Key Management in EventGuard

Mihai BarzuFaculty of Computer Science

Information Security

Entities

● Specifying minimal requirements for network entities

– Publisher

– Subscriber

Provider

● Wrapping existing implementations of cryptographic primitives for simpler use and providing implementations for others

– AES

– SHA1

– HMAC-SHA1

– ElGamal

Guards

● Creating coherent specifications for the modular guards (Publish, Subscribe, Advertise, Unadvertise, Unsubscribe)

● JAXB-compliant beans as wrappers for requests and responses

Management

● Mediation had to be done between guard specifications and cryptographic primitives in order to provide an implementation

● Loose, generic specifications for manager functionalities

● Constructor dependency injection for most classes

● IGuards implementation with routing guard add-on

Web Service

● For accessibility over a large network, with undefined topology, functionality of the key management application had to be exposed through a web service

● Secure, lightweight communication had to be provided for network communication

● Minimal responsibility regarding implementation (the web service uses the implementation from the management module)

Design

Built-in security

The code

Accessing the service

Client-part code generation

Further reading

● Mudhakar Srivatsa, Ling Liu, and Arun Iyengar. 2011. EventGuard: A System Architecture for Securing Publish-Subscribe Networks. ACM Trans. Comput. Syst. 29, 4, Article 10 (December 2011), 40 pages. DOI=10.1145/2063509.2063510 http://doi.acm.org/10.1145/2063509.2063510