Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
authenticated storage using small trusted hardware

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, - PowerPoint PPT Presentation

Mar 29, 2024 •544 likes •1.11k views

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013 Cloud Storage Model Cloud Storage Requirements Privacy

  1. Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013

  2. Cloud Storage Model

  3. Cloud Storage Requirements • Privacy – Sol: encryption at the client side • Availability – Sol: appropriate data replication • Integrity – Sol: digital signatures & message authentication codes • Freshness – Hard to guarantee due to replay attacks

  4. Cloud Storage: Replay Attack User A Cloud Server User B

  5. Cloud Storage: Replay Attack User A Cloud Server User B

  6. Cloud Storage: Replay Attack User A Cloud Server User B

  7. Cloud Storage: Replay Attack User A Cloud Server User B

  8. Cloud Storage: Replay Attack User A Cloud Server User B

  9. Cloud Storage: Replay Attack User A Cloud Server User B

  10. Cloud Storage: Replay Attack User A Cloud Server User B

  11. Cloud Storage: Replay Attack User A Cloud Server User B

  12. Cloud Storage: Replay Attack User A Cloud Server User B

  13. Cloud Storage: Replay Attack User A Cloud Server User B

  14. Cloud Storage: Replay Attack Software solution: Two users contact with each other directly User A Cloud Server User B

  15. Solution: Adding Trusted Hardw are

  16. Solution: Adding Trusted Hardw are

  17. Solution: Adding Trusted Hardw are single chip

  18. Solution: Adding Trusted Hardw are single chip Secure NVRAM

  19. Solution: Adding Trusted Hardw are single chip Secure NVRAM Computational Engines

  20. Solution: Adding Trusted Hardw are single chip Secure NVRAM Computational Engines Slow under NVRAM process!

  21. Solution: Adding Trusted Hardw are state chip (S chip) Secure NVRAM Computational Engines processing chip (P chip)

  22. Solution: Adding Trusted Hardw are Smart Card state chip (S chip) Secure NVRAM Computational Engines processing chip (P chip) Fast! FPGA / ASIC

  23. Solution: Adding Trusted Hardw are Smart Card state chip (S chip) Secure NVRAM securely paired Computational Engines processing chip (P chip) Fast! FPGA / ASIC

  24. Outline • Motivation: Cloud Storage and Security Challenges • System Design – Threat Model & System Overview – Security Protocols – Crash Recovery Mechanism • Implementation • Evaluation • Conclusion

  25. Threat Model

  26. Threat Model • Untrusted connections • Disk attacks and hardware failures • Untrusted server that may (1) send wrong response (2) pretend to be a client (3) maliciously crash (4) disrupt P chip’s power • Clients may try to modify other’s data

  27. Threat Model • Untrusted connections • Disk attacks and hardware failures • Untrusted server that may (1) send wrong response (2) pretend to be a client (3) maliciously crash (4) disrupt P chip’s power • Clients may try to modify other’s data

  28. Threat Model • Untrusted connections • Disk attacks and hardware failures • Untrusted server that may (1) send wrong response (2) pretend to be a client (3) maliciously crash (4) disrupt P chip’s power • Clients may try to modify other’s data

  29. Threat Model • Untrusted connections • Disk attacks and hardware failures • Untrusted server that may (1) send wrong response (2) pretend to be a client (3) maliciously crash (4) disrupt P chip’s power • Clients may try to modify other’s data

  30. System Overview • Client <-> S-P chip: HMAC key • S-P chip: integrity/freshness checks, system state storage & updates sign responses • Server: communication, scheduling, disk IO

  31. Security Protocols • Message Authentication • Memory Authentication • Write Access Control • System State Protection against Power Loss

  32. Design: Message Authentication • Untrusted network between client and server – Sol: HMAC Technique • Session-based protocol (HMAC key) PubEK, Ecert ( PubEK, PrivEK ) {HMAC key} PubEK {HMAC key} PubEK decrypt the key Client Server S-P Chip pair HMAC key {HMAC key} PubEK HMAC key (encrypted HMAC key)

  33. Security Protocols • Message Authentication • Memory Authentication • Write Access Control • System State Protection against Power Loss

  34. Design: Memory Authentication • Data protection against untrusted disk • Block-based cloud storage API – Fixed block size (1MB) – Write (block number, block) – Read (block number)  block – Easy to reason about the security Disk B 1 B 2 B 3 B 4

