Skip to main content
placeholder image

Authenticated key exchange protocols for parallel network file systems

Journal Article


Abstract


  • We study the problem of key establishment for secure many-to-many communications. The problem is inspired by the proliferation of large-scale distributed file systems supporting parallel access to multiple storage devices. Our work focuses on the current Internet standard for such file systems, i.e., parallel Network File System (pNFS), which makes use of Kerberos to establish parallel session keys between clients and storage devices. Our review of the existing Kerberos-based protocol shows that it has a number of limitations: (i) a metadata server facilitating key exchange between the clients and the storage devices has heavy workload that restricts the scalability of the protocol; (ii) the protocol does not provide forward secrecy; (iii) the metadata server generates itself all the session keys that are used between the clients and storage devices, and this inherently leads to key escrow. In this paper, we propose a variety of authenticated key exchange protocols that are designed to address the above issues. We show that our protocols are capable of reducing up to approximately 54 percent of the workload of the metadata server and concurrently supporting forward secrecy and escrow-freeness. All this requires only a small fraction of increased computation overhead at the client.

Authors


Publication Date


  • 2016

Citation


  • Lim, H. Wei. & Yang, G. (2016). Authenticated key exchange protocols for parallel network file systems. IEEE Transactions on Parallel and Distributed Systems, 27 (1), 92-105.

Scopus Eid


  • 2-s2.0-84961724158

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/5647

Has Global Citation Frequency


Number Of Pages


  • 13

Start Page


  • 92

End Page


  • 105

Volume


  • 27

Issue


  • 1

Place Of Publication


  • United States

Abstract


  • We study the problem of key establishment for secure many-to-many communications. The problem is inspired by the proliferation of large-scale distributed file systems supporting parallel access to multiple storage devices. Our work focuses on the current Internet standard for such file systems, i.e., parallel Network File System (pNFS), which makes use of Kerberos to establish parallel session keys between clients and storage devices. Our review of the existing Kerberos-based protocol shows that it has a number of limitations: (i) a metadata server facilitating key exchange between the clients and the storage devices has heavy workload that restricts the scalability of the protocol; (ii) the protocol does not provide forward secrecy; (iii) the metadata server generates itself all the session keys that are used between the clients and storage devices, and this inherently leads to key escrow. In this paper, we propose a variety of authenticated key exchange protocols that are designed to address the above issues. We show that our protocols are capable of reducing up to approximately 54 percent of the workload of the metadata server and concurrently supporting forward secrecy and escrow-freeness. All this requires only a small fraction of increased computation overhead at the client.

Authors


Publication Date


  • 2016

Citation


  • Lim, H. Wei. & Yang, G. (2016). Authenticated key exchange protocols for parallel network file systems. IEEE Transactions on Parallel and Distributed Systems, 27 (1), 92-105.

Scopus Eid


  • 2-s2.0-84961724158

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/5647

Has Global Citation Frequency


Number Of Pages


  • 13

Start Page


  • 92

End Page


  • 105

Volume


  • 27

Issue


  • 1

Place Of Publication


  • United States