pVault Sharing Architecture - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

pVault Sharing Architecture

Description:

E (PE) K. E (K) P. A. User A. Writing a pVault Entry. Execute ... PE. Data Integrity. Since the Data is Stored at an Untrusted. site, the service provider can ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0
Slides: 25
Provided by: rjam7
Learn more at: http://www.ics.uci.edu
Category:

less

Transcript and Presenter's Notes

Title: pVault Sharing Architecture


1
pVault Sharing Architecture
  • Ravi Chandra Jammalamadaka

2
pVault Secure Personal Data Manager
  • Users use the same passwords across different
    sites including secure and insecure sites which
    cannot be trusted .
  • As a result same password attacks become
    common.
  • Only solution is to remember a strong password
    for every website that requires password
    authentication.
  • How many strong passwords can we remember ??

3
pVault features
  • Stores passwords securely in a remote location.
  • Generates strong passwords during registration.
  • Provides mobile access of passwords.
  • Autofills the required password on the website
    visited.
  • Prevents Pharming and Phishing attacks

4
Download pVault
  • pVault websites
  • http//www.itr-rescue.org/pVault
  • http//www.responsphere.org/pVault

5
pVault Entry
  • Based on XML
  • All pvault entries are XML documents which follow
    a particular schema.
  • Stores personal data (secrets) that belongs to
    more than one URL.

6
pVault Entry schema
id
Keywords
7
Design Criteria
  • Store pvault entries in a relational database at
    the server (i.e. No changes at the server).
  • Minimal Client side software and data storage.
  • Allow both group sharing and sharing with
    individuals.
  • PKI based

8
Security Consideration
  • Data confidentiality Protecting data from
    being accessed from unauthorized users.
  • Data Integrity Prevent tampering of the data
    at the server side.

9
Privacy Policy
Rule Syntax
ltobjectgt lt subjectgt ltAccess Modesgt
Group id/User Id
Leaf node in the pvault entry
Read/Write
Example \\pvault_entry Ravi read
10
XML subtree encryption
Encrypted_Node
id
Name
Individual_Secret
11
Structure Preserving encryption
pVault_Entry


Secret
url

E(Id)
Metadata
E(Name)
E(Actualdata)
Individual_Secret

E(keywords)
E(Metadata)
E(Actualdata)
12
Issues
  • There is no requirement to hide the structure
    of the pvault entry from the server. ( public
    knowledge)
  • Just Encrypt the content of the leaf nodes,
    structure preserving.
  • Allows queries to be run at the server side.

13
Creating a Pvault Entry
E (PE)
K
E ( K )
P
A
E ( K )
P
E ( PE)
A
K
Server
PE
K
User A
14
Reading a Pvault Entry
E (PE)
K
E (PE)
K
E (K)
P
A
E (K)
P
A
User A
15
Writing a pVault Entry
  • Execute the read protocol
  • Update the PE
  • Replace the previous PE.

16

Sharing Protocol
E (PE)
K
E ( PE)
E (PE)
K
K
A
B
E ( K)
E ( K)
E ( K)
P
E ( K)
P
P
B
P
A
A
B
Server
E ( K)
P
B
PE
K
K
PE
User A
User B
17
Data Integrity
  • Since the Data is Stored at an Untrusted
  • site, the service provider can
  • 1. Modify data objects
  • 2. Delete data objects
  • 3. Not send the correct query
  • results
  • How do we prevent the Service Provider from
    doing above ??

18
XML Integrity
19
Another Method
pVault_Entry
urlcount


secretcount
Secret
Secret_count
url
id

Metadata
Name
Actualdata
Individual_Secret

metadatacount

Keywords
Metadata
Actualdata
20
Drawbacks
  • How is access to a pvault entry revoked ?
  • Re-encrypt the pvault and update the key
    entries for other users.
  • Similar deal when a user leaves a group.
  • Re-encryption Inevitable.
  • Burden for the client.

21
Using Server as a Certificate Authority
  • Since the server is untrusted, the server can
    lie about the public key.
  • When Alice wants to share a file with Bob, Alice
    requests the public key from the server.
  • The server can generate a new public key/private
    key pair and return the public key as Bobs
    public key.
  • The sever now has access to all the files that
    Alice shares with Bob.

22
Secure Coprocessor
  • SC is a general purpose computer that can be
    trusted faithfully to perform a computation.
  • SC are resistant against forseeable physical and
    logical attacks, except DOS attacks.
  • Trusted Third Party
  • IBM 4758 SC is equipped with 99Mhz and 2 MB
    onboard memory.

23
Secure Coprocessor Duties
  • Provide access to private keys of pvault users.
  • During revocation, re-encrypt pvault entries.

24
Lost Update Problem
  • Client/User requests an update on pvault entry
    o to change its content from c to c .
  • The server ignores the update.
  • The next time the pvault entry o is queried the
    server return c as the pvault entrys content.
  • How can the client be sure about the freshness
    of the pvault entrys content??
  • - Maintain Version numbers.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "pVault Sharing Architecture" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!