Browse Prior Art Database

Dynamic switch over of signing state in distributed file-system clients.

IP.com Disclosure Number: IPCOM000239700D
Publication Date: 2014-Nov-26

Publishing Venue

The IP.com Prior Art Database

Abstract

To verify the authenticity of the other peer, the SMB 2.0 protocol gives us a functionality where we can use the session key obtained during authentication to digitally sign the packet and send it over to the other peer where it can be verified using the same session key. During protocol negotiation, the state of the signing is exchanged between the client and the server. The signing states in SMB 2.0 protocol and above are 'Enabled' and 'Required'. If the signing state is 'Enabled' for both the client and the server, then it is not mandatory for both the server and the client to sign the packet and send to the other peer. But if a request is signed then the other peer must verify that signature of the packet received and also reply to that packet with a signed response which will be verified by the requesting peer. If either the client and the server or both are in the 'Required' state then it is mandatory for both the server and the client to digitally sign their packets and send them.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 14% of the total text.

Page 01 of 12

Dynamic switch over of signing state in distributed file -system clients.

Introduction to SMB and CIFS, CIFS share

Server Message Block (SMB) also known as Common Interface File System (CIFS) is a network file sharing protocol that operates on the application layer of the networking stack. It is used mainly to provide shared access to files, printers etc. SMB was invented by IBM's Dr. Barry Feignbau, and was originally designed with the aim of turning DOS "Interrupt 33" local file access into a networked file system. The initial protocol was built along with Intel, Microsoft and 3COM. The protocol has gone through some extensive modification through the years adding more functionality like support for symbolic links, larger file sizes and also lessened the chattiness. SMB has come a long way since its inception as a file sharing protocol. With the advances in the protocol these days the "file shares" can also be employed to store Virtual machine (VM) configuration data, Virtual Hard Disks and databases making it a competing alternative for sharing resources as well.

A CIFS file share is a name given to an element through which a file or a part of the file system can be accessed from a remote computer. The protocol by which the host and the remote computer communicate with each other is the SMB. This protocol really revolutionized the concept of sharing files by defining file system implementation-independent operations that are communicated over the network that can be performed on a file/file system. Implementers, either on the server or client side have written their own applications and systems that take request/responses from peers and perform implementation specific file system operations on the local system.

Introduction to SMB 2.0 Signing (Also covers the need for signing)

To verify the authenticity of the other peer, the SMB 2.0 protocol gives us a functionality where we can use the session key obtained during authentication to digitally sign the packet and send it over to the other peer where it can be verified using the same session key.

During protocol negotiation, the state of the signing is exchanged between the client and the server. The signing states in SMB 2.0 protocol and above are 'Enabled' and 'Required'.

If the signing state is 'Enabled' for both the client and the server, then it is not mandatory for both the server and the client to sign the packet and send to the other peer. But if a request is signed then the other peer must verify that signature of the packet received and also reply to that packet with a signed response which will be verified by the requesting peer.

If either the client and the server or both are in the 'Required' state then it is mandatory for both the server and the client to digitally sign their packets and send them.

More information about when to sign and not sign a packet are specified in - [MS-SMB2] 3.2.4.1.1 - Signing the Message (

1


Page 02 of 12

http://msdn.microsoft.com/en-in...