Secure content distribution using untrusted servers

Опубликовано 6 сентября 2016, 5:26

A publisher can make content available to many readers through replication on remote, untrusted computers. Yet a reader should have confidence that content is authentic, and publishers should be able to control access to content. This talk presents the design and implementation of the SFS read-only file system (SFSRO) for secure, scalable distribution of public and private content replicated using untrusted servers. SFSRO provides authenticity of single-writer, many-reader content. A publisher creates a digitally-signed database out of the contents of a source file system. Untrusted servers replicate the content, accessed by readers through a file system interface. A reader accepts only verified, authentic content --- eliminating the need to trust the distribution infrastructure. To control access to private content, a publisher encrypts content for confidentiality. This talk introduces lazy revocation and key regression to cope with the cost of distributing keys to readers. These techniques allow a publisher on a low-bandwidth connection to support many readers accessing private content.