  35. Design: Memory Authentication • Solution: Merkle tree h 1..8 h 1..4 h 5..8 h 12 h 34 h 56 h 78 h 12 =H(h 1 h 2 ) h 1 h 2 h 3 h 4 h 5 h 6 h 7 h 8 h 1 =H(B 1 ) B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 Disk is divided into many blocks

  36. Design: Memory Authentication • Solution: Merkle tree Root Hash h 1..8 (securely stored) h 1..4 h 5..8 h 12 h 34 h 56 h 78 h 12 =H(h 1 h 2 ) h 1 h 2 h 3 h 4 h 5 h 6 h 7 h 8 h 1 =H(B 1 ) B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 Disk is divided into many blocks

  37. Design: Memory Authentication • Solution: Merkle tree Root Hash h 1..8 (securely stored) h 1..4 h 5..8 h 12 h 34 h 56 h 78 h 12 =H(h 1 h 2 ) verify h 1 h 2 h 3 h 4 h 5 h 6 h 7 h 8 h 1 =H(B 1 ) B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 Disk is divided into many blocks

  38. Design: Memory Authentication • Solution: Merkle tree Root Hash h 1..8 (securely stored) h 1..4 h 5..8 h 12 h 34 h 56 h 78 h 12 =H(h 1 h 2 ) verify h 1 h 2 h 3 h 4 h 5 h 6 h 7 h 8 h 1 =H(B 1 ) B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 Disk is divided into many blocks

  39. Merkle Tree Caching • Caching policy is controlled by the server Cache management commands: LOAD, VERIFY, UPDATE P chip Node # Hash Verified Left child Right child 1 fabe3c05d8ba995af93e Y Y N 2 e6fc9bc13d624ace2394 Y Y Y 4 53a81fc2dcc53e4da819 Y N N 5 b2ce548dfa2f91d83ec6 Y N N

  40. Security Protocols • Message Authentication • Memory Authentication • Write Access Control • System State Protection against Power Loss

  41. Design: Write Access Control • Goal: to ensure all writes are authorized and fresh • Coherence model assumption: – Clients should be aware of the latest update • Unique write access key ( Wkey ) – Share between authorized writers and the S-P chip Wkey B 1 B 2 B 3 B 4 S-P Chip pair • Revision number ( V id ) – Increase during each write operation

  42. Design: Write Access Control • Protect Wkey and V id – Add another layer at the bottom of Merkle tree h 78 h 78 h' 8 h 8 h 8 Root Hash h 8 =H(B 8 ) h 8 =H(B 8 ) h 1..8 (securely stored) h 1..4 h 5..8 B 8 H ( Wkey ) V id B 8 h 12 h 34 h 56 h 78 h 1 h 2 h 3 h 4 h 5 h 6 h 7 h 8 B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8

  43. Security Protocols • Message Authentication • Memory Authentication • Write Access Control • System State Protection against Power Loss

  44. Design: System State Protection • Goal: to avoid losing the latest system state – Server may interrupt the P chip’s supply power • Solution: root hash storage protocol Client Server P chip S chip hold request response store state release response

  45. Design: Crash Recovery Mechanism • Goal: to recover the system from crashes – Even if the server crashes, the disk can be recovered to be consistent with the root hash stored on the S chip • Solution:

  46. Implementation • ABS (authenticated block storage) server architecture

  47. Implementation • ABS client model

  48. Performance Evaluation • Experiment configuration – Disk size: 1TB – Block size: 1MB – Server: Intel Core i7-980X 3.33GHz 6-core processor with 12GB of DDR3-1333 RAM – FPGA: Xilinx Virtex-5 XC5VLX110T – Client: Intel Core i7-920X 2.67GHz 4-core processor – FPGA-server connection: Gigabit Ethernet – Client-server connection: Gigabit Ethernet

  49. File System Benchmarks (Mathmatica) • Fast network: – Latency: 0.2ms – Bandwidth: 1Gbit/s pure writes pure reads reads + writes

  50. File System Benchmarks (Mathmatica) • Slow network: – Latency: 30.2ms – Bandwidth: 100Mbit/s pure writes pure reads reads + writes

