SLIDE 1
Custos A Flexibly Secure Key-Value Storage Platform Andy Sayler - - PowerPoint PPT Presentation
Custos A Flexibly Secure Key-Value Storage Platform Andy Sayler - - PowerPoint PPT Presentation
Custos A Flexibly Secure Key-Value Storage Platform Andy Sayler www.andysayler.com University of Colorado, Boulder Masters of Science Computer Science Trust Who do we trust with our data? Today... Feature Provider Features Feature
SLIDE 2
SLIDE 3
Who do we trust with our data?
SLIDE 4
Today...
SLIDE 5
SLIDE 6
SLIDE 7
Feature Provider
Features
SLIDE 8
Feature Provider
Features Trust
SLIDE 9
Feature Provider
Features User Data Trust
SLIDE 10
Feature Provider
User Data Unrestricted Access Trust Features
SLIDE 11
Conflicts of Interest Lack of Control Absence of Oversight
SLIDE 12
So you don’t use cloud services...
SLIDE 13
SLIDE 14
SLIDE 15
SLIDE 16
SLIDE 17
SLIDE 18
How can we control and protect our data?
SLIDE 19
Encryption
SLIDE 20
TXkgU2VjcmV0 “My Secret” Encrypt Decrypt
SLIDE 21
How does it help us?
SLIDE 22
SLIDE 23
X
SLIDE 24
But what about the keys?
SLIDE 25
X
?
SLIDE 26
X
SLIDE 27
SLIDE 28
Key Management Challenges
SLIDE 29
Multi-Device Sync
SLIDE 30
SLIDE 31
SLIDE 32
SLIDE 33
SLIDE 34
SLIDE 35
SLIDE 36
X
SLIDE 37
Out-of-Band Sharing
SLIDE 38
SLIDE 39
SLIDE 40
SLIDE 41
SLIDE 42
SLIDE 43
X
SLIDE 44
Autonomous Access
SLIDE 45
SLIDE 46
SLIDE 47
SLIDE 48
SLIDE 49
X X
SLIDE 50
The Cloud
SLIDE 51
Feature Provider
User Data Unrestricted Access Trust Features
SLIDE 52
Feature Provider
Features Encrypted User Data
SLIDE 53
Feature Provider
No Access Features Encrypted User Data
X
SLIDE 54
Feature Provider
No Access Encrypted User Data
X
SLIDE 55
Encryption is broken
SLIDE 56
Lack of key access
SLIDE 57
X
SLIDE 58
X
SLIDE 59
Feature Provider
No Access Features Encrypted User Data
X
SLIDE 60
Lack of flexibility
SLIDE 61
X X
SLIDE 62
Security Accessibility
SLIDE 63
Security Accessibility Traditional Encryption Systems Fixed Point
SLIDE 64
Ill-suited for Modern Application Difficult to Use Doesn’t Solve the Real Problem
SLIDE 65
Encryption is broken
SLIDE 66
Encryption is fine
SLIDE 67
Encryption is fine Key storage is broken
SLIDE 68
To fix key storage...
