secure file sharing presented by vishal kher february 13, 2004
TRANSCRIPT
![Page 1: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/1.jpg)
Secure File SharingSecure File Sharing
Presented byVishal Kher
February 13, 2004
![Page 2: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/2.jpg)
2
ReferencesReferences
E.-J. Goh, et al. SiRiUS: Securing Remote Untrusted Storage. In Proceedings of NDSS 2003.
M. Kallahalla, et al. Plutus scalable secure file sharing on untrusted storage. FAST 2003.
![Page 3: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/3.jpg)
3
OutlineOutline
SiRiUS Plutus Comparison
![Page 4: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/4.jpg)
4
GoalsGoals
System should be easy to install and use No changes to file server Secure file sharing
– Confidentiality and integrity • Data as well as meta-data
– Key management– Read and read-write distinction– Freshness
• Meta-data
![Page 5: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/5.jpg)
5
AssumptionsAssumptions
Untrusted File Server File sharing for small groups Trusted client machine Presence of PKI or similar infrastructure
![Page 6: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/6.jpg)
6
System ComponentsSystem Components
d-file Data File
md-file Meta-data file
FEK File encryption key (symmetric key per file)
FSK File Signing Key (asymmetric)
MEK, MSK File owner’s encryption and signing key (asymmetric)
md-file Meta-data integrity file
PU, SU Public and private key of user
![Page 7: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/7.jpg)
7
File StructureFile Structure
EFEK(D) SIGFSK(H(D))
d-file
EncryptedKey Block
(users)
EncryptedKey Block
[…]
Public Key
for FSK
MetadataLast modified
TS
Filename
SIGMSK
on md-file
md-file
Username
FEKFSK
Username
FEKEPU EPU
Prevent swapping attacks
![Page 8: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/8.jpg)
8
Freshness of md-fileFreshness of md-file
File residing in user’s home dir belong to user Creation
– Hash all md-files and store the final hash in md-file– Concat hash of md-files in a dir to md-file of subdir– Sign the final hash (root level) along with timestamp and
place in root md-file
Update– The owner’s client updates after some time interval
Verification– Walk up the tree
![Page 9: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/9.jpg)
9
WriteWrite
Assume owner updated the access control info Write
– Obtain md-file, verify signature on md-file– Obtain FEK and FSK– Obtain d-file and verify signature using pub key of FSK– Decrypt data– Encrypt modified data with FEK, hash sign using FSK– Rewrite the d-file
Dumb – sequential– Extension talks about random read and write
![Page 10: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/10.jpg)
10
Read and RenameRead and Rename
Assume owner updated the access control info Read
– Obvious from previous description
Rename– Require updating the hash tree and md-file
![Page 11: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/11.jpg)
11
Key Management and RevocationKey Management and Revocation
Key Management– Owner manages keys– User needs MEK and MSK
Revocation– Nothing special– User updates FEK and meta-data– Re-encrypts file
![Page 12: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/12.jpg)
12
PerformancePerformance
![Page 13: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/13.jpg)
13
Discussion (1)Discussion (1)
Roll-back– No data freshness– Replace current d-file with a valid old version
No suitable for large scale file sharing Owner performs all the key management
– Good for P2P
Huge performance overhead– Can further reduce some number of signatures
Storage overhead
![Page 14: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/14.jpg)
14
Discussion (2)Discussion (2)
Change of user’s public keys– Contact the owners of every file
• Keep/ search a list of these files
– Do file owners have to figure this out?
Where should the keys be stored?– Smartcard– Encrypted using pass phrase
• Hassle to user• How can they be accessed seamlessly?
![Page 15: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/15.jpg)
15
ExtensionsExtensions
Random Access– Each block encrypted with AES, CBC with different
random iv
Encrypt pathname using FEK– ls command will require all FEKs + decryption!
Large scale group scaling using NNL
DB1 SIGMSKDBn H(DB)n H(DB)n…. …. ….
![Page 16: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/16.jpg)
16
OutlineOutline
SiRiUS Plutus Comparison
![Page 17: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/17.jpg)
17
GoalsGoals
Low cryptographic overhead in file server File server unaware of user’s identity Secure file sharing
– Decentralized Key management • Completely pushed to users
– Confidentiality and integrity• Data and meta-data
– Authorization• Read and read-write distinction
![Page 18: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/18.jpg)
18
AssumptionsAssumptions
Untrusted storage Trusted client machine User’s authenticate each other before obtaining
keys over a secure channel– Key management is handled by users
Communications are secure
![Page 19: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/19.jpg)
19
File Groups and Lock BoxFile Groups and Lock Box
Filegroup is a group of files with same privileges– Owned by same {owner, group}, have same permissions– Reduce the number of keys
Lock Box– Box with a lock that holds a bunch of keys– Need key to the box to access the stored keys
![Page 20: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/20.jpg)
20
System Overview (1)System Overview (1)
Each file block is encrypted with a different key – fileblock key
Every filegroup has a lockbox– Lockbox stores all file-block keys of files belonging to that
filegroup– Associated with lockbox is a lockbox-key (symmetric)
• Encrypts file-block keys• Owner distributes lockbox-keys to readers and writers
Reader writer distinction– Asymmetric keys: file-sign key, file-verify key
![Page 21: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/21.jpg)
21
System Overview (2)System Overview (2)
Integrity of data file– Writer hashes all data blocks of the file and signs the root
using file-sign key
Confidentiality of meta-data– Encrypt names of files in dir using file-name key– Encrypt filegroup names using file-group key
![Page 22: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/22.jpg)
22
File StructureFile Structure
Efoo-key(foo)
Ebar-key(bar)
Etmp-key(tmp)
header
EB-key(filegroupB)
header
EA-key(filegroupA)
Inode 1block 1
Inode 2block 2
Inode 3block 3
H(block 1)Kfile-block1
H(block 1)Kfile-block1
H(block 1)Kfile-block1
Root hash +
sign
Inode 1 header
Using file-sign key for filegroupB
File foo
![Page 23: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/23.jpg)
23
ReadRead
Reader wants to access foo Browse to obtain name of the owner of foo Contact owner for:
– file-verify key, file-lockbox key– Verify the signature on root using file-verify key– Decrypt lockbox using file-lockbox key and fetch file-block
keys– Decrypt file foo
![Page 24: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/24.jpg)
24
WriteWrite
Reader wants to access foo Contact owner for:
– file-sign and verify key, file-lockbox key– Generates file-block keys– Encrypt blocks– Store lockbox and file blocks– Calculate hash tree, sign root, write the tree with sign
But… How to authenticate writers– Token per file group– Hash(Token, F) is stored in inode– Server verifies tokens before allowing writes
![Page 25: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/25.jpg)
25
RevocationRevocation
Lazy revocation– Changes keys– Owner immediately updates meta-data– Mark file for re-encryption– Re-encrypt only on updated
File-groups– Same key multiple files
On write following revocation– key for re-encrypted file different!
![Page 26: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/26.jpg)
26
Key RotationKey Rotation
Every key has version numbers Readers and writers should check the version
before using the keys
![Page 27: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/27.jpg)
27
DiscussionDiscussion
Total trust on insiders.– No notion of identity on the server– any authorized user can change and sign the data– Will the readers be able to track who changed it?
The owner will have to be online to distribute keys Burden on owners
– Good for P2P– How about enterprise?
![Page 28: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/28.jpg)
28
ComparisonComparison
Role of server Verify writes Store data (unmodified)
Plutus SiRiUS
File sharing Dynamic Static: A user cannot create file
User’s identity Hidden Included in meta-data
Key distribution Done by owner to user Owner puts the appropriate
keys in the meta-data
Hash tree Update by writer
Includes data blocks
Periodic update by ownerOnly includes meta-data
Revocation Lazy + key rotation Nothing special
Number of Keys Less: File groups One per user
Scalability More scalable Less scalable
![Page 29: Secure File Sharing Presented by Vishal Kher February 13, 2004](https://reader036.vdocuments.net/reader036/viewer/2022081516/56649da65503460f94a90dd7/html5/thumbnails/29.jpg)
29
CommentsComments
Thank You