s irius securing remote untrusted s torage
play

S iRiUS: Securing Remote Untrusted S torage NDS S 2003 Eu-Jin - PowerPoint PPT Presentation

Aug 29, 2023 •163 likes •739 views

S iRiUS: Securing Remote Untrusted S torage NDS S 2003 Eu-Jin Goh, Hovav S hacham, Nagendra Modadugu, and Dan Boneh S tanford University Introduction S ecure network file syst ems not widespread. Why? 1. Hard to deploy No

  1. S iRiUS: Securing Remote Untrusted S torage NDS S 2003 Eu-Jin Goh, Hovav S hacham, Nagendra Modadugu, and Dan Boneh S tanford University

  2. Introduction S ecure network file syst ems not widespread. Why? 1. Hard to deploy • No backwards compatibility 2. File sharing not well supported • No file sharing ability, or • Fully trusted server handles file sharing

  3. Insecure Network File S ystems Legacy network file systems • widely used: NFS , CIFS , Yahoo! • insecure: NFS v2 • Weak authentication: UID/ GID • Fully trusted server

  4. S iRiUS Goals 1. No changes to remote file server • Implies crypto techniques 2. Easy for end users to deploy • Minimal client software, no kernel changes 3. File S haring with fine grained access control • Read-write separation 4. Minimize trust in file server

  5. Existing S ecure File S ystems 1. CFS – Blaze • Single user: no file sharing 2. SFS – Mazières et al. • File sharing but uses trusted server 3. SUNDR – Mazières et al. • File sharing by untrusted server • Not easy to deploy: requires block servers

  6. “ Although NFS version 2 has been superseded in recent years by NFS version 3, system administrators are slow to upgrade … so NFS version 2 is not only widespread, it is still by far the most popular version of NFS .” NFS v3 Designers 4½ years after NFS v3 introduced

  7. Design Limitations Cannot defend against DOS attacks: • attacker breaking into file server can delete all files • Solution: 1. Keep good backups: S iRiUS easy t o backup 2. Replicate files using quorum systems - e.g. Reiter-Mahlki (1997)

  8. S iRiUS Usage Model • S iRiUS is a file system layered over existing network file systems • Stop-gap measure until full upgrade of legacy systems

  9. S ecurity Design 1. Confidentiality and integrity 2. Cryptographic file level read-write access controls 3. Simple key management 4. S imple access control revocation 5. Freshness guarantees for access control meta data

  10. Architecture SiRiUS Client NFS Client Application NFS Server NFS Server Network User File Server Kernel NFS Client Client Machine SiRiUS layered over NFS

  11. Architecture SiRiUS Client CIFS Client Application CIFS Server NFS Server Network User File Server Kernel NFS Client Client Machine SiRiUS layered over CIFS

  12. Architecture SiRiUS Client Yahoo! Client Application Yahoo! Server NFS Server Network User File Server Kernel NFS Client Client Machine SiRiUS layered over Yahoo!

  13. File Data S ecurity • Each file has unique : 1.File Encryption Key (FEK) 2.File Signing Key (FSK) • FEK, FSK control file read-write access • Users keep only 2 keys for all files : 1.Master Signing Key (MSK) 2.Master Encryption Key (MEK) • MSK, MEK control all file FEK and FSK access

  14. File S tructures Files on remote server split in 2 parts 1. md-file contains the file meta data. e.g. access control information 2. d-file contains the file data

  15. File S tructures SIG FSK ENC FEK [File Data] [File Data Hash] d-file Enc. Key Enc. Key File Sig. SIG MS K Time File Block Block Pub. Key [Meta Data S tamp name (Owner) (User 1) (FSK) Hash] md-file

  16. Encrypted Key Blocks Username (KeyID) Username (KeyID) File Enc. Key (FEK) Encrypted with File Enc. username’ s Key (FEK) File Sig. MEK public key Private Key (FSK) Read-writ e Read only

  17. Meta Data File Creation

  18. Meta Data File Creation 1) Generate file keys (FSK and FEK) File Enc. Key (FEK) File Sig. Private Key (FSK)

  19. Meta Data File Creation Username 1) Generate file keys (FSK and FEK) (KeyID) 2) Create encrypted key block. File Enc. Key (FEK) Encrypted with owner’ s File Sig. MEK public key Private Key (FSK)

  20. Meta Data File Creation Enc. Key File Sig. Time File Block Pub. Key S tamp name (Owner) (FSK) 3) Append Pub FSK, time stamp, and file name to enc. key block

  21. Meta Data File Creation Enc. Key File Sig. SIG MS K Time File Block Pub. Key [Meta Data S tamp name (Owner) (FSK) Hash] 3) Append Pub FSK, time stamp, and file name to enc. key block 4) Hash and sign using owner’ s master signing key