SLIDE 69
Flexibility Centralization
SLIDE 70
Flexibility
SLIDE 71
Security Accessibility Flexible Encryption Systems Flexible Points
SLIDE 72
X X
SLIDE 73
SLIDE 74
Centralization
SLIDE 75
Feature Provider
User Data Trust Features Unrestricted Access
SLIDE 76
Feature Provider
Trust Features User Data
SLIDE 77
Feature Provider
Trust Features
Trust Provider
User Data
SLIDE 78
Feature Provider
Encrypted User Data Trust Features
Trust Provider
Encryption Keys
SLIDE 79
Feature Provider
Encrypted User Data Trust Features
Trust Provider
Encryption Keys Controlled Access
SLIDE 80
Feature Provider
Encrypted User Data Controlled Access By Proxy Trust Features
Trust Provider
Encryption Keys Controlled Access
SLIDE 81
Feature Provider
Encrypted User Data Trust Features
Trust Provider
Encryption Keys Controlled Access
Data Host
SLIDE 82
Custos
SLIDE 83
“Secret Storage as a Service”
SLIDE 84
“Key Storage as a Service”
SLIDE 85
Central Key:Value Storage Flexible Access Control Access Auditing
SLIDE 86
Custos Server
SLIDE 87
Custos Server
Key:Value Store
SLIDE 88
Custos Server
Key:Value Store Management Subsystem Auditing Subsystem Data Subsystem
SLIDE 89
Custos Server
Authentication Subsystem Key:Value Store Management Subsystem Auditing Subsystem Data Subsystem
SLIDE 90
Custos Server
Authentication Subsystem Key:Value Store Management Subsystem Auditing Subsystem Data Subsystem
Auth Plugins
SLIDE 91
Custos Server
Access Control Subsystem Authentication Subsystem Key:Value Store Management Subsystem Auditing Subsystem Data Subsystem
Auth Plugins
SLIDE 92
Custos Server
API Access Control Subsystem Authentication Subsystem Key:Value Store Management Subsystem Auditing Subsystem Data Subsystem
Auth Plugins
SLIDE 93
Custos Server System A
Application Custos API
System B
Application Custos API API
System C
Application Custos API Access Control Subsystem SSL Authentication Subsystem Key:Value Store Management Subsystem Auditing Subsystem Data Subsystem
Auth Plugins
SLIDE 94
Application Domains
SLIDE 95
File Systems
SLIDE 96
Encrypted File System
System B System A
Encrypted File System Local Key Store Msg A Doc B Msg A Doc B Local Key Store Alice Bob
X
Mail Daemon
Password Auth Trusted Collaborators
X
Password Auth Password Auth
X
Networked or Cloud File System
SLIDE 97
Encrypted File System
System B System A
Encrypted File System Networked or Cloud File System Msg A Doc B Msg A Doc B Alice Bob Mail Daemon
Trusted Collaborators Password Auth P a s s w
- r
d A u t h
Trust Provider
Custos Key Store
Contextual Auth
SLIDE 98
Data Centers
SLIDE 99
VM Instance A
SSH Users Server User
SSH Login Server Verification
SLIDE 100
SSH Users
VM Instance A
SSH Users Server User
SSH Login
Destroy
VM Instance A
Server
Server Verification
SLIDE 101
SSH Users
VM Instance A
SSH Users Server User
SSH Login
Destroy
VM Instance A
Server
VM Instance B
SSH Users Server Create
?
User
Server Verification SSH Login Server Verification
X X
SLIDE 102
VM Instance A
SSH User
SSH Login
Users
Server Verification
Custos Key Store
Key Access
Server Custos Client
SLIDE 103
SSH
VM Instance A
SSH User
SSH Login
Destroy
VM Instance A
Custos Client Users
Server Verification
Custos Key Store
Key Access
Server Custos Client
SLIDE 104
SSH
VM Instance A
SSH User
SSH Login
Destroy
VM Instance A
Custos Client
VM Instance B
SSH Users Create User
Server Verification SSH Login Server Verification
Custos Key Store
Key Access
Server Custos Client
Key Access
Custos Client
SLIDE 105
Password Management Personal Data Storage ...
SLIDE 106
Custos Design
SLIDE 107
Organizational Units
SLIDE 108
Server
SLIDE 109
Group A Group B
Server
SLIDE 110
Group A
Object 1
Server
Object 2 Object 3
Group B
Object 4 Object 5 Object 6
SLIDE 111
Group A
Object 1
Server
Object 2 Object 3
Key Value Key Value Key Value
Group B
Object 4 Object 5 Object 6
Key Value Key Value Key Value
SLIDE 112
Group A
Object 1
Server
Object 2 Object 3
ACS Key Value Key Value Key Value ACS ACS ACS ACS
Group B
Object 4 Object 5 Object 6
ACS Key Value Key Value Key Value ACS ACS ACS
SLIDE 113
Access Control Specification (ACS)
SLIDE 114
Organizational Unit (OU)
SLIDE 115
Access Control Specification (ACS)
Organizational Unit (OU)
SLIDE 116
Access Control Specification (ACS)
Organizational Unit (OU)
Permission A
SLIDE 117
Access Control Specification (ACS)
Organizational Unit (OU)
Permission A
Access Control Chain
SLIDE 118
Access Control Specification (ACS)
Organizational Unit (OU)
Permission A
Access Control Chain Auth Attribute Auth Attribute Auth Attribute
SLIDE 119
Access Control Specification (ACS)
Key:Value Object
Permission A
Access Control Chain Auth Attribute Auth Attribute Auth Attribute
SLIDE 120
Access Control Specification (ACS)
Key:Value Object
Read Permission
Access Control Chain Auth Attribute Auth Attribute Auth Attribute
SLIDE 121
Access Control Specification (ACS)
Key:Value Object
Read Permission
Access Control Chain Username IP Address Password
SLIDE 122
Access Control Specification (ACS)
Key:Value Object
Read Permission
Access Control Chain
Update Perm.
