1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah.

Slides:

Advertisements

Similar presentations

A Survey of Key Management for Secure Group Communications Celia Li.

Advertisements

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

1 MD5 Cracking One way hash. Used in online passwords and file verification.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

1 Fast, Scalable Disk Imaging with Frisbee University of Utah Mike Hibler, Leigh Stoller, Jay Lepreau, Robert Ricci, Chad Barb.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Wireless Sensor Network Security Anuj Nagar CS 590.

Wide-area cooperative storage with CFS

Emulab Federation Preliminary Design Robert Ricci with Jay Lepreau, Leigh Stoller, Mike Hibler University of Utah USC/ISI Federation Workshop December.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

Efficient Proactive Security for Sensitive Data Storage Arun Subbiah Douglas M. Blough School of ECE, Georgia Tech {arun,

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Frangipani: A Scalable Distributed File System C. A. Thekkath, T. Mann, and E. K. Lee Systems Research Center Digital Equipment Corporation.

SSH Secure Login Connections over the Internet

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Object-based Storage Long Liu Outline Why do we need object based storage? What is object based storage? How to take advantage of it? What's.

Performance Tradeoffs for Static Allocation of Zero-Copy Buffers Pål Halvorsen, Espen Jorde, Karl-André Skevik, Vera Goebel, and Thomas Plagemann Institute.

UDgateway WAN Optimization. 1. Why UDgateway? All-in-one solution Value added services – Networking project requirements Optimize IP traffic on constrained.

GridFS Targeting Data Sharing in Grid Environments Marcelo Nery dos Santos / Renato Cerqueira PUC-Rio, Brazil Presented by: Francisco Silva.

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Chapter 8 Implementing Disaster Recovery and High Availability Hands-On Virtual Computing.

Profiling Grid Data Transfer Protocols and Servers George Kola, Tevfik Kosar and Miron Livny University of Wisconsin-Madison USA.

1 Configurable Security for Scavenged Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh with: Samer Al-Kiswany, Matei Ripeanu.

Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Moving Large Amounts of Data Rob Schuler University of Southern California.

Vigilante: End-to-End Containment of Internet Worms Authors : M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham In Proceedings.

SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.

Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.

Continuous Backup for Business CrashPlan PRO offers a paradigm of backup that includes a single solution for on-site and off-site backups that is more.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Fast Crash Recovery in RAMCloud. Motivation The role of DRAM has been increasing – Facebook used 150TB of DRAM For 200TB of disk storage However, there.

1 An Adaptive File Distribution Algorithm for Wide Area Network Takashi Hoshino, Kenjiro Taura, Takashi Chikayama University of Tokyo.

ECE 526 – Network Processing Systems Design Computer Architecture: traditional network processing systems implementation Chapter 4: D. E. Comer.

Latency Reduction Techniques for Remote Memory Access in ANEMONE Mark Lewandowski Department of Computer Science Florida State University.

Large-scale Virtualization in the Emulab Network Testbed Mike Hibler, Robert Ricci, Leigh Stoller Jonathon Duerig Shashi Guruprasad, Tim Stack, Kirk Webb,

414/415 Review Session Emin Gun Sirer. True/False Multiprogramming offers increased response time Instructions to access a raw disk device need to be.

Security Vulnerabilities in A Virtual Environment

Review CS File Systems - Partitions What is a hard disk partition?

Database Laboratory Regular Seminar TaeHoon Kim Article.

10/18/01Linux Reconstruction Farms at Fermilab 1 Steven C. Timm--Fermilab.

@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Cryptography CSS 329 Lecture 13:SSL.

Using Deduplicating Storage for Efficient Disk Image Deployment Xing Lin, Mike Hibler, Eric Eide, Robert Ricci University of Utah.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Working at a Small-to-Medium Business or ISP – Chapter 8

Distributed Network Traffic Feature Extraction for a Real-time IDS

Secure Sockets Layer (SSL)

Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.