  22. Meta Data File Creation Enc. Key File Sig. SIG MS K Time File Block Pub. Key [Meta Data S tamp name (Owner) (FSK) Hash] 3) Append Pub FSK, time stamp, and file name to enc. key block 4) Hash and sign using owner’ s master signing key 5) Update md-file freshness tree

  23. Why are freshness guarantees needed? • Can verify latest version of info is read • md-file freshness prevents rollback of revoked privileges

  24. Rollback Revoked Privileges 1. Bob revokes write access from Alice 2. Alice replaces new md-file with saved (older) copy 3. Replacement restores write privileges 4. Alice can undetectably write to d-file

  25. Freshness Overview • S iRiUS client generates hash tree of all md-files owned by user • Hash tree root: hash of all the md-files • Every directory has mdf-file made of the hash of: 1. md-files in that directory 2. mdf-files of sub directories

  26. Hash Tree Generation / foo / a Key: / a/ b bar dir file bin con

  27. Hash Tree Generation / Want to generat e root mdf root mdf foo / a Key: / a/ b bar dir file bin con

  28. Hash Tree Generation / Want to generat e root mdf root mdf Before root mdf can be foo / a generated, we need / a/ mdf mdf Key: / a/ b bar dir file bin con

  29. Hash Tree Generation / Want to generat e root mdf root mdf Before root mdf can be foo / a generated, we need / a/ mdf mdf Key: which in / a/ b bar dir turn needs / a/ b/ mdf mdf file bin con

  30. Hash Tree Generation / foo / a Key: Hash bin and / a/ b bar dir con to generate / a/ b/ mdf mdf file bin con

  31. Hash Tree Generation / Hash / a/ b/ mdf foo / a and bar to generate / a/ mdf mdf Key: / a/ b bar dir / a/ b/ mdf mdf file bin con

  32. Hash Tree Generation / Hash / a/ mdf and foo to generate root mdf root mdf foo / a / a/ mdf mdf Key: / a/ b bar dir / a/ b/ mdf mdf file bin con

  33. Root mdf-file • Contains a time stamp • Time stamp updated by client at specified time intervals • S igned by owner of the md-files

  34. Hash Tree Generation 1. Generated only once 2. Generated by owner of md-files 3. Hash tree cacheable 4. Updated only on md-file changes

  35. Verify md-file Freshness / root mdf foo / a / a/ mdf mdf Key: / a/ b bar dir / a/ b/ mdf mdf file bin con

  36. Verify md-file Freshness / root mdf foo / a / a/ mdf mdf Key: / a/ b bar dir / a/ b/ mdf mdf Verify bar md-file file bin con freshness

  37. Verify md-file Freshness / root mdf 1) Hash / a/ b/ mdf and bar foo / a to regenerate / a/ mdf mdf Key: / a/ b bar dir / a/ b/ mdf mdf Verify bar md-file file bin con freshness

  38. Verify md-file Freshness / root mdf 1) Hash / a/ b/ mdf 2) Compare and bar regenerated foo / a to regenerate / a/ mdf t o / a/ mdf current version mdf Key: / a/ b bar dir / a/ b/ mdf mdf Verify bar md-file file bin con freshness

  39. Verify md-file Freshness 1) Hash / a/ mdf / and foo to regenerate root mdf root mdf foo / a / a/ mdf mdf Key: / a/ b bar dir / a/ b/ mdf mdf Verify bar md-file file bin con freshness

  40. Verify md-file Freshness 2) Compare 1) Hash / a/ mdf / regenerated and foo root mdf t o to regenerate current version root mdf root mdf foo / a / a/ mdf mdf Key: / a/ b bar dir / a/ b/ mdf mdf Verify bar md-file file bin con freshness

  41. Verify md-file Freshness 2) Compare 1) Hash / a/ mdf / regenerated and foo root mdf t o to regenerate current version root mdf root mdf 3) Check timestamp foo / a verify owner’ s sig / a/ mdf mdf Key: / a/ b bar dir / a/ b/ mdf mdf Verify bar md-file file bin con freshness

  42. File S ystem Operations 1. Create, read, write, rename, unlink, share files 2. S ymbolic links but no hard links 3. User access revocation

  43. User 1 Access Revocation Enc. Key Enc. Key File Sig. SIG MS K Time File Block Block Pub. Key [Meta Data S tamp name (Owner) (User 1) (FSK) Hash]

  44. User 1 Access Revocation Enc. Key Enc. Key File Sig. SIG MS K Time File Block Block Pub. Key [Meta Data S tamp name (Owner) (User 1) (FSK) Hash] 1) Regenerate new file keys