Access Control Chain IP Address Username Username IP Address Password
SLIDE 123
Access Control Specification (ACS)
Key:Value Object
Read Permission
Access Control Chain Access Control Chain Username User Cert
Update Perm.
Access Control Chain IP Address Username Username IP Address Password
SLIDE 124
Permissions
SLIDE 125
Server
SLIDE 126
Group
SLIDE 127
Object
SLIDE 128
Access Control Chain
SLIDE 129
Ordered List of Authentication Attributes
SLIDE 130
[ [ (username = ’Andy’), (password = ’12345’), (src_ip = 192.168.1.0/24) ] ]
SLIDE 131
Multiple Lists per Permission
SLIDE 132
[ [ (username = ’Andy’), (password = ’12345’), (src_ip = 192.168.1.0/24) ], [ (username = ’Andy’), (password = ’12345’), (src_ip = 75.148.118.216/29) ], [ (username = ’John’), (password = ’Swordfish’) ] ]
SLIDE 133
SLIDE 134
Authentication Attributes
SLIDE 135
Plugins
SLIDE 136
Explicit ip_src user_agent auth_type auth_value time_utc ... Implicit user_id psk psk_sha256 ...
SLIDE 137
Access Example
SLIDE 138
619a06f0-50af-11e3-8f96-0800200c9a66 ACS {
- bj_read:
[ [ (ip\_src = ’1.2.3.4’), (time\_utc = ’1300 +/- 5’) ], [ (user\_id = ’Dirk’), (psk = ’ImaHakzor’) ] ... ] ... }
SLIDE 139
Daemon Access
SLIDE 140
Server
Daemon Process Encrypted File System Custos API
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification Access Control Encryption Key Store
SLIDE 141
Request: 619a06f0-50af-11e3-8f96-0800200c9a66 Authentication Attributes: (ip_src = ‘1.2.3.4’) (time_utc = ‘1303’)
SLIDE 142
Server
Daemon Process Encrypted File System Custos API
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification Access Control Encryption Key Store
SLIDE 143
Server
Daemon Process Encrypted File System Custos API
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification Access Control Encryption Key Store
SLIDE 144
{
- bj_read:
[ [ (ip\_src = ’1.2.3.4’), (time\_utc = ’1300 +/- 5’) ], [ (user\_id = ’Dirk’), (psk = ’ImaHakzor’) ] ... ] ... }
SLIDE 145
Server
Daemon Process Encrypted File System Custos API
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification Access Control Encryption Key Store
SLIDE 146
Request: 619a06f0-50af-11e3-8f96-0800200c9a66 Authentication Attributes: (ip_src = ‘1.2.3.4’) (time_utc = ‘1303’)
SLIDE 147
Server
Daemon Process Encrypted File System Custos API
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification Access Control Encryption Key Store
SLIDE 148
Server
Daemon Process Encrypted File System Custos API
Custos Server
API Encryption Key Store Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification Access Control
SLIDE 149
User Access
SLIDE 150
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification
Laptop
Dirk Encrypted File System Custos API Access Control Encryption Key Store
SLIDE 151
Request: 619a06f0-50af-11e3-8f96-0800200c9a66 Authentication Attributes: user_id = Dirk (ip_src = ‘1.2.3.4’) (time_utc = ‘1133’)
SLIDE 152
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification
Laptop
Dirk Encrypted File System Custos API Access Control Encryption Key Store
SLIDE 153
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification
Laptop
Dirk Encrypted File System Custos API Access Control Encryption Key Store
SLIDE 154
{
- bj_read:
[ [ (ip\_src = ’1.2.3.4’), (time\_utc = ’1300 +/- 5’) ], [ (user\_id = ’Dirk’), (psk = ’ImaHakzor’) ] ... ] ... }
