CBL Servers

1
(No Transcript)
2
What is this about
ACB System
CBL Servers We are taking care
3
How users can join us

• A user can download and launch ACBpoint
  application with just a single click from our Web
  server using Java Web Start Technology.
• Anytime user can have access to the latest
  version of the application.
• The users privacy is never compromised.
• Java Web Start provides information about
  applications origin based on certificates and
  gives to the user the possibility to check them.
• Suppose that one of our systems server is
  compromised.
• The administrator will make the appropriate
  changes and, next time when the user accesses the
  system, updates will be automatically downloaded.
  In this way the communication with a possible
  malicious server is eliminated.

4
Security in ACB System

• ACBpoint users authorization and authentication
  is achieved
• using Zero Knowledge Protocol.
• A user accesses ACB system for the first time,
  he will choose his own login and password, but
  this password will never be sent to the server,
  the user will just prove he knows it.
• Instead, his public key y, computed like
• will be sent to the server and stored in the
  database.
• The sequence of exchanged messages in Zero
  Knowledge Protocol
• Server accepts the user if
• The idea is similar to Schnorrs signature.
• The power of the protocol is based on discrete
  logarithm problem.

(server challenges the user)
(user responds to the servers challenge)
5
Others security features

• Transmitted files between users are encrypted
  using symmetric key cryptography, Triple DES
  algorithm.
• Secure channels using SSL sockets
• (Java TM Secure Socket Extension (JSSE))
• Secure channel between ACBpoint user and CBL
  server
• SSL socket with one way authentication
• (user must trust the CBL server)
• CBL servers have certificates from a
  Certificate Authority (www.thawte.com) and the
  user supposed to trust this CA.
• Secure channel between CBL servers
• SSL socket with both way authentication
• (the servers from the system must trust each
  other)

6
The Big Picture

Server of user certificates Billing register
Locator
Server of user certificates Billing register
Locator
CBLs (servers)
Sockets (TCP/IP)
Distributed database (Primary-Backup
protocol) Sockets (TCP/IP)
CBLcc
Administrators
(updates)
Web Site for advertisement ACBpoint
downloading
Sockets (TCP/IP)
User peer
User peer
User node (Out of the system)
ACBpoints (users)
Direct communication (initiated by using the
CBLs) Sockets (TCP/IP)
7
Communication
Own communication middleware

• No overheads because of using a heavy middleware
  form a third party
• Power and flexibility still present
• The layer is more appropriate for our case then
  any other
• No inheritance of bugs (we created ours ?)

8
Communication cont.
Handler 1
Handler N
Handler 2
User layer
Type resolving and handlers invocation
Server side only
Fails detection and recovering
Object-byte stream conversion
Compression (GZIP)
Security (SSL)
Sockets (TCP/IP)
9
High Availability

• Guarantees certain profit to its owner and
  remains available for the users more than 99 of
  the time

• It provides high availability to the services
  such as
• Registration
• Publishing and Sharing
• Searching
• Billing
• Viewing users account

• High availability is achieved by data replication
  using Primary-Backup protocol

• Requests are sent to the Primary or to a Backup
  ensuring avoidance of bottleneck and overloading
  of the Primary. We are providing Load-Balancing
  in our system.
• To Primary registration/deletion of users,
  publishing,
• sharing, sell transactions, billing, etc.
• To Backup the most resource dependent request
  (Searching) retrieving read-only data

10
Guaranteed highly available services to the main
system actors

• Owners
• Guaranteed profit
• Providers
• Guaranteed secured sharing of data and receiving
  correct amount of money for each download
• Consumers
• Guaranteed secured searching and paying correct
  amount of money after each download
• Administrators
• Guaranteed easy life ?

11
Transaction Scheme
12
Fault tolerance

• The System provides correct service for the
  following types of failures (Transient, that
  arise under unlikely circumstances)
• Link failures
• Server failures
• What the client does, it reconnects to the next
  available server (backup). Most important, the
  user does not see them. They are detected early
  and masked.

If there are no more available servers, the
client shutdowns. Fail-Stop failure model in this
case, in order to avoid incorrect operation.

• Therefore, the following operations are fault
  tolerant
• Searching
• Sharing
• Managing account
• Billing.
• We do not control peer behavior (a user can
  switch of his PC any time), so the operation
  Download is not fault tolerant.

13
ACB System in real life

• CBL Servers (Primary/Backup)
• ACBpoint client applications
• CBLcc control centers
• (3 JAR files!)

14
CBL - server
Logging for maintaining and debugging
Publishing (Sharing)
Searching
15
ACBpoint - client app.
Sharing
Publishing (Sharing)
Searching
16
ACBpoint - client app.
Searching
17
ACBpoint - client app.
Downloading
Searching
18
ACBpoint - client app.
Managing of the account
Publishing (Sharing)
Searching
19
CBLcc - control center
Managing of the CBLs
Publishing (Sharing)
Control Center for administrators
Manage Account
Searching
20
Demo
Main goal To show that our system can be
deployed to life tomorrow! Solution Extreme
testing! Thousands of users exploit the system
and in same time we are doing turn-on turn-off,
turn-on, turn-off
21
Questions?
For any more detailed questions you can contact
as
Alexander Stasiv asta_at_ait.edu.gr Gergana
Krumova gkru_at_ait.edu.gr
Lazar Adzigogov ladz_at_ait.edu.gr Mariana Marin
mmar_at_ait.edu.gr
Web site
http//www.andrew.cmu.edu/course/18-842/index.htm