energetic key exchange protocol authentication for similar network file systems

IJIRST –International Journal for Innovative Research in Science & Technology| Volume 2 | Issue 05 | October 2015 ISSN (online): 2349-6010

All rights reserved by www.ijirst.org 88

Energetic Key Exchange Protocol Authentication

for Similar Network File Systems

M. Rengasamy P. Anitha

Lecturer Assistant Professor

Department of Information and Communication Technology Department of Master of Computer Application

Eckernforde Tanga University, Tanzania, East Africa Eckernforde Tanga University, Tanzania, East Africa

Abstract

The key establishment difficulty is the most important issue and we learn the trouble of key organization for secure many to

many communications for past several years. The difficulty is enthused by the propagation of huge level dispersed file systems

behind parallel admission to manifold storage space plans. Our task focal points on the present Internet ordinary for such file

systems that is parallel Network File System [pNFS], which creates employ of Kerberos to set up similar session keys flanked by

clients and storage strategy. Our appraisal of the obtainable Kerberos bottom procedure demonstrates that it has a numeral of

boundaries: (a) a metadata server make possible key swap over sandwiched between the clients and the storage devices has

important workload that put a ceiling on the scalability of the procedure; (b) the procedure does not make available frontward

confidentiality; (c) the metadata server produces itself all the assembly keys that are used between the clients and storage

devices, and this intrinsically shows the way to key escrow. In this system, we suggest a assortment of authenticated key swap

over procedures that are intended to tackle the above problems. We demonstrate that our procedures are competent of

plummeting up to roughly 54% of the workload of the metadata server and concomitantly at the bottom of onward

confidentiality and escrow freeness. All this necessitates only a minute portion of greater than before calculation in the clouds at

the client.

Keywords: Network, Key Swap Over, File System, Authentication System, Secrecy, Security

_______________________________________________________________________________________________________

I. INTRODUCTION

In a similar file system, file information is dispersed crossways manifold storage devices or nodes to permit simultaneous right of

entry by manifold tasks of a similar submission. This is characteristically second-hand in major cluster computing that spotlights

on far on top of the position arrangement and trustworthy admission to great datasets. That is, superior I/O bandwidth is

accomplished from end to end simultaneous right of entry to numerous storage devices inside great work out clusters, at the same

time as information beating is sheltered through information mirror by means of responsibility broadminded striping algorithms.

A number of instances of far above the ground presentation equivalent file systems that are in manufacture use are the IBM

General Parallel File System (GPFS) [1], Google File System (GoogleFS) [2], Lustre [3], Parallel Virtual File System (PVFS)

[4], and Panasas File System [5]; while there also continue living investigate projects on dispersed thing storage space schemes

such as Usra Minor [6], Ceph [7], XtreemFS [8], and Gfarm [9]. These are more often than not essential for highly developed

technical or data concentrated submissions such as, seismic data processing, digital animation studios, computational fluid

dynamics, and semiconductor manufacturing. In these surroundings, hundreds or thousands of file system clients share

information and produce extremely elevated collective I/O freight on the file system at the bottom of peta byte or terabyte

balance storage ability.

Our most important objective in this vocation is to plan well-organized and protected genuine key swap over procedures that

get together unambiguous necessities of pNFS. Predominantly, we challenge to get together the subsequent advantageous

possessions, which moreover have not been adequately accomplished or are not attainable by the present Kerberos based

solution:

Scalability A.

The metadata server make possible right of entry requirements from a client to manifold storage devices be supposed to bear as

modest workload as probable such that the server will not turn out to be a presentation bottleneck, but is competent of underneath

incredibly great figure of clients;

Forward Secrecy B.

The procedure should assurance the safety of history session keys when the long-standing clandestine key of a client or a storage

device is negotiation [10]; and

Energetic Key Exchange Protocol Authentication for Similar Network File Systems (IJIRST/ Volume 2 / Issue 05/ 014)


Escrow Free C.

The metadata server should not be taught any sequence about any assembly key used by the client and the storage device, make

available there is no conspiracy in the middle of them.

The main results of this paper are three new provably protected genuine key exchange procedures. Our procedures, more and

more calculated to accomplish each of the above possessions, make obvious the trade-offs between competence and safety

measures. We give you an idea about that our protocols can diminish the workload of the metadata server by in the region of half

measured up to the current Kerberos based procedure, while achieving the desired security properties and observance the

computational in the clouds at the clients and the storage devices at a rationally near to the ground level. We identify a proper

refuge model and demonstrate that our procedures are protected in the representation.

II. SECURITY CONSIDERATION

Previous descriptions of NFS listening carefully on straightforwardness and competence, and were intended to employment well

on intranets and restricted networks. Afterward, the afterward versions aspire to get better access and presentation within the

Internet environment. However, safekeeping has then become a greater concern. Among many other sanctuary issues, user and

server authentication within an open, dispersed, and cross-domain environment are a difficult matter. Key management can be

tedious and luxurious, but an important aspect in ensuring security of the system. Moreover, data time alone may be critical in

high performance and parallel applications, for example, persons associated with biomedical in sequence sharing, financial data

processing and analysis and drug simulation & discovery.

