Group Management, Permissions, and Revocation in OceanStore Barbara Engelhardt George Porter Naveen Sastry UC Berkeley January 2002.

Slides:

Advertisements

Similar presentations

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.

Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

More on File Management

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

What is OceanStore? - 10^10 users with files each - Goals: Durability, Availability, Enc. & Auth, High performance - Worldwide infrastructure to.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

Serverless Network File Systems. Network File Systems Allow sharing among independent file systems in a transparent manner Mounting a remote directory.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

P2P: Advanced Topics Filesystems over DHTs and P2P research Vyas Sekar.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Concurrency Control & Caching Consistency Issues and Survey Dingshan He November 18, 2002.

Wide-area cooperative storage with CFS

1 © Copyright 2007 EMC Corporation. All rights reserved. EMC Documentum Information Rights Management EMC Content Management and Archiving.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

Metadata Issues in a Cryptographic File System David Bindel IRAM/ISTORE/OceanStore Retreat.

Lecture 7 Access Control

Secure File Storage Nathanael Paul CRyptography Applications Bistro March 25, 2004.

Key Management in Cryptography

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.

Federal Student Aid Identification username and password – this is how students and parents will sign the FAFSA application. The FSA ID process replaced.

A Survey on Secure Cloud Data Storage ZENG, Xi CAI, Peng

DATA DYNAMICS AND PUBLIC VERIFIABILITY CHECKING WITHOUT THIRD PARTY AUDITOR GUIDED BY PROJECT MEMBERS: Ms. V.JAYANTHI M.E Assistant Professor V.KARTHIKEYAN.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.

Pond: the OceanStore Prototype Sean Rhea, Patric Eaton, Dennis Gells, Hakim Weatherspoon, Ben Zhao, and John Kubiatowicz University of California, Berkeley.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

CSC8320. Outline Content from the book Recent Work Future Work.

Freenet File sharing for a political world. Freenet: A Distributed Anonymous Information Storage and Retrieval System I. Clarke, O. Sandberg, B. Wiley,

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Attribute-Based Encryption with Non-Monotonic Access Structures

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

ASYNCHRONOUS LARGE-SCALE CERTIFICATION BASED ON CERTIFICATE VERIFICATION TREES Josep Domingo-Ferrer, Marc Alba and Francesc Sebé Dept. of Computer Engineering.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.

Chapter 10: Rights, User, and Group Administration.

19 December 1998EMGnet meeting INRIA Rhône-Alpes1 An Overview of Security Issues in the Web José KAHAN OBLATT W3C/INRIA 19 December 1998.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.

Wireless and Mobile Security

When DRM Meets Restricted Multicast A Content Encryption Key Scheme for Restricted Multicast and DRM Min FENG and Bin ZHU Microsoft Research Asia.

POND: THE OCEANSTORE PROTOTYPE S. Rea, P. Eaton, D. Geels, H. Weatherspoon, J. Kubiatowicz U. C. Berkeley.

Computer Security By Duncan Hall.

MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).

Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.

4P13 Week 5 Talking Points 1. Security Provided by BSD a self-protecting Trusted Computing Base (TCB) spanning kernel and userspace; kernel isolation.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Information Systems Design and Development Security Precautions Computing Science.

OceanStore : An Architecture for Global-Scale Persistent Storage Jaewoo Kim, Youngho Yi, Minsik Cho.

Key management issues in PGP

pVault Sharing Architecture

Chinese wall model in the internet Environment

Content Distribution Network

Outline for today Oceanstore: An architecture for Global-Scale Persistent Storage – University of California, Berkeley. ASPLOS 2000 Feasibility of a Serverless.

Presentation transcript:

Group Management, Permissions, and Revocation in OceanStore Barbara Engelhardt George Porter Naveen Sastry UC Berkeley January 2002

OceanStore’s world view Promiscuous caching, untrusted infrastructure, world-wide scale

OceanStore’s world view No one server can be trusted to provide access control Data location may not be fully known—it may not be possible to “hunt and kill” all data files Unlike traditional operating systems, OceanStore has no trusted kernel Result: OceanStore has different needs in access control than traditional operating systems and “trusted” distributed filesystems

The need for groups Administrative need: commercial setting has 10K+ users and huge number of files People constantly entering and leaving groups Any solution likely to be fully distributed Want: Centralized revocation and control Aggressive caching and FS’s untrusted nature Groups must be convenient for both readers/writers and group managers

Problem We cannot assume security of any particular nodes Controlling writes can be done in inner ring Controlling reads more difficult Cannot trust servers to selectively release information Solution for Ocean Store: Use inner ring to verify write requests Use client-side crypto to prevent unauthorized reads Keep all needed keys with ACLs

Groups in OceanStore Similar to Kevin Fu’s cryptographic storage file system, keys are bundled with the files However, group lists are distributed through the network as regular files No group server—indirection is introduced to provide end users with the keys they need to read files

Protecting Files Blocks of each file are encrypted with symmetric keys (IDEA) Groups each have a keypair (the private key is encrypted to group members with their public keys) Symmetric keys encrypted with user or group’s public key and stored in ACL Group manager removes a user by generating new group keypair and reencrypting the private group key with each user’s public key When update is sent to file, any groups are checked for changes If changes exist, new symmetric key used for update

Performing a read File 1 Group G User1 User2 User3 ACL User1 User2 Group1 Group2 IDEA keys encrpyted with public keys Group’s private key encrypted with users’ public keys

Performing a read File 1 Group 2 User1 User2 User3 ACL User1 User2 Group1 Group2 Read block from file 1 Lookup user’s entry in ACL consulting group lists if needed

Performing a read File 1 Group 2 User1 User2 User3 ACL User1 User2 Group1 Group2 Read block from file 1 Lookup user's entry in ACL consulting group lists if needed Encrypted key

Deleting a user from a group File 1 Group 2 User1 User2 User3 ACL User1 User2 Group1 Group2 Group manager generates new group keypair This new private key is encrypted to each users’ public key Group manager

Submitting new update File 1 Group 2 User1 User2 User3 ACL User1 User2 Group1 Group2 Update Check to see if any groups changed

Submitting new update File 1 Group 2 User1 User2 User3 ACL User1 User2 Group1 Group2 Update Generate new IDEA key, encrypt to all users and groups

Advantages Decouple group management from key management Fully distributed Storing keys in this fashion is relatively straighforward

Experimental Testbed Simulated above mechanism on Java-based, block-oriented filesystem with OceanStore assumptions Verified against two workload models ( model based on IMAP traces and “Congressional Record” model) Testbed designed with OceanStore assumptions

Integration with OceanStore Inner ring verifies write requests Encrypted keys stored in ACL (as separate file) Group lists exist as independent files Any mechanisms introduced that restrict locations of files would decrease opportunity for revoked data to reach end users Cooperation from servers to delete data on request and aid in “hunt and destroy”

Additional Considerations A weakness of our system is that group members can deny access to other members of the group Group managers can determine if new members can see data written before their membership May be unwieldy for very dynamic groups

Future work Design of user-interface (Tcl/Tk or WWW) Expiring keys after certain time period/active servers to operate on files, including deletions Support for policies where new signed updates could imply the deletion of older data (streaming media, for example)