NASD Security Protocol

    [ NASD Home | Work at CMU | Related Work | Technology Transfer ]
    [ DARPA Highlights | Recent Talks | Publications | NASD Code Downloads ]

    Distributed file systems are increasingly central to computational effectiveness and organizational data security. The NASD project is improving performance by removing the file server data path between drive and client used by common operations. By moving the storage out from the protection of the file server, the storage is now exposed to a variety of hostile network attacks such as message:

    • replay
    • delay
    • modification
    • observation

    We propose a basic security infrastructure for use with NASD protect against the network threats. Our goal is for NASD to meet the different privacy or integrity of the filesystems. The security mechansims is designed to be lightweight and suitable for high performance hardware implementations of security processing. The NASD security system is based on a 5 level key hiearchy. All requests are protected by cryptographic capabilities.

    We have implemented a prototype of the security within our NASD/AFS and NASD/NFS prototype. The implementation uses a software implementation of MD5 for our digests which reduces our performance by 12% for protection of the arguments only.

    Message Flow


    The left side of the diagram contains infrequent operations used to manage the key hiearchy while the right side describes more frequent object operations.


    PDL Home NASD Home

    © 2008.
    Last updated 11 November, 2004