Metadata Issues in a Cryptographic File System

1
Metadata Issuesin aCryptographic File System

• David Bindel
• IRAM/ISTORE/OceanStore Retreat

2
Overview

• Untrusted infrastructure assumption
• Cryptography review
• Cryptography in storage systems
• Securing metadata
• ECFS
• Conclusions

3
Untrusted Infrastructure
Trust No One
4
Review Encryption

• Protect privacy of data on insecure channel
• Shared key
• Same key used to encrypt and decrypt
• Public key
• Mathematically related public and private keys
• Public key used to encrypt
• Private key used to decrypt

5
Signatures and MACs
Private Key
Document
Message Digest
Signature
Secure hash
Sign Algorithm

• Specify responsibility for document
• Depends on document prevent transfer
• Depends on private key prevent forgery
• Signatures verified using public key
• MACs verified using private key

6
Encrypting Storage

• Where to encrypt stored data?
• In file system
• In device driver
• Why not in user tools?
• Users make mistakes
• Its inconvenient
• Encryption should be transparent!

7
Cryptography and Permissions

• What policy are we enforcing?
• Conventional file systems support
• Read and write permissions
• Separate permissions for user, group, world
• More complicated permissions (eg AFS)
• Existing cryptographic file systems support
• All-or-nothing access

8
Protecting Metadata
/
private
usr
encrypted-flag
bin
journal
KFC-recipe
rsh
ssh

• Any new journal entries are public!

• Now running ssh is insecure!

rsh data
ssh data
9
Heirarchical Signatures
Metadata (uid, gid, ctime, ) usr, /usr
address etc, /etc address ...
/
, sign(/usr) , sign(/etc)
Metadata bin, /usr/bin address ...
/usr
, sign(/usr/bin data)
/etc ...
Metadata vi, /usr/bin/vi address ...
/usr/bin
, sign(/usr/bin/vi data)
Data block 0 of /usr/bin/vi
Metadata Index of block 0 Index of block 1 ...
, sign(data block 0) , sign(data block 1)
Replace with virus loader?
/usr/bin/vi
Data block 1 of /usr/bin/vi
10
Globally Unique IDs
Metadata (uid, gid, ctime, ) usr, /usr unique
ID etc, /etc unique ID ...
/
Metadata Unique ID for /usr bin, /usr/bin
unique ID ...
/usr
Sign(/ data)
/etc ...
Sign(/usr data)
Metadata Unique ID for /usr/bin vi, /usr/bin/vi
unique ID ...
Replace with data for /usr/bin/emacs?
/usr/bin
Replace with virus loader?
Sign(/usr/bin data)
Metadata Unique ID for /usr/bin/vi Index of block
0 Index of block 1 ...
Data block 0 of /usr/bin/vi
Sign(/usr/bin/vi ID, 0, data in block)
/usr/bin/vi
(v 5.0)
Data block 1 of /usr/bin/vi
Sign(/usr/bin/vi ID, 0, data in block)
Sign(/usr/bin/vi data above)
Replace with data block 1 (v 4.0)?
11
ECFS

• Extended version of CFS
• Class project for architecture and systems
• David Bindel, Monica Chew, Chris Wells
• Goal Support more flexible permissions
• Allow public data (eg .forward files)
• Protect integrity using MACs

12
ECFS Architecture
User Application
Plaintext No MACs
Kernel NFS client
ECFS daemon
Ciphertext MACs
Kernel file system client
Underlying filesystem
Metadata database
13
ECFS Lessons

• Signatures can be integrated into the FS
• Handling metadata right is tricky!
• A cryptographic layer is awkward
• Support should be built in from outset

14
Back to OceanStore

• OceanStore supports more general lookup
  structures than directory tree
• Conflict resolution interacts with security in
  potentially subtle ways
• Lots of other subtle issues come up
• Handling denial of service attacks
• Key management and distribution