Article

WAVE: a decentralized authorization framework with transitive delegation

Authors:

Michael P. Andersen,

Moustafa AbdelBaky,

David E. Culler,

Raluca Ada PopaAuthors Info & Claims

SEC'19: Proceedings of the 28th USENIX Conference on Security Symposium

Pages 1375 - 1392

Published: 14 August 2019 Publication History

Abstract

Most deployed authorization systems rely on a central trusted service whose compromise can lead to the breach of millions of user accounts and permissions. We present WAVE, an authorization framework offering decentralized trust: no central services can modify or see permissions and any participant can delegate a portion of their permissions autonomously. To achieve this goal, WAVE adopts an expressive authorization model, enforces it cryptographically, protects permissions via a novel encryption protocol while enabling discovery of permissions, and stores them in an untrusted scalable storage solution. WAVE provides competitive performance to traditional authorization systems relying on central trust. It is an open-source artifact and has been used for two years for controlling 800 IoT devices.

References

[1]

Tor project: Anonymity online. https://www.torproject.org/.

[2]

Facebook permission bug. https://money.cnn.com/2018/06/07/technology/facebook-public-post-error/index.html, 2018.

[3]

If This Then That. https://ifttt.com/, 2018.

[4]

OAuth 2.0. https://oauth.net/2/, 2018.

[5]

Michel Abdalla et al. Identity-based encryption gone wild. In ICALP, 2006.

Digital Library

[6]

A Ahadipour and M Schanzenbach. A survey on authorization in distributed systems: Information storage, data retrieval and trust evaluation. In Trustcom, 2017.

[7]

Michael Andersen and Sam Kumar. Source for WAVE. https://github.com/immesys/wave.

[8]

Michael P Andersen, John Kolb, Kaifei Chen, Gabe Fierro, David E Culler, and Randy Katz. Democratizing authority in the built environment. TOSN, 2018.

Digital Library

[9]

Michael P Andersen, John Kolb, Kaifei Chen, Gabriel Fierro, David E Culler, and Raluca Ada Popa. WAVE: A decentralized authorization system for IoT via blockchain smart contracts. UC Berkeley Tech. Rep. UCB/EECS-2017-234, 2017.

[10]

Moritz Becker et al. SecPAL: Design and semantics of a decentralized authorization language. JCS, 2010.

Digital Library

[11]

Elisa Bertino, Elena Ferrari, and Anna Squicciarini. Trust negotiations: concepts, systems, and languages. Computing in science & engineering, 6(4), 2004.

Digital Library

[12]

Arnar Birgisson, Joe Gibbs Politz, Ulfar Erlingsson, Ankur Taly, Michael Vrable, and Mark Lentczner. Macaroons: Cookies with contextual caveats for decentralized authorization in the cloud. In NDSS, 2014.

[13]

Matt Blaze et al. Keynote: Trust management for public-key infrastructures. In SWP, 1998.

Digital Library

[14]

Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In IEEE S & P, 1996.

Digital Library

[15]

Matt Blaze, Joan Feigenbaum, and Martin Strauss. Compliance checking in the policymaker trust management system. In FC, 1998.

Digital Library

[16]

D. Boneh and M. Franklin. Identity-based encryption from the weil pairing. In SIAM J Comput, 2003.

Digital Library

[17]

Christian Cachin. Architecture of the hyperledger blockchain fabric. 2016.

[18]

Ke Chen, Kai Hwang, and Gang Chen. Heuristic discovery of role-based trust chains in peer-to-peer networks. IEEE TPDS, 20(1):83-96, 2009.

Digital Library

[19]

Dwaine Clarke et al. Certificate chain discovery in SP-KI/SDSI. Journal of Computer Security, 2001.

Digital Library

[20]

James C Corbett et al. Spanner: Google's globally distributed database. ACM TOCS, 31(3):8, 2013.

Digital Library

[21]

Henry Corrigan-Gibbs, Dan Boneh, and David Mazières. Riposte: An anonymous messaging system handling millions of users. In IEEE S&P, 2015.

Digital Library

[22]

Kyle Croman et al. On scaling decentralized blockchains. In FC, 2016.

[23]

Adam Eijdenberg, Ben Laurie, and Al Cutter. Verifiable data structures. https://github.com/google/trillian/blob/master/docs/VerifiableDataStructures.pdf.

[24]

Carl M Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M Thomas, and Tatu Ylonen. SPKI examples, 1998.

[25]

Ksenia Ermoshina, Francesca Musiani, and Harry Halpin. End-to-end encrypted messaging protocols: An overview. In INRIA, 2017.

[26]

Evernym Inc. Everynm: Self-sovereign identity with verifiable claims, 2018.

[27]

A. Felkner and A. Kozakiewicz. Practical extensions of trust management credentials. In iNetSApp. 2017.

[28]

Earlence Fernandes, Amir Rahmati, Jaeyeon Jung, and Atul Prakash. Decentralized action integrity for triggeraction IoT platforms. In NDSS, 2018.

[29]

Philip WL Fong. Relationship-based access control: protection model and policy language. In CODASPY, 2011.

Digital Library

[30]

Keith Frikken et al. Attribute-based access control with hidden policies and hidden credentials. IEEE TC, 2006.

Digital Library

[31]

Google. GRPC, a high performance, open-source universal RPC framework. https://grpc.io/.

