An Architecture for Secure Wide-Area Service Discovery

Slides:



Advertisements
Similar presentations
Giggle: A Framework for Constructing Scalable Replica Location Services Ann Chervenak, Ewa Deelman, Ian Foster, Leanne Guy, Wolfgang Hoschekk, Adriana.
Advertisements

The Replica Location Service In wide area computing systems, it is often desirable to create copies (replicas) of data objects. Replication can be used.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Tapestry: Decentralized Routing and Location SPAM Summer 2001 Ben Y. Zhao CS Division, U. C. Berkeley.
Scalable Content-Addressable Network Lintao Liu
SIMPLE Presence Traffic Optimization and Server Scalability Vishal Kumar Singh Henning Schulzrinne Markus Isomaki Piotr Boni IETF 67, San Diego.
Gnutella 2 GNUTELLA A Summary Of The Protocol and it’s Purpose By
Peer-to-Peer Networks as a Distribution and Publishing Model Jorn De Boever (june 14, 2007)
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.
An Architecture for a Secure Service Discovery Service Steven Czerwinski, Todd Hodes, Ben Zhao, Anthony Joseph, Randy Katz UC Berkeley Internet Scale Research.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
Discovery Robert Grimm New York University. The Problem: Naming (Or, How to Start a Religious War)  The Internet today  IP addresses  Strict location.
Object Naming & Content based Object Search 2/3/2003.
Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.
Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.
Or, Providing High Availability and Adaptability in a Decentralized System Tapestry: Fault-resilient Wide-area Location and Routing Issues Facing Wide-area.
INTRODUCTION TO PEER TO PEER NETWORKS Z.M. Joseph CSE 6392 – DB Exploration Spring 2006 CSE, UT Arlington.
Study of the Relationship between Peer to Peer Systems and IP Multicasting From IEEE Communication Magazine January 2003 學號 :M 姓名 : 邱 秀 純.
Word Wide Cache Distributed Caching for the Distributed Enterprise.
1 Locating Application Data Across Service Discovery Domains MobiCom’01.
An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.
Wireless Networks of Devices (WIND) Hari Balakrishnan and John Guttag MIT Lab for Computer Science NTT-MIT Meeting, January 2000.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
The Network of Information: Architecture and Applications SAIL – Scalable and Adaptable Internet Solutions Bengt Ahlgren et. al Presented by wshin.
Vincent Matossian September 21st 2001 ECE 579 An Overview of Decentralized Discovery mechanisms.
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
1 Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy, Time and Provenance Serge Abiteboul, Alban Galland.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
INTERNET AND ADHOC SERVICE DISCOVERY BY: NEHA CHAUDHARY.
The Replica Location Service The Globus Project™ And The DataGrid Project Copyright (c) 2002 University of Chicago and The University of Southern California.
1 Peer-to-Peer Technologies Seminar by: Kunal Goswami (05IT6006) School of Information Technology Guided by: Prof. C.R.Mandal, School of Information Technology.
Peer to Peer A Survey and comparison of peer-to-peer overlay network schemes And so on… Chulhyun Park
Outline Introduction Existing solutions for ad hoc
Peer to Peer Network Design Discovery and Routing algorithms
BATON A Balanced Tree Structure for Peer-to-Peer Networks H. V. Jagadish, Beng Chin Ooi, Quang Hieu Vu.
NINJA. Project of UC Berkeley Computer Science Division Paper : The Ninja Architecture for Robust Internet-Scale Systems and Services
P2P Search COP6731 Advanced Database Systems. P2P Computing  Powerful personal computer Share computing resources P2P Computing  Advantages: Shared.
Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Planning, Configuring, And Troubleshooting WINS.
Dsitributed File Systems
The Ninja Architecture for Robust Internet-Scale Systems and Services UC Berkeley Computer Science Division 2002 년 10 월 9 일 박준호.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Grid Services for Digital Archive Tao-Sheng Chen Academia Sinica Computing Centre
Presented by Edith Ngai MPhil Term 3 Presentation
Introduction Wireless devices offering IP connectivity
Magdalena Balazinska, Hari Balakrishnan, and David Karger
Grid Computing Security Mechanisms: the state-of-the-art
Module Overview Installing and Configuring a Network Policy Server
Cryptography and Network Security
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Planning, Configuring, And Troubleshooting WINS.
NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.
Peer-to-Peer Data Management
Load Weighting and Priority
CHAPTER 3 Architectures for Distributed Systems
Pervasive Data Access (PDA) Research Group
Client-Server Interaction
Plethora: Infrastructure and System Design
Cryptography and Network Security
Chapter 4: Switched Networks
A Scalable content-addressable network
Distributed P2P File System
Goals Introduce the Windows Server 2003 family of operating systems
Building Peer-to-Peer Systems with Chord, a Distributed Lookup Service
SSL (Secure Socket Layer)
Distributed computing deals with hardware
Chapter 4 Cryptography / Encryption
Indirect Communication Paradigms (or Messaging Methods)
Indirect Communication Paradigms (or Messaging Methods)
Presentation transcript:

