320 likes | 643 Vues
Secure File Sharing. Presented by Vishal Kher February 13, 2004. References. E.-J. Goh, et al. SiRiUS: Securing Remote Untrusted Storage . In Proceedings of NDSS 2003. M. Kallahalla, et al. Plutus scalable secure file sharing on untrusted storage . FAST 2003. Outline. SiRiUS Plutus
E N D
Secure File Sharing Presented byVishal Kher February 13, 2004
References • E.-J. Goh, et al. SiRiUS: Securing Remote Untrusted Storage. In Proceedings of NDSS 2003. • M. Kallahalla, et al. Plutus scalable secure file sharing on untrusted storage. FAST 2003.
Outline • SiRiUS • Plutus • Comparison
Goals • System should be easy to install and use • No changes to file server • Secure file sharing • Confidentiality and integrity • Data as well as meta-data • Key management • Read and read-write distinction • Freshness • Meta-data
Assumptions • Untrusted File Server • File sharing for small groups • Trusted client machine • Presence of PKI or similar infrastructure
System Components d-file Data File md-file Meta-data file md-file Meta-data integrity file FEK File encryption key (symmetric key per file) FSK File Signing Key (asymmetric) MEK, MSK File owner’s encryption and signing key (asymmetric) PU, SU Public and private key of user
EPU EPU File Structure EFEK(D) SIGFSK(H(D)) d-file Username Username Prevent swapping attacks FEK FEK FSK EncryptedKey Block(users) EncryptedKey Block[…] Public Keyfor FSK MetadataLast modified TS Filename SIGMSKon md-file md-file
Freshness of md-file • File residing in user’s home dir belong to user • Creation • Hash all md-files and store the final hash in md-file • Concat hash of md-files in a dir to md-file of subdir • Sign the final hash (root level) along with timestamp and place in root md-file • Update • The owner’s client updates after some time interval • Verification • Walk up the tree
Write • Assume owner updated the access control info • Write • Obtain md-file, verify signature on md-file • Obtain FEK and FSK • Obtain d-file and verify signature using pub key of FSK • Decrypt data • Encrypt modified data with FEK, hash sign using FSK • Rewrite the d-file • Dumb – sequential • Extension talks about random read and write
Read and Rename • Assume owner updated the access control info • Read • Obvious from previous description • Rename • Require updating the hash tree and md-file
Key Management and Revocation • Key Management • Owner manages keys • User needs MEK and MSK • Revocation • Nothing special • User updates FEK and meta-data • Re-encrypts file
Discussion (1) • Roll-back • No data freshness • Replace current d-file with a valid old version • No suitable for large scale file sharing • Owner performs all the key management • Good for P2P • Huge performance overhead • Can further reduce some number of signatures • Storage overhead
Discussion (2) • Change of user’s public keys • Contact the owners of every file • Keep/ search a list of these files • Do file owners have to figure this out? • Where should the keys be stored? • Smartcard • Encrypted using pass phrase • Hassle to user • How can they be accessed seamlessly?
Extensions • Random Access • Each block encrypted with AES, CBC with different random iv • Encrypt pathname using FEK • lscommand will require all FEKs + decryption! • Large scale group scaling using NNL DB1 DBn …. H(DB)n …. H(DB)n SIGMSK ….
Outline • SiRiUS • Plutus • Comparison
Goals • Low cryptographic overhead in file server • File server unaware of user’s identity • Secure file sharing • Decentralized Key management • Completely pushed to users • Confidentiality and integrity • Data and meta-data • Authorization • Read and read-write distinction
Assumptions • Untrusted storage • Trusted client machine • User’s authenticate each other before obtaining keys over a secure channel • Key management is handled by users • Communications are secure
File Groups and Lock Box • Filegroup is a group of files with same privileges • Owned by same {owner, group}, have same permissions • Reduce the number of keys • Lock Box • Box with a lock that holds a bunch of keys • Need key to the box to access the stored keys
System Overview (1) • Each file block is encrypted with a different key • fileblockkey • Every filegroup has a lockbox • Lockbox stores all file-block keys of files belonging to that filegroup • Associated with lockbox is a lockbox-key (symmetric) • Encrypts file-block keys • Owner distributes lockbox-keys to readers and writers • Reader writer distinction • Asymmetric keys: file-sign key, file-verify key
System Overview (2) • Integrity of data file • Writer hashes all data blocks of the file and signs the root using file-sign key • Confidentiality of meta-data • Encrypt names of files in dir using file-name key • Encrypt filegroup names using file-group key
File Structure Inode 1 header Inode 1block 1 Inode 2block 2 Inode 3block 3 H(block 1)Kfile-block1 Root hash + sign H(block 1)Kfile-block1 H(block 1)Kfile-block1 File foo Using file-sign key for filegroupB
Read • Reader wants to access foo • Browse to obtain name of the owner of foo • Contact owner for: • file-verify key, file-lockbox key • Verify the signature on root using file-verify key • Decrypt lockbox using file-lockbox key and fetch file-block keys • Decrypt file foo
Write • Reader wants to access foo • Contact owner for: • file-sign and verify key, file-lockbox key • Generates file-block keys • Encrypt blocks • Store lockbox and file blocks • Calculate hash tree, sign root, write the tree with sign • But… How to authenticate writers • Token per file group • Hash(Token, F) is stored in inode • Server verifies tokens before allowing writes
Revocation • Lazy revocation • Changes keys • Owner immediately updates meta-data • Mark file for re-encryption • Re-encrypt only on updated • File-groups • Same key multiple files • On write following revocation • key for re-encrypted file different!
Key Rotation • Every key has version numbers • Readers and writers should check the version before using the keys
Discussion • Total trust on insiders. • No notion of identity on the server • any authorized user can change and sign the data • Will the readers be able to track who changed it? • The owner will have to be online to distribute keys • Burden on owners • Good for P2P • How about enterprise?
Comments Thank You