Cryptree
This presentation is the property of its rightful owner.
Sponsored Links
1 / 25

Cryptree PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on
  • Presentation posted in: General

Cryptree. A Folder Tree Structure for Cryptographic File Systems. Dominik Grolimund, Luzius Meisser , Stefan Schmid, Roger Wattenhofer Computer Engineering and Networks Laboratory (TIK), ETH Zurich SRDS 06 October 3, Leeds, UK. D istributed C omputing G roup. Cryptree.

Download Presentation

Cryptree

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cryptree

Cryptree

A Folder Tree Structure forCryptographic File Systems

Dominik Grolimund, Luzius Meisser, Stefan Schmid, Roger Wattenhofer

Computer Engineering and Networks Laboratory (TIK), ETH Zurich

SRDS 06

October 3, Leeds, UK

DistributedComputing Group


Cryptree1

Cryptree

  • A key management scheme developed for Kangoo, our distributed file system

  • Manages encryption keys of files and folders

  • Leverages the file systems folder hierarchy to achieve intuitive semantics and efficiency


Outline

Outline

  • Motivation

  • Basics

  • Cryptree

  • Performance

  • Discussion


Motivation

Motivation

Kangoo: a large-scale distributed file system(comparable to OceanStore, Celeste, CFS…)

Problem: Enforcement & management of access rights on untrusted (but reliable) storage

  • We cannot trust the storage device to keep our data secret

  • Everything needs to be encrypted

  • We need a clever key management scheme


Motivation1

Motivation

Existing ideas:

  • Server enforces access rights  not feasible here

  • Classic Access Control List (CACL) Approach,found in systems like Plutus, SiRiUs, OceanStore (?)

  • Many papers about hierarchical key management in general,focus on crypographic aspects


Talk outline

Talk Outline

  • Motivation

  • Basics

  • Cryptree

  • Performance

  • Discussion


Basics access control with keys

Basics: Access Control with Keys

  • Read Access Control: Items are encrypted such that only legitimate accessors can decrypt them

  • Write Access Control: A sign/verify key pair is used to prove the legitimacy of write operations


Basics lazy revocation

Basics: Lazy Revocation

When someone loses access to an item, that item needs to be encrypted with a new key in order to prevent the former accessor to access the item in future.

Lazy revocation allows to postpone this (expensive) reencryption until the next update of the item.

 Better performance at the price of slightly lower security. An adversary and former accessor of an item could continue to access it if he has kept a copy of the encryption key. Without lazy revocation, he would have had to keep a copy of the item itself to do so.


Basics cacl approach

Basics: CACL-Approach

The classic, access-control-list based approach:

Bob

projects

sunset.jpg

alice

audio

jeep

.

jpg

cancun

trip

images

maya

.

jpg

egypt

Access control is managed for each item individually.To grant Bob access to an item, the access key is encrypted with Bobs public key and attached to that item.


Basics cacl approach1

Basics: CACL-Approach

Problems with CACL:

  • When granting u users access to f files, n*f access control list entries need to be created

  • On structural changes, access rights need to be adjusted or they will get scattered

  • No confidentiality of access rights


Outline1

Outline

  • Motivation

  • Basics

  • Cryptree

  • Performance

  • Discussion


Cryptree semantics

Cryptree: Semantics

Dynamic Inheritance of Access Rights

Downwards: full, recursive

Upwards: limited, ancestor names


Cryptree cryptographic links

Cryptree: Cryptographic Links

Knowing K1 and the link allows to derive K2

Symmetric Link: symmetric cryptography, requires knowledge of K1 to update

Asymmetric Link: asymmetric cryptography, K2 can be replaced without knowing K1 More flexible than symmetric link, but expensive


Cryptree read access

Cryptree: Read Access

Clearance Key, revealed to grant access

Subfolder Key  Subfolders

Files Key  Files in folder

Backlink Key

Data Key  Folder name


Cryptree read access1

Cryptree: Read Access

  • Benefits:

  • Grant recursive access by only revealing one key

  • Anonymous access, even writers do not need to know other accessors

  • Access rights are implicitely updated when structure changes


Cryptree read access2

Cryptree: Read Access

Whole read access structure


Write access cryptree

Write Access Cryptree

Similar to read access tree


Cryptree operations

Cryptree: Operations

When someone loses read access as a result of an operation, the involved items need to be reencrypted. We do this lazily on their next change (lazy revocation).


Outline2

Outline

  • Motivation

  • Basics

  • Cryptree

  • Evaluation

  • Discussion


Performance

Performance

Besides its semantical advantages, the Cryptree should also perform better than the CACL-Approach.

We wrote sandbox implementations of different approaches and let them perform a given set of operations.

Test set: 30‘000 files (avg. size 2.5 MB), 2‘500 folders, 1‘000‘000 operations (ordered by likelihood: read, create, delete, move, modify, grant access, revoke access, grant write access, revoke write access)


Performance1

Performance

Time spent for key management per operation


Performance2

Performance

Total processing time spent for cryptography per operation


Outline3

Outline

  • Motivation

  • Basics

  • Cryptree

  • Performance

  • Discussion


Discussion conclusions

Discussion: Conclusions

  • We have leveraged the file systems folder hierarchy for key management and achieved

  • Intuitive Access Control Semantics

  • Efficiency

  • Simplicity, no elaborate cryptographic knowledge required


Discussion questions

Discussion: Questions

?


  • Login