SiRiUS: Securing Remote Untrusted Storage



Similar documents
Plutus: scalable secure file sharing on untrusted storage

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Security in Storage Networks A Current Perspective

Applying Cryptography as a Service to Mobile Applications

DarkFS - An Encrypted File System

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Wireless Network Security Spring 2014

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

SSL Protect your users, start with yourself

Cryptography and Network Security Chapter 14

Authentication Applications

Using BroadSAFE TM Technology 07/18/05

Encrypt-FS: A Versatile Cryptographic File System for Linux

Authenticity of Public Keys

We mean.network File System

Security Policy Revision Date: 23 April 2009

PowerChute TM Network Shutdown Security Features & Deployment

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

How To Restore An Org Server With Anor Backup For Windows (Oracle)

Multi-site Best Practices

AxCrypt File Encryption Software for Windows. Quick Installation and Users Guide. Version 1.7 or later. July 2012

Is Your SSL Website and Mobile App Really Secure?

COS 318: Operating Systems. File Layout and Directories. Topics. File System Components. Steps to Open A File

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Overview. SSL Cryptography Overview CHAPTER 1

Gladinet Cloud Backup V3.0 User Guide

Authentication Applications

Veeam Cloud Connect. Version 8.0. Administrator Guide

Protocol Rollback and Network Security

Criteria for web application security check. Version

JBackpack Manual. Version Abstract

Distributed File Systems Part I. Issues in Centralized File Systems

File Systems Security Encryption File Systems

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

GE Measurement & Control. Cyber Security for NEI 08-09

WHITE PAPER

BSc (Hons) Sofware Engineering. Examinations for / Semester 2

Plutus: Scalable secure file sharing on untrusted storage

Guidelines on use of encryption to protect person identifiable and sensitive information

Distributed File Systems

Ryusuke KONISHI NTT Cyberspace Laboratories NTT Corporation

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Network File System (NFS)

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

EMC Data Protection Search

Distributed File Systems

Use Enterprise SSO as the Credential Server for Protected Sites

AxCrypt File Encryption Software for Windows. Quick Installation Guide. Version January 2008

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

Client Server Registration Protocol

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

SQL Server Encryption Overview. September 2, 2015

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

Managing and Maintaining Windows Server 2008 Servers

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

Guidance Regarding Skype and Other P2P VoIP Solutions

File System Encryption with Integrated User Management

Note: There is no downgrade path from GMM v8.3 (SQL version) to v8.0.

Linux Network Administration

CipherShare Features and Benefits

Administration Guide. Wireless software upgrades

Chapter 11 Distributed File Systems. Distributed File Systems

GoAnywhere Director to GoAnywhere MFT Upgrade Guide. Version: Publication Date: 07/09/2015

Secure cloud access system using JAR ABSTRACT:

Replacing vcenter Server 4.0 Certificates VMware vsphere 4.0

CHAPTER 17: File Management

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Quick Start - NetApp File Archiver

Storgrid EFS Access all of your business information securely from any device

Server Installation ZENworks Mobile Management 2.7.x August 2013

Network Security. Mobin Javed. October 5, 2011

SBClient SSL. Ehab AbuShmais

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Ciphermail for BlackBerry Reference Guide

BroadSAFE Enhanced IP Phone Networks

CS 416: Opera-ng Systems Design

Security vulnerabilities in the Internet and possible solutions

Cryptography & Digital Signatures

Lecture 10 - Authentication

Transcription:

SiRiUS: Securing Remote Untrusted Storage NDSS 2003 Eu-Jin Goh, Hovav Shacham, Nagendra Modadugu, and Dan Boneh Stanford University

Introduction Secure network file systems not widespread. Why? 1. Hard to deploy No backwards compatibility 2. File sharing not well supported No file sharing ability, or Fully trusted server handles file sharing

Insecure Network File Systems Legacy network file systems widely used: NFS, CIFS, Yahoo! insecure: NFS v2 Weak authentication: UID/GID Fully trusted server

SiRiUS Goals 1. No changes to remote file server Implies crypto techniques 2. Easy for end users to deploy Minimal client software, no kernel changes 3. File Sharing with fine grained access control Read-write separation 4. Minimize trust in file server

Existing Secure File Systems 1. CFS Blaze Single user: no file sharing 2. SFS Mazières et al. File sharing but uses trusted server 3. SUNDR Mazières et al. File sharing by untrusted server Not easy to deploy: requires block servers

Although NFS version 2 has been superseded in recent years by NFS version 3, system administrators are slow to upgrade so NFS version 2 is not only widespread, it is still by far the most popular version of NFS. NFS v3 Designers 4½ years after NFS v3 introduced

Design Limitations Cannot defend against DOS attacks: attacker breaking into file server can delete all files Solution: 1. Keep good backups: SiRiUS easy to backup 2. Replicate files using quorum systems - e.g. Reiter-Mahlki (1997)

SiRiUS Usage Model SiRiUS is a file system layered over existing network file systems Stop-gap measure until full upgrade of legacy systems

Security Design 1. Confidentiality and integrity 2. Cryptographic file level read-write access controls 3. Simple key management 4. Simple access control revocation 5. Freshness guarantees for access control meta data

Architecture SiRiUS Client Application NFS Client NFS Server NFS Server Network User Kernel File Server NFS Client Client Machine SiRiUS layered over NFS

Architecture SiRiUS Client Application CIFS Client CIFS Server NFS Server Network User Kernel File Server NFS Client Client Machine SiRiUS layered over CIFS

Architecture SiRiUS Client Application Yahoo! Client Yahoo! Server NFS Server Network User Kernel File Server NFS Client Client Machine SiRiUS layered over Yahoo!

