Secure Distributed Document Sharing System Dukyun Nam, [email protected]@icu.ac.kr Seunghyun Han, [email protected]@icu.ac.kr CDS&N Lab. ICU

Secure Distributed Document Secure Distributed Document Sharing SystemSharing System

Dukyun Nam, [email protected]

Seunghyun Han, [email protected]

CDS&N Lab.

ICU

2

ContentsContents

1. Introduction 2. Previous Works (Ddoc System) 3. Security Risks on Ddoc System 4. Related Works 5. System Design 6. Environments 7. Implementation 8. Issues 9. Conclusion 10. Demo 11. References

3

IntroductionIntroduction

Peer-to-peer System ‘Peer-to-peer is a communications model in which each party

has the same capabilities and either party can initiate a communication session’

On the Internet, P2P is a type of transient Internet network that allows a group of computer users with the same networking program to connect with each other and directly access files from one another's hard drives

Document ‘A useful file containing information’

Word doc, mp3, mpeg, txt file

4

Previous WorksPrevious Works

Distributed Documents Sharing System P2P based document sharing Centralized Server just holds resource(documents) location

information Searching facilities (peer to peer, web to peer) Support group based document sharing policies

Access control by privilege of users Simple way to share their document with others.

Scope and features Open sharing of documents. Two searching methods: client program, web browser. Support of dynamic group creation (optional)

5

Previous Works (continue)Previous Works (continue)

Ddocs System Architecture

Ddocss Client Ddocss Client

Ddocss ServerWeb Browser

2. Search query

1.Register Docs4.Query Results

2. Search query

4.Query Results

3.Process query

6.Request File transfer

7.Actual file transfer

5. Choose a link

6.Request file transfer

7.Actual file transfer

5. Choose a link

6

Security Risks (Problem Definition)Security Risks (Problem Definition)

Fundamental Requirement of Document Sharing on Ddocs System Document sharing among members who can trust each other

Documents not allowed to be exposed to outside of the proper group or community

Documents must not be modified to protect copyright

Security Risks Risks exist on entire communications between server and Ddocss users

The risks are not limited to Ddocs system, but most of peer-to-peer file sharing systems also hold the risks

7

Security Risks (continue)Security Risks (continue)

Security Risks Between Server and Peers

Login Phase User ID and password may be eavesdropped

Registration (Publishing) and Search Phase Resource (Document) location may be exposed to unauthorized

users Moreover, unpublished documents also may be exposed if

resource location information is revealed Between Peers

File Transfer Phase File may be tampered during file transfer Replay attack is possible by unauthorized users File interception Etc.

8

Security Risks (continue)Security Risks (continue)

Possible Security flaws of Ddocs System


Ddocss Server

Search query

Register DocsQuery Results

Request File transfer

Actual file transfer

Login

Eavesdropping of user ID and password Eavesdropping of

resource locationsEavesdropping of resource locations

Hacking or cracking document location database

Replay Attacks, Eavesdropping or

tampering documents

9

Related WorksRelated Works

Napster Data, especially MP3, sharing tool among distributed users Simple admission control is done by server

password-based admission control Data is not compressed or encrypted during transferring data Hardly consider security issues, such as eavesdropping,

tampering, etc. Gnutella

Large-scale, fully decentralized P2P system running on the Internet

It is not concerned about anonymity or copyrights protection of documents but supports sharing documents among registered users

Password-based admission control, but do not support privacy, authentication, and confidentiality

10

Related WorksRelated Works

Publius Web-based publishing system that resists censorship and

tampering Mainly focuses on protecting author's rights of documents rather

than sharing free documents Use secret sharing scheme to protect author’s rights Data is distributed to several servers not to client or peer

machines It degrades scalability of system

As many as user publish their data, the number of servers must be increased to hold the published data

