responsive security for stored data
DESCRIPTION
Responsive Security for Stored Data. Subramanian Lakshmanan Mustaque Ahamad H. Venkateswaran College of Computing Georgia Institute of Technology. Introduction. Problem definition A distributed data repository. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/1.jpg)
Responsive Security for Stored Data
Subramanian Lakshmanan
Mustaque Ahamad
H. Venkateswaran
College of Computing
Georgia Institute of Technology
![Page 2: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/2.jpg)
Introduction
Problem definition– A distributed data repository. – Guarantees availability, integrity and confidentiality of stored data in the
face of a limited number of compromised nodes. – Better performance.
Organization– Motivation– Existing techniques – Our approach– Related work– System architecture and protocols– A simple analysis
![Page 3: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/3.jpg)
Hope no one is
looking at my tax
documents
Would any one know about
this?
Hope the records have not been tampered
I don’t want the data to be lost, never! Could prove
vital!
Get his medical
records, fast!
At your service!
Motivation
![Page 4: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/4.jpg)
Approach
I’m not going to trust any of you guys. No one is going to get all
the information
I will be faithful anyway
Wish I could
capture more
nodes!
I don’t want to talk to ALL of u, takes hell a lot of
time
I can’t even wipe or corrupt the data, let alone leaking info!
I will pass on what I
see to you, real fast!
So will I! Having a copy always
helps
![Page 5: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/5.jpg)
S2
S3
S4
S1
C
E(d,k’)
E(d,k’)
E(d,k’)
E(d,k’)
E(d,k’)
E(d,k)
E(d,k)
Pure replication
1. Periodic re-encryption2. Client has to be present for re-encryption3. Compromised server could retain old data
E(d,k)
E(d,k)
E(d,k)
![Page 6: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/6.jpg)
Secret-sharing algorithms
A (b,k) secret-sharing scheme fragments data into k shares so that b shares give no information, b+1 give all the information.
A (b,2b+1) scheme guarantees confidentiality, integrity and availability of data in the face of a maximum of b compromised nodes.
Data shares can be renewed, recovered periodically by the servers, even in the absence of the client, in a purely distributed fashion tolerating a maximum of b malicious nodes.
![Page 7: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/7.jpg)
A pure-secret sharing scheme
S1
S2
S3
S4
S5
C
D (f1,f2..f5)(1,5) scheme
f1
f2
f3
f4
f5
1. A write involves talking to all servers
2. Suffers from the problem of related attacks
![Page 8: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/8.jpg)
Our approach
Pure replication– Poor security tolerating malicious faults– Better performance (access cost, availability)
Pure secret-sharing – Better security tolerating malicious faults– Poor performance
Hybrid scheme– Do limited secret-sharing– Replicate the shares– Offer the benefits of both schemes
![Page 9: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/9.jpg)
Related work
Replication for Byzantine fault tolerance– Schneider’s state machine approach for fault tolerance
– Secure FS, Practical Byzantine fault tolerance at MIT - Castro and Liskov
Quorum systems– Phalanx and Fleet – Reiter et. al.
– Dynamic quorums – Alvisi et. El.
![Page 10: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/10.jpg)
Related work (contd.)
Secret-sharing– Shamir’s scheme based on polynomial interpolation
– Detecting and recovering corrupted shares – Feldman, Pederson
– Proactive secret-sharing, periodic share renewal and share recovery – Herzberg et. al.
PASIS at CMU. Fragmentation-scattering for intrusion tolerance at LAAS, France. Data dissemination
– Epidemic algorithms for non-malicious environment, Demers et. al.
– Dissemination in Byzantine environment – Malkhi et. al.
![Page 11: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/11.jpg)
Our system
Write along a row
Disseminate along acolumn
Periodic share renewal
f1 f2f3
Read along a row
D f1 ,f2 ,f3
•Pure secret sharing : number of rows = 1•Pure replication : number of columns = 1
![Page 12: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/12.jpg)
Assumptions
N Servers S1..Sn. Requests authenticated and authorized independently at each
server, secure communication channels Compromises of two different servers not related. Chosen threshold value b, number of server failures to be
tolerated. Number of columns- c, number of rows –r, rc = n, c>b. Protocols designed for chosen matrix dimensions and chosen
threshold value.
![Page 13: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/13.jpg)
Read and write protocols
Write(x,v) by Client C
1. v v1,v2,…vc
(b,c)
2. Compute one-way function h(vi) = gvi
3. Form Verification string VS = h(v1)|h(v2)|..h(vn)sig = {uid(x),ts,v}KC-1
4. Choose a row k. for (m = 1 to c) send{“write”,uid(x),ts,vm,VS,sig} to sever Sk,m
5. Repeat 4 for different k until number of rows contacted l is such that c - b/l b+1.
![Page 14: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/14.jpg)
Write protocol
D f1 ,f2
(b,c)
VS = h(f1)|h(f2)|..h(fn)
f1,VS, f2,VS, fc,VS,
C
l
b/l b+1
![Page 15: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/15.jpg)
Read and write Protocols (contd.)Read(x) by Client C
1. Choose a row k. for (m = 1 to c) send{“write”,uid(x),ts,vm,VS,sig} to sever Sk,m
2. Get a list of {ts, VS,vm,sig} from Sk,m
3. Choose the highest timestamp that occurs in b+1 or more replies with same VS. 4. If no such timestamp exists, repeat from 1 for a different k.5. Pick shares corresponding to this timestamp. Pick b+1 shares that are verified successfully by VS. Reconstruct data value v from b+1 shares.6. Return v if sig is valid, else repeat from 1 for different k
![Page 16: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/16.jpg)
Read protocol
D3. fi1 ,fi2,fib+1
(b,*)2. h(fi’) = h(fi) in VS ?