File Data Security Each file has unique: 1.File Encryption Key (FEK) 2.File Signing Key (FSK) FEK, FSK control file read-write access Users keep only 2 keys for all files: 1.Master Signing Key (MSK) 2.Master Encryption Key (MEK) MSK, MEK control all file FEK and FSK access

File Structures Files on remote server split in 2 parts 1. md-file contains the file meta data. e.g. access control information 2. d-file contains the file data

File Structures ENC FEK [File Data] SIG FSK [File Data Hash] d-file Enc. Key Block (Owner) Enc. Key Block (User 1) File Sig. Pub. Key (FSK) Time Stamp File name SIG MSK [Meta Data Hash] md-file

Encrypted Key Blocks Username (KeyID) File Enc. Key (FEK) File Sig. Private Key (FSK) Read-write Encrypted with username s MEK public key Username (KeyID) File Enc. Key (FEK) Read only

Meta Data File Creation

Meta Data File Creation 1) Generate file keys (FSK and FEK) File Enc. Key (FEK) File Sig. Private Key (FSK)

Meta Data File Creation Username (KeyID) File Enc. Key (FEK) File Sig. Private Key (FSK) 1) Generate file keys (FSK and FEK) 2) Create encrypted key block. Encrypted with owner s MEK public key

Meta Data File Creation Enc. Key Block (Owner) File Sig. Pub. Key (FSK) Time Stamp File name 3) Append Pub FSK, time stamp, and file name to enc. key block

Meta Data File Creation Enc. Key Block (Owner) File Sig. Pub. Key (FSK) Time Stamp File name SIG MSK [Meta Data Hash] 3) Append Pub FSK, time stamp, and file name to enc. key block 4) Hash and sign using owner s master signing key

Meta Data File Creation Enc. Key Block (Owner) File Sig. Pub. Key (FSK) Time Stamp File name SIG MSK [Meta Data Hash] 3) Append Pub FSK, time stamp, and file name to enc. key block 4) Hash and sign using owner s master signing key 5) Update md-file freshness tree

Why are freshness guarantees needed? Can verify latest version of info is read md-file freshness prevents rollback of revoked privileges

Rollback Revoked Privileges 1. Bob revokes write access from Alice 2. Alice replaces new md-file with saved (older) copy 3. Replacement restores write privileges 4. Alice can undetectably write to d-file

Freshness Overview SiRiUS client generates hash tree of all md-files owned by user Hash tree root: hash of all the md-files Every directory has mdf-file made of the hash of: 1. md-files in that directory 2. mdf-files of sub directories

Hash Tree Generation / /a foo /a/b bar Key: dir file bin con

Hash Tree Generation Want to generate root mdf / root mdf /a foo /a/b bar Key: dir file bin con

Hash Tree Generation Want to generate root mdf / root mdf Before root mdf can be generated, we need /a/mdf /a mdf foo Key: /a/b bar dir file bin con

Hash Tree Generation Want to generate root mdf / root mdf Before root mdf can be generated, we need /a/mdf /a mdf foo Key: which in turn needs /a/b/mdf /a/b mdf bar dir file bin con

Hash Tree Generation / /a foo Key: Hash bin and con to generate /a/b/mdf /a/b mdf bar dir file bin con

Hash Tree Generation / Hash /a/b/mdf and bar to generate /a/mdf /a mdf foo Key: /a/b bar dir /a/b/mdf mdf file bin con

Hash Tree Generation Hash /a/mdf and foo to generate root mdf / root mdf /a foo /a/mdf /a/b/mdf /a/b mdf mdf bar Key: dir file bin con

Root mdf-file Contains a time stamp Time stamp updated by client at specified time intervals Signed by owner of the md-files

Hash Tree Generation 1. Generated only once 2. Generated by owner of md-files 3. Hash tree cacheable 4. Updated only on md-file changes

Verify md-file Freshness / root mdf /a foo /a/mdf mdf /a/b bar Key: /a/b/mdf mdf dir bin con file

Verify md-file Freshness / root mdf /a foo /a/mdf mdf /a/b bar Key: /a/b/mdf bin mdf con Verify bar md-file freshness dir file

Verify md-file Freshness / 1) Hash /a/b/mdf and bar to regenerate /a/mdf /a mdf root mdf foo /a/b bar Key: /a/b/mdf bin mdf con Verify bar md-file freshness dir file