SLIDE 155
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification
Laptop
Dirk Encrypted File System Custos API Access Control Encryption Key Store
SLIDE 156
Request: 619a06f0-50af-11e3-8f96-0800200c9a66 Authentication Attributes: user_id = Dirk (ip_src = ‘1.2.3.4’) (time_utc = ‘1133’)
SLIDE 157
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification
Laptop
Dirk Encrypted File System Custos API Access Control Encryption Key Store
SLIDE 158
{
- bj_read:
[ [ (ip\_src = ’1.2.3.4’), (time\_utc = ’1300 +/- 5’) ], [ (user\_id = ’Dirk’), (psk = ’ImaHakzor’) ] ... ] ... }
SLIDE 159
Request: 619a06f0-50af-11e3-8f96-0800200c9a66 Authentication Attributes: user_id = ‘Dirk’ psk = ‘ImaHackzor’ (ip_src = ‘1.2.3.4’) (time_utc = ‘1133’)
SLIDE 160
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification
Laptop
Dirk Encrypted File System Custos API Access Control Encryption Key Store
SLIDE 161
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification
Laptop
Dirk Encrypted File System Custos API Access Control Encryption Key Store
SLIDE 162
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification
Laptop
Dirk Encrypted File System Custos API Access Control Encryption Key Store
SLIDE 163
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification
Laptop
Dirk Encrypted File System Custos API Access Control Encryption Key Store
SLIDE 164
Custos Server
API Authentication Attributes Source IP Verification Time Verification User ID Verification PSK Verification
Laptop
Dirk Encrypted File System Custos API Access Control Encryption Key Store
SLIDE 165
API
SLIDE 166
RESTful
SLIDE 167
SLIDE 168
Prototype
SLIDE 169
Custos Server
API Access Control Subsystem Authentication Subsystem Key:Value Store Management Subsystem Auditing Subsystem Data Subsystem
Auth Plugins
SLIDE 170
Custos Server System A
Application Custos API
System B
Application Custos API API
System C
Application Custos API Access Control Subsystem SSL Authentication Subsystem Key:Value Store Management Subsystem Auditing Subsystem Data Subsystem
Auth Plugins
SLIDE 171
Base Filesystem (ext4) EncFS (fuse)
File (Encrypted) [On Disk] libcustos
- penSSL
encrypt decrypt File (Decrypted) [In Memory]
User Custos Server
User’s Computer Trust Provider
write read write read Enc Key Enc Key ACS ACS
SLIDE 172
“Banking” Website User Custos Server
Corporate Server Trust Provider
SSN UUID
Web Browser
ACS ACS User Data User Data requests flask Data Fields
SLIDE 173
Custos Management Interface
requests
User Custos Server
Trust Provider
Web Browser
flask OU Query Enc Key Enc Key ACS ACS
Management Server
ACS ACS User Data User Data
SLIDE 174
Future Work
SLIDE 175
Expand Prototypes Usability Studies Distributed Usage ...
SLIDE 176
Conclusion
SLIDE 177
Attempt to solve the Key Storage Problem
SLIDE 178
Provides a Secret Storage Service
SLIDE 179
With... Flexible Authentication Powerful Access Control Standardized Interface
SLIDE 180
Making Encryption... Tolerant of Modern Uses Cases Easier to Use Better at Protecting Our Data
SLIDE 181
Questions
SLIDE 182
Extra Slides
SLIDE 183
Avoiding a Trusted Third Party
SLIDE 184
Shamir’s Secret Sharing
SLIDE 185
Provider D Provider C Provider B
Custos Key Store
Provider A
Custos Key Store Custos Key Store Custos Key Store Private Key Client Application Private Key Attacker
?