Hence, distributed storage devices pose greater risks to various security threats, such as illegal modification or stealing of data

residing on the storage devices, as well as interception of data in transit between different nodes within the system. NFS (since

version 4), therefore, has been mandating that implementations support end-to-end authentication, where a user (through a client)

mutually authenticates to an NFS server. Moreover, consideration should be given to the integrity and privacy (confidentiality)

of NFS requests and responses. The RPCSEC GSS framework is currently the core security component of NFS that provides

basic security services. RPCSEC GSS allows RPC protocols to access the Generic Security Services Application Programming

Interface (GSS-API). The latter is used to facilitate exchange of credentials between local and remote communicating parties, for

example between a client and a server, in order to establish a security context.

The GSS-API achieves these through an interface and a set of generic functions that are independent of the underlying security

mechanisms and communication protocols employed by the communicating parties. Hence, with RPCSEC GSS, various security

mechanisms or protocols can be employed to provide services such as, encrypting NFS traffic and performing integrity check on

the entire body of an NFSv4 call. Similarly, in pNFS, communication between the client and the metadata server are

authenticated and protected through RPCSEC GSS. The metadata server grants access permissions (to storage devices) to the

client according to pre-defined access control lists (ACLs). The client’s I/O request to a storage device must include the

corresponding valid layout. Otherwise, the I/O request is rejected.

In an environment where eavesdropping on the communication between the client and the storage device is of sufficient

concern, RPCSEC GSS is used to provide privacy protection.

Parallel Sessions A.

Parallel secure sessions between the clients and the storage devices in the parallel Network File System (pNFS). The current

Internet standard—in an efficient and scalable manner. This is similar to the situation that once the adversary compromises the

long-term secret key, it can learn all the subsequence sessions. If an honest client and an honest storage device complete

matching sessions, they compute the same session key. Second, two our protocols provide forward secrecy: one is partially

forward securing with respect to multiple sessions within a time period.

Authenticated Key Exchange B.

Our primary goal in this work is to design efficient and secure authenticated key exchange protocols that meet specific

requirements of pNFS. The main results of this paper are three new provably secure authenticated key exchange protocols. We

describe our design goals and give some intuition of a variety of pNFS authenticated key exchange6 (pNFS-AKE) protocols that

we consider in this work.



Fig. 1: Flow Diagram of the Proposed System Design

Forward Secrecy C.

The protocol should guarantee the security of past session keys when the long-term secret key of a client or a storage device is

compromised. However, the protocol does not provide any forward secrecy. To address key escrow while achieving forward

secrecy simultaneously, we incorporate a Diffie- Hellman key agreement technique into Kerberos-like pNFS-AKE-I. However,

note that we achieve only partial forward secrecy (with respect to v), by trading efficiency over security.

III. CONCLUSION

We planned three genuine key swaps over protocols for parallel network file system (pNFS). Our procedures present three

attractive compensations over the obtainable Kerberos based pNFS procedure. Primary, the metadata server implementing our

procedures has much subordinate workload than that of the Kerberos based move toward. Subsequent, two our procedures make

available frontward confidentiality: one is incompletely frontward protected [with admiration to manifold assemblies within an

occasion era], at the same time as the additional is completely onward protected [with admiration to an assembly). Next, we have

intended a procedure which not only make available onward confidentiality, other than is too escrowing gratis..

REFERENCES

[1] F.B. Schmuck and R.L. Haskin. GPFS: A shared-disk files system for large computing clusters. In Proceedings of the 1st USENIX Conference on File and

Storage Technologies (FAST), pages 231–244. USENIX Association, Jan 2002. [2] S. Ghemawat, H. Gobioff, and S. Leung. The Google file system. In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP),

pages 29–43. ACM Press, Oct 2003.

[3] Lustre. http://www.lustre.org. [4] Parallel virtual file systems (PVFS) version 2. http://www.pvfs.org.



[5] B. Welch, M. Unangst, Z. Abbasi, G.A. Gibson, B. Mueller, J. Small, J. Zelenka, and B. Zhou. Scalable performance of the Panasas parallel file system. In

Proceedings of the 6th USENIX Conference on File and Storage Technologies (FAST), pages 17–33. USENIX Association, Feb 2008. [6] M. Abd-El-Malek, W.V. Courtright II, C. Cranor, G.R. Ganger, J. Hendricks, A.J. Klosterman, M.P. Mesnier, M. Prasad, B. Salmon, R.R. Sambasivan, S.

Sinnamohideen, J.D. Strunk, E. Thereska, M. Wachs, and J.J. Wylie. Ursa Minor: Versatile cluster-based storage. In Proceedings of the 4th USENIX

Conference on File and Storage Technologies (FAST), pages 59–72. USENIX Association, Dec 2005. [7] S.A. Weil, S.A. Brandt, E.L. Miller, D.D.E. Long, and C. Maltzahn. Ceph: A scalable, high-performance distributed file system. In Proceedings of the 7th

Symposium on Operating Systems Design and Implementation (OSDI), pages 307–320. USENIX Association, Nov 2006.

[8] F. Hupfeld, T. Cortes, B. Kolbeck, J. Stender, E. Focht, M. Hess, J. Malo, J. Marti, and E. Cesario. The XtreemFS architecture – a case for objectbased file systems in grids. Concurrency and Computation: Practice and Experience (CCPE), 20(17):2049–2060. Wiley, Dec 2008.

[9] O. Tatebe, K. Hiraga, and N. Soda. Gfarm grid files system. New Generation Computing (NGC), 28(3):257–275. Springer, Jul 2010.

[10] A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.

energetic key exchange protocol authentication for similar network file systems

Documents