cepheus a new encrypted file system with group sharing
play

Cepheus: A New Encrypted File System with Group Sharing and - PowerPoint PPT Presentation

Aug 19, 2022 •468 likes •596 views

Cepheus: A New Encrypted File System with Group Sharing and Integrity Protection Kevin Fu Course VI-3A April 26, 1999 On-Campus Thesis Advisor: Ron Rivest Bellcore Company Supervisor: S. Rajagopalan 4/26/99 Cepheus: The Cryptographic

  1. Cepheus: A New Encrypted File System with Group Sharing and Integrity Protection Kevin Fu Course VI-3A April 26, 1999 On-Campus Thesis Advisor: Ron Rivest Bellcore Company Supervisor: S. Rajagopalan 4/26/99 Cepheus: The Cryptographic Storage File System 1

  2. What is Cepheus? • Confidentiality and integrity protection of data stored on a network file system • Securely maintain UNIX semantics (file sharing, random access) • NFS drop-in replacement 4/26/99 Cepheus: The Cryptographic Storage File System 2

  3. Key Problems for Secure Storage • Problems: – Manual encryption cumbersome – Protection against malicious system administrators • Solution: Encrypt stored data • Side effects: – Loss of random access to data – No guarantee of integrity 4/26/99 Cepheus: The Cryptographic Storage File System 3

  4. Client-Side User Agent •Encryption/decryption •Integrity check Client Daemon •Cache per user agent •Delayed-write-encryption policy for caching •Delayed re-encryption for distributed re-encryption 4/26/99 Cepheus: The Cryptographic Storage File System 4

  5. Server-Side File Server •Encrypted storage •Hash tree structure beneath the inode for integrity Authentication Server •Key distribution •Key recovery 4/26/99 Cepheus: The Cryptographic Storage File System 5

  6. File Structures 4/26/99 Cepheus: The Cryptographic Storage File System 6

  7. O(1) Sequential Read of a Block • If block not cached, CD obtains ciphertext block from SD • If block not decrypted, request UA to decrypt • If hash path unauthenticated, compute hashes and AICF 4/26/99 Cepheus: The Cryptographic Storage File System 7

  8. Writes O(log n) • CD writes plaintext block to cache, not SD • When cache flushed: – Compute hash paths of dirty blocks. – Compute AICF – Write changed hash paths and AICF to SD – Encrypt, send to SD. 4/26/99 Cepheus: The Cryptographic Storage File System 8

  9. Integrity Failures • When an integrity check fails, the client daemon refuses to serve the file (returns NFS_ERR_IO) • User agent notified of integrity check failure • Can attempt recovery of file via user agent 4/26/99 Cepheus: The Cryptographic Storage File System 9

  10. Performance Results Read NFS Integrity Confidentiality Write 0 50 100 Time (ms) 4/26/99 Cepheus: The Cryptographic Storage File System 10

  11. Conclusions • Provides efficient random access to confidential, integrity-protected data • Enables secure group sharing • Uses a well-understood file system interface • Surveys a wide range of cryptographic storage file systems 4/26/99 Cepheus: The Cryptographic Storage File System 11

  12. Anticipated Q/A 4/26/99 Cepheus: The Cryptographic Storage File System 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Metal A Metadata-Hiding File-Sharing System Weikeng Chen Raluca Ada Popa UC Berkeley

Metal A Metadata-Hiding File-Sharing System Weikeng Chen Raluca Ada Popa UC Berkeley

Metal A Metadata-Hiding File-Sharing System Weikeng Chen Raluca Ada Popa UC Berkeley End-to-end encrypted file sharing Academia: DepSky, M-Aegis, Mylar, Plutus, ShadowCrypt, Sieve, SiRiUS Industry: Encryption is not enough: Metadata still

1.17k views • 45 slides
The Distributed File System (DFS) The sharing of stored information is perhaps the most important

The Distributed File System (DFS) The sharing of stored information is perhaps the most important

The Distributed File System (DFS) The sharing of stored information is perhaps the most important aspect of distributed resource sharing Introducing DFSs The design of large-scale wide-area read-write file storage systems poses problems of

1k views • 21 slides
File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System

File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System

File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System Performance Controlled Sharing Convenience: naming Reliability File System Workload File sizes Are most files small or large?

996 views • 62 slides
DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A.

DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A.

DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A. Gondree, and Zachary N. J. Peterson. In NDSS'15 Presented by Fengwei Zhang Wayne State University CSC 6991 Advanced Computer Security 1

576 views • 21 slides
DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A.

DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A.

DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A. Gondree, and Zachary N. J. Peterson. In NDSS'15 Presented by Fengwei Zhang Wayne State University CSC 6991 Topics in Computer Security 1

695 views • 20 slides
DEFY: A Deniable, Encrypted File System for Log Structured Storage WRITTEN BY: PRESENTED BY:

DEFY: A Deniable, Encrypted File System for Log Structured Storage WRITTEN BY: PRESENTED BY:

DEFY: A Deniable, Encrypted File System for Log Structured Storage WRITTEN BY: PRESENTED BY: TIMOTHY PETERS NICHOLAS BURTON MARK GONDREE ZACHARY PETERSON What is encryption? Why hide encryption? Previous Work on the Matter u Anderson and

550 views • 39 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest

Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest

Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest (i.e., on disk) Even if the media is lost or stolen Protecting confidentiality of in-memory data much harder Continue using file system features

227 views • 19 slides
Chapter 11: File-System Interface File Concept Access Methods Directory Structure

Chapter 11: File-System Interface File Concept Access Methods Directory Structure

Chapter 11: File-System Interface File Concept Access Methods Directory Structure File System Mounting File Sharing Protection Operating System Concepts Silberschatz, Galvin and Gagne 2002 11.1 File Concept

