A Versatile Storage System as Infrastructure for Future

  • Slides: 29
Download presentation
A Versatile Storage System as Infrastructure for Future Networking Prof. Xiaohua Jia, City University

A Versatile Storage System as Infrastructure for Future Networking Prof. Xiaohua Jia, City University of Hong Kong Mr. Jianfei He, Huawei Technologies Co. Ltd. 1

Outline o Motivations and Objectives o System Architecture o System Design and Implementation o

Outline o Motivations and Objectives o System Architecture o System Design and Implementation o Conclusion 2

Motivations Giant Application Service Providers (ASPs) monopolize the markets based on ◦ Users’ data

Motivations Giant Application Service Providers (ASPs) monopolize the markets based on ◦ Users’ data ◦ Users’ social relations 3

Motivations What are the consequences? o Users’ data and social relations are locked in

Motivations What are the consequences? o Users’ data and social relations are locked in ASPs attract users not by their Qo. S, but by users’ data and social relations o User’s social relations are fragmented on multiple ASPs, and publish-subscribe of user’s data is limited within the scope of an ASP o Small and medium companies are denied of opportunities to enter the business o …… 4

System Background o Many ICN (Information Centric Networks) projects, e. g. , NDN, Net.

System Background o Many ICN (Information Centric Networks) projects, e. g. , NDN, Net. Inf, PURSUIT, etc. , cache the data on routers along the path it travels o New effort of Nf. V (Network Function Virtualization) replaces specialized routers (a box of H/W+S/W) by general purpose computer servers o There are huge amount of under-utilized storage and computing powers on routers all over the Internet o Our aim: build a versatile storage infrastructure for users 5

Design Objectives o Decouple users' data from ASPs The infrastructure stores users data and

Design Objectives o Decouple users' data from ASPs The infrastructure stores users data and provides content services to ASPs. o Decouple users’ social relations from ASPs The information of users social relations is integrated into the infrastructure for data publish-subscribe. o Support general data communications The infrastructure can support data networking services, such as online video chat. 6

System Architecture Presentation Layer ASPs or APPs: use data from VSS to provide advanced

System Architecture Presentation Layer ASPs or APPs: use data from VSS to provide advanced services to end users. Information Layer VSS (Versatile Storage System): responsible for content storage, access control, publishing/ subscribing, and distribution. 7

Example: decouple users social relations from ASPs - Manage social relations of users -

Example: decouple users social relations from ASPs - Manage social relations of users - Support content publish-subscribe services: access control, publishing and subscribing, …… 1. Alice sends a “friend” request to Bob in Facebook app Alice Facebook Client App Bob 2. Bob sees Alice become his follower in Weibo app, then Bob “follows” Alice back. Weibo Client App 3. Bob becomes Alice’s friend in Facebook app 8

Example: decouple users data from ASPs 4. Alice posts a message to “Friends” in

Example: decouple users data from ASPs 4. Alice posts a message to “Friends” in Facebook app Alice Facebook Client App Bob 5. Bob can see the message in Weibo app Weibo Client App 9

Vertical and Horizontal Interfaces o Vertical interface - Provide standard APIs User-Network Interface (UNI)

Vertical and Horizontal Interfaces o Vertical interface - Provide standard APIs User-Network Interface (UNI) to all ASPs - Any ASP can provide content services based on the information layer of VSS o Horizontal interface - VSS consists of multiple autonomous service domains - Interconnected by “thin” Network-Network Interface (NNI) inter-domain interface Domain 1 (China) Domain 2 (UK) Domain 3 (USA) 10

Support of data networking and communications o Data communication based on file systems -

Support of data networking and communications o Data communication based on file systems - Integrate networking service into data service - Support general data communication o Real-time communication - Support inter-person real-time communication 11

System Designs o o Management of user data Management of users social relations Roaming

System Designs o o Management of user data Management of users social relations Roaming of users Security and privacy 12

Prototype implementation of VSS A prototype of VSS is implemented on top of HBase

Prototype implementation of VSS A prototype of VSS is implemented on top of HBase 13

Management of User Data Users can use either a client application or a web

Management of User Data Users can use either a client application or a web interface (web browser) to upload local files to or download files from the VSS system. User Client Application User Web Interface 14

Management of social relations VSS manages basic social relations of users o VSS manages

Management of social relations VSS manages basic social relations of users o VSS manages the contact lists and contact groups, decoupling users’ social relations from ASPs o ASPs calls VSS to get social relations of users for content publishing 15

Modeling of social relations VSS models general types of user social relations on the

Modeling of social relations VSS models general types of user social relations on the Internet o 1 -way friendship: Weibo, Twitter, address book, contact list o 2 -way friendship: QQ, We. Chat, Line, Whats. App, Skype, Facebook o Workgroups / teams: Dropbox shared folder, Sky. Drive Groups, QQ / We. Chat groups 16

Example: ASP-independent information publication o Alice (in China) shares a photo to her friends

