Provendo Segurança e Privacidade em Coordenação Distribuída e Extensível
Abstract
Mechanisms for coordination and synchronization, like shared counters and distributed queues, are used in the development of distributed systems. These mechanisms are implemented through coordination infrastructures, such as tuple spaces. A tuple space is a shared memory object that provides operations to store and retrieve ordered sets of data, called tuples. Although tuple spaces provide functionalities for coordination, recent studies have shown that extensible protocols and architectures are fundamental for system performance. The main idea is to allow servers, supporting the coordination infrastructure, to access and process coordination information. Thus, it is not necessary neither to transfer information to clients or to reprocess requests due to concurrent accesses. Existing proposals for extensible distributed coordination do not provide security and privacy once servers must access plain-data. This work proposes the use of robust cryptographic schemes, implemented in DEPSPACE, to develop secure protocols for extensible coordination. Experiments show that the proposed solutions significantly improve system performance.
References
Alves, P. G. M. R. and Aranha, D. F. (2016). A framework for searching encrypted In XVI Simpósio Brasileiro em Segurança da Informação e de Sistemas databases. Computacionais (SBSEG 2016), pages 142–155. SBC.
Analytics, N. (2017). A java library for paillier partially homomorphic encryption.
GitHub. https://github.com/n1analytics/javallier.
Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1(1):11–33.
Bakken, D. E. and Schlichting, R. D. (1995). Supporting Fault-Tolerant Parallel Programing in Linda. IEEE Transactions on Parallel and Distributed Systems, 6(3):287–302.
Baldoni, R., Marchetti, C., and Verde, L. (2003). Corba request portable interceptors: Analysis and applications. Concurrency and Computation: Practice and Experience, 15(6):551–579.
Bershad, B. N., Savage, S., Pardyak, P., Sirer, E. G., Fiuczynski, M. E., Becker, D., Chambers, C., and Eggers, S. (1995). Extensibility safety and performance in the spin operating system. In Proceedings of 15th Symposium on Operating Systems Principles.
Bessani, A., Alchieri, E., Correia, M., and da Silva Fraga, J. (2008). DepSpace: A byzantine fault-tolerant coordination service. European Conference on Computer Systems.
Bessani, A., Sousa, J., and Alchieri, E. (2014). State machine replication for the masses with BFT-SMaRt. In International Conference on Dependable Systems and Networks.
Bessani, A. N., Correia, M., Fraga, J. S., and Lung, L. C. (2006). Sharing memory between Byzantine processes using policy-enforced tuple spaces. In Proceedings of 26th IEEE International Conference on Distributed Computing Systems ICDCS 2006.
Boldyreva, A., Chenette, N., Lee, Y., and O’Neill, A. (2012). Order-preserving symmetric encryption. Cryptology ePrint Archive, Report 2012/624.
Boneh, D., Lewi, K., Raykova, M., Sahai, A., Zhandry, M., and Zimmerman, J. (2014). Semantically secure order-revealing encryption: Multi-input functional encryption without obfuscation. Cryptology ePrint Archive, Report 2014/834.
Boneh, D. and Shoup, V. (2015). A graduate course in applied cryptography. https: //crypto.stanford.edu/˜dabo/cryptobook/draft_0_2.pdf.
Castro, M. and Liskov, B. (2002). Practical Byzantine fault-tolerance and proactive recovery. ACM Transactions Computer Systems, 20(4):398–461.
Distler, T., Bahn, C., Bessani, A., Fischer, F., and Junqueira, F. (2015). Extensible distributed coordination. In Proc. of 10th European Conference on Computer Systems.
Floriano, E., Alchieri, E., Aranha, D., and Solis, P. (2017a). Privacidade em dados armazenados em memória compartilhada através de espaços de tupla. In Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos.
Floriano, E., Alchieri, E., Aranha, D., and Solis, P. (2017b). Providing privacy on the tuple space model. Journal of Internet Services and Applications, 8(19):1–16.
Gelernter, D. (1985). Generative Communication in Linda. ACM Transactions on Programing Languages and Systems, 7(1):80–112.
Hunt, P., Konar, M., Junqueira, F. P., and Reed, B. (2010). Zookeeper: Wait-free coordination for internet-scale systems. In Proceedings of the 2010 USENIX Conference on USENIX Annual Technical Conference, pages 11–11.
Lewi, K. and Wu, D. J. (2016). Order-revealing encryption: New constructions, applications, and lower bounds. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 1167–1178.
Naehrig, M., Lauter, K., and Vaikuntanathan, V. (2011). Can homomorphic encryption be practical? In Proceedings of 3rd Workshop on Cloud Computing Security Workshop.
Naveed, M., Kamara, S., and Wright, C. V. (2015).
Inference attacks on propertypreserving encrypted databases. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 644–655.
Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT’99, pages 223–238.
Schneider, F. B. (1990). Implementing fault-tolerant service using the state machine aproach: A tutorial. ACM Computing Surveys, 22(4):299–319.
Schoenmakers, B. (1999). A simple publicly veriable secret sharing scheme and its application to electronic voting. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology CRYPTO’99, pages 148–164.
Segall, E. J. (1995). Resilient distributed objects: Basic results and applications to shared spaces. In Proceedings of the 7th Symposium on Parallel and Distributed Processing.
Tourky, D., ElKawkagy, M., and Keshk, A. (2016). Homomorphic encryption the “holy grail” of cryptography. In 2nd IEEE Conference on Computer and Communications.
Veríssimo, P. (2016). Dialogue on cyber policies between brazil and the eu: prospecting threats and opportunities of the cyberspace. Dialogue on Cyber Policies.
White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, C., and Joglekar, A. (2002). An Integrated Experimental Environment for Distributed Systems and Networks. In Proc. of 5th Symp. on Operating Systems Design and Implementations. ACM.
Analytics, N. (2017). A java library for paillier partially homomorphic encryption.
GitHub. https://github.com/n1analytics/javallier.
Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1(1):11–33.
Bakken, D. E. and Schlichting, R. D. (1995). Supporting Fault-Tolerant Parallel Programing in Linda. IEEE Transactions on Parallel and Distributed Systems, 6(3):287–302.
Baldoni, R., Marchetti, C., and Verde, L. (2003). Corba request portable interceptors: Analysis and applications. Concurrency and Computation: Practice and Experience, 15(6):551–579.
Bershad, B. N., Savage, S., Pardyak, P., Sirer, E. G., Fiuczynski, M. E., Becker, D., Chambers, C., and Eggers, S. (1995). Extensibility safety and performance in the spin operating system. In Proceedings of 15th Symposium on Operating Systems Principles.
Bessani, A., Alchieri, E., Correia, M., and da Silva Fraga, J. (2008). DepSpace: A byzantine fault-tolerant coordination service. European Conference on Computer Systems.
Bessani, A., Sousa, J., and Alchieri, E. (2014). State machine replication for the masses with BFT-SMaRt. In International Conference on Dependable Systems and Networks.
Bessani, A. N., Correia, M., Fraga, J. S., and Lung, L. C. (2006). Sharing memory between Byzantine processes using policy-enforced tuple spaces. In Proceedings of 26th IEEE International Conference on Distributed Computing Systems ICDCS 2006.
Boldyreva, A., Chenette, N., Lee, Y., and O’Neill, A. (2012). Order-preserving symmetric encryption. Cryptology ePrint Archive, Report 2012/624.
Boneh, D., Lewi, K., Raykova, M., Sahai, A., Zhandry, M., and Zimmerman, J. (2014). Semantically secure order-revealing encryption: Multi-input functional encryption without obfuscation. Cryptology ePrint Archive, Report 2014/834.
Boneh, D. and Shoup, V. (2015). A graduate course in applied cryptography. https: //crypto.stanford.edu/˜dabo/cryptobook/draft_0_2.pdf.
Castro, M. and Liskov, B. (2002). Practical Byzantine fault-tolerance and proactive recovery. ACM Transactions Computer Systems, 20(4):398–461.
Distler, T., Bahn, C., Bessani, A., Fischer, F., and Junqueira, F. (2015). Extensible distributed coordination. In Proc. of 10th European Conference on Computer Systems.
Floriano, E., Alchieri, E., Aranha, D., and Solis, P. (2017a). Privacidade em dados armazenados em memória compartilhada através de espaços de tupla. In Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos.
Floriano, E., Alchieri, E., Aranha, D., and Solis, P. (2017b). Providing privacy on the tuple space model. Journal of Internet Services and Applications, 8(19):1–16.
Gelernter, D. (1985). Generative Communication in Linda. ACM Transactions on Programing Languages and Systems, 7(1):80–112.
Hunt, P., Konar, M., Junqueira, F. P., and Reed, B. (2010). Zookeeper: Wait-free coordination for internet-scale systems. In Proceedings of the 2010 USENIX Conference on USENIX Annual Technical Conference, pages 11–11.
Lewi, K. and Wu, D. J. (2016). Order-revealing encryption: New constructions, applications, and lower bounds. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 1167–1178.
Naehrig, M., Lauter, K., and Vaikuntanathan, V. (2011). Can homomorphic encryption be practical? In Proceedings of 3rd Workshop on Cloud Computing Security Workshop.
Naveed, M., Kamara, S., and Wright, C. V. (2015).
Inference attacks on propertypreserving encrypted databases. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 644–655.
Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT’99, pages 223–238.
Schneider, F. B. (1990). Implementing fault-tolerant service using the state machine aproach: A tutorial. ACM Computing Surveys, 22(4):299–319.
Schoenmakers, B. (1999). A simple publicly veriable secret sharing scheme and its application to electronic voting. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology CRYPTO’99, pages 148–164.
Segall, E. J. (1995). Resilient distributed objects: Basic results and applications to shared spaces. In Proceedings of the 7th Symposium on Parallel and Distributed Processing.
Tourky, D., ElKawkagy, M., and Keshk, A. (2016). Homomorphic encryption the “holy grail” of cryptography. In 2nd IEEE Conference on Computer and Communications.
Veríssimo, P. (2016). Dialogue on cyber policies between brazil and the eu: prospecting threats and opportunities of the cyberspace. Dialogue on Cyber Policies.
White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, C., and Joglekar, A. (2002). An Integrated Experimental Environment for Distributed Systems and Networks. In Proc. of 5th Symp. on Operating Systems Design and Implementations. ACM.
Published
2018-05-10
How to Cite
S. JUNIOR, Edson Floriano; ALCHIERI, Eduardo; ARANHA, Diego F.; SOLIS, Priscila.
Provendo Segurança e Privacidade em Coordenação Distribuída e Extensível. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 36. , 2018, Campos do Jordão.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2018
.
p. 267-280.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2018.2421.