  45. User 1 Access Revocation Enc. Key Enc. Key File Sig. SIG MS K Time File Block Block Pub. Key [Meta Data S tamp name (Owner) (User 1) (FSK) Hash] 1) Regenerate new file keys 2) Remove user 1 key block

  46. User 1 Access Revocation Enc. Key File Sig. SIG MS K Time File Block Pub. Key [Meta Data S tamp name (Owner) (FSK) Hash] 3) Update file sig. key and enc. key blocks 1) Regenerate new file keys 2) Remove user 1 key block

  47. User 1 Access Revocation Enc. Key File Sig. SIG MS K Time File Block Pub. Key [Meta Data S tamp name (Owner) (FSK) Hash] 3) Update file sig. key 4) Update and enc. key blocks time stamp 1) Regenerate new file keys 2) Remove user 1 key block

Recommend

Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan,

Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan,

Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, Zhiqiang Lin Department of Computer Science, The University of Texas at Dallas Presented by David Gloe Outline Introduction

576 views • 23 slides
The Hype and Reality of Electrical Energy S torage Brett A. Perlman S enior Fellow Agenda for

The Hype and Reality of Electrical Energy S torage Brett A. Perlman S enior Fellow Agenda for

The Hype and Reality of Electrical Energy S torage Brett A. Perlman S enior Fellow Agenda for today Promise of Energy Storage Current Energy S torage Market S ize Energy S torage Technology Overview Business cases for

445 views • 27 slides
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules or library untrusted

797 views • 46 slides
Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services Youngjin Kwon

Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services Youngjin Kwon

Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services Youngjin Kwon , Alan Dunn, Michael Lee, Owen Hofmann, Yuanzhong Xu, Emmett Witchel 1 Securing OS is difficult OS vulnerabilities in 2014 from national

1.06k views • 78 slides
Advanced Energy Storage Technologies Pumped Hydro Storage is often referred to as a

Advanced Energy Storage Technologies Pumped Hydro Storage is often referred to as a

M ASSACHUSETTS E NERGY S TORAGE I NITIATIVE S TORAGE S TUDY U PDATE May 18, 2016 1 M ASSACHUSETTS E NERGY A PPROACH 1. Reduce and stabilize the rising cost of energy for consumers 2. Continue the Commonwealths commitment to a clean energy

1.74k views • 16 slides
P Protecting Confidential Data on i C fid i l D Personal Computers with S p torage g

P Protecting Confidential Data on i C fid i l D Personal Computers with S p torage g

P Protecting Confidential Data on i C fid i l D Personal Computers with S p torage g Capsules Kevin Borders, Eric Vander Weele, Billy Lau, and Atul Prakash Problem: Malicious S oftware Computing becomes pervasive, so is malware

524 views • 29 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Bolt on some Crypto Michael Samuel @mik235 https://miknet.net/ Ruxcon 2014 Securing The

Bolt on some Crypto Michael Samuel @mik235 https://miknet.net/ Ruxcon 2014 Securing The

Bolt on some Crypto Michael Samuel @mik235 https://miknet.net/ Ruxcon 2014 Securing The Network - TLS & SSH IETF Standards: SSH - RFC 4250-4255 Remote shell File transfer TCP port forwarding, socks proxy Pipe commands over

679 views • 35 slides
Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

998 views • 67 slides
W HOLESALING , S TORAGE , AND D ISTRIBUTION U SE - TYPE IN G ENERAL R URAL R EGULATORY Z ONE .

W HOLESALING , S TORAGE , AND D ISTRIBUTION U SE - TYPE IN G ENERAL R URAL R EGULATORY Z ONE .

Development Code Amendment WDCA16-0001 W HOLESALING , S TORAGE , AND D ISTRIBUTION U SE - TYPE IN G ENERAL R URAL R EGULATORY Z ONE . Washoe County Planning Commission April 4, 2017 1 Background The Wholesaling, Storage and Distribution

400 views • 13 slides
Securing PHP Survey of the solutions Stanislav Malyshev stas@zend.com Most code is extremely

Securing PHP Survey of the solutions Stanislav Malyshev stas@zend.com Most code is extremely

Securing PHP Survey of the solutions Stanislav Malyshev stas@zend.com Most code is extremely buggy Can we help? Input filtering Unauthorized code (remote include) Unauthorized DB access (SQL Injection) Client subversion (XSS,

135 views • 11 slides
S TORAGE P RESENTATION T RANSCRIPT J ANUARY 21, 2016 This document was produced for review by the

S TORAGE P RESENTATION T RANSCRIPT J ANUARY 21, 2016 This document was produced for review by the

I NCREASING R ESILIENCE T HROUGH I MPROVED O N -F ARM S TORAGE P RESENTATION T RANSCRIPT J ANUARY 21, 2016 This document was produced for review by the United States Agency for International Development. It was prepared by the Feed the Future

