1 / 49

Secure History Preservation Through Timeline Entanglement

Secure History Preservation Through Timeline Entanglement. Petros Maniatis, Mary Baker Computer Science Department Stanford University. What Is History?. A temporal ordering of system events E.g., store a file on disk, sign a document

alva
Download Presentation

Secure History Preservation Through Timeline Entanglement

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure History Preservation Through Timeline Entanglement Petros Maniatis, Mary Baker Computer Science Department Stanford University

  2. What Is History? • A temporal ordering of system events • E.g., store a file on disk, sign a document • They may happen on different components of the distributed system • E.g., humans in a social network, peers in p2p • The ordering of events on different components may be important • Did I store my file before you sent that email? • The ordering and the semantics of the events are sensitive and tamper-prone USENIX Security 2002

  3. Motivating Example • Marti is an investor • She owns shares of InDupe, Inc. • On Wednesday, Marti’s broker sells her shares • On Friday, the stock price of InDupe dives • Later, the SEC accuses Marti of insider trading • Marti claims her shares were sold according to an earlier, standing sell order USENIX Security 2002

  4. The Events In Pictures USENIX Security 2002

  5. Marti’s Dream USENIX Security 2002

  6. The Sordid Truth? USENIX Security 2002

  7. What If InDupe Goes Under? USENIX Security 2002

  8. Project Goals • How do we maintain the history of a distributed system • So that it encompasses seamlessly individual components’ histories • When components may be untrustworthy • Long after individual “historians” leave • Basic assumption:no one trusts anyone else USENIX Security 2002

  9. Our Approach: Timeweave • Every component • Maintains its own local history • Maintains a local view of global history • Safeguards the integrity of portions of global history it knows about • Only trusts itself or provable information • Requirements • Efficient, scalable, survivable,aggressively decentralized USENIX Security 2002

  10. Talk Overview • Timeweave Design • Secure Timelines: History of a single component • Timeline Entanglement: Collective history • Timeweave Implementation • Persistent Authenticated Archives • Performance USENIX Security 2002

  11. Single Component History • A hash chain of local event commitments • Event: state change, message received, message sent, etc. • Commitment: if an event is purely internal, I don’t have to put it in my history • The one-way hash function defines the “arrow of time” among events USENIX Security 2002

  12. Timeline Example • Marti performs a bunch of “events” between 10am and 1pm • Those she considers significant she places in her local history • With every event she advances her history by one time step USENIX Security 2002

  13. Zoom In On Time Step i • Marti performs a bunch of “events” between 10am and 1pm • Those she considers significant she places in her local history • With every event she advances her history by one time step USENIX Security 2002

  14. Zoom In On Time Step i • A time step consists of • Logical Time (i):counter of time steps • Digest (di):fingerprint of the committed event (Si) • Authenticator (Ti): USENIX Security 2002

  15. The Joy Of Timelines • A timeline step authenticator is a one-way digest of an entire timeline • Given the current authenticator,no previously committed event can • Change contents • Change logical times • Be inserted or deleted • By committing to an authenticator, a component commits to its history thus far USENIX Security 2002

  16. Proof of Precedence • Given the latest timeline authenticator, I can prove the commitment of an old event • “Walk” the hash applications from the event to the authenticator • All the intermediate information in the hash chain makes up the proof USENIX Security 2002

  17. Proof Efficiency Via Skiplists • Proofs of precedence may span millions of logical time steps • Timelines are organized as authenticated skip lists • Traversal and proof sizes are logarithmic in the traversed logical time steps USENIX Security 2002

  18. Multiple Component History • Timeline Entanglement:Multiple interconnected hash chains • A component publishes samples of its timeline for other components to witness • Witness components commit published timeline samples in their own timelines • Witnessed timelines are tamper-evident • Entanglement enables temporal comparisons among different components’ events USENIX Security 2002

  19. Timeline Entanglement • Component A entangles its timeline with B • It sends B a timeline thread : • Name • Logical time • Timeline authenticator • Signature on the above • Validation info • B checks the validity of the thread and then records it in its timeline USENIX Security 2002

  20. Timeline Sampling • Every entanglement conveys a sample of the sender’s timeline USENIX Security 2002

  21. Timeline Sampling • Every entanglement conveys a sample of the sender’s timeline • Receiver’s view of the sender’s timeline has coarser granularity USENIX Security 2002