Module 8: Securing Network Traffic by Using IPSec and Certificates

Securing the Frisbee Multicast Disk Loader

SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET

A Redundant Global Storage Architecture

Module 8: Securing Network Traffic by Using IPSec and Certificates

Presentation transcript:

1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah

2 What is Frisbee?

3 Frisbee is Emulab’s tool to install whole disk images from a server to many clients using multicast

4 What is our goal?

5 Motivation Frisbee was developed for a relatively trusting environment  Existing features were to prevent accidents Changing Environment  More users  More sensitive experiments  More private images

6 Security Goals Confidentiality Integrity Protection Authentication  Ensure that an image is authentic Use cases  Public images  Private images

7 Our Contribution Analyze and describe a new and interesting threat model Protect against those threats while preserving Frisbee’s essential strengths

8 Outline Motivation Frisbee Background Threat Model Protecting Frisbee Evaluation

9 Frisbee & Emulab

10 Emulab

11 Control Plane

12 Frisbee’s Strengths

13 Frisbee’s Strengths Disk Imaging System  General and versatile  Robust Fast  Loads a machine in 2 minutes Scalable  Loads dozens of machines in 2 minutes Hibler et al. (USENIX 2003)

14 How Does Frisbee Work?

15 Creation Source Frisbee Life Cycle Installation Targets Fileserver Distribution Control Server Storage

16 Image Layout Image is divide into chunks Each chunk is independently installable  Start receiving chunks at any point  Chunks are multicast Allocated Blocks Free Blocks Source Disk Header Compressed Data Header Compressed Data Stored Image Chunk

17 Outline Motivation Frisbee Background Threat Model Protecting Frisbee Evaluation

18 Potential Attackers

19 Potential Attackers Firewall  Frisbee traffic can’t leave control network  Forged Frisbee traffic can’t enter control network Any attackers are inside Emulab  Compromised Emulab node  Infiltrated Emulab server  Emulab user

20 Vectors for Attack in Emulab Space Shared  Multiple users on the testbed at the same time Shared control network  Frisbee runs on control network No software solution to limit users  Users have full root access to their nodes

21 What do attackers want?

22 What do attackers want? Steal your data  Malicious software (security research)  Unreleased software (trade secrets) Modify your image  Denial of Service  Add a backdoor /etc/passwd ssh daemon  Tainting results

23 Frisbee Weakpoints

24 Frisbee Weakpoints Targets Fileserver Steal & Modify Control Server Steal & Modify Distribution Installation Storage

25 How do the attacks work?

26 Storage Attack Images are stored on a common fileserver All users have shell access on this server Images are protected by UNIX permissions Any escalation of privilege attacks compromise images

27 Distribution Attack Emulab is space shared A single control network is used to communicate with all nodes Join multicast group  No security protection in IP multicast Receive copies of packets Inject packets into stream

28 Multicast Targets Frisbee Server

29 Outline Motivation Frisbee Background Threat Model Protecting Frisbee Evaluation

30 Storage and Distribution Attacks Two birds with one stone End-to-end encryption & authentication  Image creation: Encrypt & Sign  Image installation: Decrypt & Verify  Same techniques prevent both attacks Distribution protocol remains identical

31 Confidentiality Encrypted at image creation  Remains encrypted on fileserver Decrypted only at image installation Details  Encryption algorithm: Blowfish  Encrypt after compression

32 Integrity Protection & Authentication Calculate cryptographic hash  Breaks backwards compatibility Sign hash using public-key cryptography (RSA)

33 Chunk by Chunk Each chunk is self- describing Hash & sign each chunk independently CBC restarts at each chunk Each header must have  Digital Signature  Initialization Vector Header Encrypted Data Header Encrypted Data Chunk Header Compressed Data Header Compressed Data

34 Image Authentication Weakness  Cut and paste attacks Give each image a unique UUID and put that in chunk headers  UUID is a 128 bit universal identifier  Can be selected randomly

35 Key Distribution Through secure control channel  Already part of Emulab  Encrypted using SSL with well-known certificate  TCP spoofing prevented by Utah Emulab’s network setup No forged MAC addresses No forged IP addresses Key can come from user  Flexible policy for images Not yet integrated into Emulab

36 Outline Motivation Frisbee Background Threat Model Protecting Frisbee Evaluation

37 Experimental Procedure Machine Specs  3 GHz Pentium IV Xeon  2 GB RAM Measurement  CPU time Network and disk usage unaffected  Per chunk Typical Image has 300 chunks (300 MB)

38 Performance

39 Conclusion

40 Conclusion Frisbee faces an unusual set of attacks  Cause: Space sharing of infrastructure Frisbee can be secured against these attacks  Cost: An extra 6 seconds for an average image

