1 / 12

Efficient Proactive Security for Sensitive Data Storage

Efficient Proactive Security for Sensitive Data Storage. Arun Subbiah Douglas M. Blough. School of ECE, Georgia Tech {arun, dblough}@ece.gatech.edu. Autonomic Proactive. Autonomic / self-healing / adaptive Detect storage node failure / compromise, then repair

Mercy
Download Presentation

Efficient Proactive Security for Sensitive Data Storage

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Efficient Proactive Security for Sensitive Data Storage Arun Subbiah Douglas M. Blough School of ECE, Georgia Tech {arun, dblough}@ece.gatech.edu

  2. Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu Autonomic Proactive • Autonomic / self-healing / adaptive • Detect storage node failure / compromise, then repair • Proactive security and fault-tolerance • Refresh and renew, don’t rely on failure detector Detect failures Repair Periodic refresh Autonomic Proactive Distributed Data Storage System

  3. Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu Failure Detector for Byzantine Quorum Systems • Integrated into a distributed filesystem prototype • L. Kong, A. Subbiah, M. Ahamad, and D. M. Blough, "A Reconfigurable Byzantine Quorum Approach for the Agile Store," SRDS 2003 • L. Kong, D. J. Manohar, A. Subbiah, M. Sun, M. Ahamad, and D. M. Blough, "Agile Store: Experience with Quorum-Based Data Replication Techniques for Adaptive Byzantine Fault Tolerance," SRDS 2005 FD FD Diagnosis Server FD FD Users FD Byzantine Quorum System

  4. Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu Failure Detector Performance in Byzantine Quorum Systems p Probability of detection bad

  5. Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu Proactive Security – Integrity and Confidentiality Protection SVR1 SVR2 SVR3 p Time Interval 1 Time Interval 2 Time Interval 3 Time Interval 4

  6. Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu Proactive Security – Confidentiality Protection • Data storage using perfect secret sharing • Problem: Perfect secret sharing schemes have high computation overhead; do not scale with large amounts of data • Solution: The GridSharing Framework: Use XOR and replication • A. Subbiah and D. M. Blough, "An Approach for Fault Tolerant and Secure Data Storage in Collaborative Work Environments," Workshop on Storage Security and Survivability, ACM CCS, 2005

  7. Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu Computation Overheads for Perfect Secret Sharing • Verifiable secret sharing: Feldman’s scheme with Shamir’s scheme • Computation times during encoding and decoding over 700 ms • For any 3 out of 5 shares scheme • Compare with AES (Rijndael) symmetric key encryption • Encryption and decryption times approx. 205 μs Perfect secret sharing is over 3000 times slower than symmetric-key encryption • The GridSharing framework: < 1 ms • Computation times for an 8 KB data block on a Pentium 4 3GHz computer.

  8. Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu Proactive Security – Integrity Protection • Each server periodically checks the integrity of its stored data with other servers. • Repair if any corruptions are detected. Users Assume metadata is replicated at all servers

  9. 1 Gbps LAN Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu A Proactively-Secure Document Store Time Interval Marker • Users upload / download encrypted documents. • Documents stored at all the servers. • Experiments run on the Emulab cluster (http://www.emulab.net). 100 Mbps LAN Diagnosis Server Users All machines: 3 GHz, 64-bit Xeon, 2 GB RAM, 146 GB hard disk

  10. Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu Throughput Measurement

  11. Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu Storage Repair Rate

  12. Efficient Proactive Security for Sensitive Data Storage Arun Subbiah, Douglas M. Blough {arun, dblough}@ece.gatech.edu PhD Work • Byzantine-fault detection algorithms • Integrated with Reconfigurable Quorums to give Agile Store. • Coding techniques for distributed storage • First secret sharing technique that scales with large amounts of data. • Protocol design for integrity and confidentiality protection • Prototype implementation and performance evaluation • First practical proactively-secure data store. • Scales to 100s GB of data. • More info: http://www.arunsubbiah.com

More Related