1 / 20

Audit Control Environment

Audit Control Environment. Mike Smorul UMIACS. Issues surrounding asserting integrity. Threats to Integrity of Digital Archives Hardware/media degradation Hardware/software malfunction Operational errors Security breaches, malicious alterations Technology evolution

cole
Download Presentation

Audit Control Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Audit Control Environment Mike Smorul UMIACS

  2. Issues surrounding asserting integrity • Threats to Integrity of Digital Archives • Hardware/media degradation • Hardware/software malfunction • Operational errors • Security breaches, malicious alterations • Technology evolution • Object transformation (format obsolescence) • Infrequent access to most data

  3. Using Hashes to Monitor Files Strong hashes can assert a file has not changed How to manage millions of hashes? How do you prove the hash value hasn’t changed? How do you prove a hash value was issued at a given time?

  4. Audit Control Environment (ACE) Solves the problem of storing and verifying hashes. Secures hashes by issuing token for each file/hash to me monitored. Tokens contain a cryptographic proof that allows for 3rd party auditing. One number stored externally is used to audit tokens and hashes.

  5. Hash Authentication CSI (one hash value) Previous Round Hash Intermediate Hash Value IHV IHV Challenge Hash Hash 1 Hash 2 Hash 3 Hash 4 Hash 5 Hash 6 Create Merkel Tree For Supplied Hashes Link to previous round Gather Hashes During Round Generate proof for hash

  6. Token Sample <token> <token-class>SHA-256-0</token-class> <digest-service>SHA-256</digest-service> <name>/SRB3_2_1f.tar</name> <round-id>1223</round-id> <time-stamp>2008-07-22T11:03:45.059-0400</time-stamp> <proof> <element index="0"> <hash>2e869e2ce41ede3ceb3af50f8aa2705067b3e67055b5b3d2787e2c294a95a869</hash> </element> <element index="0"> <hash>6a925501991d7b4ff660d499416fd45a20dde161eb68e59fedc0f58208ad86cf</hash> </element> <element index="0"> <hash>134432a6a6527162d24e99435e817511eeb89ddc03afbc6a30f23e404847cc06</hash> </element> <element index="1"> <hash>1aeaf2d76976cf9759b0d63bc7acdf9c6df68875bfc9bcc0e22c19401aab0133</hash> </element> </proof> </token>

  7. How to scale? • Two layers of Merkel tree • Short rounds(seconds), that generate Cryptographic Summary Information(CSI). • Each successive round includes previous CSI • Second, daily rounds comprised of all CSI’s for previous day. • Daily tree root, called Witness can validate all CSI’s for a day. • Only 365/year generated. Very manageable! • Two components, an Integrity Management Service(IMS), and Audit Manager(AM) were developed.

  8. Components • Integrity Management Service (remote) • Runs all hash aggregation, round generation, witness publication. • Stores CSI values • Generate proofs from CSI to witness • ims.umiacs.umd.edu • Audit Manager (local) • Monitors local files • Determines audit policy • One or more per archive • Locally stores hashes and tokens

  9. ACE – System Architecture

  10. ACE Audit • Audit Local Files: Audit Manager periodically scans all files and compares stored digests with computed digests. • Assume valid hashes in database • Audit Local Manager: Manager computes round summary for each digest using that digest and its token. This is compared to value stored on the IMS. • Assume IMS returns valid summary information, do not trust hashes in database • IMS Audit: Round summaries are used to compute witness values. These are compared with offsite witness values. • Do not trust IMS, force IMS to prove its CSIs link to a witness

  11. Audit Manager • Downloadable, one or more per archive • Monitors local files • Simple Requirements • Java 1.6+ • Tomcat • MySQL • Managed by archivist/librarian after install • Monitor multiple collections on different architectures • Hides all the complexity you just saw!

  12. ACE Audit Manager • Dashboard for collection monitoring

  13. Logging • All events logged • Files offline, corrupt, re-available • Audit times, last seen

  14. Error Reporting View all files that are not perfectly intact Remove files from monitoring. View events associated with files

  15. Audit Manager Features • Compare collections to hash list • Same/different names, same/differing digests • Export collection details • Hash export, wget crawl export • JSON interface for embedding statistics in 3rd party websites • Gateway to data

  16. Fun with hashes • Ensure everything was uploaded • Accepts a bag-it style manifest (hash + path) • Extract all the duplicates • More exist than you think • Ensure collection replicas are complete • Locate renamed files

  17. Performance • Audit Manager (1.1beta3) • 1.25 million false digests (no bytes read) • Registration: 3h, 6m (112 files/s) • Audit: 1h, 15m (277 files/s) • 1.25 million false data files (1.25Tb data) • Registration: 5h, 7m (67.8 files/s, 67.8MBytes/s) • Audit: 4h, 30m (77.2 files/s, 77.2MBytes/s) • In practice, bottleneck tends to occur at archival resource, not AM.

  18. Chronopolis test • Three sites • UMD, NCAR, SDSC • Three ACE AM installations • Independent monitoring at all sites • 30 day audit policy • Over 17Tb and 5.5 million files

  19. Chronopolis Test

  20. ACE Summary • High performance, Scalable • 3rd party auditable • Version 1.0 publically available • Support for local files, SRB, iRODS • http://adapt.umiacs.umd.edu/ace • Standalone client available

More Related