a versatile storage system for future networking architecture prof. xiaohua jia city university of...
TRANSCRIPT
1
A Versatile Storage System for Future Networking Architecture
Prof. Xiaohua JiaCity University of Hong Kong
2
Outlineo Motivations and Objectives
o System Architecture
o System Design and Implementation
o Conclusion
3
Motivations Giant Application Service Providers (ASPs) monopolize the markets based on◦ Users’ data ◦ Users’ social relations
Data RelationsData RelationsData Relations
4
Motivations What are the consequences? o Users’ data and social relations are locked in ASPs. ASPs win
users not by their QoS, but by users’ data and social relationso Small and medium companies are denied of opportunities to
enter the businesso User’s social relations are fragmented on multiple ASPs, and
publish-subscribe of user’s data is limited within the scope of an ASP
o ……
5
System Backgroundo Many ICN (Information Centric Networks) projects, e.g., NDN, NetInf,
PURSUIT, etc., cache the data in routers along the path it travels
o New effort of NFV (Network Function Virtualization) replaces traditional routers by general purpose computer servers
o There are huge amount of under-utilized storage and computing powers on routers all over the Internet
o Our aim: build a versatile storage infrastructure for users
6
Design Objectiveso Decouple users' data from ASPs
The infrastructure stores users data and provides content services to ASPs.
o Decouple users’ social relations from ASPsThe information of users social relations is integrated into the infrastructure for data publish-subscribe.
o Support general data communications The infrastructure can support data networking services, such as online video chat.
7
System Architecture
Presentation LayerASPs or APPs: use data from VSS to provide advanced services to end users.
Information LayerVSS (Versatile Storage System): responsible for content storage, access control publishing/ subscribing, and distribution.
VSS Domain 1 VSS Domain 2 VSS Domain N
...
ASPs
User-to-Network Interface (UNI)
VSS
8
Example: decouple users social relations from ASPs
- Manage social relations of users
- Support content publish-subscribe services: access control, publishing and subscribing, ……
Alice Bob
Facebook Client App Weibo Client App
1. Alice sends a “friend” request to Bob in Facebook app
2. Bob sees Alice become hisfollower in Weibo app, then
Bob “follows” Alice back.
3. Bob becomes Alice’s friend in Facebook app
Data Relations
9
Example: decouple users data from ASPs
4. Alice posts a message to “Friends” in Facebook app
5. Bob can see the message in Weibo app
Alice Bob
Weibo Client AppFacebook Client App
Data Relations
10
Vertical and Horizontal Interfaceso Vertical interface
- Any ASPs can provide content services based on the information layer of VSS- Provide standard APIs User-Network Interface (UNI) to all ASPs
inter-domain interface inter-domain interface
Domain 1 (China) Domain 2 (UK) Domain 3 (USA)
o Horizontal interface- VSS consists of multiple autonomous service domains- Interconnected by “thin” Network-Network Interface (NNI)
VSS Domain 1 VSS Domain 2 VSS Domain N
...
ASPs
User-to-Network Interface (UNI)
VSS
11
Support of data networking and communicationso Data communication based on file systems
- Integrate data service with networking service
- Support general data communication
o Real-time communication- Support inter-person real-time communication
12
System Designso Management of user datao Management of users social relationso Roaming of userso Security and privacy
13
Management of User Data
VSS is currently implemented on top of HBase
VSS HDFS
HBase Distributed File System
Access Control IndexingNetwork
communication
User-to-Network Interface Network-to-Network Interface
Middleware
Users’ Data (Files) Users’ relations
14
Management of User Data
Users can use either a client application or a web interface (web browser) to upload local files to or download files from the VSS system.
UserClient Application
Web InterfaceUser
15
Management of social relationsVSS manages basic social relations of userso VSS manages the contact lists and contact groups, decoupling
users’ social relations from ASPso ASPs calls VSS to get social relations of users for content publishing
Stars
Family
Classmates
Colleagues
Stranger Work E-mail
Personal E-mail
Sina Weibo
Facebookk
Contact-1
Contact-2
Contact-n
Contact-3
16
Modeling of social relationsVSS models general types of user social relations on the Interneto 1-way friendship: Weibo, Twitter, address book, contact listo 2-way friendship: QQ, WeChat, Line, WhatsApp, Skype, Facebooko Workgroups / teams: Dropbox shared folder, SkyDrive Groups,
QQ / WeChat group chat
17
Example: ASP-independent information publicationo Alice (in China) shares a photo to her friends Bob and Cathyo VSS China domain stores the photo and sends the notifications to the home
domains of Bob and Cathy respectivelyo Bob & Cathy can see the photo via any applicationo Once the photo is deleted by Alice, all references to this photo is removed from
the entire system
Alice @ China
Bob @ USA
Cathy @ UK
China Domain
USA Domain
UK Domain
18
Implementation of real-time inter-person communicationo Using shared files as communication mediumo The sender writes data to a file and informs the receiver by placing a token in
receiver’s spaceo The receiver checks the token at fixed interval and reads the data from the file
when the data becomes availableo The synchronization frequency depends on the real-time requiremento Demo
Alice BobClient App Client App
File
19
Handling of user roamingThe data accessed by a roaming user shall be transferred from its home domain to the destination domain.