423 views • 17 slides
Thomas Dewers 1 , Alex Rinehart 1 , Jon Major 2 , Photos placed in horizontal position Peter

Thomas Dewers 1 , Alex Rinehart 1 , Jon Major 2 , Photos placed in horizontal position Peter

G EOMECHANICS OF G EOLOGIC C ARBON Photos placed in horizontal position S TORAGE : H AZARDS , L ONG -T ERM S EALING , with even amount of white space between photos AND S TORAGE S ECURITY and header Thomas Dewers 1 , Alex Rinehart 1 , Jon

232 views • 20 slides
Spent Fuel and Waste Disposition FC - 4 . 1 Disposal FC---4.2 -S torage- &-Transportation

Spent Fuel and Waste Disposition FC - 4 . 1 Disposal FC---4.2 -S torage- &-Transportation

Nuclear Energy University Programs Fiscal Year 201 8 Annual Planning Webinar Spent Fuel and Waste Disposition FC - 4 . 1 Disposal FC---4.2 -S torage- &-Transportation John Orchard NEUP Federal Point of Contact Spent -Fuel -and -Waste

189 views • 8 slides
Pa Particu ticulate late Magnetic gnetic Ta Tape pe fo for Data ta Sto torage rage and

Pa Particu ticulate late Magnetic gnetic Ta Tape pe fo for Data ta Sto torage rage and

Pa Particu ticulate late Magnetic gnetic Ta Tape pe fo for Data ta Sto torage rage and d Fu Futur ture e Te Technologies hnologies Masahito OYANAGI Recording Media Research Laboratories, FUJIFILM Corporation Outline 1.

725 views • 33 slides
SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web based Centrally Administrated Divisionally managed Consistent content Central reporting Ability to add custom content (Policy's)

761 views • 10 slides
Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your

Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your

Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your troubleshooting needs ! On Premises Available on cloud Feature Highlights Advanced remote desktop sharing Voice, video and text chat Remote

222 views • 11 slides
Upgrading Transport Protocols using Untrusted Mobile Code Parveen Patel Andrew Whitaker Jay

Upgrading Transport Protocols using Untrusted Mobile Code Parveen Patel Andrew Whitaker Jay

Upgrading Transport Protocols using Untrusted Mobile Code Parveen Patel Andrew Whitaker Jay Lepreau David Wetherall ( Univ. of Washington ) Tim Stack ( Univ. of Utah ) Key Point Untrusted mobile code can allow anybody to build

365 views • 13 slides
O PEN S TORAGE R ESEARCH I NFRASTRUCTURE Jeremy Musser, Miao Zhang, Jayashree Candadai, Ezra

O PEN S TORAGE R ESEARCH I NFRASTRUCTURE Jeremy Musser, Miao Zhang, Jayashree Candadai, Ezra

R APID E ARTH S CIENCE D ATA D ISTRIBUTION OVER A M ULTI -I NSTITUTIONAL O PEN S TORAGE R ESEARCH I NFRASTRUCTURE Jeremy Musser, Miao Zhang, Jayashree Candadai, Ezra Kissel, Martin Swany Shawn McKee, Benjeman Meekhof, Lillian Indiana

858 views • 3 slides
J OINT C ENTER FOR E NERGY S TORAGE R ESEARCH Becoming Energy Efficient George Crabtree

J OINT C ENTER FOR E NERGY S TORAGE R ESEARCH Becoming Energy Efficient George Crabtree

J OINT C ENTER FOR E NERGY S TORAGE R ESEARCH Becoming Energy Efficient George Crabtree Director, Joint Center for Energy Storage Research (JCESR) Argonne National Laboratory University of Illinois at Chicago Outline Energy Sources and Uses

267 views • 24 slides
Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses in Arizona Arizona L. William Staudenmaier One Arizona Center 400 East Van Buren Street, Suite 1900 Phoenix, Arizona 85004 2202 602.382.6000 |

574 views • 32 slides
MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage

MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage

MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage Services Seungyeop Han (syhan@cs.washington.edu) Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

837 views • 37 slides
Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS Industry-United Initiative ............................................ 2 The TAA Difference .................................................... 3 Life After

466 views • 19 slides
Cake: : Enabling Hig igh-level SLOs on Shared Sto torage Syste tems Andrew Wang, Shivaram

Cake: : Enabling Hig igh-level SLOs on Shared Sto torage Syste tems Andrew Wang, Shivaram

Cake: : Enabling Hig igh-level SLOs on Shared Sto torage Syste tems Andrew Wang, Shivaram Venkataraman, Sara Alspaugh, Randy Katz, Ion Stoica University of California, Berkeley SO SOCC CC 20 2012 12 Content Introduction Problem

841 views • 30 slides

More recommend