TY - GEN
T1 - Round-trip privacy with NFSv4
AU - Traeger, Avishay
AU - Thangavelu, Kumar
AU - Zadok, Erez
PY - 2007
Y1 - 2007
N2 - With the advent of NFS version 4, NFS security is more important than ever. This is because a main goal of the NFSv4 protocol is suitability for use on the Internet, whereas previous versions were used mainly on private networks. To address these security concerns, the NFSv4 protocol utilizes the RPCSEC GSS protocol and allows clients and servers to negotiate security at mount-time. However, this provides privacy only while data is traveling over the wire. We believe that file servers accessible over the Internet should contain only encrypted data. We present a round-trip privacy scheme for NFSv4, where clients encrypt file data for write requests, and decrypt the data for read requests. The data stored by the server on behalf of the clients is encrypted. This helps ensure privacy if the server or storage is stolen or compromised. As the NFSv4 protocol was designed with extensibility, it is the ideal place to add roundtrip privacy. In addition to providing a higher level of security than only over-the-wire encryption, our technique is more efficient, as the server is relieved from performing encryption and decryption. We developed a prototype of our round-trip privacy scheme. In our performance evaluation, we saw throughput increases of up to 24%, as well as good scalability.
AB - With the advent of NFS version 4, NFS security is more important than ever. This is because a main goal of the NFSv4 protocol is suitability for use on the Internet, whereas previous versions were used mainly on private networks. To address these security concerns, the NFSv4 protocol utilizes the RPCSEC GSS protocol and allows clients and servers to negotiate security at mount-time. However, this provides privacy only while data is traveling over the wire. We believe that file servers accessible over the Internet should contain only encrypted data. We present a round-trip privacy scheme for NFSv4, where clients encrypt file data for write requests, and decrypt the data for read requests. The data stored by the server on behalf of the clients is encrypted. This helps ensure privacy if the server or storage is stolen or compromised. As the NFSv4 protocol was designed with extensibility, it is the ideal place to add roundtrip privacy. In addition to providing a higher level of security than only over-the-wire encryption, our technique is more efficient, as the server is relieved from performing encryption and decryption. We developed a prototype of our round-trip privacy scheme. In our performance evaluation, we saw throughput increases of up to 24%, as well as good scalability.
KW - Encryption
KW - NFSv4
KW - Round-trip
UR - https://www.scopus.com/pages/publications/59249093976
U2 - 10.1145/1314313.1314315
DO - 10.1145/1314313.1314315
M3 - Conference contribution
SN - 9781595938916
T3 - StorageSS'07 - Proceedings of the 2007 ACM Workshop on Storage Security and Survivability
SP - 1
EP - 6
BT - StorageSS'07 - Proceedings of the 2007 ACM Workshop on Storage Security and Survivability
T2 - 2007 ACM Workshop on Storage Security and Survivability, StorageSS'07
Y2 - 29 October 2007 through 29 October 2007
ER -