CBL ServersCBL ServersWe are taking careWe are taking care

ACB SystemACB System

What is this aboutWhat is this about

A user can download and launch ACBpoint application with A user can download and launch ACBpoint application with just a single click from our Web server using Java Web Start just a single click from our Web server using Java Web Start Technology.Technology.

Anytime user can have access to the latest version of the Anytime user can have access to the latest version of the application.application.

The user’s privacy is never compromised.The user’s privacy is never compromised.

Java Web Start provides information about application’s Java Web Start provides information about application’s origin based on certificates and gives to the user the origin based on certificates and gives to the user the possibility to check them.possibility to check them.

Suppose that one of our system’s server is compromised.Suppose that one of our system’s server is compromised.The administrator will make the appropriate changes and, The administrator will make the appropriate changes and, next time when the user accesses the system, updates will be next time when the user accesses the system, updates will be automatically downloaded. In this way the communication automatically downloaded. In this way the communication with a possible malicious server is eliminated.with a possible malicious server is eliminated.

How users can join usHow users can join us

ACBpoint user’s authorization and authenticationACBpoint user’s authorization and authentication is achievedis achievedusingusing Zero Knowledge Protocol Zero Knowledge Protocol..

A user accesses ACB system for the first time, he will choose his A user accesses ACB system for the first time, he will choose his own own loginlogin and and passwordpassword, but this password will never be sent to , but this password will never be sent to the server, the user will just prove he knows it.the server, the user will just prove he knows it.Instead, his Instead, his public keypublic key y, y, computed like computed like will be sent to the server and stored in the database.will be sent to the server and stored in the database.

The sequence of exchanged messages in The sequence of exchanged messages in Zero Knowledge ProtocolZero Knowledge Protocol::

Server accepts the user if Server accepts the user if

The idea is similar to Schnorr’s signature.The idea is similar to Schnorr’s signature.

The power of the protocol is based on discrete logarithm problem.The power of the protocol is based on discrete logarithm problem.

SHA-1 hash function is used.SHA-1 hash function is used.

)( passwordhx qgy x mod

hServerUser :hxksServerUser :

)(mod: qgrServerUser k ((user sends commitment to the serveruser sends commitment to the server))

((server challenges the user)server challenges the user)

((user responds to the server’s challenge)user responds to the server’s challenge)

hs ygr

Security in ACB SystemSecurity in ACB System

Transmitted files between users are encrypted using symmetric Transmitted files between users are encrypted using symmetric key cryptography, Triple key cryptography, Triple DESDES algorithm. algorithm.

Secure channels – using Secure channels – using SSLSSL sockets sockets (Java TM Secure Socket Extension ((Java TM Secure Socket Extension (JSSEJSSE))))

Secure channel between Secure channel between ACBpointACBpoint user and user and CBLCBL server server SSL SSL socket with one way authenticationsocket with one way authentication (user must trust the (user must trust the CBLCBL server) server)

CBLCBL servers have certificates from a Certificate Authority servers have certificates from a Certificate Authority ((www.thawte.comwww.thawte.com) and the user supposed to trust this CA.) and the user supposed to trust this CA.

Secure channel betweenSecure channel between CBL CBL servers servers SSL SSL socket with both way authentication socket with both way authentication (the servers from the system must trust each other)(the servers from the system must trust each other)

Others security featuresOthers security features

CBLs:(servers)

ACBpoints:(users)

Server of user certificates & Billing register &

Locator

User peer

Server of user certificates & Billing register &

Locator

Distributed database (Primary-Backup protocol)Sockets (TCP/IP)

User peer

Direct communication (initiated by using the CBLs)Sockets (TCP/IP)

Sockets(TCP/IP)

Web Site for advertisement &

ACBpoint downloading

User node(Out of the system)

Administrators

Sockets (TCP/IP)

CBLcc:

(updates)

The Big PictureThe Big Picture

CommunicationCommunication

• No overheads because of using a heavy No overheads because of using a heavy middleware form a third partymiddleware form a third party

• Power and flexibility still presentPower and flexibility still present

• The layer is more appropriate for our case The layer is more appropriate for our case then any otherthen any other

• No inheritance of bugs (we created ours No inheritance of bugs (we created ours ))

Own communication middlewareOwn communication middleware

Communication Communication – cont.– cont.