387 views • 15 slides
Designing an NFS-based Mobile Distributed File System for Ephemeral Sharing in Proximity Networks

Designing an NFS-based Mobile Distributed File System for Ephemeral Sharing in Proximity Networks

Designing an NFS-based Mobile Distributed File System for Ephemeral Sharing in Proximity Networks Nikolaos Michalakis Dimitris Kalofonos Computer Science Department Pervasive Computing Group (PCG) New York University, New York, NY Nokia

609 views • 19 slides
Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical Order-Revealing Encryption Nate Chenette ICERM conference on Encrypted Search June 12, 2019 Project Background Baffle Inc. https://baffle.io/

407 views • 23 slides
= i P max n yh ( y ) dy u ( Q ) c ( Q )

= i P max n yh ( y ) dy u ( Q ) c ( Q )

Contents A public good model for p2p An Asymptotically Optimal Scheme Simple contribution policies with exclusions for P2P File Sharing An application to file sharing heterogeneous file popularity stability Panayotis

460 views • 5 slides
Chapter 12: File System Implementation File System Structure File System Implementation

Chapter 12: File System Implementation File System Structure File System Implementation

Chapter 12: File System Implementation File System Structure File System Implementation Directory Implementation Allocation Methods Free-Space Management Efficiency and Performance Recovery Log-Structured File Systems

492 views • 47 slides
~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE SYSTEM MOUNTING PROTECTION EXTERNAL VIEW OF THE FILE MANAGER FILE MANAGEMENT FILE, IS A NAMED AND ORDERED COLLECTION OF INFORMATION COMPUTER SHOULD

341 views • 33 slides
LinShare project version 0.8 File sharing and vault application RMLL 2010 Slideshow LinShare

LinShare project version 0.8 File sharing and vault application RMLL 2010 Slideshow LinShare

LinShare project version 0.8 File sharing and vault application RMLL 2010 Slideshow LinShare project LinShare uses : File sharing - Big files support - Enterprise directory support - Group management - Electronic signature (embedded and

363 views • 17 slides
Central philosophy of the work Making Gnutella-like P2P File-sharing is a dominant P2P

Central philosophy of the work Making Gnutella-like P2P File-sharing is a dominant P2P

Central philosophy of the work Making Gnutella-like P2P File-sharing is a dominant P2P application Systems Scalable DHTs might not be suitable for file-sharing Gnutellas design Presented by: Karthik Lakshminarayanan

393 views • 5 slides
Integrity checking for combined databases Davide Martinenghi Computer Science, building 42.1

Integrity checking for combined databases Davide Martinenghi Computer Science, building 42.1

CoLogNET Workshop on Logic-Based Methods for Information Integration - 23 August 2003 Integrity checking for combined databases Davide Martinenghi Computer Science, building 42.1 Roskilde University Universitetsvej 1 P.O. Box 260 DK-4000

496 views • 15 slides
Dealing with Academic Integrity Violations - TA Training Please form a group of 4 people Dr.

Dealing with Academic Integrity Violations - TA Training Please form a group of 4 people Dr.

Dealing with Academic Integrity Violations - TA Training Please form a group of 4 people Dr. Emad Jassim Assistant Dean - College of Engineering - 206 Engineering Hall jassim@Illinois.edu TA Training

740 views • 36 slides
Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh,

Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh,

Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology New Security Challenges Current computer

411 views • 26 slides
Run-time firmware integrity verification: what if you cant trust your network card?

Run-time firmware integrity verification: what if you cant trust your network card?

Run-time firmware integrity verification: what if you cant trust your network card? International Symposium on Recent Advances in Intrusion Detection Menlo Park, September 2011 Loc Duflot, Yves-Alexis Perez, Benjamin Morin ANSSI French

627 views • 37 slides
L o g g ing Syste m fo r L o ng - life time Da ta Va lida tio n Ying di Yu UCL A 1 L

L o g g ing Syste m fo r L o ng - life time Da ta Va lida tio n Ying di Yu UCL A 1 L

L o g g ing Syste m fo r L o ng - life time Da ta Va lida tio n Ying di Yu UCL A 1 L ife time o f da ta vs. sig ning ke y L ife time o f a da ta pa c ke t de pe nds o n da ta usa g e ma y e xist fo r a lo ng time

498 views • 46 slides
Sig ignal In Integrity Checks Ba Babak Abi 30 August 2018 1 DPM Design simply includes :

Sig ignal In Integrity Checks Ba Babak Abi 30 August 2018 1 DPM Design simply includes :

DPM Status update Sig ignal In Integrity Checks Ba Babak Abi 30 August 2018 1 DPM Design simply includes : ZYNQ: XCZU15EG-1FFVB1156E samtec M2 NMVe DDR4 : MT40A1G16WBU-083(twin die) in two separate banks 1. 4x DDR4 (8 GB)

369 views • 23 slides
CSCI 127 Introduction to Database Systems Integrity Constraints and Functional Dependencies

CSCI 127 Introduction to Database Systems Integrity Constraints and Functional Dependencies

CSCI 127 Introduction to Database Systems Integrity Constraints and Functional Dependencies CSCI 127: Introduction to Database Systems Integrity Constraints Purpose: Prevent semantic inconsistencies in data total savings + checking

1.01k views • 64 slides
1st Graduate Students Conference Computer Science Department October 25th, 2019 PhD Candidate

1st Graduate Students Conference Computer Science Department October 25th, 2019 PhD Candidate

Senior Software Security Engineer sad Sphynx Technology Solutions AG (CH,CY) Email: smyrlis@sphynx.ch 1st Graduate Students Conference Computer Science Department October 25th, 2019 PhD Candidate School of Mathematics, Computer Science and

923 views • 32 slides

More recommend