Guidancepoint

Authenticated Key Exchange Protocols for Parallel Network File Systems


Specilization in Project     Posted on: 24 Aug 2018     | Project
Authenticated Key Exchange Protocols for Parallel Network File Systems

Abstract we study the problem of key establishment for secure many-to-many communications. The problem is inspired by the proliferation of large-scale distributed file systems supporting parallel access to multiple storage devices. Our work focuses on the current Internet standard for such file systems, i.e., parallel Network File system (pNFS), which makes use of Kerberos to establish parallel session keys between clients and storage devices.

Our review of the existing Kerberos-based protocol shows that it has a number of limitations:

(i) A metadata server facilitating key exchange between the clients and the storage devices has heavy workload that restricts the scalability of the protocol;

(ii) The protocol does not provide forward secrecy;

(iii) The metadata server generates itself all the session keys that are used between the clients and storage devices, and this inherently leads to key escrow. In this paper, we propose a variety of authenticated key exchange protocols that are designed to address the above issues. We show that our protocols are capable of reducing up to approximately 54% of the workload of the metadata server and concurrently supporting forward secrecy and e All this requires only a

All this requires only a small fraction of increased computation overhead at the client.

In a parallel file system, file data is distributed across multiple storage devices or nodes to allow concurrent access by multiple tasks of a parallel application. This is typically used in large-scale cluster computing that focuses on high performance and reliable access to large datasets. That is,higher I/O bandwidth is achieved through concurrent access to multiple storage devices within large compute clusters; while data loss is protected through data mirroring using fault-tolerant striping algorithms. Some examples of high-performance parallel file systems that are in production use are the IBM General Parallel File System (GPFS), Google File System (GoogleFS), Lustre, Parallel Virtual File System (PVFS), and Panasas File System; while there also exist research projects on distributed object storage systems such as Usra Minor [1], Ceph [52], XtreemFS [25],and Gfarm [50]. These are usually required for advanced scientific or data-intensive applications such as, seismic data processing, digital animation studios, computational fluid dynamics, and semiconductor manufacturing. In these environments, hundreds or thousands of file system clients share data and generate very high aggregate I/O load on the file system supporting petabyte- or terabyte-scale storage capacities.

Network File System (NFS) [46] is currently the sole file system standard supported by the Internet Engineering task Force (IETF). The NFS protocol is a distributed file system protocol originally developed by Sun Microsystems that allows a user on a client computer, which may be diskless, to access files over networks in a manner similar to how local storage is accessed. It is designed to be portable across different machines, operating systems, network architectures, and transport protocols. Such portability is achieved through the use of Remote Procedure Call (RPC) [51] primitives built on top of an eXternal Data Representation (XDR); with the former providing a procedure-oriented interface to remote services, while the latter providing a common way of representing a set of data types over a network. The NFS protocol has since then evolved into an open standard defined by the IETF Network.

Existing System

Study the problem of key establishment for secure many-to-many communications. The problem is inspired by the proliferation of large-scale distributed file systems supporting parallel access to multiple storage devices. Our work focuses on the current Internet standard for such file systems, i.e., parallel Network File System (pNFS), which makes use of Kerberos to establish parallel session keys between clients and storage devices. Our review of the existing Kerberos-based protocol shows that it has a number of limitations:

(i) A metadata server facilitating key exchange between the clients and the storage devices has heavy workload that restricts the scalability of the protocol;

(ii) The protocol does not provide forward secrecy;

(iii) the metadata server generates itself all the session keys that are used between the clients and storage devices, and this inherently leads to key escrow.

Proposed System

We propose a variety of authenticated key exchange protocols that are designed to address the above issues. We show that our protocols are capable of reducing up to approximately of the workload of the metadata server and concurrently supporting forward secrecy and escrow-freeness. All this requires only a small fraction of increased computation overhead at the client.

Proposed System Algorithms

Fault-tolerant striping algorithms.

Advantages

Finally, in the last augmented game, we can claim that the adversary has no advantage in winning the game since a random key is returned to the adversary. Our protocols offer three appealing advantages over the existing Kerberos-based pNFS protocol.