  51. File System Benchmarks (Modified Andrew Benchmark) • Slow network: – Latency: 30.2ms – Bandwidth: 100Mbit/s

  52. Customized Solutions • Hardware requirements Demand Focused Performance Budget Connection PCIe x16 (P) / USB (S) USB Hash Engine 8 + 1 (Merkle) 0 + 1 (Merkle) Tree Cache large none Response Buffer 2 KB 300 B • Estimated performance Demand Focused Performance Budget Throughput 2.4 GB/s 377 MB/s Randomly Write Latency 12.3 ms + 32 ms 2.7 ms + 32 ms Throughput 2.4 GB/s Randomly Read Latency 0.4 ms # HDDs supported 24 4

  53. Customized Solutions • Hardware requirements Single chip! Demand Focused Performance Budget Connection PCIe x16 (P) / USB (S) USB Hash Engine 8 + 1 (Merkle) 0 + 1 (Merkle) Tree Cache large none Response Buffer 2 KB 300 B • Estimated performance Demand Focused Performance Budget Throughput 2.4 GB/s 377 MB/s Randomly Write Latency 12.3 ms + 32 ms 2.7 ms + 32 ms Throughput 2.4 GB/s Randomly Read Latency 0.4 ms # HDDs supported 24 4

Recommend

Hardware Observability Framework Hardware Observability Framework Hardware Observability

Hardware Observability Framework Hardware Observability Framework Hardware Observability

Hardware Observability Framework Hardware Observability Framework Hardware Observability Framework Hardware Observability Framework Hardware Observability Framework Hardware Observability Framework Hardware Observability Framework Hardware

746 views • 22 slides
Four Layers to Build a Four Layers to Build a Trusted Architecture Trusted Architecture Danny

Four Layers to Build a Four Layers to Build a Trusted Architecture Trusted Architecture Danny

Trusted Architecture for Trusted Architecture for Securely Shared Services Securely Shared Services Four Layers to Build a Four Layers to Build a Trusted Architecture Trusted Architecture Danny De Cock K.U.Leuven ESAT/COSIC

369 views • 17 slides
Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ; www.isg.rhul.ac.uk/~kp Motivation for Authenticated Encryption Authenticated Encryption (AE) m 1 m 2 Security goals: Confidentiality and integrity of messages

656 views • 60 slides
Authenticated Encryption Requirements David McGrew mcgrew@cisco.com Directions in Authenticated

Authenticated Encryption Requirements David McGrew mcgrew@cisco.com Directions in Authenticated

Desiderata Current AEAD use Evolution Conclusions Authenticated Encryption Requirements David McGrew mcgrew@cisco.com Directions in Authenticated Ciphers, 2012 Desiderata Current AEAD use Evolution Conclusions Many desirable attributes

284 views • 26 slides
Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

PAKE Game-based Security Universal Composability LAKE Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1 David Pointcheval Ecole Normale Sup erieure Game-based Security 2 Universal

932 views • 10 slides
Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul

Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul

ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul Nandi Indian

370 views • 20 slides
Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1 OReilly 2 Trusted or Trustworthy? An object is trusted if and only if it operates as expected An object is trustworthy if and only if it is

711 views • 45 slides
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklins 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have trusted hardware?

316 views • 27 slides
Hardware Enclaves &amp; In Intel SGX CS261 Hardware Enclaves HW abstractions for

Hardware Enclaves &amp; In Intel SGX CS261 Hardware Enclaves HW abstractions for

Hardware Enclaves &amp; In Intel SGX CS261 Hardware Enclaves HW abstractions for distributing trusted execution to untrusted platforms 2 Hardware Enclaves HW abstractions for distributing trusted execution to untrusted platforms

1.07k views • 18 slides
&gt; SUN STORAGE 7000 UNIFIED STORAGE SYSTEMS ITS TIME TO CHANGE YOUR STORAGE

&gt; SUN STORAGE 7000 UNIFIED STORAGE SYSTEMS ITS TIME TO CHANGE YOUR STORAGE

&gt; SUN STORAGE 7000 UNIFIED STORAGE SYSTEMS ITS TIME TO CHANGE YOUR STORAGE Presenters Name Presenters Title Presenters Company 1 1 Sun Storage 7000 Unified Storage Systems Agenda The Sun Storage 7000 Unified

517 views • 48 slides
VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

The Business of Making Strategies for Success from Startup to Exit Hardware and Robotic Startup Accelerator what hardware used to be . VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to Entry Open

607 views • 32 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical &amp; Computer Engineering SPACE | Dec 2016 1

610 views • 29 slides
Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &amp;

Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &amp;