41 Emulab

42

43 Preventing Disk Leakage

44 Disk Leakage Disks are time shared Frisbee is aware of filesystem  Does not write free blocks  Old image will not be completely overwritten Another user could read the unwritten parts

45 Fixing Disk Leakage Zero out disks on next disk load Implemented in Frisbee  Much slower

46 Comparison to Symantec Ghost

47

48 Image Creation (CPU per chunk) Time (ms) Overhead (ms) Overhead (%) Base187.9 Signed Hash % Signed Hash + Encryption %

49 Image Installation (CPU per chunk) Time (ms) Overhead (ms) Overhead (%) Base34.3 Signed Hash % Signed Hash + Decryption %

50 Disk Imaging Matters Data on a disk or partition, rather than file, granularity Uses  OS installation  Catastrophe recovery Environments  Enterprise  Clusters  Utility computing  Research/education environments

51 Key Design Aspects Domain-specific data compression Two-level data segmentation LAN-optimized custom multicast protocol High levels of concurrency in the client

52 Image Creation Segments images into self-describing “chunks” Compresses with zlib Can create “raw” images with opaque contents Optimizes some common filesystems  ext2, FFS, NTFS  Skips free blocks

53 Image Distribution Environment LAN environment  Low latency, high bandwidth  IP multicast  Low packet loss Dedicated clients  Consuming all bandwidth and CPU OK

54 Custom Multicast Protocol Receiver-driven  Server is stateless  Server consumes no bandwidth when idle Reliable, unordered delivery “Application-level framing” Requests block ranges within 1MB chunk

55 Client Operation Joins multicast channel  One per image Asks server for image size Starts requesting blocks  Requests are multicast Client start not synchronized

56 Client Requests Request

57 Client Requests Block

58 Tuning is Crucial Client side  Timeouts  Read-ahead amount Server side  Burst size  Inter-burst gap

59 Image Installation Pipelined with distribution  Can install chunks in any order  Segmented data makes this possible Three threads for overlapping tasks Disk write speed the bottleneck Can skip or zero free blocks DecompressionDisk Writer BlocksChunk Distribution Decompressed Data

60 Evaluation

61 Performance Disk image  FreeBSD installation used on Emulab  3 GB filesystem, 642 MB of data  80% free space  Compressed image size is 180 MB Client PCs  850 MHz CPU, 100 MHz memory bus  UDMA 33 IDE disks, 21.4 MB/sec write speed  100 Mbps Ethernet, server has Gigabit

62 Speed and Scaling

63 FS-Aware Compression

64 Packet Loss

65 Related Work Disk imagers without multicast  Partition Image [ Disk imagers with multicast  PowerQuest Drive Image Pro  Symantec Ghost Differential Update  rsync 5x slower with secure checksums Reliable multicast  SRM [Floyd ’97]  RMTP [Lin ’96]

66 Ghost with Packet Loss

67 How Frisbee Changed our Lives (on Emulab, at least) Made disk loading between experiments practical Made large experiments possible  Unicast loader maxed out at 12 Made swapping possible  Much more efficient resource usage

68 The Real Bottom Line “I used to be able to go to lunch while I loaded a disk, now I can’t even go to the bathroom!” - Mike Hibler (first author)

69 Conclusion Frisbee is  Fast  Scalable  Proven Careful domain-specific design from top to bottom is key Source available at

70

71 Comparison to rsync Timestamps not robust Checksums slow Conclusion: Bulk writes beat data comparison

72 How to Synchronize Disks Differential update - rsync  Operates through filesystem  + Only transfers/writes changes  + Saves bandwidth Whole-disk imaging  Operates below filesystem  + General  + Robust  + Versatile Whole-disk imaging essential for our task

73 Image Distribution Performance: Skewed Starts

74 Future Server pacing Self tuning

75 The Frisbee Protocol Chunk Finished? More Chunks Left? Wait for BLOCKs Outstanding Requests? Send REQUEST Start Finished No BLOCK Received Yes Timeout No

76 The Evolution of Frisbee First disk imager: Feb, 1999 Started with NFS distribution Added compression  Naive  FS-aware Overlapping I/O Multicast 30 minutes down to 34 seconds!