Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Architecture for Secure Wide-Area Service Discovery

Published byJodie Morton Modified over 5 years ago

Similar presentations

Presentation on theme: "An Architecture for Secure Wide-Area Service Discovery"— Presentation transcript:

1 An Architecture for Secure Wide-Area Service Discovery
Todd D. Hodes, Steven E. Czerwinski, Ben Y. Zhao, Anthony D. Joseph, and Randy H. Katz Imrich Wireless Networks 8, (2002) MMLAB, Seongil Han

2 Contents Introduction Design concepts Operations Wide-area support
Features and components Design concepts Operations SDS servers and services Secure communications Wide-area support Multi-criteria search Query filtering

3 Introduction Service discovery system Features Security
Flexible and multi-criteria search Wide-area deployed Fault tolerence Scalability

4 Components Clients Services SDS server
Discover the services, using query Services Announce their own descriptions SDS server Solicit information from the services and manage queries from clients

5 Design concepts Announcement-based XML service descriptions
‘Soft State’ Periodic multicast announcements and caching Fast react to faults XML service descriptions Flexibility and semantic-rich content Privacy and authentication Hybrid of asymmetric and symmetric-key cryptography Authentication : certificate Capabilities Hierarchical organization

6 SDS servers Basic operations Cluster operation and fault tolerance
Send authenticated messages periodically List of the domain Multicast address for service announcements Desired service announcement rate Contact information for CA and CM Well-known SDS multicast channel Cluster operation and fault tolerance Load balancing, mirrors Accepting services and clients Register the services’ description Process the clients’ queries

7 Services Find the correct SDS server
Listen for SDS server announcements Not a one-time task Send the descriptions to SDS server Proper channel, proper frequency Contact Capability Manager Defining the capabilities for individual users

8 Secure SDS communications
Authenticated server announcements Sign but not encrypt announcements Timestamp Secure one-way service description announcements Hybrid public / symmetric key system Authenticated RMI Two-way authenticated and encrypted Use certificates for authentication ID Ciphered Secret Payload {…, Expire, SK, …}EK {…datas…}SK

9 Multi-criteria search
Very difficult function Complex queries and wide-area distribution Mechanism category Centralization Single point of failure Name-specified mapping Hashing, only single criteria Flooding Scalability

10 Wide-area support Objective Filtered query flooding (query filtering)
Full rechability Multi-criteria selection Filtered query flooding (query filtering) Dynamic construction and adaptation of the neighbor relationship Set of hierarchical interconnections Multiple tree with various metrics Application-level filtering infrastructure Aggregation and query routing Bloom-filtered crossed terminals (BCT)

11 Filtering Terminal set Bloom filter Routing
Nth-degree crossed terminal set Lexigraphic concatenation Reduction of N ⇔ increase of ‘false positive’ Bloom filter Routing Parent based filtering (PBF) Full indexing Adaptation of service change Table rebuilt, per-bit count v1 v1 v2 HIT S1 S2 query MISS False Positive query

12 Other issues Range query, wildcards Soft-state messaging
BCT supports neither naturally Known false positives (KFPs) caching Soft-state messaging Updates Differences + fragment of table Queries Stateless, always with query Query replies Stateless, except for KFPs

13 Summary SDS Complex query Automatic handle of failures Security-minded
XML Service-specific tag Powerful query Soft-state and announcement-based

Download ppt "An Architecture for Secure Wide-Area Service Discovery"

Similar presentations

Giggle: A Framework for Constructing Scalable Replica Location Services Ann Chervenak, Ewa Deelman, Ian Foster, Leanne Guy, Wolfgang Hoschekk, Adriana.

Giggle: A Framework for Constructing Scalable Replica Location Services Ann Chervenak, Ewa Deelman, Ian Foster, Leanne Guy, Wolfgang Hoschekk, Adriana.
The Replica Location Service In wide area computing systems, it is often desirable to create copies (replicas) of data objects. Replication can be used.

The Replica Location Service In wide area computing systems, it is often desirable to create copies (replicas) of data objects. Replication can be used.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Tapestry: Decentralized Routing and Location SPAM Summer 2001 Ben Y. Zhao CS Division, U. C. Berkeley.

Tapestry: Decentralized Routing and Location SPAM Summer 2001 Ben Y. Zhao CS Division, U. C. Berkeley.
Scalable Content-Addressable Network Lintao Liu 2001.11.19.

Scalable Content-Addressable Network Lintao Liu
SIMPLE Presence Traffic Optimization and Server Scalability Vishal Kumar Singh Henning Schulzrinne Markus Isomaki Piotr Boni IETF 67, San Diego.

SIMPLE Presence Traffic Optimization and Server Scalability Vishal Kumar Singh Henning Schulzrinne Markus Isomaki Piotr Boni IETF 67, San Diego.
Gnutella 2 GNUTELLA A Summary Of The Protocol and it’s Purpose By

Gnutella 2 GNUTELLA A Summary Of The Protocol and it’s Purpose By
Peer-to-Peer Networks as a Distribution and Publishing Model Jorn De Boever (june 14, 2007)

Peer-to-Peer Networks as a Distribution and Publishing Model Jorn De Boever (june 14, 2007)
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.
An Architecture for a Secure Service Discovery Service Steven Czerwinski, Todd Hodes, Ben Zhao, Anthony Joseph, Randy Katz UC Berkeley Internet Scale Research.

An Architecture for a Secure Service Discovery Service Steven Czerwinski, Todd Hodes, Ben Zhao, Anthony Joseph, Randy Katz UC Berkeley Internet Scale Research.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.

Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
Discovery Robert Grimm New York University. The Problem: Naming (Or, How to Start a Religious War)  The Internet today  IP addresses  Strict location.

Discovery Robert Grimm New York University. The Problem: Naming (Or, How to Start a Religious War)  The Internet today  IP addresses  Strict location.
Object Naming & Content based Object Search 2/3/2003.

Object Naming & Content based Object Search 2/3/2003.
Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.

Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.
Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.

Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.
Or, Providing High Availability and Adaptability in a Decentralized System Tapestry: Fault-resilient Wide-area Location and Routing Issues Facing Wide-area.

Or, Providing High Availability and Adaptability in a Decentralized System Tapestry: Fault-resilient Wide-area Location and Routing Issues Facing Wide-area.
INTRODUCTION TO PEER TO PEER NETWORKS Z.M. Joseph CSE 6392 – DB Exploration Spring 2006 CSE, UT Arlington.

INTRODUCTION TO PEER TO PEER NETWORKS Z.M. Joseph CSE 6392 – DB Exploration Spring 2006 CSE, UT Arlington.
Study of the Relationship between Peer to Peer Systems and IP Multicasting From IEEE Communication Magazine January 2003 學號 :M9129017 姓名 : 邱 秀 純.

Study of the Relationship between Peer to Peer Systems and IP Multicasting From IEEE Communication Magazine January 2003 學號 :M 姓名 : 邱 秀 純.
Word Wide Cache Distributed Caching for the Distributed Enterprise.

Word Wide Cache Distributed Caching for the Distributed Enterprise.

Similar presentations

Ads by Google