is valuable for security, but the user might lose possession of the respective token device. Combining two or more of those authenticators results in a potential increased security as compared to utilizing only one authenticator, which is known as multi-factor authentication.
The dissertation focuses on multi-factor authentication. I present a cryptographic method to enable location as an authentication factor, using the flexibility of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and its access policies, together with location beacons. Such that this location authenticator can be realized, I develop a technique to request and control the presentation of multi-factor authenticators, through which scores are assigned to each authenticator type and both the user and the authentication service are aware of a minimum score needed for full authentication. To address the necessity of a secure scheme through which a user presents the authenticators, I construct a method for conveying the authentication factors in a Zero-Knowledge Password Proof (ZKPP) scheme and through an ephemeral, confidential session. The method also provides a secure joint authenticator that is the cryptographic composite (built within ZKPP) of the individual authenticators. To embody and realize these techniques, I devise a multi-factor authentication protocol (named LOCATHE), through which a user device or user can authenticate herself to an authentication service using the location wherein the user or device is and other authentication factors, with guarantees of forward secrecy. Moreover, I design a Location-Enhanced Multi-Factor Authentication Service (Loc-Auth), abstracting hardware (such as the location beacons) and control into a layered structure, to provide the authentication services and support for the components of this dissertation. Finally, I develop a Proof-of-Concept system, and perform an extensive security evaluation and analysis of the work herein.
[dissertation defense presentation]
Location-Enabled Sign-On using Attribute-Based Encryption and Bluetooth Beacons
The typical sign-on or login procedure to a computer system involves a user entering a username and password by means of a keyboard. This authentication scheme is based on requesting a piece of information that only the computer and the user know. Its security relies on the difficulty, for an attacker, in obtaining or guessing the password. One key aspect involved in password security is the “strength” of the password. This metric is typically evaluated from the length of the password in bits (the longer the password, the more time it takes for an algorithm to “guess” it by iterating through all possible combinations, i.e., brute force) and how distant it is from usual combinations, such as dictionary words (usually first tested by password cracking algorithms based on dictionary attacks). This presents a first issue to the user: employing and remembering a sufficiently long, mixed-case, mixed-digit-and-letter password that is considered strong.
As a second issue, in today’s Internet-centric computer applications, a user is typically invited to register to several dozens of websites/applications, each with its own requirements of username and password format and length. In an attempt to manage the myriad of usernames and passwords, users may be tempted to resort to weak passwords, which are easily broken by dictionary attacks or brute force, drastically decreasing the security of the authentication. A superior approach is utilizing password managers, programs that store usernames and passwords in an encrypted database, and can also generate long, random passwords. Obviously, the password manager needs a suitable strong master password. Additional security may be achieved by multiple-factor authentication, which involves entering a password and an extra, temporary information, which only the user and the computer know and it is shared through a secondary channel. Examples are keychain token authenticators, and the sending of temporary codes through email or SMS. The results are two-fold: stronger security, but more time and work required for user authentication and login.
A third issue emanates from the current’s trend of consumer mobile devices that are typically devoid of physical keyboards, such as tablets and smartphones taking place of traditional desktop computers . Even when utilizing a password manager, typing a long, mixed-case, mixed-digit-and-letter password in diminutive screen keyboards is a cumbersome task and degrades user experience. The experience could be improved if the password is simplified (resulting, however, in a weak password), or by utilizing biometrics, such as the fingerprint reader in the mobile device, although applications for the latter are yet emergent.
The username/password authentication procedure may be viewed from two perspectives. The static one, wherein the login process and the system assume the user is at a pre-determined location and/or with a pre-determined device, from which the user signed on to the system. If the user moves to another location and/or switches the login device, then the previous sign-on is lost and a new sign-on must be performed. And the mobile one, wherein the user signs on from a mobile device and can usually remain logged in to the system if location is changed, provided a network connection is maintained while moving. While it may seem that, in the mobile version, location does not play an important part; location does provide a piece of information that we employ to leverage security.