11

System DesignSystem Design

Secure Ddocs System Is Aimed to Provide Integrity, Privacy, and Confidentiality


DB

Ddocss Server

Key Agreement

Encrypted File transfer between peers

Encrypted Login procedures

Encrypted register and search result

Key exchange and verify

Ddocss with Security Features

Decrypt and verify

Actual Shared Documents

Security Functionality Encrypt message between server

and peers To protect exposure of documents To protect exposure of unwanted

resources (documents which is disapproved to be published by user) location

Key agreement between peers, and encrypt file after signing file with user’s private key

To provide confidentiality, authentication, integration of file

12

Access ControlAccess Control

Access Control of document sharing Basic concepts

Access level per document Access level per user to access leveled document

Ddocss user can give 5 access levels which are inclusive Ex) if user A gives level 2 to document D1 and level 4 to document

D2, user B can access D2 but can not access D1 by access level restriction

Originally, user(publisher) can also give access level to group of users. (optional)

Not supported yet

13

EnvironmentsEnvironments

Implementation & Running Environments Server Operating System

Solaris 7 Database

MySQL v. 11.13 Web Server

Apache v. 1.3.9 Language

Java 1.4.0 beta-3 build-84 mixed mode version It includes Crypto package by default

14

ImplementationImplementation

Implementation Considerations for Secure Communications Cryptographic Algorithms

Compression File Transfer (between peers)

Symmetric cryptograph for performance DES

Control Messages (between server and peer) Asymmetric cryptograph for privacy RSA

Digital Signature Signature for File

DSA with SHA-1

15

Implementation (continue)Implementation (continue)

User Login Procedure Risks or possible attacks

User ID and password could be revealed to public Unauthorized users could access shared documents as much

as the privileges which the original user has

2. Send Encrypted Login Request

3. Verify the user

Peer

Ddoc Server

5. Reply Public key of Server

1. Fill up user information

4. Change User Status in DB

Security Functionality Encrypt login message by public key

of server using RSA algorithm provided by Bouncy Castle (http://www.bouncycastle.org)

RSA Algorithm Is Feasible Login message contain just e-mail

address and password information

Server public key is hard-coded Login acknowledge message

contains public key of server because key may be changed

16


Documents Publication Risks or Possible Attacks

Publish message which contains resource location information may be exposed to public by attackers

Secret document location may be guessed by the exposed document location

Ddoc Server

1. Encrypt resource information (host address, file path, keywords,

title, author) with public key of server

2. Publish the encrypted resource information

3. Decrypt the received resource location with private key of server

Peer

4. Insert it to DB

5. Reply acknowledgement

Security Functionality Encrypt publish message by public

key of server using RSA algorithm

RSA Algorithm Is Feasible Message size of publish message is

short

17


Documents Search Risks or Possible Attacks

Search result message which contains resource location information may be exposed to public by attackers

2. Send search request

3. Search DB

Peer

Ddoc Server

5. Reply the encryptedsearch result

1. Fill up Search information

4. Encrypt the search result with public key of peer

6. Decrypt the received result with its private key7. Show document titles

Security Functionality Encrypt search result by public key

of peer (search query requestor)

RSA Algorithm Is Also Feasible Message size of search result is

short

18


File Transfer SKIP (Simple Key Management for Internet Protocols)

Diffie-Hellman Key Agreement Protocol between peers (document publisher and requestor) is used

A secret value of Diffie-Hellman protocol is used for a session key between peers

It is still vulnerable to a man-in-the-middle attack To Provide Confidential File Transfer between Peers,

File is encrypted by DES algorithm (symmetric) The secret value (session key produced by Diffie-Hellman key

agreement protocol) could be used as a DES session key to encrypt the requested file

Asymmetric cryptograph is inappropriate because of their performance

19


File Transfer (continue) To Provide Authentication of Requested File,

DSA with SHA-1 for digital signature is adopted After generating signature file, source file and signature file are

compressed with Zip to make file compact

20


File Transfer ProcedurePeer (requestor) Peer (File Holder)

