Open Access  Subscription or Fee Access

Server less distributed computing has received significant attention from both the industry and the research community. Among the most popular applications are the wide-area network file systems, exemplified by CFS, Far site, and Ocean Store. These file systems store files on a large collection of entrusted nodes that form an overlay network. They use cryptographic techniques to maintain file confidentiality and integrity from malicious nodes. Unfortunately, cryptographic techniques cannot protect a file holder from a denial-of-service (DoS) attack or a host compromise attack. Hence, most of these distributed file systems are vulnerable to targeted file attacks, wherein an adversary attempts to attack a small (chosen) set of files by attacking the nodes that host them. This paper presents Location Guard—a location hiding technique for securing overlay file storage systems from targeted file attacks.LocationGuard has three essential components: 1) location key, consisting of a random bit string (e.g., 128 bits) that serves as the key to the location of a file, 2) routing guard, a secure algorithm that protects accesses to a file in the overlay network given its location key such that neither its key nor its location is revealed to an adversary, and 3) a set of location inference guards, which refer to an extensible component of the Location Guard. Our experimental results quantify the overhead of employing Location Guard and demonstrate its effectiveness against DoS attacks, host compromise attacks, and various location inference attacks

File Systems, Overlay Networks, Denial-of-Service Attacks, Performance and Scalability, Location Hiding.

M.J. Atallah, M. Blanton, and K.B. Frikken, “IncorporatingTemporal Capabilities in Existing Key Management Schemes,”Proc.12th European Symp. Research in Computer Security (ESORICS),2007.

J.K.B. Zhao and A. Joseph, “Tapestry: An Infrastructure for Fault-Tolerance Wide-Area Location and Routing,” Technical ReportUCB/CSD-01-1141, Univ. of California, Berkeley, 2001.

Cohen and D. Jefferson, “Protection in the Hydra OperatingSystem,” Proc. Fifth ACM Symp. Operating System Principles (SOSP),1975.

Dabek, M.F. Kaashoek, D. Karger, R. Morris, and I. Stoica,“Wide-Area Cooperative Storage with CFS,” Proc. 18th ACMSymp. Operating System Principles (SOSP ’01), Oct. 2001.

R. Droms, Dynamic Host Configuration Protocol, IETF RFC 2131,http://www.faqs.org/rfcs/rfc2131.html, 2008.

D. Eastlake and P. Jones, US Secure Hash Algorithm I, IETF RFC3174, http://www.ietf.org/rfc/rfc3174.txt, 2001.

Aspectj Compiler, Eclipse, http://eclipse.org/aspectj, 2008.

Data Encryption Standard (DES), FIPS, http://www.itl.nist.gov/fipspubs/fip46-2.htm, 2008.

The Gnutella Home Page, Gnutella, http://gnutella.wego.com/,2008.

E.J. Goh, H. Shacham, N. Modadugu, and D. Boneh, “SiRiUS:Securing Remote Untrusted Storage,” Proc. 10th Ann. Network andDistributed System Security Symp. (NDSS), 2003.

T. Jaeger and A.D. Rubin, “Preserving Integrity in Remote FileLocation and Retrieval,” Proc. Ann. Network and Distributed SystemSecurity Symp. (NDSS), 1996.

Keromytis, V. Misra, and D. Rubenstein, “SOS: Secure OverlayServices,” Proc. ACM SIGCOMM, 2002.

H. Krawczyk, M. Bellare, and R. Canetti, HMAC: Keyed-Hashing forMessage Authentication, IETF RFC 2104, http://www.faqs.org/rfcs/rfc2104.html, 2008.

J. Kubiatowics, D. Bindel, Y. Chen, S. Czerwinski, P. Eaton,D. Geels, R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer,C. Wells, and B. Zhao, “OceanStore: An Architecture forGlobal-Scale Persistent Storage,” Proc. Ninth Int’l Conf. Archi¬tectural Support for Programming Languages and OperatingSystems (ASPLOS ’00), Nov. 2000.

The Caesar Cipher, MathWorld, http://www.mathworld.com, 2008.

Shannon Entropy, MathWorld, http://mathworld.wolfram.com/Entropy.html, 2008.

AES: Advanced Encryption Standard, NIST, http://csrc.nist.gov/CryptoToolkit/aes/, 2008.

OpenSSL, OpenSSL,http://www.openssl.org/, 2008.

OpenSSL, Timing-Based Attacks on RSA Keys,http://www.openssl.org/news/secadv_20030317.txt, 2008.

S. Rafaeli and D. Hutchison, “A Survey of Key Managementfor Secure Group Communication,” J. ACM Computing Surveys,vol. 35, no. 3, 2003.

S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker,“A Scalable Content-Addressable Network,” Proc. ACMSIGCOMM ’01, Aug. 2001.

R. Rivest, The MD5 Message-Digest Algorithm, IETF RFC 1321,http://www.ietf. org/rfc/rfc1321.txt,1992.

Rowstron and P. Druschel, “Pastry: Scalable, DistributedObject Location and Routing for Large-Scale Peer-to-PeerSystems,” Proc. 18th IFIP/ACM Int’l Conf. Distributed SystemsPlatforms (Middleware ’01), Nov. 2001.

Singh and M. Srivatsa, “Apoidea: Decentralized P2P WebCrawling,” Proc. SIGIR Workshop Distributed Information Retrieval,2003.

M. Srivatsa and L. Liu, “Vulnerabilities and Security Issues inStructured Overlay Networks: A Quantitative Analysis,” Proc.20th Ann. Computer Security Applications Conf. (ACSAC), 2004.