C
f1’,VS1, f2’,VS2, fc’,VSc,
1. VSi1 = VSi2
= ..Vsi b+1 ?
![Page 17: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/17.jpg)
Data dissemination
Disseminate shares along columns Increases availability and system performance Better data sharing for shared data Better support for mobile or roaming client Replicated copies serve as back-ups
![Page 18: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/18.jpg)
Dissemination protocol
f1 f2 fcVS VS VS
f’2f2
1. Detect/suspect corruption 2. Pull verification string from b+1 servers3. Check if share is valid using VS 4. Do share recovery if share is corruptedRemarks :
1. VS is accepted as valid only if either directly heard from client or b+1 other servers report same VS .
2. Disseminate to other servers only those VS that are accepted as valid.
![Page 19: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/19.jpg)
Share renewal
Assumption : In any timeframe of length Tv, an adversary can compromise a maximum of
b nodes Question :
What happens over a time interval of length 2Tv?
Adversary compromises more than b nodes over a longer period of time. Renew the shares at least once every Tv seconds.
– Shares before share renewal do not make any sense with new shares.
– Done by servers in the absence of client, distributed, secure against b compromised nodes.
![Page 20: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/20.jpg)
Share renewal (contd.)
Periodic share renewal
f1, VS f2, VS f3, VS
f1’, VS’ f2’, VS’ f3’, VS’
f2 f2’f1
![Page 21: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/21.jpg)
Analysis
In any time fram of length Tv, a server can be compromised with probability p– Expected number of failures = np
Threshold value b, degree of replication r (or c) determine the level of security and performance offered by the system
Time taken to complete a read/write much less than Tv
![Page 22: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/22.jpg)
Security Metrics
Availability- Probability that a legitimate client can read a data item that has been
written successfully.
Confidentiality- Complement of the probability that an adversary can read a data item
that has been written successfully.
Integrity- Complement of the probability that any client could be given
corrupted or modified data content when a read on a data item is done.
![Page 23: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/23.jpg)
Security metrics(contd.)
(b,c) = (c) (1-pr)i * (pr) (c-i)
1. Availability():
= probability of finding at least b+1 non-faulty servers, each from a different column
i = b+1
c
i
2. Confidentiality():
= 1 - probability of finding at least b+1 malicious servers, each from a different column
(b,c) = 1 - (c) (1-qr)i * (qr) (c-i) ,
q = 1-p i = b+1
c
i
3. Integrity – same as confidentiality or depends on the strength of the underlying digital signature scheme
![Page 24: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/24.jpg)
Performance metrics
Read cost– Expected number of servers a client needs to contact to read a data
item successfully. – Involves collecting b+1 distinct shares that are not corrupted.– (2b+1)/pr, pr – probability of a read completing successfully after
contacting 2b+1 servers. Write cost
– Number of servers a client needs to contact to write a data item at a confidence level h.
– h = probability of success = probability that at least one server from each of b+1 or more columns receive the write.
![Page 25: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/25.jpg)
Availability, Confidentiality as functions of b for constant cAvailability
Confidentiality
![Page 26: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/26.jpg)
Access costs as functions of b for constant c Read cost
Write cost
![Page 27: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/27.jpg)
Availability and Confidentiality as functions of c for constant bAvailability
Confidentiality
![Page 28: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/28.jpg)
Access costs as functions of c for constant b Read cost
Write cost
![Page 29: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/29.jpg)
Availability and Confidentiality against threshold value, c = 2b+1
![Page 30: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/30.jpg)
Access costs against threshold value, c = 2b+1
![Page 31: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/31.jpg)
Remarks
When access cost or availability is the most important metric to be optimized and confidentiality is not an issue, set
r = n, c = 1, b = 0 (pure replication) When confidentiality is the most important metric to be optimized and
low performance is accepted, set r = 1, c = n, b = (c-1)/2 (pure secret-sharing)
Requirements on both security and performance would need combination of replication and secret-sharing 1-10-3.5, access cost 22 servers => b = 10, c = 21– Higher confidentiality => higher access costs and lower availability
Related attacks – Place servers vulnerable to similar attacks in same column
![Page 32: Responsive Security for Stored Data](https://reader036.vdocuments.us/reader036/viewer/2022070407/568143a1550346895db02324/html5/thumbnails/32.jpg)
Future work
Per object customizable security Intrusion detection and correction Dynamic inclusion and exclusion of servers Implementation and experimental evaluation