[32]

Google. Key transparency. https://github.com/google/keytransparency/blob/master/docs/design.md.

[33]

Google. Trillian. https://github.com/google/trillian.

[34]

Google. VLBM implementation. https://github.com/google/trillian/tree/master/examples/ct/ctmapper.

[35]

V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. In CCS, 2006.

Digital Library

[36]

OAuth Working Group. Oauth 2 token exchange. https://tools.ietf.org/html/draf-tietf-oauth-token-exchange-15, 2018.

[37]

Jason E Holt et al. Hidden credentials. In ACM workshop on privacy in the electronic society, 2003.

Digital Library

[38]

Sam Kumar, Yuncong Hu, Michael P Andersen, Raluca Ada Popa, and David E. Culler. JEDI: Many-to-many end-to-end encryption and key delegation for iot. In USENIX Security, 2019.

Digital Library

[39]

Selena Larson. Every single yahoo account was hacked - 3 billion in all, October 2017. Online.

[40]

Ben Laurie. Revocation Transparency. https://www.links.org/files/RevocationTransparency.pdf, 2018.

[41]

Ben Laurie, A. Langley, and E. Kasper. Certificate transparency (rfc 6992), 2013.

[42]

David Lazar. Open-source IBE implementation. https://github.com/vuvuzela/crypto.

[43]

Ninghui Li et al. Design of a role-based trust-management framework. In IEEE S & P, 2002.

Digital Library

[44]

Ninghui Li et al. Distributed credential chain discovery in trust management. J. CS, IOS Press, 2003.

Digital Library

[45]

Ninghui Li and John C. Mitchell. Datalog with constraints: A foundation for trust management languages. In PADL, 2003.

Digital Library

[46]

Benoît Libert and Jean-Jacques Quisquater. Identity based encryption without redundancy. In ACNS, 2005.

Digital Library

[47]

Marcela S. Melara et al. CONIKS: Bringing key transparency to end users. In USENIX Security, 2015.

Digital Library

[48]

Sascha Müller and Stefan Katzenbeisser. Hiding the policy in cryptographic access control. In STM, 2011.

Digital Library

[49]

Ronald Rivest and Butler Lampson. SDSI-a simple distributed security infrastructure. CRYPTO, 1996.

[50]

Martin Schanzenbach et al. Practical decentralized attribute-based delegation using secure name systems. arXiv:1805.06398, 2018.

[51]

Kent E. Seamons et al. Requirements for policy languages for trust negotiation. In POLICY. IEEE, 2002.

Digital Library

[52]

Hossein Shafagh, Lukas Burkhalter, Simon Duquennoy, Anwar Hithnawi, and Sylvia Ratnasamy. Droplet: Decentralized authorization for iot data streams, 2018.

[53]

Adi Shamir. How to share a secret. Comm. ACM, 1979.

Digital Library

[54]

Mudhakar Srivatsa and Mike Hicks. Deanonymizing mobility traces: Using social network as a side-channel. In ACM CCS, 2012.

Digital Library

[55]

The Sovrin Foundation. A protocol and token for self-sovereign identity and decentralized trust, 2018.

[56]

Vamsi Thummala and Jeff Chase. SAFE: A declarative trust management system with linked credentials. arXiv preprint arXiv:1510.04629, 2015.

[57]

Daniel Trivellato et al. GEM: A distributed goal evaluation algorithm for trust management. TPLP, 2014.

[58]

Marianne Winslett, Ting Yu, Kent E Seamons, Adam Hess, Jared Jacobson, Ryan Jarvis, Bryan Smith, and Lina Yu. Negotiating trust in the web. IEEE IC, 2002.

Digital Library

[59]

Xian Zhu et al. Distributed credential chain discovery in trust-management with parameterized roles. In CANS, 2005.

Digital Library

Cited By

Jia YYuan BXing LZhao DZhang YWang XLiu YZheng KCrnjak PZhang YZou DJin HKim YKim JVigna GShi E(2021)Who's In Control? On Security Risks of Disjointed IoT Device Management ChannelsProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484592(1289-1305)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484592

Index Terms

WAVE: a decentralized authorization framework with transitive delegation
1. Security and privacy

Index terms have been assigned to the content through auto-classification.

Recommendations

PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
A flexible role-based delegation model using characteristics of permissions
DEXA'05: Proceedings of the 16th international conference on Database and Expert Systems Applications

Role-Based Access Control(RBAC) has recently received considerable attention as a promising alternative to traditional discretionary and mandatory access controls.[7] RBAC ensures that only authorized users are given access to protected data or ...
Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SEC'19: Proceedings of the 28th USENIX Conference on Security Symposium

August 2019

2002 pages

ISBN:9781939133069

Program Chairs:
Nadia Heninger
University of Pennsylvania
,
Patrick Traynor
University of Florida

Sponsors

Google Inc.
IBMR: IBM Research
Microsoft: Microsoft
Intel: Intel
Facebook: Facebook

Publisher

USENIX Association

United States

Publication History

Published: 14 August 2019

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jia YYuan BXing LZhao DZhang YWang XLiu YZheng KCrnjak PZhang YZou DJin HKim YKim JVigna GShi E(2021)Who's In Control? On Security Risks of Disjointed IoT Device Management ChannelsProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484592(1289-1305)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484592

View Options

View options

Media

Figures

Other

Tables

View Table of Contents