CBL Servers We are taking care - PowerPoint PPT Presentation

liam
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
CBL Servers We are taking care PowerPoint Presentation
Download Presentation
CBL Servers We are taking care

play fullscreen
1 / 21
Download Presentation
CBL Servers We are taking care
175 Views
Download Presentation

CBL Servers We are taking care

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. What is this about ACB System CBL Servers We are taking care

  2. How users can join us • A user can download and launch ACBpoint application with just a single click from our Web server using Java Web Start Technology. • Anytime user can have access to the latest version of the application. • The user’s privacy is never compromised. • Java Web Start provides information about application’s origin based on certificates and gives to the user the possibility to check them. • Suppose that one of our system’s server is compromised. The administrator will make the appropriate changes and, next time when the user accesses the system, updates will be automatically downloaded. In this way the communication with a possible malicious server is eliminated.

  3. (user sends commitment to the server) Security in ACB System • ACBpoint user’s authorization and authenticationis achieved using Zero Knowledge Protocol. A user accesses ACB system for the first time, he will choose his own login and password, but this password will never be sent to the server, the user will just prove he knows it. Instead, his public keyy, computed like will be sent to the server and stored in the database. The sequence of exchanged messages in Zero Knowledge Protocol: Server accepts the user if The idea is similar to Schnorr’s signature. The power of the protocol is based on discrete logarithm problem. SHA-1 hash function is used. (server challenges the user) (user responds to the server’s challenge)

  4. Others security features • Transmitted files between users are encrypted using symmetric key cryptography, Triple DES algorithm. • Secure channels – using SSL sockets (Java TM Secure Socket Extension (JSSE)) • Secure channel between ACBpoint user and CBL server SSL socket with one way authentication (user must trust the CBL server) CBL servers have certificates from a Certificate Authority (www.thawte.com) and the user supposed to trust this CA. • Secure channel between CBL servers SSL socket with both way authentication (the servers from the system must trust each other)

  5. The Big Picture Server of user certificates & Billing register & Locator Server of user certificates & Billing register & Locator CBLs: (servers) Sockets (TCP/IP) Distributed database (Primary-Backup protocol) Sockets (TCP/IP) CBLcc: Administrators (updates) Web Site for advertisement & ACBpoint downloading Sockets (TCP/IP) User peer User peer User node (Out of the system) ACBpoints: (users) Direct communication (initiated by using the CBLs) Sockets (TCP/IP)

  6. Communication Own communication middleware • No overheads because of using a heavy middleware form a third party • Power and flexibility still present • The layer is more appropriate for our case then any other • No inheritance of bugs (we created ours )

  7. Communication – cont. Handler 1 Handler 2 Handler N User layer Type resolving and handlers invocation Server side only Fails detection and recovering Object-byte stream conversion Compression (GZIP) Security (SSL) Sockets (TCP/IP)

  8. High Availability • Guarantees certain profit to it’s owner and remains available for the users more than 99% of the time • It provides high availability to the services such as: • Registration • Publishing and Sharing • Searching • Billing • Viewing user’s account • High availability is achieved by data replication using Primary-Backup protocol • Requests are sent to the Primary or to a Backup – ensuring avoidance of bottleneck and overloading of the Primary. We are providing Load-Balancing in our system. • To Primary – registration/deletion of users, publishing, • sharing, sell transactions, billing, etc. • To Backup – the most resource dependent request (Searching); retrieving read-only data

  9. Guaranteed highly available services to the main system actors • Owners • Guaranteed profit • Providers • Guaranteed secured sharing of data and receiving correct amount of money for each download • Consumers • Guaranteed secured searching and paying correct amount of money after each download • Administrators • Guaranteed easy life 

  10. 6)Charging consumer, adding money to provider (+1% commission) Server (for billing) 7)Give the key 5)End Sell Transaction 3)Begin Sell Transaction 1)Request File 4)Send file (encrypted) 2)Encrypt file 8)Decrypt file Transaction Scheme

  11. Fault tolerance • The System provides correct service for the following types of failures (Transient, that arise under unlikely circumstances) • Link failures • Server failures What the client does, it reconnects to the next available server (backup). Most important, the user does not see them. They are detected early and masked. If there are no more available servers, the client shutdowns. Fail-Stop failure model in this case, in order to avoid incorrect operation. • Therefore, the following operations are fault tolerant • Searching • Sharing • Managing account • Billing. • We do not control peer behavior (a user can switch of his PC any time), so the operation Download is not fault tolerant.

  12. ACB System in real life • CBL – Servers (Primary/Backup) • ACBpoint – client applications • CBLcc – control centers • (3 JAR files!)

  13. CBL - server Logging for maintaining and debugging: Publishing (Sharing)… Searching…

  14. ACBpoint - client app. Sharing: Publishing (Sharing)… Searching…

  15. ACBpoint - client app. Searching…

  16. ACBpoint - client app. Downloading… Searching…

  17. ACBpoint - client app. Managing of the account: Publishing (Sharing)… Searching…

  18. CBLcc - control center Managing of the CBLs: Publishing (Sharing)… Control Center for administrators Manage Account… Searching…

  19. Demo Main goal: To show that our system can be deployed to life tomorrow! Solution: Extreme testing! Thousands of users exploit the system and in same time we are doing turn-on – turn-off, turn-on, turn-off…

  20. Questions? For any more detailed questions you can contact as: Alexander Stasiv: asta@ait.edu.gr Gergana Krumova: gkru@ait.edu.gr Lazar Adzigogov: ladz@ait.edu.gr Mariana Marin: mmar@ait.edu.gr Web site: http://www.andrew.cmu.edu/course/18-842/index.htm