An Architecture for Secure Wide-Area Service Discovery Todd D. Hodes, Steven E. Czerwinski, Ben Y. Zhao, Anthony D. Joseph, and Randy H. Katz Imrich Wireless Networks 8, 213-230 (2002) 2005. 10. 17. MMLAB, Seongil Han sihan@mmlab.snu.ac.kr

Contents Introduction Design concepts Operations Wide-area support Features and components Design concepts Operations SDS servers and services Secure communications Wide-area support Multi-criteria search Query filtering

Introduction Service discovery system Features Security Flexible and multi-criteria search Wide-area deployed Fault tolerence Scalability

Components Clients Services SDS server Discover the services, using query Services Announce their own descriptions SDS server Solicit information from the services and manage queries from clients

Design concepts Announcement-based XML service descriptions ‘Soft State’ Periodic multicast announcements and caching Fast react to faults XML service descriptions Flexibility and semantic-rich content Privacy and authentication Hybrid of asymmetric and symmetric-key cryptography Authentication : certificate Capabilities Hierarchical organization

SDS servers Basic operations Cluster operation and fault tolerance Send authenticated messages periodically List of the domain Multicast address for service announcements Desired service announcement rate Contact information for CA and CM Well-known SDS multicast channel Cluster operation and fault tolerance Load balancing, mirrors Accepting services and clients Register the services’ description Process the clients’ queries

Services Find the correct SDS server Listen for SDS server announcements Not a one-time task Send the descriptions to SDS server Proper channel, proper frequency Contact Capability Manager Defining the capabilities for individual users

Secure SDS communications Authenticated server announcements Sign but not encrypt announcements Timestamp Secure one-way service description announcements Hybrid public / symmetric key system Authenticated RMI Two-way authenticated and encrypted Use certificates for authentication ID Ciphered Secret Payload {…, Expire, SK, …}EK {…datas…}SK

Multi-criteria search Very difficult function Complex queries and wide-area distribution Mechanism category Centralization Single point of failure Name-specified mapping Hashing, only single criteria Flooding Scalability

Wide-area support Objective Filtered query flooding (query filtering) Full rechability Multi-criteria selection Filtered query flooding (query filtering) Dynamic construction and adaptation of the neighbor relationship Set of hierarchical interconnections Multiple tree with various metrics Application-level filtering infrastructure Aggregation and query routing Bloom-filtered crossed terminals (BCT)

Filtering Terminal set Bloom filter Routing Nth-degree crossed terminal set Lexigraphic concatenation Reduction of N ⇔ increase of ‘false positive’ Bloom filter Routing Parent based filtering (PBF) Full indexing Adaptation of service change Table rebuilt, per-bit count v1 v1 v2 HIT S1 S2 query MISS False Positive query

Other issues Range query, wildcards Soft-state messaging BCT supports neither naturally Known false positives (KFPs) caching Soft-state messaging Updates Differences + fragment of table Queries Stateless, always with query Query replies Stateless, except for KFPs

Summary SDS Complex query Automatic handle of failures Security-minded XML Service-specific tag Powerful query Soft-state and announcement-based

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.