Secure Content Distribution Using Untrusted Servers Kevin Fu
Total Page:16
File Type:pdf, Size:1020Kb
Secure content distribution using untrusted servers Kevin Fu MIT Computer Science and Artificial Intelligence Lab in collaboration with M. Frans Kaashoek (MIT), Mahesh Kallahalla (DoCoMo Labs), Seny Kamara (JHU), Yoshi Kohno (UCSD), David Mazières (NYU), Raj Rajagopalan (HP Labs), Ron Rivest (MIT), Ram Swaminathan (HP Labs) For Peter Szolovits slide #1 January-April 2005 How do we distribute content? For Peter Szolovits slide #2 January-April 2005 We pay services For Peter Szolovits slide #3 January-April 2005 We coerce friends For Peter Szolovits slide #4 January-April 2005 We coerce friends For Peter Szolovits slide #4 January-April 2005 We enlist volunteers For Peter Szolovits slide #5 January-April 2005 Fast content distribution, so what’s left? • Clients want ◦ Authenticated content ◦ Example: software updates, virus scanners • Publishers want ◦ Access control ◦ Example: online newspapers But what if • Servers are untrusted • Malicious parties control the network For Peter Szolovits slide #6 January-April 2005 Taxonomy of content Content Many-writer Single-writer General purpose file systems Many-reader Single-reader Content distribution Personal storage Public Private For Peter Szolovits slide #7 January-April 2005 Framework • Publishers write➜ content, manage keys • Clients read/verify➜ content, trust publisher • Untrusted servers replicate➜ content • File system protects➜ data and metadata For Peter Szolovits slide #8 January-April 2005 Contributions • Authenticated content distribution SFSRO➜ ◦ Self-certifying File System Read-Only ◦ Public content distributed by untrusted servers • Decentralized access control ◦ Private content distributed by untrusted servers ◦ Efficient client eviction ◦ Efficient key distribution • Implementation and performance measurements For Peter Szolovits slide #9 January-April 2005 Contributions • Authenticated content distribution SFSRO➜ ◦ Self-certifying File System Read-Only ◦ Public content distributed by untrusted servers • Decentralized access control Chefs➜ ◦ Private content distributed by untrusted servers ◦ Efficient client eviction ◦ Efficient key distribution • Implementation and performance measurements For Peter Szolovits slide #9 January-April 2005 Contributions • Authenticated content distribution SFSRO➜ ◦ Self-certifying File System Read-Only ◦ Public content distributed by untrusted servers • Decentralized access control Chefs➜ ◦ Private content distributed by untrusted servers ◦ Efficient client eviction Lazy➜ revocation ◦ Efficient key distribution Key➜ regression • Implementation and performance measurements For Peter Szolovits slide #9 January-April 2005 Contributions • Authenticated content distribution SFSRO➜ ◦ Self-certifying File System Read-Only ◦ Public content distributed by untrusted servers • Decentralized access control Chefs➜ ◦ Private content distributed by untrusted servers ◦ Efficient client eviction Lazy➜ revocation ◦ Efficient key distribution Key➜ regression • Implementation and performance measurements It➜ works too! For Peter Szolovits slide #9 January-April 2005 SFSRO For Peter Szolovits slide #10 January-April 2005 SFSRO challenges How can we authenticate content and also • Provide incremental updates? • Authenticate partial downloads? • Scale servers to many clients? For Peter Szolovits slide #11 January-April 2005 Signed software packages: part of your complete breakfast For Peter Szolovits slide #12 January-April 2005 Signed software packages: part of your complete breakfast For Peter Szolovits slide #12 January-April 2005 Signed software packages: part of your complete breakfast • Authenticated For Peter Szolovits slide #12 January-April 2005 Signed software packages: part of your complete breakfast • Authenticated • No revocation ✘ • No incremental updates ✘ • No integrity of file collections ✘ For Peter Szolovits slide #12 January-April 2005 Is your collection of software authentic? 3dchess 3ddesktop 3dwm-clock 3dwm-csgclient 3dwm-geoclient 3dwm-pickclient 3dwm-server 3dwm-texclient 3dwm-vncclient 44bsd-rdist 6tunnel 9menu 9wm a2ps a2ps-perl-ja aa3d aalib-bin aalib1 aalib1-dev aap aap-doc aatv abc2ps abcde abcm2ps abcmidi abcmidi-yaps abicheck abntex abook aboot-base aboot-cross acct ace-of-penguins acfax acheck acheck-rules acheck-rules-fr achilles acidlab acidlab-doc acidlab-mysql acidlab-pgsql acidwarp ack aclock.app acm acm4 aconnectgui acorn-fdisk acovea acovea-results acpi acpid acs ada-mode ada-reference-manual adabrowse adacgi addresses-goodies-for-gnustep addresses.framework addressmanager.app addressview.framework adduser-ng adduser-ng-doc adduser-ng-doc-devel adduser-plugin-bkdinit adduser-plugin-cvsaccess adduser-plugin-eximconf adduser-plugin-eximconf4 adduser-plugin-notifyjabber