A Versatile Storage System for Future Networking Architecture Prof. Xiaohua Jia City University of Hong Kong 1.

Slides:



Advertisements
Similar presentations
Security Controls and Systems in E-Commerce
Advertisements

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
The Internet Useful Definitions and Concepts About the Internet.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
Chapter 4.1 Interprocess Communication And Coordination By Shruti Poundarik.
Virtual Private Network
Computer Science Public Key Management Lecture 5.
CSCI 6962: Server-side Design and Programming
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
IT 424 Networks2 IT 424 Networks2 Ack.: Slides are adapted from the slides of the book: “Computer Networking” – J. Kurose, K. Ross Chapter 2: Application.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
WXET1143 Lecture7: , Chat and Messaging. Introduction  Electronic mail is everywhere.  Now many people in business, government, and education use.
1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
Copyright © 2002 Pearson Education, Inc. Slide 3-1 CHAPTER 3 Created by, David Zolzer, Northwestern State University—Louisiana The Internet and World Wide.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
World Wide Web Hypertext model Use of hypertext in World Wide Web (WWW) WWW client-server model Use of TCP/IP protocols in WWW.
1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )
Copyright Protection Allowing for Fair Use Team 9 David Dobbs William Greenwell Jennifer Kahng Virginia Volk.
Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Introduction Slide 1 A Communications Model Source: generates.
569 Semantic Web. Dr. J. Lu University of windsor, Project Presentation Encrypted Web service application Encrypted Web Application Presented by:
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications ◦The client requested data.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Module 9: Fundamentals of Securing Network Communication.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Security Protection on Trust Delegated Medical Data in Public Mobile Networks Dasun Weerasinghe, Muttukrishnan Rajarajan and Veselin Rakocevic Mobile Networks.
Digital Signatures, Message Digest and Authentication Week-9.
William Stallings Data and Computer Communications
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
INTERNET PROTOCOLS. Microsoft’s Internet Information Server Home Page Figure IT2031 UNIT-3.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Individual Project 1 Sarah Pritchard. Fran, a customer of your company, would like to visit your company’s website from her home computer… How does your.
AMQP, Message Broker Babu Ram Dawadi. overview Why MOM architecture? Messaging broker like RabbitMQ in brief RabbitMQ AMQP – What is it ?
Secure Messenger Protocol using AES (Rijndael) Sang won, Lee
ISDS 4120 Project 1 DWAYNE CARRAL JR 3/27/15. There are seven layers which make up the OSI (Open Systems Interconnection Model) which is the model for.
© 1stworks Corp. The Connected Community 85% of US corporations have a PC 75% of these PCs have an Internet connection 50% of US households have a PC 80%
Key Management Network Systems Security Mort Anvari.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
多媒體網路安全實驗室 A Secure Privacy-Preserving Roaming Protocol Based on Hierarchical Identity-Based Encryption for mobile Networks 作者 :Zhiguo Wan,Kui Ren,Bart.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
1 Example security systems n Kerberos n Secure shell.
Key management issues in PGP
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
Programming with ANTS ANTS facilitates protocols construction and deployment Demonstrate some examples using Mobility services Multicasting.
Understanding the OSI Reference Model
ONLINE SECURE DATA SERVICE
Presentation transcript:

A Versatile Storage System for Future Networking Architecture Prof. Xiaohua Jia City University of Hong Kong 1

Outline o Motivations and Objectives o System Architecture o System Design and Implementation o Conclusion 2

Motivations Giant Application Service Providers (ASPs) monopolize the markets based on ◦Users’ data ◦Users’ social relations 3

Motivations What are the consequences? o Users’ data and social relations are locked in ASPs. ASPs win users not by their QoS, but by users’ data and social relations o Small and medium companies are denied of opportunities to enter the business o User’s social relations are fragmented on multiple ASPs, and publish-subscribe of user’s data is limited within the scope of an ASP o …… 4

System Background o Many ICN (Information Centric Networks) projects, e.g., NDN, NetInf, PURSUIT, etc., cache the data in routers along the path it travels o New effort of NFV (Network Function Virtualization) replaces traditional routers by general purpose computer servers o There are huge amount of under-utilized storage and computing powers on routers all over the Internet o Our aim: build a versatile storage infrastructure for users 5

Design Objectives o Decouple users' data from ASPs The infrastructure stores users data and provides content services to ASPs. o Decouple users’ social relations from ASPs The information of users social relations is integrated into the infrastructure for data publish-subscribe. o Support general data communications The infrastructure can support data networking services, such as online video chat. 6

System Architecture Presentation Layer ASPs or APPs: use data from VSS to provide advanced services to end users. Information Layer VSS (Versatile Storage System): responsible for content storage, access control publishing/ subscribing, and distribution. 7

Example: decouple users social relations from ASPs -Manage social relations of users -Support content publish-subscribe services: access control, publishing and subscribing, …… Alice Bob Facebook Client App Weibo Client App 1. Alice sends a “friend” request to Bob in Facebook app 2. Bob sees Alice become his follower in Weibo app, then Bob “follows” Alice back. 3. Bob becomes Alice’s friend in Facebook app 8

Example: decouple users data from ASPs 4. Alice posts a message to “Friends” in Facebook app 5. Bob can see the message in Weibo app 9 Alice Bob Weibo Client App Facebook Client App

