Preserving Integrity in Remote File Location and Retrieval
Author
Trent Jaeger,Aviel D. Rubin
Abstract
We present a service for locating and retrieving files from an untrusted network such that
the integrity of the retrieved files can be verified. This service enables groups of
people in geographically remote locations to share files using an untrusted network.
For example, distribution of an organization's software to all the organization's sites
can be accomplished using the service. Distribution of files in an untrusted network
is complicated by two issues: (1) location of files and (2) verification of file integrity.
Ftp and World-Wide-Web (WWW) services require some user intervention to locat a file, so
they cannot be embedded in automated systems. Distributed systems have mechanisms for
automated file location and retrieval, but they require trust in all system principals
and do not provide an appropriate balance between availability of files and retrieval
cost for our applications. Verification of the integrity of a file retrieved from an
untrusted network is necessary because the file is subject to malicious modification
attacks. Our service provides the capability to automatically locate, retrieve, and verify
files specified by a client using a single trusted principal. We demonstrate our service
by building a system when needed.
Publication Date
2001-01-01
Keywords
Digital signatures, cryptographic digests, remote procedure calls, wide-area network file,location, trusted authorities, C-shells