SECURITY IN DISTRIBUTED FILE SYSTEMS Tejaswini Kalluri, Venkata Prudhvi Raj Konda, Kanna Karri

Overview Chapter 11 from textbook Research Paper: Strong Security for Distributed File System Research Paper: Implement A Reliable and Secure Cloud Distributed File System Future work

11.8 Security Security in distributed file systems organized along a client-server architecture is to have the servers handle authentication and access control. This is a straightforward way of dealing with security, an approach that has been adopted. NFS is an example of traditional approach.

Security in NFS Security in NFS mainly focuses on the communication between a client and a server. Secure communication means that a secure channel between the two should be set up. In addition to secure RPCs, it is necessary to control file accesses which are handled by means of access control file attributes in NFS.

Security in NFS A file server is in charge of verifying the access rights of its clients. NFS is layered on top of an RPC system, setting up a secure channel in NFS boils down to establishing secure RPCs (Remote Procedural Calls).

Secure RPCs With the introduction of NFSv4, security is enhanced by the support for RPCSEC_GSS. RPCSEC_GSS is a general security framework that can support a myriad of security mechanism for setting up secure channels. In particular, it not only provides the hooks for different authentication systems, but also supports message integrity and confidentiality, two features that were not supported in older versions of NFS. It should be noted that because RPCSEC_GSS is implemented as part of the RPC layer that underlies the NFS protocols.

Secure RPCs The important aspect of secure RPC in NFS is that the designers have chosen not to provide their own security mechanisms, but only to provide a standard way for handling security.

Access Control Authorization in NFS is analogous to secure RPC: it provides the mechanisms but does not specify any particular policy. Access control is supported by means of the ACL (Access Control List) file attribute.

Decentralized Authorization One of the main problems with systems such as NFS is that in order to properly handle authentication, it is necessary that users are registered through a central system administration. A solution to this problem is provided by using the Secure File Systems (SFS) in combination with decentralized authentication servers. The SFS client is responsible for setting up a secure channel with an SFS server. It is also responsible for communicating with a locally-available SFS user agent, which is a program that automatically handles user authentication.

Decentralized Authorization The organization of SFS

Secure Peer-to-Peer File-Sharing Systems Secure Lookups in DHT-Based Systems for secure routing Secure routing requires that three issues are dealt with: 1.Nodes are assigned identifiers in a secure way. 2.Routing tables are securely maintained. 3.Lookup requests are securely forwarded between nodes.

Strong Security for Distributed File Systems This paper proposes three different security schemes that can be implemented on a distributed file system.

Introduction Distributed Storage replaced traditional centralized storage In these systems, disks are attached directly and rely upon their own security, rather than using server’s protection This arrangement makes security more difficult as the disk is directly exposed to potential attacks instead of being hidden Encrypting files using standard encryption provides security but it is an ad hoc mechanism. It does not deal with issues such as sharing files between users The goal is to address the security shortcomings of file systems while preserving the flexibility and performance of distributed file systems.

Design Goals End-to-end Encryption – The first feature is end-to-end encryption of all file system data and metadata, including storage on disk. Data integrity - A user reading data from the server must be sure that the files received are those he originally stored Flexibility - While it would certainly be possible to simply encrypt each file with a user’s password, this approach is impractical because it makes file sharing difficult High Performance and Scalability – Performance is usually the trade off for security

SNAD – Secure Network Attached Disk The basic mechanism behind SNAD is to encrypt all data at the client and give the server sufficient information to authenticate the writer and the reader and verify the end-to-end integrity of the data SNAD relies upon several standard cryptographic tools. The client uses a standard algorithm such as RC5 to encrypt the data, ensuring that the data is unreadable SNAD also makes extensive use of cryptographic hashes and keyed hashes. Cryptographic hashes such as MD5 and SHA-1 are used Keyed hashes such as HMAC (hashed message authentication code) use a cryptographic hash in conjunction with a shared secret to check integrity and authenticate a writer.

SNAD Data Structures Secure Data Object – Minimum unit of data can be read or written in the secure file system File Object – Composed of one or more data objects along with per file metadata Key Object – Composed of Unique Id, User id last modified and Permissions Certificate Object – Contains list of tuples that include user ID, public key, HMAC key, and timestamp

3 Security Schemes Scheme 1: The most secure authentication mechanism Users sign the checksum of every block they write using public-key encryption, and for the disk to authenticate every block before writing If the checksum is cryptographically strong this mechanism is very secure, and allows the system to track the last writer for each block. Signature generation and checking are slow operations

3 Security Schemes Scheme 2: Reduces the load on the disk’s CPU by replacing the signature check at the server with a message authentication code (MAC) check. The client still generates a signature and checks it upon reading a block, but the disk need not perform such an expensive check, improving overall performance. The improvement of performance with this scheme is with loss of some security

3 Security Schemes Scheme 3: Further improves performance by dispensing with signatures altogether Instead, it uses combinations of cryptographic hashes to ensure data integrity throughout the system This scheme is considerably faster because it requires no signature generation or checking However, it is not possible to verify who last wrote a file

Implement A Reliable and Secure Cloud Distributed File System In this paper, a distributed file system based on Apache Hadoop is implemented, and the original Hadoop distributed file system is replaced with the Tahoe least-authority file system.

Introduction Cloud computing is based on the Internet, and the users and mobile users can share resources every time and everywhere through Internet and heterogeneous networks access Resources of cloud computing are virtualized and dynamic allocated. Therefore, the resources are able to utilize widely and efficiently According to the user types, the cloud computing can be approximately classified into three types that are public cloud, private cloud and hybrid cloud Cloud computing can be classified into three types according to the service types, such as Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS)

Apache Hadoop Hadoop is an open source project which is dedicated to develop scalable, reliable and distributed computing implementations Features of Hadoop:  Vast amounts of data – Capabilities for enormous storage and computing. Features of massive computing  Cost Efficiency – Low construction cost and improves performance by clustering the computing resources together  Parallel Computing – Achieved with the help of distributed architecture  Robustness – High availability and fault tolerance

Apache Hadoop Architecture Design concept of Hadoop refers to Google. These three techniques are individually mapping to Hadoop Distributed File System (HDFS), Hadoop MapReduce and Hadoop Base (HBase). The layer-bottomed is composed of several computers or servers with the clustered architecture.

Hadoop Distributed File System HDFS employs the Master/Slave architecture Nodes can be classified into Name Nodes and Data Node. There is only one Name Node in HDFS, and it manages the attribution and permission of file system. Also determines the strategy of duplication allocation The Data Nodes are responsible for executing the task and instruction, which assigned from the Name Node In reality the file is stored in the Data Nodes. Therefore, the amount of information in Data Nodes is much higher than Name Node There can be several data nodes

Tahoe Least Authority File System The Tahoe-LAFS is an open source platform for cloud storage system, and the data is separately saved in several servers The uploaded files can be downloaded successfully, even if part of servers are attacked and unavailable The users authorize the data readability and modification to the general storage providers, and the providers ensure that not to abuse the authority for stored data Design concept is based on the Principle of Least Authority, which means that the user needs a suitable authority to execute a process or task. The data and metadata is stored in the servers after Erasure Coding and cryptography technique.

Erasure Coding is one kind of Forward Error Correction (FEC) method. It copies N duplications and separately stores in H servers, and requires K servers to accomplish data download Moreover, the Tahoe-LAFS encrypts the data, therefore, it provides the data with high availability, confidentiality and integrity, and without providing the authority Tahoe Least Authority File System

HDFS v/s Tahoe LAFS

FUTURE WORK Concerning Factors Denial of Service Performance trade off Scalability

THANK YOU!!!!