10 Vertical and Horizontal Interfaces o Vertical interface -Any ASPs can provide content services based on the information layer of VSS -Provide standard APIs User-Network Interface (UNI) to all ASPs inter-domain interface Domain 1 (China) Domain 2 (UK) Domain 3 (USA) o Horizontal interface -VSS consists of multiple autonomous service domains -Interconnected by “thin” Network-Network Interface (NNI)

Support of data networking and communications o Data communication based on file systems -Integrate data service with networking service -Support general data communication o Real-time communication -Support inter-person real-time communication 11

System Designs o Management of user data o Management of users social relations o Roaming of users o Security and privacy 12

Management of User Data VSS is currently implemented on top of HBase 13

Management of User Data Users can use either a client application or a web interface (web browser) to upload local files to or download files from the VSS system. User Client Application Web Interface 14 User

Management of social relations VSS manages basic social relations of users o VSS manages the contact lists and contact groups, decoupling users’ social relations from ASPs o ASPs calls VSS to get social relations of users for content publishing 15

Modeling of social relations VSS models general types of user social relations on the Internet o 1-way friendship: Weibo, Twitter, address book, contact list o 2-way friendship: QQ, WeChat, Line, WhatsApp, Skype, Facebook o Workgroups / teams: Dropbox shared folder, SkyDrive Groups, QQ / WeChat group chat 16

Example: ASP-independent information publication o Alice (in China) shares a photo to her friends Bob and Cathy o VSS China domain stores the photo and sends the notifications to the home domains of Bob and Cathy respectively o Bob & Cathy can see the photo via any application o Once the photo is deleted by Alice, all references to this photo is removed from the entire system China USA UK China Domain USA Domain UK Domain 17

Implementation of real-time inter-person communication o Using shared files as communication medium o The sender writes data to a file and informs the receiver by placing a token in receiver’s space o The receiver checks the token at fixed interval and reads the data from the file when the data becomes available o The synchronization frequency depends on the real-time requirement o Demo Demo 18 AliceBob Client App File

Handling of user roaming The data accessed by a roaming user shall be transferred from its home domain to the destination domain. 19

Handling of user roaming Why consider user roaming? o A user’s information is stored and managed by his home domain Requirements of roaming handling o Remote authentication of users There shall be a simple and efficient method to authenticate a roaming user so that the access permission can be assigned to the user o Local & remote execution of commands Some commands can only be executed locally (or passed back to the home domain for execution if the user is in a remote domain) for security reasons or performance reasons o Caching and data pre-fetch The domain shall be able to utilize its local cache to improve users’ roaming experience 20

Uniform security and privacy scheme Security issues o Storage security: all stored data can be auto-encrypted (if users wish) o Security for cross-domain: interoperation and communications Secure both the data storage and the communication channels! Inter-domain channel 21

Privacy-preserving publish- subscribe in multi-domains o Privacy protection of communication parties -Hide sender’s ID from the receiver’s domain -Hide receiver’s ID from the sender’s domain o Privacy protection of subscriber and publishers -Hide subscriber’s details from the foreign domain when subscribing information from a foreign domain -Hide publisher’s details from subscriber’s domain when the publisher is in a foreign domain

Secure content publish- subscribe in VSS o Content publish-subscribe: privacy against VSS o ASPs use VSS platform to publish content to users but do not want to disclose the content to VSS o Asymmetric encryption is not applicable because it requires a trusted third party to verify the true identities of all the involved parties o No key-exchange can be done through VSS o No need for users (subscribers) to manage too many keys for publishers 23

Protocol design (1): subscription o Step 1: Subscription o Subscriber sends subscription request and key material Y sub o Y sub = g Rsub mod p, // g and p are public parameters in Diffie-Hellman code o R sub = PRNG(SK sub, ID pub ), // Sk sub is the secret key of subscriber, ID pub the ID of publisher, PRNG a pseudo random number generator. 24

Protocol design (2): publishing o Step 2. Publishing o For i th publication, publisher generates a new key K i and key material Y pub o K i = Y sub Ri mod p // R i is a random number for i th publication o Y pub = g Ri mod p o Publisher encrypts data by K i and sends the ciphertext and Y pub to VSS o VSS cannot recover K i or decrypt the data, even with the key materials Y sub and Y pub (it doesn’t know R sub and R i ) 25

Protocol design (3): content delivery o Step 3. VSS delivers the i th ciphertext and Y pub to subscriber o Subscriber generates the decryption key on the fly: 1.Restore the same random number as in step 1: R sub =PRNG(SK sub, ID pub ) 2.Generate decryption key K i ’ = Y pub Rsub mod p 3.Note: K i ’ = Y pub Rsub mod p = g Ri * Rsub mod p = Y sub Ri mod p = K i o A subscriber only needs to keep its own secret key SK sub for all ASPs and it does NOT need to manage many R sub of publishers 26

Conclusion o VSS decouples ASPs from users' data and users' social relations. ASPs have to rely on better quality services to win user groups. o VSS integrates file services with traditional networking services. It can be used as universal communication platform. o VSS provides uniform security / privacy scheme, making users’ data and communication more secure. 27

Demo Demo settings: o 3 end users -Alice -Bob -Cathy o 3 ASPs / APPs -FaceBlog -SinaBlog -NetDrive o 2 domains USA China 28

Thank You! 29

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.