In our scheme, we explore the dynamic relationship between these three components: (1) location, i.e., where the user is and which services are available to the user in that location; (2) who the user is and what attributes the user possesses, i.e., the characteristics that can identify the user uniquely or as a member of specific groups; (3) which services the user wants to utilize. We contribute by employing this relationship as a secondary authentication factor that enables solutions for the issues presented earlier: (a) allows for a simplified yet secure user logon, taking into consideration user’s location, desired service, and user’s credentials, improving the user experience when entering passwords; (b) enables a login session to “travel” with the user, such that devices in proximity and different services in the same location may “inherit” the login session as the user approaches. To capture the dynamic relationship, we construct Loc-Auth, a Location-Aware Authentication Service that employs the expressiveness of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to encode access policies that are built on location, services for the user, and user attributes. We demonstrate a case study which relies on Bluetooth Low Energy or Bluetooth Smart beacons to construct indoor location information and access policy. The user receives the transmission of beacons through a Bluetooth Low Energy-enabled device, such as the smartphone. Access attributes are not negotiated with the user at each time before the simplified sign-on procedure; the access rules and secure logon are encoded directly in our usage of the encryption, contributing additional expressiveness and flexibility to the secondary authentication factor. If the user possesses attributes fulfilling the access policy, then the user will be able to acquire parameters to continue with the simplified sign-on procedure.
Secure Zones and Context Inference for Safe Firearms
This work presents an application of the highly expressive Attribute-Based Encryption to implement Secure Zones for firearms. Within these zones, radio-transmitted local policies based on attributes of the user and the firearm are received by embedded hardware in the firearms, which then advises the user about safe operations. The Secure Zones utilize Attribute-Based Encryption (ABE) to encode the policies and user attributes, and providing privacy and security through it cryptography. We describe a holistic approach to evolving the firearm to a cyber-physical system to aid in augmenting safety. We introduce a conceptual model for a firearm equipped with sensors and a context-aware software agent. Based on the information from the sensors, the agent can access the context and inform the user of potential unsafe operations. To support Secure Zones and the cyber-physical firearm model, we propose a Key Infrastructure Scheme for key generation, distribution, and management, and a Context-Aware Software Agent Framework for Firearms.
On IEEE CNS 2013: [abstract] [poster]
The use of Attribute-Based Encryption in other applications is also of my interest, in particular Attribute-Based Signature.
I concluded my work on this project in Winter 2014.
This project consists of building a new version of a simulator for the Quake-Catcher Network (QCN) and the underlying BOINC instance of volunteer computing. The simulator aims at enabling investigation of different configurations of the BOINC network and network topologies, such as the existence of multiple BOINC servers and clustering of QCN-hosts. In addition, the new simulator will allow exploring robustness in face of network failures, and formulation of possible approaches to mitigate issues arising from these failures. The general characteristic of the simulator may also allow adding new earthquake models and other natural models, such as hurricanes.
IP Address Summarization Algorithm
A distributed, hierarchical information service for computer networks might use several service instances, located in different layers. A distributed directory service, for example, might be comprised of upper level listings, and local directories. The upper level listings contain a compact version of the local directories. Clients desiring to access the information contained in local directories might first access the high-level listings, in order to locate the appropriate local instance. One of the keys for the competent operation of such service is the ability of properly summarizing the information which will be maintained in the upper level directories. We analyze the case of the Lookup Service in the Information Services plane of perfSONAR performance monitoring distributed architecture, which implements IP address summarization in its functions. We propose an empirical method, or heuristic, to perform the summarizations, based on the PATRICIA tree. We further apply the heuristic on a simulated distributed test bed and examine the results.
Statistical Flow Detector
Prototype for a statistical flow detector in Java. The flow detector would detect data flows in the network and, depending on their statistical behavior, would command the opening of dedicated channels, reserve resources, and/or alter network parameters or topology through Software-Defined Networking APIs.