Security (SSL)Security (SSL)

Compression (GZIP)Compression (GZIP)

Sockets (TCP/IP)Sockets (TCP/IP)

Object-byte stream conversionObject-byte stream conversion

Type resolving and handlers invocationType resolving and handlers invocation

Handler 1Handler 1 Handler NHandler NHandler 2Handler 2

Fails detection and recoveringFails detection and recovering

User layer

Serverside only

Guarantees certain profit to it’s owner and remains Guarantees certain profit to it’s owner and remains available for the users more than 99% of the timeavailable for the users more than 99% of the time

It provides high availability to the services such as:It provides high availability to the services such as:• RegistrationRegistration• Publishing and SharingPublishing and Sharing• SearchingSearching• BillingBilling• Viewing user’s accountViewing user’s account

High AvailabilityHigh Availability

Requests are sent to the Primary or to a Backup – Requests are sent to the Primary or to a Backup – ensuring avoidance of bottleneck and overloading of the ensuring avoidance of bottleneck and overloading of the Primary. We are providing Load-Balancing in our system.Primary. We are providing Load-Balancing in our system.• To PrimaryTo Primary – registration/deletion of users, publishing, – registration/deletion of users, publishing,

sharing, sell transactions, billing, etc.sharing, sell transactions, billing, etc.• To BackupTo Backup – the most resource dependent request – the most resource dependent request

(Searching); retrieving read-only data(Searching); retrieving read-only data

High availability is achieved by data replication using High availability is achieved by data replication using Primary-Backup protocolPrimary-Backup protocol

Owners Owners • Guaranteed profitGuaranteed profit

ProvidersProviders• Guaranteed secured sharing of data and receiving correct Guaranteed secured sharing of data and receiving correct

amount of money for each downloadamount of money for each download

ConsumersConsumers• Guaranteed secured searching and paying correct Guaranteed secured searching and paying correct

amount of money after each downloadamount of money after each download

Administrators Administrators

• Guaranteed easy life Guaranteed easy life

Guaranteed highly available services to Guaranteed highly available services to the main system actorsthe main system actors

Transaction SchemeTransaction Scheme

Server (for billing)Server (for billing)

1)Request File1)Request File

2)Encrypt file2)Encrypt file

3)Begin Sell Transaction3)Begin Sell Transaction

4)Send file (encrypted)4)Send file (encrypted)

5)End Sell Transaction5)End Sell Transaction

6)Charging consumer, adding money to provider 6)Charging consumer, adding money to provider (+1% commission)(+1% commission)

7)Give the key7)Give the key

8)Decrypt file8)Decrypt file

Therefore, the following operations are fault tolerantTherefore, the following operations are fault tolerant

SearchingSearchingSharingSharingManaging accountManaging accountBilling.Billing.

We do not control peer behavior (a user can switch of his PC any We do not control peer behavior (a user can switch of his PC any time), so the operation Download is not fault tolerant.time), so the operation Download is not fault tolerant.

The System provides correct service for the following types of The System provides correct service for the following types of failures (Transient, that arise under unlikely circumstances)failures (Transient, that arise under unlikely circumstances)

Link failuresLink failuresServer failuresServer failures

What the client does, it reconnects to the next available server What the client does, it reconnects to the next available server (backup). Most important, the user does not see them. They are (backup). Most important, the user does not see them. They are detected early and masked. detected early and masked.

If there are no more available servers, the client shutdowns. Fail-If there are no more available servers, the client shutdowns. Fail-Stop failure model in this case, in order to avoid incorrect Stop failure model in this case, in order to avoid incorrect operation. operation.

Fault toleranceFault tolerance

ACB System in real lifeACB System in real life

• CBL – Servers (Primary/Backup)CBL – Servers (Primary/Backup)

• ACBpoint – client applicationsACBpoint – client applications

• CBLcc – control centersCBLcc – control centers

(3 JAR files!)(3 JAR files!)

CBL - serverCBL - server

Searching…

Publishing (Sharing)…

Logging for maintaining and debugging:Logging for maintaining and debugging:

ACBpoint - client app.ACBpoint - client app.

Searching…

Publishing (Sharing)…

Sharing:Sharing:

SearchingSearching…

ACBpoint - client app.ACBpoint - client app.

Searching…

DownloadingDownloading…

ACBpoint - client app.ACBpoint - client app.

Searching…

Publishing (Sharing)…

Managing of the account:Managing of the account:

ACBpoint - client app.ACBpoint - client app.

CBLcc - control centerCBLcc - control center

Searching…

Publishing (Sharing)…

Manage Account…Control Center for administrators

Managing of the CBLs:Managing of the CBLs:

DemoDemo

Main goal:Main goal:

To show that our system can be To show that our system can be deployed to life deployed to life tomorrow!tomorrow!

Solution:Solution:

Extreme Extreme testing!testing!

Thousands of users exploit the system Thousands of users exploit the system and in same time we are doing turn-on – and in same time we are doing turn-on – turn-off, turn-on, turn-off…turn-off, turn-on, turn-off…

Questions?Questions?

http://www.andrew.cmu.edu/course/18-842/index.htm

Alexander Stasiv: asta@ait.edu.gr

Gergana Krumova: gkru@ait.edu.gr

Lazar Adzigogov: ladz@ait.edu.gr

Mariana Marin: mmar@ait.edu.gr

For any more detailed questions you can For any more detailed questions you can contact as:contact as:

Web site:Web site: