ACE: A Software Tool to Ensure the Integrity of Digital Archives Principal Investigator: Joseph JaJa Graduate Student: Sangchul Song Lead Programmer: Michael.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Audit Control Environment Mike Smorul UMIACS. Issues surrounding asserting integrity Threats to Integrity of Digital Archives –Hardware/media degradation.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Software Certification and Attestation Rajat Moona Director General, C-DAC.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 1 – Introduction
Chronopolis: Preserving Our Digital Heritage David Minor UC San Diego San Diego Supercomputer Center.
ADAPT An Approach to Digital Archiving and Preservation Technology Principal Investigator: Joseph JaJa Lead Programmers: Mike Smorul and Mike McGann Graduate.
PAWN: Producer-Archive Workflow Network University of Maryland Institute for Advanced Computer Studies Joseph Ja’Ja, Mike Smorul, Mike McGann.
May Archiving PAWN: A Policy-Driven Software Environment for Implementing Producer- Archive Interactions in Support of Long Term Digital.
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
Producer-Archive Workflow Network (PAWN) Goals Consistent with the Open Archival Information System (OAIS) model Use of web/grid technologies and platform.
An integrated system for handling restricted use data Felicia LeClere, Ph.D. IASSIST 2009 Tampere, Finland.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
July NAGARA 1 Producer-Archive Workflow Network Mike Smorul, Mike McGann, Joseph JaJa Institute for Advanced Computer Science Studies University.
Robust Tools for Archiving and Preserving Digital Data Joseph JaJa, Mike Smorul, and Mike McGann Institute for Advanced Computer Studies Department of.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
ACE: A Software Tool to Ensure the Integrity of Digital Archives Principal Investigator: Joseph JaJa Graduate Student: Sangchul Song Lead Programmers:
May 23, 2007 Archiving ACE: A Novel Software Platform to Ensure the Integrity of Digital Archives Sangchul Song and Joseph JaJa Institute for Advanced.
Robust Technologies for Automated Ingestion and Long-Term Preservation of Digital Information Principal Investigator: Joseph JaJa Lead Programmers: Mike.
PAWN: Producer-Archive Workflow Network University of Maryland Institute for Advanced Computer Studies Joseph JaJa, Mike Smorul, Mike McGann.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation Mike Smorul, Joseph JaJa, Yang Wang, and Fritz McCall.
Archival Prototypes and Lessons Learned Mike Smorul UMIACS.
FOCUS – A Scalable and Extensible Digital Format Registry Principal Investigator: Joseph JaJa Graduate Students: Sang Song and Muluwork Geremew Lead Programmers:
SAN DIEGO SUPERCOMPTER CENTERUC SAN DIEGO LIBRARIESNDIIPP PARTNERS MEETING David Minor SDSC Robert H. McDonald SDSC Sangchul Song UMIACS Bryan.
Operational Dataset Update Functionality Included in the NCAR Research Data Archive Management System 1 Zaihua Ji Doug Schuster Steven Worley Computational.
Web services security I
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Abstract Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients' data integrity without.
Preserving Electronic Mailing Lists: The H-Net Archive H-Net Mapped to the OAIS Model Preservation AssessmentPreservation improvementsOverview How H-Net.
Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Cloud Integrity Monitoring Mike Smorul ADAPT Group University of Maryland, College Par.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Microsoft TechForge 2009 SQL Server 2008 Unplugged Microsoft’s Data Platform Vinod Kumar Technology Evangelist – DB and BI
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
Hashing THEN AND NOW MIKE SMORUL – ADAPT PROJECT.
Presented by: Sanketh Beerabbi University of Central Florida.
Unix Security.  Security architecture  File system and user accounts  Integrity management  Auditing and intrusion detection.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
A Multimedia Presentation by Louis Balzani. o Source of extreme power o High elasticity o Large data centers generate 5-7x savings.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Preserving Electronic Mailing Lists as Scholarly Resources: The H-Net Archives Lisa M. Schmidt
LOGO Cloud Storage Oriented Cipher-text Search Protocol.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Big Data Security Issues in Cloud Management. BDWG Big Data Working Group Researchers 1: Data analytics for security 2: Privacy preserving 3: Big data-scale.
CMSC 818J: Privacy enhancing technologies Lecture 2.
PAWN: Producer-Archive Workflow Network
KEEPS – a system for UELMA preservation and security
Web Applications Security Cryptography 1
KEEPS – a system for UELMA preservation and security
Cryptographic Hash Function
Joseph JaJa, Mike Smorul, and Sangchul Song
Complete 1z0-161 Exam Dumps - Pass In 24 Hours - Dumps4download.us
NAAS 2.0 Features and Enhancements
Operational Dataset Update Functionality Included in the NCAR Research Data Archive Management System Zaihua Ji Doug Schuster Steven Worley Computational.
ACE – Auditing Control Environment
Presentation transcript:

