NDS2 – Secure storage, sharing and publishing of data in the NDS Maciej Brzeźniak, Supercomputing Dept. of PSNC, www.psnc.pl TF-Storage meeting @Dubrovnik, Sep., 26-27th 2012 Project funded by: NCBiR for 2011-2013 under „KMD2” project (no. NR02-0025-10/2011) Project partners – 10 Polish universities and supercomputing centres:
NDS2 - presentation plan • Background and project status – NDS and BADSS – NDS2 • NDS2: Secure storage and sharing – Secure storage clients: ndsCryptoFS (Win/Linux) • Java GUI, CLI, library and Android • Appliance – virtual/physical – for institutions • – Client-side encryption & integrity control Concept and some details • Performance • – Secure sharing inside NDS2 – concept and keys management – Secure publishing – general information 2
Background: NDS & BADSS (1) • NDS (2007-2009) – R&D project: distributed, replicated data storage – Virtual Filesystem in user space – implemented using FUSE library – Standard user interfaces: SFTP (SSHd), WebDAV, Web application, GridFTP – Replication: Automatic, system-side, synchronous and asynchronous • Performed using NFS (local replicas) and GridFTP (remote ones) protocols • – Funded from national sources • BADSS (2009-2012) Deployment of NDS – for academic community 10 sites in Poland – Tapes: 12,5 PB in 5 sites – Disks: 2 PB – Funded from EU structural – sources – PLATON project
Background: NDS & BADSS (2) • Assumptions for NDS and experience from NDS deployment: – No need for dedicated access tools – OK for users, BUT… – No encryption of the data supported by system : Data encrypted only during transfer (SSL) • and on tape media (LTO5 encryption) + disks de-magnetization Users may encrypt data on their side: • Manually � – impractical with large data – Automatically – with external tools, that supports on-the-fly encryption – – ‚POSIX-like’ access to data: Linux: SSHfs – works for most use-cases => OK • Windows: • Problems with native Webdav client in some versions of Windows – To have a stable solutons for accessing big files extra (paid) clients are needed – => possibly it’s best to provide your own client (however it’s not easy)
NDS2 project status NDS2 (2011-2013) – extension of NDS project (2007-2009) • NDS2 = • NDS – reliable, replicated and distributed storage + secure storage & sharing & publising + versioning + ACLs support + user management de-centralisation Progress: • Some prototypes worked out already: – nds2CryptoFS 4 Linux and Windows • Android client without encryption • Some are under development: – Java-based GUI application • Appliance for institutions • Android client with encryption • Project partners – 10 Polish universities and computing centres • Funded by: NCBiR for 2011-2013 under „KMD2” project (no. NR02-0025-10/2011) •
Clients for NDS2 • Assumptions : Linux GUI and Windows Appliance user user Android for institutions We address most popular – user platforms (Windows, Linux) with native client providing POSIX-like access to data JAVA GUI can be used – for remaining plaforms Android client as a proof- – of-concept for mobile users (currently no plan for IOs) Commercial SSHFS + SSHFS + Java crpto ‚FUSE-like’ and extensions extensions libraries SFTP libraries • Clients being developed: nds2CryptoFS 4 Linux – nds2CryptoFS 4 Windows – NDS filesystem + support for Java-based GUI application – encryption keys mgmt Appliance for institutions – Android client – 6
NDS2: Client-side cryptography • Linux: SSHFS + extensions Linux user – FUSE-based project – We ‚patched’ the SSHFS code: it calls cryptographic functions (encryption & digests) • while serving read and write operations of VFS layer • – Prototype exists! Ready for testing. SSHFS + extensions WAN
NDS2: Client-side cryptography • Windows: Windows user – Commercial Virtual FS library (FUSE-like) and commercial SFTP client library – Why we use paid libraries?: Portability among diferent versions of Windows – Wanted a ‚quick win’ and the working solution ASAP – We focus on cryptography and feautres on top – of the filesystem (secure storage, sharing, ACLs…) Virtual FS library: Commercial • ‚FUSE-like’ and We considered DOKAN but the project looks SFTP libraries – not to be well maintained SFTP library: WAN • Open source libraries have serious – performance limitations – Client prototype exist! Ready for testing.
