Document 15524903

advertisement
What is this about
ACB System
CBL Servers
We are taking care
How users can join us
 A user can download and launch ACBpoint application with
just a single click from our Web server using Java Web Start
Technology.
 Anytime user can have access to the latest version of the
application.
 The user’s privacy is never compromised.
 Java Web Start provides information about application’s origin
based on certificates and gives to the user the possibility to
check them.
 Suppose that one of our system’s server is compromised.
The administrator will make the appropriate changes and, next
time when the user accesses the system, updates will be
automatically downloaded. In this way the communication
with a possible malicious server is eliminated.
Security in ACB System
 ACBpoint user’s authorization and authentication is achieved
using Zero Knowledge Protocol.
A user accesses ACB system for the first time, he will choose his
own login and password, but this password will never be sent to
the server, the user will just prove he knows it.
x
Instead, his public key y, computed like x  h( password ) y  g mod
will be sent to the server and stored in the database.
q
The sequence of exchanged messages in Zero Knowledge Protocol:
User  Server : r  g k (mod q) (user sends commitment to the server)
User  Server : h
User  Server : s  k  hx
Server accepts the user if
(server challenges the user)
(user responds to the server’s challenge)
r  g s  y h
The idea is similar to Schnorr’s signature.
The power of the protocol is based on discrete logarithm problem.
SHA-1 hash function is used.
Others security features
 Transmitted files between users are encrypted using symmetric
key cryptography, Triple DES algorithm.
 Secure channels – using SSL sockets
(Java TM Secure Socket Extension (JSSE))
 Secure channel between ACBpoint user and CBL server
SSL socket with one way authentication
(user must trust the CBL server)
CBL servers have certificates from a Certificate Authority
(www.thawte.com) and the user supposed to trust this CA.
 Secure channel between CBL servers
SSL socket with both way authentication
(the servers from the system must trust each other)
The Big Picture
CBLs:
(servers)
Server of user certificates &
Billing register &
Locator
Server of user certificates &
Billing register &
Locator
Distributed database (Primary-Backup protocol)
Sockets (TCP/IP)
Sockets (TCP/IP)
CBLcc:
Administrators
(updates)
Web Site for
advertisement &
ACBpoint
downloading
Sockets
(TCP/IP)
ACBpoints:
(users)
User peer
User peer
Direct communication (initiated by using the CBLs)
Sockets (TCP/IP)
User node
(Out of the system)
Communication
Own communication middleware
• No overheads because of using a heavy
middleware form a third party
• Power and flexibility still present
• The layer is more appropriate for our case
then any other
• No inheritance of bugs (we created ours )
Communication – cont.
Handler 1
Handler 2
Handler N
User layer
Type resolving and handlers invocation
Fails detection and recovering
Object-byte stream conversion
Compression (GZIP)
Security (SSL)
Sockets (TCP/IP)
Server
side only
High Availability
 Guarantees certain profit to it’s owner and remains
available for the users more than 99% of the time
 It provides high availability to the services such as:
•
•
•
•
•
Registration
Publishing and Sharing
Searching
Billing
Viewing user’s account
 High availability is achieved by data replication using
Primary-Backup protocol
 Requests are sent to the Primary or to a Backup –
ensuring avoidance of bottleneck and overloading of the
Primary. We are providing Load-Balancing in our system.
• To Primary – registration/deletion of users, publishing,
sharing, sell transactions, billing, etc.
• To Backup – the most resource dependent request
(Searching); retrieving read-only data
Guaranteed highly available services to
the main system actors
 Owners
• Guaranteed profit
 Providers
• Guaranteed secured sharing of data and receiving correct
amount of money for each download
 Consumers
• Guaranteed secured searching and paying correct amount
of money after each download
 Administrators
• Guaranteed easy life

Transaction Scheme
6)Charging consumer, adding money to provider
(+1% commission)
Server (for billing)
7)Give the
key
5)End Sell Transaction
3)Begin Sell
Transaction
1)Request File
4)Send file (encrypted)
8)Decrypt file
2)Encrypt file
Fault tolerance
The System provides correct service for the following types of
failures (Transient, that arise under unlikely circumstances)
Link failures
Server failures
What the client does, it reconnects to the next available server
(backup). Most important, the user does not see them. They are
detected early and masked.
If there are no more available servers, the client shutdowns. FailStop failure model in this case, in order to avoid incorrect
operation.
Therefore, the following operations are fault tolerant
Searching
Sharing
Managing account
Billing.
 We do not control peer behavior (a user can switch of his PC any
time), so the operation Download is not fault tolerant.
ACB System in real life
• CBL – Servers (Primary/Backup)
• ACBpoint – client applications
• CBLcc – control centers
(3 JAR files!)
CBL - server
Logging for maintaining and debugging:
Publishing (Sharing)…
Searching…
ACBpoint - client app.
Sharing:
Publishing (Sharing)…
Searching…
ACBpoint - client app.
Searching…
ACBpoint - client app.
Downloading…
Searching…
ACBpoint - client app.
Managing of the account:
Publishing (Sharing)…
Searching…
CBLcc - control center
Managing of the CBLs:
Publishing (Sharing)…
Control Center for administrators
Manage Account…
Searching…
Demo
Main goal:
To show that our system can be
deployed to life tomorrow!
Solution:
Extreme testing!
Thousands of users exploit the system
and in same time we are doing turn-on –
turn-off, turn-on, turn-off…
Questions?
For any more detailed questions you can
contact as:
Alexander Stasiv: asta@ait.edu.gr
Gergana Krumova: gkru@ait.edu.gr
Lazar Adzigogov: ladz@ait.edu.gr
Mariana Marin: mmar@ait.edu.gr
Web site:
http://www.andrew.cmu.edu/course/18-842/index.htm
Download