  22. Timeline Sampling • Every entanglement conveys a sample of the sender’s timeline • Receiver’s view of the sender’s timeline has coarser granularity • Validation info: sample-to-sample precedence proof USENIX Security 2002

  23. Entanglement Receipts • Timeline threads are acknowledged with a receipt USENIX Security 2002

  24. Entanglement Receipts • Timeline threads are acknowledged with a receipt • A receipt acknowledges the commitment of the previous incoming thread USENIX Security 2002

  25. Cross-timeline Precedence • Inclusion of a foreign thread in my timeline builds a precedence • From the past of the foreign timeline • To my future • Sender receives proof of this with the subsequent receipt acknowledging the thread USENIX Security 2002

  26. Mapping Time • Event B,19 follows all of A’s events up to and including 5 USENIX Security 2002

  27. Mapping Time • Event B,19 follows all of A’s events up to and including 5 • Event B,19 also precedes all of A’s starting with 8 USENIX Security 2002

  28. Mapping Time • Event B,19 follows all of A’s events up to and including 5 • Event B,19 also precedes all of A’s starting with 8 • Combining the two, we conclude that B,19 happened between A’s 5 and 8 USENIX Security 2002

  29. Mapping Time • Event B,19 follows all of A’s events up to and including 5 • Event B,19 also precedes all of A’s starting with 8 • Combining the two, we conclude that B,19 happened between A’s 5 and 8 USENIX Security 2002

  30. More On Entanglement • Survivability • Proactively map events of importance on other timelines • Fault tolerance • Cross-check sample reports to locate Byzantine faults • Timeweave design USENIX Security 2002

  31. Archiving Timeline Threads • Goals • Archive threads • Commit the thread archive when it changes • Produce succinct proofs that the archive contains a particular stored thread • Methodology • Authenticated search trees [Buldas CCS2000] USENIX Security 2002

  32. Binary Search Trees USENIX Security 2002

  33. Authenticated Search Trees USENIX Security 2002

  34. Authenticated Search Trees USENIX Security 2002

  35. Existence Proof USENIX Security 2002

  36. Existence Proof Validation USENIX Security 2002

  37. Existence Proof Validation USENIX Security 2002

  38. Existence Proof Validation USENIX Security 2002

  39. B-Trees USENIX Security 2002

  40. Hash B-Trees USENIX Security 2002

  41. Proof Complications USENIX Security 2002

  42. RBB-Trees • A B-tree with embedded binary balanced trees • B-tree • From the point of view of storage, i.e., clustering of data values in disk blocks • Balanced binary tree (red-black tree) • From the point of view of data value structure, i.e., branching factor USENIX Security 2002

  43. RBB-Trees USENIX Security 2002

  44. More On Implementation • Persistent authenticated dictionaries • Keep track of changes in the thread archive and commit intermediate versions as they occur • Freshness of archive changes • Append-only skip lists • For efficient hash chains USENIX Security 2002

  45. Performance • Setting: • 1200 hosts, all entangling with all others • Events occur once a second per host • Every pair entangles every 10 minutes • Steady-state performance • ~8% of PC resources (dual PIII at 1GHz) • Grows linearly with thread processing rate • i.e. same for 2400 hosts, 20-minute entanglement • Signing/verification the major resource sink • Java 1.3 & BerkeleyDB implementation USENIX Security 2002

  46. Status • Distributed, survivable time stamping • Mutually distrustful time stampers • Stampers may go out of business • Accountable historic storage • Large-scale, interconnected historic file repositories • Reputation in P-2-P publishing • Used for online journal publication USENIX Security 2002

  47. Related Work • We build on • Logical Clocks [Lamport 1979] • SHA-1 [FIPS 180-1] • Digital Time Stamping [Haber & Stornetta 1991] • Authenticated Search Trees [Buldas et al 2000] • Similar goals • Tamper-evident update propagation [Theimer 1998] • Tamper-evident logs [Schneier & Kelsey 1998] USENIX Security 2002

  48. Conclusion • History preservation is important in loosely-coupled distributed systems • We use hashing and time stamping techniques to build a tamper-evident single-component history • We combine multiple component histories through timeline entanglement • We have built Timeweave, a prototype framework for secure history preservation USENIX Security 2002

  49. Secure History Preservation Through Timeline Entanglement Petros Maniatis, Mary Baker Stanford University http://identiscape.stanford.edu/

More Related