Explore a groundbreaking decentralized authorization framework in this 20-minute conference talk from USENIX Security '19. Delve into WAVE (Wide Area Verified Exchange), a system that eliminates central trust services, allowing users to autonomously delegate permissions without compromising security. Learn how WAVE's innovative approach uses an expressive authorization model, cryptographic enforcement, and a novel encryption protocol to protect and discover permissions while storing them in an untrusted scalable solution. Discover the framework's real-world application in controlling 800 IoT devices over two years, and gain insights into its competitive performance compared to traditional centralized systems. Follow the presentation's journey from introduction to conclusion, covering topics such as graph-based authorization, reverse discoverable encryption, and unequivocable log-derived maps.
WAVE - A Decentralized Authorization Framework with Transitive Delegation
Overview
Syllabus
Intro
Representative authorization example
Traditional approach
Graph Based Authorization
This forms a single global graph
The encryption & secret must capture the permissions
Reverse Discoverable Encryption Summary
High Level Overview
Constructed using three Merkle trees
Auditor replays operation log to construct replica
Unequivocable Log Derived Map Summary
Conclusion
Thank you & Questions
Taught by
USENIX