Domain 1 Domain 2
Domain 3 Domain 4 Domain 5
Alice @ Domain 1
Bob @ Domain 3
Bob @ Domain 3
Roaming
20
Handling of user roaming
Why consider user roaming? o A user’s information is stored and managed by his home domain
Requirements of roaming handlingo Remote authentication of users
There shall be a simple and efficient method to authenticate a roaming user so that the access permission can be assigned to the user
o Local & remote execution of commandsSome commands can only be executed locally (or passed back to the home domain for execution if the user is in a remote domain) for security reasons or performance reasons
o Caching and data pre-fetchThe domain shall be able to utilize its local cache to improve users’ roaming experience
21
Uniform security and privacy scheme
Security issueso Storage security: all stored data can be auto-encrypted (if users wish)o Security for cross-domain: interoperation and communications
Secure both the data storage and the communication channels!
Inter-domain channel
Privacy-preserving publish-subscribe in multi-domainsoPrivacy protection of communication parties
- Hide sender’s ID from the receiver’s domain- Hide receiver’s ID from the sender’s domain
oPrivacy protection of subscriber and publishers- Hide subscriber’s details from the foreign domain when subscribing
information from a foreign domain- Hide publisher’s details from subscriber’s domain when the
publisher is in a foreign domain
Subscriber@China Publisher@USAChina Domain USA Domain
23
Secure content publish-subscribe in VSSoContent publish-subscribe: privacy against VSSo ASPs use VSS platform to publish content to users but do not want to
disclose the content to VSSo Asymmetric encryption is not applicable because it requires a trusted third
party to verify the true identities of all the involved partieso No key-exchange can be done through VSSo No need for users (subscribers) to manage too many keys for publishers
Subscriber
Subscriber
Banks
Clubs
Personal health care company
24
Protocol design (1): subscriptionoStep 1: Subscriptiono Subscriber sends subscription request and key material Ysub
o Ysub = gRsub mod p, // g and p are public parameters in Diffie-Hellman codeo Rsub= PRNG(SKsub , IDpub) , // Sksub is the secret key of subscriber, IDpub the ID of
publisher, PRNG a pseudo random number generator.
Subscriber PublisherSub_request
YSUB
25
Protocol design (2): publishingoStep 2. Publishingo For ith publication, publisher generates a new key Ki and key material Ypub
o Ki = YsubRi mod p // Ri is a random number for ith publication
o Ypub = gRi mod po Publisher encrypts data by Ki and sends the ciphertext and Ypub to VSS o VSS cannot recover Ki or decrypt the data, even with the key materials
Ysub and Ypub (it doesn’t know Rsub and Ri)
26
Protocol design (3): content deliveryoStep 3. VSS delivers the ith ciphertext and Ypub to subscriber o Subscriber generates the decryption key on the fly:
1. Restore the same random number as in step 1: Rsub=PRNG(SKsub , IDpub)
2. Generate decryption key Ki’ = Ypub
Rsub mod p
3. Note: Ki’ = Ypub
Rsub mod p = g Ri * Rsub mod p = YsubRi mod p = Ki
o A subscriber only needs to keep its own secret key SKsub for all ASPs and it does NOT need to manage many Rsub of publishers
27
Conclusiono VSS decouples ASPs from users' data and users' social
relations. ASPs have to rely on better quality services to win user groups.
o VSS integrates file services with traditional networking services. It can be used as universal communication platform.
o VSS provides uniform security / privacy scheme, making users’ data and communication more secure.
28
Demo
Alice Bob Cathy
FaceBlog SinaBlog NetDrive
VSS Domain (USA) VSS Domain (China)
Demo settings:o 3 end users
- Alice- Bob- Cathy
o 3 ASPs / APPs- FaceBlog- SinaBlog- NetDrive
o 2 domains - Domain @ USA- Domain @ China
29
Thank You!