Distributed Authorization in Vanadium

Taly, Ankur

doi:10.1007/978-3-319-43005-8_4

Cited by 3 publications

(3 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A standard solution in the existing literature, used by SPKI/SDSI [34], Vanadium [82], and bw2 [5], is to include a certificate chain with each message. Just as permission to subscribe to a resource is granted via a chain of delegations in §3, permission to publish to a resource is also granted via a chain of delegations.…”

Section: Starting Solution: Signature Chainsmentioning

confidence: 99%

“…Authorization Services. JEDI is complementary to authorization services for IoT, such as bw2 [5], Vanadium [82], WAVE [6], and AoT [73], which focus on expressing authorization policies and enabling principals to prove they are authorized, rather than on encrypting data. Droplet [79] provides encryption for IoT, but does not support delegation beyond one hop and does not provide hierarchical resources.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT

Kumar,

Hu,

Andersen

et al. 2019

Preprint

View full text Add to dashboard Cite

As the Internet of Things (IoT) emerges over the next decade, developing secure communication for IoT devices is of paramount importance. Achieving end-to-end encryption for large-scale IoT systems, like smart buildings or smart cities, is challenging because multiple principals typically interact indirectly via intermediaries, meaning that the recipient of a message is not known in advance. This paper proposes JEDI (Joining Encryption and Delegation for IoT), a many-to-many end-to-end encryption protocol for IoT. JEDI encrypts and signs messages end-to-end, while conforming to the decoupled communication model typical of IoT systems. JEDI's keys support expiry and fine-grained access to data, common in IoT. Furthermore, JEDI allows principals to delegate their keys, restricted in expiry or scope, to other principals, thereby granting access to data and managing access control in a scalable, distributed way. Through careful protocol design and implementation, JEDI can run across the spectrum of IoT devices, including ultra low-power deeply embedded sensors severely constrained in CPU, memory, and energy consumption. We apply JEDI to an existing IoT messaging system and demonstrate that its overhead is modest.

show abstract

Section: Starting Solution: Signature Chainsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT

Kumar,

Hu,

Andersen

et al. 2019

Preprint

View full text Add to dashboard Cite

show abstract

“…There are two kinds of distributed authorization systems [37]. The first kind are the credentials-based authorization systems (F. Schneider's terminology), in which the client presents a set of certificates to an authorization system as a proof of policy compliance [1,2,24,3].…”

Section: Related Workmentioning

confidence: 99%

HCAP: A History-Based Capability System for IoT Devices

Tandon,

Fong,

Safavi-Naini

2018

Preprint

View full text Add to dashboard Cite

Permissions are highly sensitive in Internet-of-Things (IoT) applications, as IoT devices collect our personal data and control the safety of our environment. Rather than simply granting permissions, further constraints shall be imposed on permission usage so as to realize the Principle of Least Privilege. Since IoT devices are physically embedded, they are often accessed in a particular sequence based on their relative physical positions. Monitoring if such sequencing constraints are honoured when IoT devices are accessed provides a means to fence off malicious accesses. This paper proposes a history-based capability system, HCAP, for enforcing permission sequencing constraints in a distributed authorization environment. We formally establish the security guarantees of HCAP, and empirically evaluate its performance.

show abstract

Hcap

Tandon

Fong

2018

Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

Distributed Authorization in Vanadium

Cited by 3 publications

References 18 publications

JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT

JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT

HCAP: A History-Based Capability System for IoT Devices

Hcap

Contact Info

Product

Resources

About