110 likes | 213 Views
Separating Key Management from File System Security. Presented by M. S. Ali Instructor: Prof. Stefan Sariou CSC 2231 Online Social Networking Systems November 29, 2007. Outline. Introduction Internet-scale File Distribution How it Works Self-Certifying Pathnames
E N D
Separating Key Management from File System Security Presented by M. S. Ali Instructor: Prof. Stefan Sariou CSC 2231 Online Social Networking Systems November 29, 2007
Outline • Introduction • Internet-scale File Distribution • How it Works • Self-Certifying Pathnames • Authentication PKI / SPR • Other Approaches • Discussion • Conclusion
Introduction • Self-certifying File System (SFS) • Secure, non-centralized, simple access • Portable across administration realms • Independent of key management • Use encryption over wire • Replace system-specific identifiers with secure tokens (SPR, file handles) • Implemented on NFS
Internet-scale File Distribution • Access files from any client • Consistent file names across all clients • Simplify access to file stores • Localize administration • Simplify authentication across realms • Trust servers and clients • Assume hostile network in between
How it Works sfsclient – client terminals sfscd – client daemon CLIENT server mappings RW R nfsmount sfsagents – file protocols RW R nfsmount sfssd – server daemon FILE SERVER NFS Modular set of client/server tools to access files in NFS using SUN RPC
Self-Certifying Pathnames /sfs/LOCATION:HOSTID/ LOCATION IP address or DNS of file server HOSTID SHA-1(“HostInfo”, Location, PublicKey) e.g., /sfs/sfs.mit.edu:bzcc5hder7cuc86kf6qswyx6yuemnw69 Public certificate key Location of server (DNS/IP) Root directory is always /sfs Use symbolic links to chain file servers
Authentication PKI sfsclient – client terminals sfscd – client daemon CLIENT server mappings sfsagent sfsagent authserv – authenticate FILE SERVER Local Database PUBLIC CERTS Remote Database Private certificate is stored in memory in sfsagent
Authentication SPR sfsclient – client terminals OWNER SERVER sfscd – client daemon sfsagent server mappings CLIENT authserv – authenticate sfskey Owner Database sfsagent sfsagent authserv – authenticate FILE SERVER Local Database Generate certificate-based authentication from weak passwords using SPR
Other Approaches • AFS – Kerberos/Passwords • Echo – Single root, hierarchical authentication, centralized • Truffles (w/ PEM), WebFS (HTTP) • Others not considered: • Capability Security • PolicyMaker
Discussion • NFS bugs are the biggest security threat • SUN ONE – Ubiquitous Desktops • Security = key management + file system? • Why do we need a global-scale file system? • Does OSN give us a clue for how to share files better? • Middleman attacks ?
Conclusions – 20/20 Vision • Modern advances in storage and P2P • “Do very little but do it very well.” • Global key management is infeasible • If you use certificates then you can't avoid key management • Cryptography gives good end-point security • Origination of files not considered