ACE: A Software Tool to Ensure the Integrity of Digital Archives Principal Investigator: Joseph JaJa Graduate Student: Sangchul Song Lead Programmer: Michael Smorul University of Maryland, College Park

September 2009 GeoMapp 2 Using Hashes to Monitor Files Strong hashes can assert a file has not changed How to manage millions of hashes? How do you prove the hash value hasn’t changed? How do you prove a hash value was issued at a given time?

September 2009 GeoMapp 3 Audit Control Environment (ACE) Solves the problem of storing and verifying hashes. Secures hashes by issuing token for each file/hash to me monitored. Tokens contain a cryptographic proof that allows for 3 rd party auditing. One number stored externally is used to audit tokens and hashes.

September 2009 GeoMapp 4 Hash Authentication Hash 1Hash 6Hash 5Hash 3Hash 4Hash 2 Intermediate Hash Value Previous Round Hash CSI (one hash value) Challenge Hash IHV Gather Hashes During RoundCreate Merkel Tree For Supplied HashesLink to previous round Generate proof for hash

September 2009 GeoMapp 5 Token Sample SHA SHA-256 /SRB3_2_1f.tar T11:03: e869e2ce41ede3ceb3af50f8aa b3e67055b5b3d2787e2c294a95a869 6a d7b4ff660d499416fd45a20dde161eb68e59fedc0f58208ad86cf a6a d24e99435e817511eeb89ddc03afbc6a30f23e404847cc06 1aeaf2d76976cf9759b0d63bc7acdf9c6df68875bfc9bcc0e22c19401aab0133

September 2009 GeoMapp 6 How to scale? Two layers of Merkel tree 1.Short rounds(seconds), that generate Cryptographic Summary Information(CSI). 2.Each successive round includes previous CSI 3.Second, daily rounds comprised of all CSI’s for previous day. Daily tree root, called Witness can validate all CSI’s for a day. –Only 365/year generated. Very manageable! Two components, an Integrity Management Service(IMS), and Audit Manager(AM) were developed.

September 2009 GeoMapp 7 Components Integrity Management Service (remote) –Runs all hash aggregation, round generation, witness publication. –Stores CSI values –Generate proofs from CSI to witness –ims.umiacs.umd.edu Audit Manager (local) –Monitors local files –Determines audit policy –One or more per archive –Locally stores hashes and tokens

September 2009 GeoMapp 8 ACE – System Architecture

September 2009 GeoMapp 9 ACE Audit  Audit Local Files: Audit Manager periodically scans all files and compares stored digests with computed digests.  Assume valid hashes in database  Audit Local Manager: Manager computes round summary for each digest using that digest and its token. This is compared to value stored on the IMS.  Assume IMS returns valid summary information, do not trust hashes in database  IMS Audit: Round summaries are used to compute witness values. These are compared with offsite witness values.  Do not trust IMS, force IMS to prove its CSIs link to a witness

September 2009 GeoMapp 10 Audit Manager Downloadable, one or more per archive Monitors local files Simple Requirements –Java 1.6+ –Tomcat –MySQL Managed by archivist/librarian after install Monitor multiple collections on different architectures Hides all the complexity you just saw!

September 2009 GeoMapp 11 Performance Audit Manager (1.1beta3) 1.25 million false hashes (no bytes read) –Registration: 3h, 6m (112 files/s) –Audit: 1h, 15m (277 files/s) 1.25 million false data files (1.25Tb data) –Registration: 5h, 7m (67.8 files/s, 67.8MBytes/s) –Audit: 4h, 30m (77.2 files/s, 77.2MBytes/s) In practice, bottleneck tends to occur at archival resource, not AM. Chronopolis –5.5m files, over 20Tb in size

September 2009 GeoMapp 12 Future Directions Statistical sampling –Low-rate auditing, probability of error detection Cloud auditing –Data transfer costs $$$ –Is the cloud lying? Additional Storage Support –Web, ftp, smb

September 2009 GeoMapp 13 ACE Summary Third-party auditable Cryptographically rigorous yet cost-effective Scalable, High Performance Current Efforts –Provide public IMS –Create simple audit manager for local use

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.