2. Request File Transfer with nonce (x)3. Generate nonce (y)

1. Generate Nonce x

4. Generate session key (gy)x5. Transfer nonce (y)

6. Generate session key (gx)yDiffie-Hellman

Key Agreement Protocol7. Create signature with private key8. Append the signature to the document9. Compress the document and signature Using Zip10. Encrypt the compressed file with session key11. Transfer the encrypted file12. Decrypt the received

file with session key13. Uncompress the decrypted file

14. Check the signature with public key of the file holder

Compression Using Zip and Authentication ProcessUsing DSA with SHA1 Algorithm

21

ConclusionConclusion

Legacy P2P systems hardly provide confidentiality for sharing files especially between peers Napster, Gnutella, Publius, Soribada etc. Ddocss provides confidentiality for sharing files using encryption

with symmetric key (DES) after key agreement (Diffie-Hellman)

Legacy P2P systems is exposed to eavesdropping of resource location Freenet encrypts URL information to protect system from

attackers Ddocss provides private communications between server and

peer using asymmetric cryptograph (RSA)

Ddocss provides Integrity of transferred file using digital signature with appendix (DSA with SHA-1)

22

IssuesIssues

Risks of Server Database Hacking or cracking server database is a critical problem of

current Ddocs system Main drawback of current Ddocs system design

We assume that Ddocs Server is secure from any kind of attacks

Performance We try to reduce size of messages which use RSA, for instance,

Login, Search Result. They are less than 100 bytes. But still it is performance bottleneck

23

DemoDemo

User Registration Documents Publication Documents Search File Transfer

Ddocss Peer A Ddocss Peer B

DB

Ddocss Server

“ns-final.doc”

“[email protected]”(210.107.yyy.bbb)

“[email protected]”(210.107.xxx.aaa)

host: angel.icu.ac.kr

1. Publish “ns-final.doc”

“Security”

“Network Security”

“[email protected]”Author

Keyword

Title

File path “ns-final.doc”2. Search documents

“Security”Keyword

3. Return result

“Security”

“Network Security”

“[email protected]”Author

Keyword

Title

File path “ns-final.doc”

5. Request file4. Decrypt received result

File path “ns-final.doc”

“210.107.yyy.bbb” “ns-final.doc”

“210.107.yyy.bbb”

6. Prepare file sending

“ns-final.doc”7. Prepare file sending

“ns-final.doc”Encrypted & compressed file

Encrypted

24

ReferencesReferences

[1] NapSter Web Site: http://www.napster.com/ [2] Gnutella Web Site: http://www.gnutelliums.com/ [3] M. Waldman, A.D. Rubin, and L.F. Cranor, "Publius: A robust,

tamper-evident, censorship-resistant web", Proceedings of the 9th USENIX Security Symposium, August 2000.

[4] Freenet Web site: http://freenet.sourceforge.net/ [5] I. Clarke, O. Sandberg, B. Wiley, and T.W. Hong, “Freenet: A

Distributed Anonymous Information Storage and Retrieval System in Designing Privacy Enhancing Technologies”, International Workshop on Design Issues in Anonymity and Unobservability, LNCS 2009, July 2000.

[6] Mojo nation Web Site: http://www.mojonation.net/ [7] R. Dingledine, M.J. Freedman, and D. Molnar, "Chapter 12: Free

Haven", In Peer-To-Peer: harnessing the Power of Disruptive Technologies, Ed. Andy Oram. Cambridge: O'Reilly and Associates, 2001.

25

References (continue)References (continue)

[8] R. Dingledine, M.J. Freedman, and D. Molnar, “The Free Haven Project: Distributed Anonymous Storage Service”, International Workshop on Design Issues in Anonymity and Unobservability, LNCS 2009, July 2000.

[9] D. Nam, M. Lee, J. Lee, and S. Han, “Distributed Document Sharing System”, Term Project Report, June 2001.