Pesto flavoured security

Abstract

Pesto aims at providing highly available and secure storage for longlived data to mobile users roaming into untrusted environments. Security in Pesto encompasses the following three aspects: availability, safety, and privacy. A mechanism supporting one aspect may adversely affect another. For example, replication may increase availability but complicates supporting confidentiality, and simply encrypting data for confidentiality may defeat the whole purpose of replication. We show that an integral approach to these aspects leads to considerable savings in overall system complexity, and thus to a more secure system. In Pesto, users may specify different levels of trust in different parts of the infrastructure. In particular, a user may trust a node to merely store (encrypted) data, and/or to distribute replicas to other nodes on his behalf, and/or he may trust a node to enforce access control on his behalf to his (plaintext) content. This report gives an overview of the main security mechanisms that makes this separation of concerns possible. We present its novel encryption framework and its trust management and discuss how it can be used to build distributed infrastructures with advanced security and safety properties.