adduser-plugin-quota adduser-ui-cdk adjtimex admesh adonthell adonthell-data adtool advi adzapper aee aegis aegis-doc aegis-tk aegis-virus-scanner aegis-web aegis3 aegis3-doc aegis3-tk aegis3-web aeromail aewm aewm++ aewm++-goodies af afbackup afbackup-client afbackup-common affiche affix affix-common affix-headers affix-source afio aft agenda.app aget aggregate agistudio agsync agsync-dev aiksaurus aime aime-doc aircrack airsnort airstrike airstrike-common aish akregator akregator-i18n akregator-konq-plugin akregator-kontact-plugin aladin alamin-client alamin-doc alamin-mysql alamin-server alamin-smpp albert alcovebook-sgml alcovebook-sgml-doc ale aleph aleph-dev aleph-doc aleph-emacs alevt alevtd alex alexandria alicq alien allegro-demo allegro-demo-data allegro-examples alleyoop alsa-modules-2.4-386 alsa-modules-2.4-586tsc alsa-modules-2.4-686 alsa-modules-2.4-686-smp alsa-modules-2.4-k6 alsa-modules-2.4-k7 alsa-modules-2.4-k7-smp alsa-modules-2.4.27-2-386 alsa-modules-2.4.27-2-586tsc alsa-modules-2.4.27-2-686 alsa-modules-2.4.27-2-686-smp alsa-modules-2.4.27-2-k6 alsa-modules-2.4.27-2-k7 alsa-modules-2.4.27-2-k7-smp alsa-oss alsamixergui altgcc am-utils am-utils-doc amanda-client amanda-common amanda-server amap amaterus amavis-stats amavisd-new amavisd-new-milter amaya amd amd64-libs amd64-libs-dev ami amiga-fdisk-cross amor amphetamine amphetamine-data ample amrita ams amsn amsynth an anacron analog anarchism and angband-doc animal-dev animal0 animals animals-game anjuta anjuta-common annodex-tools annoyance-filter annoyance-filter-doc ant-phone anteater anthy anthy-el antiword ao40tlmview aolserver aolserver-dev aolserver-doc aolserver-nscache aolserver-nsencrypt aolserver-nsopenssl aolserver-nspostgres aolserver-nssha1 aolserver-nsvhr ap-utils apachetop apcalc apcalc-common apcalc-dev apcd apel apg aplus-fsf aplus-fsf-dev aplus-fsf-doc aplus-fsf-el apmd apollon apoo appunti-informatica-libera aprsd aprsdigi apt-build apt-dpkg-ref apt-file apt-howto apt-howto-ca apt-howto-common apt-howto-de apt-howto-el apt-howto-en apt-howto-es apt-howto-fr apt-howto-it apt-howto-ja apt-howto-ko apt-howto-pl apt-howto-pt-br apt-howto-ru apt-howto-tr apt-listbugs apt-listchanges apt-move apt-rdepends apt-show-source apt-show-versions apt-spy apt-src apt-watch apt-zip aptconf aptitude aptitude-doc-cs aptitude-doc-en apwal aqmoney aqsis aqsis-libs aqsis-libs-dev arabtex aranym arc arch-buildpackage archivemail archway archzoom argus-client argus-server aria aribas arj ark arkhart arkrpg arla arla-dev arla-modules-source armagetron armagetron-common armagetron-server arpack++ arpd arping arptables arpwatch artist arts artwiz-cursor asc-music ascd ascdc ascii asciijump asclassic asclock asclock-themes ascpu asd4 asd4-clients ash asis-programs asiya24-vfont asmail asmem asmix asmixer asmon asmounter asn1-mode asp aspell-bn aspell-sl aspell-tl asr-manpages asterisk-chan-capi asterisk-prompt-de asterisk-prompt-fr astyle aswiki at at-spi at-spi-doc atanks atanks-data atari-fdisk-cross aterm aterm-ml atfs atfs-dev atftp atftpd athena-jot atitvout atlantik atlantik-dev atlas-doc atlas-test atlas2-3dnow atlas2-3dnow-dev atlas2-base atlas2-base-dev atlas2-headers atlas2-sse atlas2-sse-dev atlas2-sse2 atlas2-sse2-dev atlas3-3dnow atlas3-3dnow-dev atlas3-base atlas3-base-dev atlas3-doc atlas3-headers atlas3-sse atlas3-sse-dev atlas3-sse2 atlas3-sse2-dev atlas3-test atlc atlc-examples atm-dev atm-tools atom4 atool atop atp atris atsar aub auctex audacity audiolink audiooss august aumix aumix-gtk authbind auto-apt autobook autoclass autoconf autoconf-archive autoconf2.13 autodia autodns-dhcp autogen autoinstall autoinstall-common-source autoinstall-hppa autoinstall-i386 autolog automake1.4 automake1.6 automake1.7 automake1.8 autopilot autoproject autopsy autossh autotools-dev autotrace ava aview avr-libc avra avrp avrprog away awesfx awstats ax25-apps ax25-tools ax25-xtools ax25spyd axel axel-kapt axiom axiom-databases axiom-doc axiom-source axiom-test axiom-tex axkit axkit-examples axkit-language-htmldoc axkit-language-query axkit-xsp-webutils axp axyl axyl-doc axyl-lucene ayttm ayuda babygimp backup2l backupninja baken balsa bamboo bandersnatch bandersnatch-frontend barcode barrage base-files base-passwd bash3 bash3-doc basket bastet bastille battery-stats battfink battleball baycomepp baycomusb bb bbappconf bbdate bbdb bbkeys bblaunch bbmail bbpager bbpal bbppp bbsload bbtime bcc bchunk bclock bcm4400-source bcrypt bdfresize beancounter beast beav beaver beep beep-media-player beep-media-player-dev beepcore-c-dev beepcore-c0 beneath-a-steel-sky bf-utf-source bfbtester bfr bg5cc bg5ps bglibs-dev bglibs-doc bhl biabam bibclean bibcursed bibindex bible-kjv bible-kjv-text bibletime bibletime-i18n bibtex2html bibtool bibtool-dev bibview bicyclerepair bidentd bidiv biew biff big-cursor billard-gl billard-gl-data