A Versatile Storage System as Infrastructure for Future Networking

advertisement
A Versatile Storage System as
Infrastructure for Future Networking
Prof. Xiaohua Jia, City University of Hong Kong
Mr. Jianfei He, Huawei Technologies Co. Ltd.
1
Outline
o Motivations and Objectives
o System Architecture
o System Design and Implementation
o Conclusion
2
Motivations
Giant Application Service Providers (ASPs) monopolize the
markets based on
◦ Users’ data
◦ Users’ social relations
Data
Relations
Data
Relations
Data
Relations
3
Motivations
What are the consequences?
o Users’ data and social relations are locked in ASPs. ASPs
attract users not by their QoS, but by users’ data and social
relations
o Small and medium companies are denied of opportunities to
enter the business
o User’s social relations are fragmented on multiple ASPs, and
publish-subscribe of user’s data is limited within the scope of
an ASP
o ……
Data
Relations
Data
Relations
Data
Relations
4
System Background
o Many ICN (Information Centric Networks) projects, e.g., NDN, NetInf,
PURSUIT, etc., cache the data on routers along the path it travels
o New effort of NFV (Network Function Virtualization) replaces specialized
routers (a box of H/W+S/W) by general purpose computer servers
o There are huge amount of under-utilized storage and computing powers
on routers all over the Internet
o Our aim: build a versatile storage infrastructure for users
5
Design Objectives
o Decouple users' data from ASPs
The infrastructure stores users data and provides content services to ASPs.
o Decouple users’ social relations from ASPs
The information of users social relations is integrated into the infrastructure for data
publish-subscribe.
o Support general data communications
The infrastructure can support data networking services, such as online video chat.
6
System Architecture
Presentation Layer
ASPs or APPs: use data from VSS
to provide advanced services to
end users.
ASPs
User-to-Network Interface (UNI)
...
VSS
VSS Domain 1
VSS Domain 2
VSS Domain N
Information Layer
VSS (Versatile Storage System):
responsible for content storage,
access control, publishing/
subscribing, and distribution.
7
Example: decouple users social relations
from ASPs
- Manage social relations of users
- Support content publish-subscribe services: access control, publishing
and subscribing, ……
Alice
Bob
1. Alice sends a “friend” request
to Bob in Facebook app
Facebook Client App
2. Bob sees Alice become his
follower in Weibo app, then
Bob “follows” Alice back.
Weibo Client App
3. Bob becomes Alice’s friend
in Facebook app
Data
Relations
8
Example: decouple users data
from ASPs
4. Alice posts a
message to “Friends”
in Facebook app
Alice
Bob
5. Bob can see the
message in Weibo app
Facebook Client App
Weibo Client App
Data
Relations
9
Vertical and Horizontal Interfaces
o Vertical interface
- Provide standard APIs User-Network Interface (UNI) to all ASPs
- Any ASP can provide content services based on the information layer of VSS
ASPs
User-to-Network Interface (UNI)
...
VSS
VSS Domain 1
VSS Domain 2
VSS Domain N
o Horizontal interface
- VSS consists of multiple autonomous service domains
- Interconnected by “thin” Network-Network Interface (NNI)
inter-domain interface
inter-domain interface
Domain 1 (China)
Domain 2 (UK)
Domain 3 (USA)
10
Support of data networking
and communications
o Data communication based on file systems
- Integrate networking service into data service
- Support general data communication
o Real-time communication
- Support inter-person real-time communication
11
System Designs
o
o
o
o
Management of user data
Management of users social relations
Roaming of users
Security and privacy
12
Prototype implementation of VSS
A prototype of VSS is implemented on top of HBase
User-to-Network Interface Network-to-Network Interface
Access Control
Indexing
Middleware
Users’ relations
Users’ Data (Files)
HBase
VSS
Network
communication
Distributed File
System
HDFS
13
Management of User Data
Users can use either a client application or a web interface (web
browser) to upload local files to or download files from the VSS system.
