2. Metadata Issues in a Cryptographic File System David Bindel IRAM/ISTORE/OceanStore Retreat

3. Overview Untrusted infrastructure assumption Cryptography review Cryptography in storage systems Securing metadata ECFS Conclusions

4. Untrusted Infrastructure “Trust No One”

5. Review: Encryption Protect privacy of data on insecure channel Shared key –Same key used to encrypt and decrypt Public key –Mathematically related public and private keys –Public key used to encrypt –Private key used to decrypt

6. Signatures and MACs Specify responsibility for document –Depends on document: prevent transfer –Depends on private key: prevent forgery Signatures verified using public key MACs verified using private key Message Digest Secure hash Signature Document Private Key Sign Algorithm

7. Encrypting Storage Where to encrypt stored data? –In file system –In device driver Why not in user tools? –Users make mistakes –It’s inconvenient Encryption should be transparent!

8. Cryptography and Permissions What policy are we enforcing? Conventional file systems support – Read and write permissions –Separate permissions for user, group, world –More complicated permissions (eg AFS) Existing cryptographic file systems support –All-or-nothing access

9. Protecting Metadata / privateusr bin rshssh rsh data ssh data encrypted-flag journalKFC-recipe Any new journal entries are public! Now running “ssh” is insecure!

10. Heirarchical Signatures Metadata (uid, gid, ctime, …) “usr”, /usr address “etc”, /etc address... Metadata “bin”, /usr/bin address... Metadata “vi”, /usr/bin/vi address... Metadata Index of block 0 Index of block 1... / /usr /usr/bin /usr/bin/vi Data block 0 of /usr/bin/vi Data block 1 of /usr/bin/vi, sign(data block 0), sign(data block 1), sign(/usr/bin/vi data) Replace with virus loader?, sign(/usr/bin data), sign(/usr), sign(/etc) /etc...

11. Globally Unique IDs Metadata (uid, gid, ctime, …) “usr”, /usr unique ID “etc”, /etc unique ID... Metadata Unique ID for /usr “bin”, /usr/bin unique ID... Metadata Unique ID for /usr/bin “vi”, /usr/bin/vi unique ID... Metadata Unique ID for /usr/bin/vi Index of block 0 Index of block 1... / /usr /usr/bin /usr/bin/vi Data block 0 of /usr/bin/vi Data block 1 of /usr/bin/vi /etc... Replace with virus loader? Sign(/usr/bin/vi ID, 0, data in block) Replace with data for /usr/bin/emacs? (v 5.0) Replace with data block 1 (v 4.0)? Sign(/usr/bin/vi data above) Sign(/usr/bin data) Sign(/usr data) Sign(/ data)

12. ECFS Extended version of CFS –Class project for architecture and systems –David Bindel, Monica Chew, Chris Wells Goal: Support more flexible permissions –Allow public data (eg.forward files) –Protect integrity using MACs

13. ECFS Architecture User Application ECFS daemon Underlying filesystem Metadata database Kernel NFS client Kernel file system client Plaintext No MACs Ciphertext MACs

14. ECFS Lessons Signatures can be integrated into the FS Handling metadata right is tricky! A cryptographic “layer” is awkward –Support should be built in from outset

15. Back to OceanStore OceanStore supports more general lookup structures than directory tree Conflict resolution interacts with security in potentially subtle ways Lots of other subtle issues come up –Handling denial of service attacks –Key management and distribution