Secure content distribution using untrusted servers

Dr. Fu is from MIT
A publisher can make content available to many readers through replication on remote, untrusted computers. Yet a reader should have confidence that content is authentic, and publishers should be able to control access to content. This talk presents the design and implementation of the SFS read-only file system (SFSRO) for secure, scalable distribution of public and private content replicated using untrusted servers.

SFSRO provides authenticity of single-writer, many-reader content. A publisher creates a digitally-signed database out of the contents of a source file system. Untrusted servers replicate the content, accessed by readers through a file system interface. A reader accepts only verified, authentic content — eliminating the need to trust the distribution infrastructure.

To control access to private content, a publisher encrypts content for confidentiality. This talk introduces lazy revocation and key regression to cope with the cost of distributing keys to readers. These techniques allow a publisher on a low-bandwidth connection to support many readers accessing private content.

Kevin Fu is a doctoral student in MIT's department of EECS, a member
of the MIT Computer Science and Artificial Intelligence Lab (CSAIL),
and a visiting scholar at the Johns Hopkins University Information
Security Institute in Baltimore, MD. His research interests include
computer system security, secure storage, RFID security, and Web
authentication. Kevin holds an SB in Computer Science & Engineering
and an MEng in Electrical Engineering & Computer Science from MIT.