mSSL: Extending SSL to Support Data Sharing Among Collaborative Clients

Jun Li
Department of Computer and Information Science, University of Oregon
USA

Xun Kang
Department of Computer and Information Science, University of Oregon
USA

Client-server applications often do not scale well when a large number of clients access a single server. To solve this, a new trend of data-sharing applications is to allow a client to download data from other peer clients, in addition to from the server directly. This paradigm, which we call the hybrid peer-to-peer paradigm, is friendly to the server's scalability, but also faces new security challenges.
For example, how can the server ensure the access control and data confidentiality? How can a client trust the data downloaded from other clients? What if a client denies the service it received from others or overstates the service it offered to others?

In this paper, we present a protocol, called mSSL, that systematically addresses the security issues in this hybrid paradigm. In particular, in order to support applications on top of mSSL, mSSL provides a set of security functions to enable secure sharing of the data of a server among its clients. In addition to access control and confidentiality support, mSSL provides an original design on supporting data integrity and proof of service in this new context. Our evaluation further shows that mSSL has a reasonable overhead.

Keywords: SSL, Data Integrity, Proof of Service, Hybrid Peer-to-Peer, Merkle Hash Tree

Read Paper Read Paper (in PDF)