User
Client Application
User
Web Interface
14
Management of social relations
VSS manages basic social relations of users
o VSS manages the contact lists and contact groups, decoupling
users’ social relations from ASPs
o ASPs calls VSS to get social relations of users for content publishing
Contact-1
Stars
Twitter
Contact-2
Family
Sina Weibo
Contact-3
Classmates
Facebookk
Colleagues
Personal E-mail
Stranger
Work E-mail
Contact-n
15
Modeling of social relations
VSS models general types of user social relations on the
Internet
o 1-way friendship: Weibo, Twitter, address book, contact list
o 2-way friendship: QQ, WeChat, Line, WhatsApp, Skype, Facebook
o Workgroups / teams: Dropbox shared folder, SkyDrive Groups, QQ
/ WeChat groups
16
Example: ASP-independent
information publication
o Alice (in China) shares a photo to her friends Bob and Cathy
o VSS China domain stores the photo and sends the notifications to the
home domains of Bob and Cathy respectively
o Bob & Cathy can see the photo via any application
o Once the photo is deleted by Alice, all references to this photo is
removed from the entire system
Bob @ USA
USA Domain
Alice @ China
China Domain
UK Domain
Cathy @ UK
17
Real-time interactive
communication in VSS
o Shared files are used as communication medium
o The sender writes data to a file and informs the receiver by placing a token in
receiver’s space
o The receiver checks the token at fixed interval and reads the data from the file
when the data becomes available
o The synchronization frequency depends on the real-time requirement
o Demo
File
Alice
Client App
Client App
Bob
18
Handling of user roaming
The data accessed by a roaming user shall be transferred from its home
domain to the destination domain.
Alice @
Domain 1
Domain 3
Domain 1
Domain 2
Domain 4
Bob @
Domain 3
Domain 5
Bob @
Domain 3
Roaming
19
Handling of user roaming
Why consider user roaming?
o A user’s information is stored and managed by his home domain
Requirements of roaming handling
o Remote authentication of users
There shall be a simple and efficient method to authenticate a roaming user
so that the access permission can be assigned to the user
o Local & remote execution of commands
Some commands can only be executed locally (or passed back to the home
domain for execution if the user is in a remote domain) for security reasons
or performance reasons
o Caching and data pre-fetch
The domain shall be able to utilize its local cache to improve users’ roaming
experience
20
Uniform security and privacy
scheme
Security issues
o Storage security: all stored data can be auto-encrypted (if users wish)
o Security for cross-domain: interoperation and communications
Secure both the data storage and the communication channels!
Inter-domain channel
21
Privacy-preserving pub-sub:
Hide ID from foreign domains
o Privacy protection of communication parties
- Hide sender’s ID from the receiver’s domain
- Hide receiver’s ID from the sender’s domain
o Privacy protection of subscriber and publishers
- Hide subscriber’s details from the foreign domain
- Hide publisher’s details from subscriber’s domain
Subscriber@China
China Domain
USA Domain
Publisher@USA
Secure content publish-subscribe:
Hide content from VSS
o ASPs use VSS platform to publish content to users, but do not want to
disclose the content to VSS
o Asymmetric encryption is not applicable because it requires a trusted third
party to verify the true identities of users
o No key-exchange can be done through VSS
o No need for users (subscribers) to manage too many keys for publishers
Banks
Subscriber
Subscriber
Clubs
Personal health
care company
23
Protocol design (1): subscription
o Step 1: Subscription
o Subscriber sends sub-request and key material Ysub to publisher
o Ysub = gRsub mod p,
// g and p are public parameters in Diffie-Hellman code
o Rsub= PRNG(SKsub , IDpub) , // Sksub is the secret key of subscriber, IDpub the ID of
publisher, PRNG a pseudo random number generator.
secret
Subscriber
YSUB
Sub_request
Publisher
24
Protocol design (2): publishing
o Step 2. Publishing
o For ith publication, publisher generates a new key Ki and key material Ypub
o Ki = YsubRi mod p
o Ypub = gRi mod p
// Ri is a random number for ith publication
secret
o Publisher encrypts data by Ki and sends ciphertext and Ypub to VSS
o VSS cannot recover Ki or decrypt the data, even with the key materials
Ysub and Ypub (it doesn’t know Rsub and Ri)
25
Protocol design (3): content
delivery
o Step 3. VSS delivers the ith ciphertext and Ypub to subscriber
o Subscriber generates the decryption key on the fly:
1. Recover the same random number as in step 1: Rsub=PRNG(SKsub , IDpub)
2. Generate decryption key Ki’ = YpubRsub mod p
3. Note: Ki’ = YpubRsub mod p = g Ri * Rsub mod p = YsubRi mod p = Ki
o A subscriber only needs to keep its own secret key SKsub for all ASPs
and it does NOT need to manage many Rsub of publishers
26
Conclusion
o VSS decouples ASPs from users' data and users' social
relations. ASPs have to rely on better quality services to
win user groups.
o VSS integrates file services with traditional networking
services. It can be used as universal communication
platform.
o VSS provides uniform security / privacy scheme, making
users’ data and communication more secure.
27
Demo
Demo settings:
o 3 end users
- Alice
- Bob
- Cathy
Alice
Bob
Cathy
FaceBlog
SinaBlog
NetDrive
o 3 ASPs / APPs
- FaceBlog
- SinaBlog
- NetDrive
o 2 domains
- Domain @ USA
- Domain @ China
VSS Domain (USA)
VSS Domain (China)
28
Thank You!
29
Download