Publication Date
4-2007
Abstract
Fern is an updatable cryptographically authenticated dictionary developed to propagate identification and authorization information within and among distributed systems. Conventional authenticated dictionaries permit authorization information to be disseminated by untrusted proxies, however these proxies must maintain full duplicates of the dictionary structure. In contrast, Fern incrementally distributes components of its dictionary as required to satisfy client requests and thus is suitable for deployments where clients are likely to require only a small fraction of a dictionary's contents and connectivity may be limited.
When dictionary components must be obtained remotely, the latency of lookup and validation operations is dominated by communication time. This latency can be reduced through the exploitation of locality-sensitive caching of dictionary components. Fern dictionary's components are suitable for caching and distribution via autonomic scalable locality-aware Content Distribution Networks (CDNs) and therefore can provide these properties without requiring the provisioning of a dedicated distribution infrastructure.
Others have proposed the construction of incrementally distributed authenticated dictionaries that utilize either trees that dynamically re-balance or skiplists. The structural changes that result from tree rebalancing can reduce the effectiveness of caching. Skiplists do not require balancing and thus are more amenable to caching. However a client lookup from a skiplist-based dictionary must sequentially transfer two-to-three times as many components as a client of a dictionary based on self-balancing trees. In both cases, these transfers are necessarily serialized, and thus skiplists will incur proportionally increased latency.
Fern's dictionary structure utilizes a novel randomized trie that has the desirable characteristics of both of these approaches. While Fern's algorithm is far simpler than self-balancing trees, a Fern trie will have similarly short (average and expected worst case) path lengths, and thus requires that clients obtain approximately the same number of vertices. Furthermore, like skiplists, Fern's trie does not require rebalancing and thus is similarly amenable to caching.
A prototype implementation of Fern has been constructed that utilizes the CoralCDN scalable, locality-aware, and autonomic content distribution network. We provide an informal analysis of bandwidth requirements for the Fern authenticated dictionary that agrees with experimental results. We are not aware of other implemented systems with similar properties or comparable analysis of such systems' performance and bandwidth requirements.
The potential integration of Fern within the CDN on which it relies could yield symbiotic benefits. The indexing infrastructure for autonomic CDNs such as Coral are vulnerable to disruption by malicious participants. Therefore, a CDN's integrity could be guarded against malicious interference through the dissemination of up-to-date authorization information provided by Fern. In a complementary manner, a CDN so fortified by Fern could potentially provide more reliable content distribution service to Fern and thus also improve Fern's availability and performance.
Original file: UTEP-CS-06-45
Comments
UTEP-CS-06-45a