NDS2: Client-side cryptography • GUI application (1) Operating system supporting JAVA – Allows storage & retrieval of files and provides filesystem structure view: Put, get, move, delete etc. • Drag & drop support • – Sharing management: Java crpto Initialisation and control of sharing libraries • SHARE DIRECTORY creation – Assigning the directory with the sharing keypairs – User Data and meta-data Access control lists management (ACLs) filesystem • & control meta-data – Advanced, user-level metadata access and management: (Automated) annotation, tagging control etc. • WAN Meta-data based search (free form/structured) • (on the roadmap) • – Implementation: Java library (used for CLI, GUI and Android app.) • Shell integration for Windows and Linux • (on the roadmap)
NDS2: Client-side cryptography • GUI application (2) – screenshot of the prototype (Polish version)
Client-side cryptography • Appliance for institutions – idea: Appliance for institutions – REMOTE STORAGE SPACE: storage space in NDS2 system • VFS with transparent, on-the fly encryption and digests • – LOCAL STORAGE SPACE: local storage for local usage – people need it anyway; LAN • e.g. workspace for users within the small organisation SMB server exported to LAN by SMB protocol; • – LOCAL and REMOTE spaces synchronized Remo Local disk space space (scheduled or on-demand) crypto – Appliance administration – basic web console: Defining storage, shares and backup/synchronization schedules • SSHFS + Managing user accounts • extensions – User accounts: WAN Appliance is the user of NDS2 system • NDS filesystem + support for encryption Internal accounts – may be taken from LDAP or defined manually • keys mgmt – Status: concept is still evolving: e.g. should the intenal disk be persistent storage or cache only? •
Client-side cryptography • Appliance for institutions – possible implementations: Small (19,5x70x18,6cm) and silent, green (fits below the desk): CPU with AES-NI support (not a problem these days) • 2 x 2,5” HDDs or 2x green SSDs inside • Box for small groups/ (up to ~ 2 TB of RAW internal storage) instiutions Must be cheap! e.g. ~600 EUR/box (not more than PC) • Rack server: CPUs with AES-NI on board • Rack server Low voltage! (being green, costs) • for bigger institutions 4x 3,5” or 8x 2,5” SSD (up to 12 TB of RAW storage) • Reasonable costs - ~2500EUR with 12TB of capacity • Some ‚fancy’ hardware for users: Smart cards + readers (expresscard or USB) • Psychological ‚trick’ (works for some users) • Virtual machine: E.g. vApp easy to run on vmware cluster or another VM image • No assumptions on hardware – just needs LUN for local • VMware vAppliance storage and account in NDS2 for backups and sync’s
Client-side cryptography • Appliance for institutions – discussion: – RISK analysis Hardware = cost – must be included in the service delivery model • Hardware = failures – too much hassle? – outsourcing? – but it costs • Hardware problem = data loss? • Disk failures: – RAIDs helps in case of single disk failure » Frequent backups/sync’s protects in case of total crash » Server failures: – Data not available at local storage for a while, but NOT LOST » Access to data still possible using software client (keys needed) » Certificate for authorisation securely stored on smart card (SC) » MASTER keys for encryption on SC (future) or other media (e.g. SD) » Appliance configuration data on SD card and/or in the remote storage » Hardware may be easily exchanged » – Experimental work we will build some prototype and check users’ buy-in •
NDS2: Client-side cryptography Android application: • Android OS – Challenge 1: User-friendly, intuitive interface Core functionality only – simplicity: • Data storage and retrieval – Remote filesystem’s view and file access – Local caching of files – e.g if user reads PDF file » Device memory/storage view – Click to upload to NDS2 Java crpto » libraries Interface integration: – e.g. „send to NDS2” function in file browser » V1 screenshot No sharing, user-level metadata mgmt etc. Data and • filesystem At least not in 1st approach – meta-data – Challenge 2: Encryption / digests performance / battery: Benchmarks for ARM CPUs promising comparing to WLAN bandwidth WAN • AES support planned for ARMv8 architecture • Encryption may exhaust battery • However, note that typically Android will be used • for small files (PDFs, DOCs, photos etc.) – Again, an experimental work: Proof-of-concept for Android •
Recommend
More recommend