SLIDE 186
Full Stack File Systems
SLIDE 187
System B System A
Msg A Doc B Msg A Doc B Alice Bob Mail Daemon
Trusted Collaborators
Cloud Storage Service
X
Distributed Encrypted File System (with Internal Key Store) Out-of-Band Sharing
X X
Password Auth Password Auth Password Auth
SLIDE 188
Password Auth
System B System A
Msg A Doc B Msg A Doc B Alice Bob Mail Daemon
Trusted Collaborators
Cloud Storage Service Distributed Encrypted File System Out-of-Band Sharing
Contextual Auth
Trust Provider
Custos Key Store
P a s s w
- r
d A u t h
SLIDE 189
Example “Create” API Call
SLIDE 190
Authentication Attributes (JSON) [ { "Class": "explicit", "Type": "user_id", "Value": "YXNheWxlcgA=", "Echo": true }, { "Class": "explicit", "Type": "psk", "Value": "TXlPYmplY3RDcmVhdGlvblBhc3N3b3JkA A==", "Echo": false } ]
SLIDE 191
Request URL POST https://custos.net/grp/cc4273ae-4e1e-11e3-90d4- 10bf487b3e94/obj?aa=%5B%20%7B%20%22Class%22%3A%20% 22explicit%22%2C%20%22Type%22%3A%20%22user_id%22%2C% 20%22Value%22%3A%20%22YXNheWxlcgA%3D%22%2C%20% 22Echo%22%3A%20true%20%7D%2C%20%7B%20%22Class%22%3A% 20%22explicit%22%2C%20%22Type%22%3A%20%22psk%22%2C% 20%22Value%22%3A%20% 22TXlPYmplY3RDcmVhdGlvblBhc3N3b3JkAA%3D%3D%22%2C%20% 22Echo%22%3A%20false%20%7D%20%5D
SLIDE 192
Request Body (JSON) { "Keys": [ { "Value": "VHdhcyBicmlsbGlnLC BhbmQgdGhlIHNsaXRo eSB0b3ZlczsgRGlkIG d5cmUgYW5kIGdpbWJs ZSBpbiB0aGUgd2FiZQ A=", "Echo": true } ], ...
SLIDE 193
Request Body (JSON) - Continued ... "ACSs": [ { "Permissions": { "obj_delete": null, "obj_read": [ [ { "Class": "explicit", "Type": "user_id", "Value": "YXNheWxlcgA=", "Echo": true } ] ] ...
SLIDE 194
Response (JSON) { "Status": "okay", "Keys": [ { "Value":"VHdhcyBicmlsbGlnLC BhbmQgdGhlIHNsaXRo eSB0b3ZlczsgRGlkIG d5cmUgYW5kIGdpbWJs ZSBpbiB0aGUgd2FiZQ A=", "Echo": true, "Revision": 0, "UUID": "7af8c95d-479a...", "Status": "accepted" } ], ...
SLIDE 195
Response (JSON) - Continued ... "ACSs": [ { "Permissions": { "obj_delete": null, "obj_read": [ [ ... ] ] ... }, "Echo": true, "Status": "accepted" } ], ...
SLIDE 196
Response (JSON) - Continued ... "Attrs": [ { "Class": "explicit", "Type": "user_id", "Value": "YXNheWxlcgA=", "Echo": true, "Status": "accepted", "ResValue": null }, ...
SLIDE 197
Filesystem References Kubiatowicz, et. al. OceanStore. ASN 2000. Kallahalla, et. al. Platus. FST 2003. Wilcox-O’Hearn, et. al. Tahoe. SSS 2008. Mahajan, et. al. Depot. TCS 2011. Geambasu, et. al. Keypad. EuroSys 2011.
SLIDE 198
Usability References Whitten & Tygar. Why Johnny Can’t
- Encrypt. USENIX Security. 1999
- Anderson. Why information security is hard.
- CSAC. 2001
- Furnell. Usability versus Complexity.
Network Security. 2010
SLIDE 199
Crypto References Diffie & Hellman. New directions in
- cryptography. IEEE Trans. on IT. 1976
- Shamir. How to share a secret.
Comm ACM. 1979.
- Schneider. Applied Cryptography. 1996