Chinas Dietary Supplement Industry Market Insights Natural Products Expo West March 11, 2017 Your Trusted China Partner Market Overview Your Trusted Partner in China Source: McKinsey &amp; Company Your Trusted Partner in China Consumer

413 views • 29 slides
Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal

Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal

Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal Holloway, University of London c.mitchell@rhul.ac.uk http://www.isg.rhul.ac.uk/~cjm Contents What is trusted computing? The TCG TCG

1.43k views • 114 slides
TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanovi Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley TRUSTED MEMORY? Securing data/code

706 views • 48 slides
&amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

&amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

Hardware Security Trusted Execution Environments (TEEs) &amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic hardware-backed security solutions smartcard for users HSM (Hardware Security Module) in

777 views • 63 slides
Probe Card System for DHP Chip Testing VXD Workshop, Wetzlar, February 4-6, 2013 H. Krger, Bonn

Probe Card System for DHP Chip Testing VXD Workshop, Wetzlar, February 4-6, 2013 H. Krger, Bonn

Probe Card System for DHP Chip Testing VXD Workshop, Wetzlar, February 4-6, 2013 H. Krger, Bonn University Motivation To/from DCD PXD modules are sensitive to single- (86 CMOS/HSTL) point-of-failure of the DHP 18x CMOS 64x HSTL 4x

311 views • 12 slides
4-chip module on pixel stave(let) Joseph Finley 1 November 2013 Pixel Stave at LBL First

4-chip module on pixel stave(let) Joseph Finley 1 November 2013 Pixel Stave at LBL First

4-chip module on pixel stave(let) Joseph Finley 1 November 2013 Pixel Stave at LBL First Stavelet 5 tabs on one side and 4 on the other side. Serial Power Stavelet Fabrication Stavelet cables Aluminum power lines

567 views • 15 slides
Frames for sortal, relational, and functional concepts Wiebke Petersen

Frames for sortal, relational, and functional concepts Wiebke Petersen

Classification of concepts Frames Attributes and type signatures Frames for sortal, relational, and functional concepts Wiebke Petersen Heinrich-Heine-Universit at D usseldorf Research group on Functional Concepts and Frames

802 views • 61 slides
Tutorial: Online Shopping Roman Kontchakov Birkbeck, University of London Based on Chapter 10 of

Tutorial: Online Shopping Roman Kontchakov Birkbeck, University of London Based on Chapter 10 of

Information Systems Concepts Tutorial: Online Shopping Roman Kontchakov Birkbeck, University of London Based on Chapter 10 of Maciaszek, L.A.: Requirements Analysis and System Design (3rd edition) Addison Wesley, 2007 Outline (1) Use Case

806 views • 15 slides
Circular Encryption Dan Boneh Shai Halevi Mike Hamburg Rafi Ostrovsoky Circular

Circular Encryption Dan Boneh Shai Halevi Mike Hamburg Rafi Ostrovsoky Circular

Circular Encryption Dan Boneh Shai Halevi Mike Hamburg Rafi Ostrovsoky Circular encryption (E, D) a symmetric cipher. k 1 , k 2 two keys. Which of the following is safe to publish? c E k 1 (k

577 views • 13 slides
1 Transaction management Example of a transaction Transaction management aims at handling

1 Transaction management Example of a transaction Transaction management aims at handling

DATABASE DESIGN I - 1DL300 Introduction to Transactions &amp; Concurrency Control Fall 2011 Elmasri/Navathe ch 20 and 21 Padron-McCarthy/Risch ch 23 and 24 An introductory course on database systems

624 views • 9 slides
CS 744: Big Data Systems Shivaram Venkataraman Fall 2018 Administrivia Course Project

CS 744: Big Data Systems Shivaram Venkataraman Fall 2018 Administrivia Course Project

CS 744: Big Data Systems Shivaram Venkataraman Fall 2018 Administrivia Course Project round 3 meetings signup! Final class on Dec 6 th No class on Dec 11 th Poster session Dec 13 th More details very soon! RDMA: REMOTE

364 views • 17 slides
Lecture 7: Bu ff er Management 1 / 46 Bu ff er Management Administrivia To accommodate

Lecture 7: Bu ff er Management 1 / 46 Bu ff er Management Administrivia To accommodate

Bu ff er Management Lecture 7: Bu ff er Management 1 / 46 Bu ff er Management Administrivia To accommodate students who faced challenges with setting up the virtual machine and / or getting familiar with C ++ , we are bumping up the number of

977 views • 46 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.