Paper Info
Title
Round-trip privacy with nfsv4
Abstract
With the advent of NFS version 4, NFS security is more important than ever. This is because a main goal of the NFSv4 protocol is suitability for use on the Internet, whereas previous versions were used mainly on private networks. To address these security concerns, the NFSv4 protocol utilizes the RPCSEC GSS protocol and allows clients and servers to negotiate security at mount-time. However, this provides privacy only while data is traveling over the wire. We believe that file servers accessible over the Internet should contain only encrypted data. We present a round-trip privacy scheme for NFSv4, where clients encrypt file data for write requests, and decrypt the data for read requests. The data stored by the server on behalf of the clients is encrypted. This helps ensure privacy if the server or storage is stolen or compromised. As the NFSv4 protocol was designed with extensibility, it is the ideal place to add roundtrip privacy. In addition to providing a higher level of security than only over-the-wire encryption, our technique is more efficient, as the server is relieved from performing encryption and decryption. We developed a prototype of our round-trip privacy scheme. In our performance evaluation, we saw throughput increases of up to 24%, as well as good scalability.
Year
DOI
Venue
2007
10.1145/1314313.1314315
StorageSS
Keywords
Field
DocType
security concern,nfs security,round-trip privacy scheme,nfsv4 protocol,nfs version,rpcsec gss protocol,over-the-wire encryption,file server,roundtrip privacy,encrypted data,encryption,nfsv4
Client-side encryption,File server,Computer security,Computer science,Server,Encryption,Privacy software,The Internet,Private network,Scalability
Conference
Citations 
PageRank 
References 
2
0.49
15
Authors
3
Name
Order
Citations
PageRank
Avishay Traeger128116.07
Kumar Thangavelu220.49
Erez Zadok31461105.28