What is this about ACB System CBL Servers We are taking care How users can join us A user can download and launch ACBpoint application with just a single click from our Web server using Java Web Start Technology. Anytime user can have access to the latest version of the application. The user’s privacy is never compromised. Java Web Start provides information about application’s origin based on certificates and gives to the user the possibility to check them. Suppose that one of our system’s server is compromised. The administrator will make the appropriate changes and, next time when the user accesses the system, updates will be automatically downloaded. In this way the communication with a possible malicious server is eliminated. Security in ACB System ACBpoint user’s authorization and authentication is achieved using Zero Knowledge Protocol. A user accesses ACB system for the first time, he will choose his own login and password, but this password will never be sent to the server, the user will just prove he knows it. x Instead, his public key y, computed like x h( password ) y g mod will be sent to the server and stored in the database. q The sequence of exchanged messages in Zero Knowledge Protocol: User Server : r g k (mod q) (user sends commitment to the server) User Server : h User Server : s k hx Server accepts the user if (server challenges the user) (user responds to the server’s challenge) r g s y h The idea is similar to Schnorr’s signature. The power of the protocol is based on discrete logarithm problem. SHA-1 hash function is used. Others security features Transmitted files between users are encrypted using symmetric key cryptography, Triple DES algorithm. Secure channels – using SSL sockets (Java TM Secure Socket Extension (JSSE)) Secure channel between ACBpoint user and CBL server SSL socket with one way authentication (user must trust the CBL server) CBL servers have certificates from a Certificate Authority (www.thawte.com) and the user supposed to trust this CA. Secure channel between CBL servers SSL socket with both way authentication (the servers from the system must trust each other) The Big Picture CBLs: (servers) Server of user certificates & Billing register & Locator Server of user certificates & Billing register & Locator Distributed database (Primary-Backup protocol) Sockets (TCP/IP) Sockets (TCP/IP) CBLcc: Administrators (updates) Web Site for advertisement & ACBpoint downloading Sockets (TCP/IP) ACBpoints: (users) User peer User peer Direct communication (initiated by using the CBLs) Sockets (TCP/IP) User node (Out of the system) Communication Own communication middleware • No overheads because of using a heavy middleware form a third party • Power and flexibility still present • The layer is more appropriate for our case then any other • No inheritance of bugs (we created ours ) Communication – cont. Handler 1 Handler 2 Handler N User layer Type resolving and handlers invocation Fails detection and recovering Object-byte stream conversion Compression (GZIP) Security (SSL) Sockets (TCP/IP) Server side only High Availability Guarantees certain profit to it’s owner and remains available for the users more than 99% of the time It provides high availability to the services such as: • • • • • Registration Publishing and Sharing Searching Billing Viewing user’s account High availability is achieved by data replication using Primary-Backup protocol Requests are sent to the Primary or to a Backup – ensuring avoidance of bottleneck and overloading of the Primary. We are providing Load-Balancing in our system. • To Primary – registration/deletion of users, publishing, sharing, sell transactions, billing, etc. • To Backup – the most resource dependent request (Searching); retrieving read-only data Guaranteed highly available services to the main system actors Owners • Guaranteed profit Providers • Guaranteed secured sharing of data and receiving correct amount of money for each download Consumers • Guaranteed secured searching and paying correct amount of money after each download Administrators • Guaranteed easy life Transaction Scheme 6)Charging consumer, adding money to provider (+1% commission) Server (for billing) 7)Give the key 5)End Sell Transaction 3)Begin Sell Transaction 1)Request File 4)Send file (encrypted) 8)Decrypt file 2)Encrypt file Fault tolerance The System provides correct service for the following types of failures (Transient, that arise under unlikely circumstances) Link failures Server failures What the client does, it reconnects to the next available server (backup). Most important, the user does not see them. They are detected early and masked. If there are no more available servers, the client shutdowns. FailStop failure model in this case, in order to avoid incorrect operation. Therefore, the following operations are fault tolerant Searching Sharing Managing account Billing. We do not control peer behavior (a user can switch of his PC any time), so the operation Download is not fault tolerant. ACB System in real life • CBL – Servers (Primary/Backup) • ACBpoint – client applications • CBLcc – control centers (3 JAR files!) CBL - server Logging for maintaining and debugging: Publishing (Sharing)… Searching… ACBpoint - client app. Sharing: Publishing (Sharing)… Searching… ACBpoint - client app. Searching… ACBpoint - client app. Downloading… Searching… ACBpoint - client app. Managing of the account: Publishing (Sharing)… Searching… CBLcc - control center Managing of the CBLs: Publishing (Sharing)… Control Center for administrators Manage Account… Searching… Demo Main goal: To show that our system can be deployed to life tomorrow! Solution: Extreme testing! Thousands of users exploit the system and in same time we are doing turn-on – turn-off, turn-on, turn-off… Questions? For any more detailed questions you can contact as: Alexander Stasiv: asta@ait.edu.gr Gergana Krumova: gkru@ait.edu.gr Lazar Adzigogov: ladz@ait.edu.gr Mariana Marin: mmar@ait.edu.gr Web site: http://www.andrew.cmu.edu/course/18-842/index.htm