Example: ASP-independent information publication o Alice (in China) shares a photo to her friends Bob and Cathy o VSS China domain stores the photo and sends the notifications to the home domains of Bob and Cathy respectively o Bob & Cathy can see the photo via any application o Once the photo is deleted by Alice, all references to this photo is removed from the entire system Bob @ USA Domain Alice @ China Domain UK Domain Cathy @ UK 17

Real-time interactive communication in VSS o Shared files are used as communication medium o

Real-time interactive communication in VSS o Shared files are used as communication medium o The sender writes data to a file and informs the receiver by placing a token in receiver’s space o The receiver checks the token at fixed interval and reads the data from the file when the data becomes available o The synchronization frequency depends on the real-time requirement o Demo File Alice Client App Bob 18

Handling of user roaming The data accessed by a roaming user shall be transferred

Handling of user roaming The data accessed by a roaming user shall be transferred from its home domain to the destination domain. 19

Handling of user roaming Why consider user roaming? o A user’s information is stored

Handling of user roaming Why consider user roaming? o A user’s information is stored and managed by his home domain Requirements of roaming handling o Remote authentication of users There shall be a simple and efficient method to authenticate a roaming user so that the access permission can be assigned to the user o Local & remote execution of commands Some commands can only be executed locally (or passed back to the home domain for execution if the user is in a remote domain) for security reasons or performance reasons o Caching and data pre-fetch The domain shall be able to utilize its local cache to improve users’ roaming experience 20

Uniform security and privacy scheme Security issues o Storage security: all stored data can

Uniform security and privacy scheme Security issues o Storage security: all stored data can be auto-encrypted if user wishes o Security for cross-domain: interoperation and communications Secure both the data storage and the communication channels! Inter-domain channel 21

Privacy-preserving access control: Hide access control information from VSS o Suppose users do not

Privacy-preserving access control: Hide access control information from VSS o Suppose users do not fully trust VSS. Users would worry: o VSS may give data access to unauthorized people o VSS can see access control policy o Diffie-Hellman Key-based Access Control Scheme: use Diffie-Hellman code to encrypt users’ ID in access control list o No need of an independent trustable key-distributor (nor key exchange) o VSS cannot know access control policy of data o VSS cannot know who access the data Data Owner A Data User B Define access policy Access data

Secure content publish-subscribe: Hide content from VSS o ASPs use VSS platform to publish

Secure content publish-subscribe: Hide content from VSS o ASPs use VSS platform to publish content to users, but do not want to disclose the content to VSS o Asymmetric encryption is not applicable because it requires a trusted third party to verify the true identities of users o No key-exchange can be done through VSS o No need for users (subscribers) to manage too many keys for publishers 23

Protocol design (1): subscription o Step 1: Subscription o Subscriber sends sub_request and key

Protocol design (1): subscription o Step 1: Subscription o Subscriber sends sub_request and key material Ysub to publisher o Ysub = g. Rsub mod p, // g and p are public parameters in Diffie-Hellman code o Rsub= PRNG(SKsub , IDpub) , // Sksub is the secret key of subscriber, IDpub the ID of publisher, PRNG a pseudo random number generator. secret 24

Protocol design (2): publishing o Step 2. Publishing o For ith publication, publisher generates

Protocol design (2): publishing o Step 2. Publishing o For ith publication, publisher generates a new key Ki and key material Ypub o Ki = Ysub. Ri mod p o Ypub = g. Ri mod p // Ri is a random number for ith publication secret o Publisher encrypts data by Ki and sends ciphertext and Ypub to VSS cannot recover Ki or decrypt the data, even with the key materials Ysub and Ypub (it doesn’t know Rsub and Ri) 25

Protocol design (3): content delivery o Step 3. VSS delivers the ith ciphertext and

Protocol design (3): content delivery o Step 3. VSS delivers the ith ciphertext and Ypub to subscriber o Subscriber generates the decryption key on the fly: 1. Recover the same random number as in step 1: Rsub=PRNG(SKsub , IDpub) 2. Generate decryption key Ki’ = Ypub. Rsub mod p 3. Note: Ki’ = Ypub. Rsub mod p = g Ri * Rsub mod p = Ysub. Ri mod p = Ki o A subscriber only needs to keep its own secret key SKsub for all ASPs and it does NOT need to manage many Rsub of publishers 26

Conclusion o VSS decouples ASPs from users' data and users' social relations. ASPs have

Conclusion o VSS decouples ASPs from users' data and users' social relations. ASPs have to rely on better quality services to win user groups. o VSS integrates file services with traditional networking services. It can be used as universal communication platform. o VSS provides uniform security / privacy scheme, making users’ data and communication more secure. 27

Current Status of VSS o Huawei has started 2 nd stage of VSS system,

Current Status of VSS o Huawei has started 2 nd stage of VSS system, focusing on the implementation and promotion of VSS concept. o The project plans to build a world-wide university information sharing system, called Edu. Sharing: o Provide free storage for individuals (students & professors) o Aim to create a uniform platform for universities to share data with requirements of protecting data ownership, data security and privacy o Unify data storage and access control under various applications and in different social networks 28

Thank You! 29

Thank You! 29