OceanStore: Data Security in an Insecure world John Kubiatowicz.
-
date post
21-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of OceanStore: Data Security in an Insecure world John Kubiatowicz.
OceanStore:Data Security in an
Insecure world
John Kubiatowicz
OceanStore:2Networking Day ©2001 John Kubiatowicz/UC Berkeley
OceanStore Context: Ubiquitous Computing
• Computing everywhere:– Desktop, Laptop, Palmtop– Cars, Cellphones– Shoes? Clothing? Walls?
• Connectivity everywhere:– Rapid growth of bandwidth in the interior of the net– Broadband to the home and office– Wireless technologies such as CMDA, Satelite, laser
• But: Where is persistent information?– Must be the network!– Utility Model
OceanStore:3Networking Day ©2001 John Kubiatowicz/UC Berkeley
Utility-based Infrastructure
Pac Bell
Sprint
IBMAT&T
CanadianOceanStore
IBM
• How many files in the OceanStore?– Assume 1010 people, 10,000 files/person (very conservative?)– So 1014 files in OceanStore!– If 1 gig files (ok, a stretch), get almost 1 mole of bytes!
OceanStore:4Networking Day ©2001 John Kubiatowicz/UC Berkeley
Basic Structure:Untrusted, Peer-to-peer Model
OceanStore:5Networking Day ©2001 John Kubiatowicz/UC Berkeley
But What About Security?• End-to-End and Everywhere Else!
– Protection at all levels– Data Protected Globally– Attacks recognized and squashed locally
• How is information protected?– Encryption for privacy– Secure Naming and Signatures for authenticity– Byzantine commitment for integrity
• Is it Available/Durable?– Redundancy with continuous repair – Redistribution for long-term durability
• Is it hard to manage?– Automatic optimization, diagnosis and repair
OceanStore:6Networking Day ©2001 John Kubiatowicz/UC Berkeley
Secure Naming• Unique, location independent identifiers:
– Every version of every unique entity has a permanent, Globally Unique ID (GUID)
– GUIDs derived from secure hashes (e.g. SHA-1)– All OceanStore operations operate on GUIDs
• Naming hierarchy:– Users map from names to GUIDs via hierarchy of
OceanStore objects (ala SDSI)
Each link is either a GUID (RO)Or a GUID/public key combination
FooBarBaz
Myfile
Out-of-Band“Root link”
OceanStore:7Networking Day ©2001 John Kubiatowicz/UC Berkeley
GUIDs Secure PointersName+Key
Active GUID
Global Object Resolutions
Floating Replica(Active Object)
Active Data
CommitLogs
CKPoint GUID
Archival GUIDArchival GUID
Signature
RP KeysACLsMetaData
Global Object Resolution
Archival copyor snapshot
Archival copyor snapshot
Archival copyor snapshot
Erasure Coded
Archival GUIDSignature
Inactive Object
Global Object Resolution
OceanStore:8Networking Day ©2001 John Kubiatowicz/UC Berkeley
But What About the Red Arrows?
Location-Independent Routing!
OceanStore:9Networking Day ©2001 John Kubiatowicz/UC Berkeley
4
2
3
3
3
2
2
1
2
4
1
2
3
3
1
34
1
1
4 3
2
4
Start with: Tapestry Routing Mesh
NodeID0x43FE
NodeID0x13FENodeID
0xABFE
NodeID0x1290
NodeID0x239E
NodeID0x73FE
NodeID0x423E
NodeID0x79FE
NodeID0x23FE
NodeID0x73FF
NodeID0x555E
NodeID0x035E
NodeID0x44FE
NodeID0x9990
NodeID0xF990
NodeID0x993E
NodeID0x04FE
NodeID0x43FE
OceanStore:10Networking Day ©2001 John Kubiatowicz/UC Berkeley
Then add:Location-Independent Routing
OceanStore:11Networking Day ©2001 John Kubiatowicz/UC Berkeley
Secure Routing• Node names are hash of public key
– Requests can be signed– Validate Responses in Request/response pairs
• Data validation built into network:– Pointers signed– Publication process verified– Responses from servers verified by checking GUIDs
• Denial of Service resilence: locality/redundancy– MACs along all links: local suppression of DoS– Multiple roots to avoid single points of failure– Multiple links for rapid recovery– Pointers provide locality: Find closest version of object
OceanStore:12Networking Day ©2001 John Kubiatowicz/UC Berkeley
What about Update Integrity?
Byzantine Agreement!
OceanStore:13Networking Day ©2001 John Kubiatowicz/UC Berkeley
The Path of an OceanStore Update
OceanStore:14Networking Day ©2001 John Kubiatowicz/UC Berkeley
Consistency Mechanism applied directly to encrypted
data!
OceanStore:15Networking Day ©2001 John Kubiatowicz/UC Berkeley
Archival DisseminationBuilt into Update
OceanStore:16Networking Day ©2001 John Kubiatowicz/UC Berkeley
Conclusion:End-to-End and Everywhere Else
• Secure read-only data • Secure the commitment protocols• Secure the routing infrastructure• Continuous adaptation and repair
For more information: http://oceanstore.cs.berkeley.edu/