Cobalt: Separating content distribution from authorization in distributed file systems - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

Cobalt: Separating content distribution from authorization in distributed file systems

Description:

BlueFS server: Dell GX620 desktop. Acquisition. Provider: IBM X40 laptop. Playback. Ad hoc client: IBM X40 laptop. University of Michigan. 23. Content acquisition ... – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 27
Provided by: Kaus6
Category:

less

Transcript and Presenter's Notes

Title: Cobalt: Separating content distribution from authorization in distributed file systems


1
Cobalt Separating content distribution from
authorization in distributed file systems
  • Kaushik Veeraraghavan
  • Andrew Myrick
  • Jason Flinn
  • University of Michigan

2
Accessing protected content is hard!
  • Many opportunities to use ad hoc clients
  • Client I dont own or regularly use
  • Play my songs at a friends party
  • To access content from an ad hoc client, I
  • locate content
  • fetch content
  • DRM do I trust the ad hoc client?
  • Simplify access without sacrificing security

3

4
What makes protected content special?
  • Users and content providers have opposing goals!
  • User goal
  • Display content to friends and family
  • Pervasive access content anytime, anywhere!
  • Provider goal
  • Restrict access to paying users

5
Problem with current systems
Provider
  • Provider authorizes clients for playback
  • Model breaks down for ad hoc clients
  • User privacy loss, login credential abuse
  • Provider revocation, impersonation

6
What should we authorize instead?
Provider
  • Provider should authorize people not clients
  • Hard how can we detect and authorize people?
  • Leverage small, personal mobile devices cell, PDA

7
Cobalt proximity-based access
  • Physical proximity-based access client on
    wireless network
  • We build on ideas introduced in ZIA Corner 02
  • Challenge/response heartbeat ensures proximity
  • When user departs, playback stops

8
Cobalt goals
  • Better usability
  • Improved privacy
  • Improved content protection

9
Separate distribution from authorization
  • User goal pervasive access to content
  • Store content in distributed storage
  • Provider goal Restrict access to paying users
  • Encrypt content
  • Release key to phone
  • Playback requires phone
  • Separate distribution authorization channels

10
Store content in distributed storage
  • Implemented on Blue File System
  • Ensemblue Peek 06
  • Usable with other distributed storage

BlueFS Server
11
Cobalt trust model
  • What does the provider need to trust?
  • Users cell phone and the ad hoc media player
  • Rely on Trusted Computing to verify trust

12
Trusted Platform Module (TPM)
  • Tamper resistant chip w/ crypto support
  • Software attestation
  • Signed hash of loaded software
  • Verify against policy
  • Sealed storage
  • Protects data
  • Detect tampering
  • Entities can leverage TPM to verify client

13
Outline
  • Motivation
  • Background
  • Implementation
  • Evaluation
  • Conclusion

14
Implementation
  • Acquisition
  • Provider sends encrypted content to user
  • Phone approved as a proxy after verification
  • Playback
  • Media player discovery
  • Provide access to selected content
  • Phone authorizes player after verification

15
Content Acquisition
Provider
Content Request
Policy
HPolicy
Policy
BlueFS Server
  • Phone delegated authorization responsibility

16
File system layout
  • Policy stored separately

Encrypted with Phones KEK
Encrypted with content key
17
Restrict playback to trusted clients
Media Player 1
Media Player 2
  • Verify media player before sharing content

18
Provide access to selected content
BlueFS Server
Media Player 1
Song_1.mp3 Song_2.mp3
Song_1.mp3 Song_2.mp3
Query .mp3
BlueFS IP address
  • Improve usability semantically specify content
  • Query result updated dynamically as content
    changes
  • Phone restricts playback to specified content

19
Playback
BlueFS Server
Media Player 1
Song_1.mp3 Song_2.mp3
BlueFS IP address
Policy
Policy
  • Authorization succeeds if phone is in proximity
  • Policy match ensures player wont leak content

20
Outline
  • Motivation
  • Background
  • Implementation
  • Evaluation
  • Conclusion

21
Evaluation goals
  • Overhead of Cobalt for content acquisition
  • Overhead of Cobalt for content playback
  • Can Cobalt enable new applications?

22
Evaluation setup
  • Token Motorola E680i cell phone
  • BlueFS server Dell GX620 desktop
  • Acquisition
  • Provider IBM X40 laptop
  • Playback
  • Ad hoc client IBM X40 laptop

23
Content acquisition time
  • 10.1 seconds to acquire 1.8MB mp3
  • Cobalt adds less than 9 seconds of overhead
  • STS on cell phone 7.56sec, laptop 0.51sec

24
Playback startup time
  • One time cost 12.4 seconds
  • Query creation, path resolution 4sec (1500 mp3s)

25
Context-sensitive adaptive playlist
Media Player
Song_2.mp3 Song_3.mp3 Song_4.mp3
Song_1.mp3 Song_2.mp3 Song_3.mp3
Adaptive Playlist Song_2.mp3 Song_3.mp3
  • Cobalt enables new context-sensitive apps
  • Playlist adapts as users leave players vicinity
  • 1500 mp3s, 650 matches adds 1 second

26
Conclusion
  • Cobalt authorize people not clients
  • Better usability
  • Improved privacy
  • Improved content protection
  • Reasonable overhead
  • Enables new applications
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Cobalt: Separating content distribution from authorization in distributed file systems" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!