Abstract
In this tutorial, we present an authorization model for distributed systems that operate with limited internet connectivity. Reliable internet access remains a luxury for a majority of the world’s population. Even for those who can afford it, a dependence on internet connectivity may lead to sub-optimal user experiences. With a focus on decentralized deployment, we present an authorization model that is suitable for scenarios where devices right next to each other (such as a sensor or a friend’s phone) should be able to communicate securely in a peer-to-peer manner. The model has been deployed as part of an open-source distributed application framework called Vanadium. As part of this tutorial, we survey some of the key ideas and techniques used in distributed authorization, and explain how they are combined in the design of our model.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Some systems choose to distinguish the concepts of “sharing” an “delegation” with the former being a mechanism for a principal to allow another principal to access an object while the latter being a mechanism for allowing another principal to act on its behalf. In this tutorial, we do not make this distinction, and treat “delegation” more broadly as a mechanism for one principal to delegate some of its authority to another principal.
- 2.
An alternative is for each resource owner to become a credential issuer but that leads to a proliferation of credentials at the requester’s end.
- 3.
For ease of discussion, we refer to users and devices as principals; strictly speaking, we are referring to processes controlled by them.
- 4.
The model described in [8] is more general and allows multiple \(\mathtt{Allow}\) and \(\mathtt{Deny}\) clauses in ACLs.
References
Fridge sends spam emails as attack hits smart gadgets. http://www.bbc.com/news/technology-25780908
Hackers remotely kill a jeep on the highway? with me in it. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Openid. http://openid.net/
Smart meters can be hacked to cut power bills. http://www.bbc.com/news/technology-29643276
The Internet of Things is wildly insecure? and often unpatchable. https://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html
Vanadium. http://vanadium.github.io/
Vanadium Authentication Protocol. https://vanadium.github.io/designdocs/authentication.html
Abadi, M., Burrows, M., Pucha, H., Sadovsky, A., Shankar, A., Taly, A.: Distributed authorization with distributed grammars. In: Bodei, C., Ferrari, G.-L., Priami, C. (eds.) Programming Languages with Applications to Biology and Security. LNCS, vol. 9465, pp. 10–26. Springer, Heidelberg (2015)
Appel, A., Felten, E.: Proof-carrying authentication. In: CCS, pp. 52–62 (1999)
Birgisson, A., Politz, J.G., Erlingsson, U., Taly, A., Vrable, M., Lentczner, M.: Macaroons: Cookies with contextual caveats for decentralized authorization in the cloud. In: NDSS (2014)
Blaze, M., Feigenbaum, J., Ioannidis, J.: The KeyNote Trust-Management System Version 2. RFC 2704 (Proposed Standard), September 1999
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: IEEE Symposium on Security and Privacy, pp. 164–173 (1996)
Borisov, N., Brewer, E.: Active certificates: a framework for delegation. In: NDSS, pp. 30–40 (2002)
Braz, C., Robert, J.: Security and usability: the case of the user authentication methods. In: Conference on L’Interaction Homme-Machine, pp. 199–203 (2006)
Canetti, R., Krawczyk, H.: Security analysis of IKE’s signature-based key-exchange protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 143–161. Springer, Heidelberg (2002)
Clarke, D., Elien, J., Ellison, C., Fredette, M., Morcos, A., Rivest, R.: Certificate chain discovery in SPKI/SDSI. J. Comput. Secur. 9, 285–322 (2001)
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), August 2008
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory. RFC 2693 (Proposed Standard), September 1999
Hewlett Packard Enterprise: Internet of things research study. http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-4759ENW.pdf
Gong, L.: A secure identity-based capability system. In: IEEE Symposium on Security and Privacy, pp. 56–63 (1989)
Hardt, E.: The OAuth 2.0 Authorization Framework. RFC 6749 (Proposed Standard), October 2012
Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: theory and practice. In: SOSP, pp. 165–182 (1991)
Li, N., Feigenbaum, J., Grosof, B.N.: A logic-based knowledge representation for authorization with delegation. In: CSFW, pp. 162–174 (1999)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 2560 (Proposed Standard), June 1999
Neuman, B.C.: Proxy-based authorization and accounting for distributed systems. In: ICDCS, pp. 283–291 (1993)
Rapid7. Hacking IoT: A case study on baby monitor exposures and vulnerabilities. https://www.rapid7.com/resources/iot/baby-monitors.jsp
Rivest, R.L., Lampson, B.: SDSI - a simple distributed security infrastructure. Technical report (1996). http://people.csail.mit.edu/rivest/sdsi11
Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard), May 2008
Schneider, F.B.: Untitled textbook on cybersecurity. Chap. 9: Credentials-based authorization (2013). http://www.cs.cornell.edu/fbs/publications/chptr.CredsBased.pdf
Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security Symposium, pp. 169–183 (1999)
Wu, D.J., Taly, A., Shankar, A., Boneh, D.: Privacy, discovery, and authentication for the internet of things (2016). https://arxiv.org/abs/1604.06959
Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)
Acknowledgments
This work is a result of a joint effort by several members of the Vanadium team at Google. We would like to thank Martín Abadi, Mike Burrows, Ryan Brown, Bogdan Caprita, Thai Duong, Cosmos Nicolaou, Himabindu Pucha, David Presotto, Adam Sadovsky, Suharsh Sivakumar, Gautham Thambidorai, Robin Thellend for their contributions to designing and implementing the Vanadium authorization model. We are grateful to Martín Abadi and Mike Burrows for helpful comments on drafts of this tutorial.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Taly, A., Shankar, A. (2016). Distributed Authorization in Vanadium. In: Aldini, A., Lopez, J., Martinelli, F. (eds) Foundations of Security Analysis and Design VIII. FOSAD FOSAD 2016 2015. Lecture Notes in Computer Science(), vol 9808. Springer, Cham. https://doi.org/10.1007/978-3-319-43005-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-43005-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-43004-1
Online ISBN: 978-3-319-43005-8
eBook Packages: Computer ScienceComputer Science (R0)