Verify md-file Freshness / 1) Hash /a/b/mdf and bar to regenerate /a/mdf root mdf /a mdf foo 2) Compare regenerated /a/mdf to current version /a/b bar Key: /a/b/mdf bin mdf con Verify bar md-file freshness dir file

Verify md-file Freshness 1) Hash /a/mdf and foo to regenerate root mdf / root mdf /a foo /a/mdf mdf /a/b bar Key: /a/b/mdf bin mdf con Verify bar md-file freshness dir file

Verify md-file Freshness 1) Hash /a/mdf and foo to regenerate root mdf / root mdf 2) Compare regenerated root mdf to current version /a foo /a/mdf mdf /a/b bar Key: /a/b/mdf bin mdf con Verify bar md-file freshness dir file

Verify md-file Freshness 1) Hash /a/mdf and foo to regenerate root mdf / root mdf 2) Compare regenerated root mdf to current version /a/mdf /a mdf foo 3) Check timestamp verify owner s sig /a/b bar Key: /a/b/mdf bin mdf con Verify bar md-file freshness dir file

File System Operations 1. Create, read, write, rename, unlink, share files 2. Symbolic links but no hard links 3. User access revocation

User 1 Access Revocation Enc. Key Block (Owner) Enc. Key Block (User 1) File Sig. Pub. Key (FSK) Time Stamp File name SIG MSK [Meta Data Hash]

User 1 Access Revocation Enc. Key Block (Owner) Enc. Key Block (User 1) File Sig. Pub. Key (FSK) Time Stamp File name SIG MSK [Meta Data Hash] 1) Regenerate new file keys

User 1 Access Revocation Enc. Key Block (Owner) Enc. Key Block (User 1) File Sig. Pub. Key (FSK) Time Stamp File name SIG MSK [Meta Data Hash] 1) Regenerate new file keys 2) Remove user 1 key block

User 1 Access Revocation Enc. Key Block (Owner) File Sig. Pub. Key (FSK) Time Stamp File name SIG MSK [Meta Data Hash] 3) Update file sig. key and enc. key blocks 1) Regenerate new file keys 2) Remove user 1 key block

User 1 Access Revocation Enc. Key Block (Owner) File Sig. Pub. Key (FSK) Time Stamp File name SIG MSK [Meta Data Hash] 3) Update file sig. key and enc. key blocks 4) Update time stamp 1) Regenerate new file keys 2) Remove user 1 key block

User 1 Access Revocation Enc. Key Block (Owner) File Sig. Pub. Key (FSK) Time Stamp File name SIG MSK [Meta Data Hash] 3) Update file sig. key and enc. key blocks 4) Update time stamp 5) Update hash and sig 1) Regenerate new file keys 2) Remove user 1 key block

User 1 Access Revocation Enc. Key Block (Owner) File Sig. Pub. Key (FSK) Time Stamp File name SIG MSK [Meta Data Hash] 3) Update file sig. key and enc. key blocks 4) Update time stamp 5) Update hash and sig 1) Regenerate new file keys 2) Remove user 1 key block 6) Update freshness hash tree

User 1 Access Revocation Enc. Key Block (Owner) File Sig. Pub. Key (FSK) Time Stamp File name SIG MSK [Meta Data Hash] 3) Update file sig. key and enc. key blocks 4) Update time stamp 5) Update hash and sig 1) Regenerate new file keys 2) Remove user 1 key block 6) Update freshness hash tree 7) reencrypt file data

Architecture SiRiUS Client Application NFS Client NFS Server NFS Server Network User Kernel File Server NFS Client Client Machine SiRiUS layered over NFS using SFS toolkit

Implementation Details Multiplex incoming NFS requests into multiple outgoing NFS requests NFS file handle cache Changing file access controls Random access Essential for good performance in partial file reads/writes

Random Access Existing crypto file systems that support random access either 1. use block storage servers (SUNDR) 2. don t encrypt data on server (SFS) Method: 1. View file as a series of blocks 2. Hash tree for file integrity Similar construction used for authenticating digital streams Wong and Lam (1998).

Performance 1. Public key encryption - RSA-1024 2. Signatures - DSA-512 3. Data file encryption - AES-128 4. Linux 2.4 NFS server - 1.13 GHz P3 NFS client - 866 MHz P3-M 100 Mbps link

Performance Test File Size Kernel NFS DumbFS SiRiUS Create File 0 0.4 3.4 14.5 Delete File 0 0.3 0.4 1.1 Seq. Read 8 KB 0.9 1.4 18.0 Seq. Write 8 KB 1.1 2.0 21.9 Seq. Read 1 MB 96.7 97.8 223.8 Seq. Write 1 MB 100.0 102.7 632.9 Times are in milliseconds.

Other Extensions Encrypted path names Large scale group sharing using NNL broadcast encryption Maintaining traditional file system semantics using union mounts Union mounts also solve d-file rollback

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information