authenticated storage using small trusted hardware
play

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, - PowerPoint PPT Presentation

Mar 29, 2024 •544 likes •1.11k views

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013 Cloud Storage Model Cloud Storage Requirements Privacy

  1. Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013

  2. Cloud Storage Model

  3. Cloud Storage Requirements • Privacy – Sol: encryption at the client side • Availability – Sol: appropriate data replication • Integrity – Sol: digital signatures & message authentication codes • Freshness – Hard to guarantee due to replay attacks

  4. Cloud Storage: Replay Attack User A Cloud Server User B

  5. Cloud Storage: Replay Attack User A Cloud Server User B

  6. Cloud Storage: Replay Attack User A Cloud Server User B

  7. Cloud Storage: Replay Attack User A Cloud Server User B

  8. Cloud Storage: Replay Attack User A Cloud Server User B

  9. Cloud Storage: Replay Attack User A Cloud Server User B

  10. Cloud Storage: Replay Attack User A Cloud Server User B

  11. Cloud Storage: Replay Attack User A Cloud Server User B

  12. Cloud Storage: Replay Attack User A Cloud Server User B

  13. Cloud Storage: Replay Attack User A Cloud Server User B

  14. Cloud Storage: Replay Attack Software solution: Two users contact with each other directly User A Cloud Server User B

  15. Solution: Adding Trusted Hardw are

  16. Solution: Adding Trusted Hardw are

  17. Solution: Adding Trusted Hardw are single chip

  18. Solution: Adding Trusted Hardw are single chip Secure NVRAM

  19. Solution: Adding Trusted Hardw are single chip Secure NVRAM Computational Engines

  20. Solution: Adding Trusted Hardw are single chip Secure NVRAM Computational Engines Slow under NVRAM process!

  21. Solution: Adding Trusted Hardw are state chip (S chip) Secure NVRAM Computational Engines processing chip (P chip)

  22. Solution: Adding Trusted Hardw are Smart Card state chip (S chip) Secure NVRAM Computational Engines processing chip (P chip) Fast! FPGA / ASIC

  23. Solution: Adding Trusted Hardw are Smart Card state chip (S chip) Secure NVRAM securely paired Computational Engines processing chip (P chip) Fast! FPGA / ASIC

  24. Outline • Motivation: Cloud Storage and Security Challenges • System Design – Threat Model & System Overview – Security Protocols – Crash Recovery Mechanism • Implementation • Evaluation • Conclusion

  25. Threat Model

  26. Threat Model • Untrusted connections • Disk attacks and hardware failures • Untrusted server that may (1) send wrong response (2) pretend to be a client (3) maliciously crash (4) disrupt P chip’s power • Clients may try to modify other’s data

  27. Threat Model • Untrusted connections • Disk attacks and hardware failures • Untrusted server that may (1) send wrong response (2) pretend to be a client (3) maliciously crash (4) disrupt P chip’s power • Clients may try to modify other’s data

  28. Threat Model • Untrusted connections • Disk attacks and hardware failures • Untrusted server that may (1) send wrong response (2) pretend to be a client (3) maliciously crash (4) disrupt P chip’s power • Clients may try to modify other’s data

  29. Threat Model • Untrusted connections • Disk attacks and hardware failures • Untrusted server that may (1) send wrong response (2) pretend to be a client (3) maliciously crash (4) disrupt P chip’s power • Clients may try to modify other’s data

  30. System Overview • Client <-> S-P chip: HMAC key • S-P chip: integrity/freshness checks, system state storage & updates sign responses • Server: communication, scheduling, disk IO

  31. Security Protocols • Message Authentication • Memory Authentication • Write Access Control • System State Protection against Power Loss

  32. Design: Message Authentication • Untrusted network between client and server – Sol: HMAC Technique • Session-based protocol (HMAC key) PubEK, Ecert ( PubEK, PrivEK ) {HMAC key} PubEK {HMAC key} PubEK decrypt the key Client Server S-P Chip pair HMAC key {HMAC key} PubEK HMAC key (encrypted HMAC key)

  33. Security Protocols • Message Authentication • Memory Authentication • Write Access Control • System State Protection against Power Loss

  34. Design: Memory Authentication • Data protection against untrusted disk • Block-based cloud storage API – Fixed block size (1MB) – Write (block number, block) – Read (block number)  block – Easy to reason about the security Disk B 1 B 2 B 3 B 4

  35. Design: Memory Authentication • Solution: Merkle tree h 1..8 h 1..4 h 5..8 h 12 h 34 h 56 h 78 h 12 =H(h 1 h 2 ) h 1 h 2 h 3 h 4 h 5 h 6 h 7 h 8 h 1 =H(B 1 ) B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 Disk is divided into many blocks

  36. Design: Memory Authentication • Solution: Merkle tree Root Hash h 1..8 (securely stored) h 1..4 h 5..8 h 12 h 34 h 56 h 78 h 12 =H(h 1 h 2 ) h 1 h 2 h 3 h 4 h 5 h 6 h 7 h 8 h 1 =H(B 1 ) B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 Disk is divided into many blocks

  37. Design: Memory Authentication • Solution: Merkle tree Root Hash h 1..8 (securely stored) h 1..4 h 5..8 h 12 h 34 h 56 h 78 h 12 =H(h 1 h 2 ) verify h 1 h 2 h 3 h 4 h 5 h 6 h 7 h 8 h 1 =H(B 1 ) B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 Disk is divided into many blocks

  38. Design: Memory Authentication • Solution: Merkle tree Root Hash h 1..8 (securely stored) h 1..4 h 5..8 h 12 h 34 h 56 h 78 h 12 =H(h 1 h 2 ) verify h 1 h 2 h 3 h 4 h 5 h 6 h 7 h 8 h 1 =H(B 1 ) B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 Disk is divided into many blocks

  39. Merkle Tree Caching • Caching policy is controlled by the server Cache management commands: LOAD, VERIFY, UPDATE P chip Node # Hash Verified Left child Right child 1 fabe3c05d8ba995af93e Y Y N 2 e6fc9bc13d624ace2394 Y Y Y 4 53a81fc2dcc53e4da819 Y N N 5 b2ce548dfa2f91d83ec6 Y N N

  40. Security Protocols • Message Authentication • Memory Authentication • Write Access Control • System State Protection against Power Loss

  41. Design: Write Access Control • Goal: to ensure all writes are authorized and fresh • Coherence model assumption: – Clients should be aware of the latest update • Unique write access key ( Wkey ) – Share between authorized writers and the S-P chip Wkey B 1 B 2 B 3 B 4 S-P Chip pair • Revision number ( V id ) – Increase during each write operation

  42. Design: Write Access Control • Protect Wkey and V id – Add another layer at the bottom of Merkle tree h 78 h 78 h' 8 h 8 h 8 Root Hash h 8 =H(B 8 ) h 8 =H(B 8 ) h 1..8 (securely stored) h 1..4 h 5..8 B 8 H ( Wkey ) V id B 8 h 12 h 34 h 56 h 78 h 1 h 2 h 3 h 4 h 5 h 6 h 7 h 8 B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8

  43. Security Protocols • Message Authentication • Memory Authentication • Write Access Control • System State Protection against Power Loss

  44. Design: System State Protection • Goal: to avoid losing the latest system state – Server may interrupt the P chip’s supply power • Solution: root hash storage protocol Client Server P chip S chip hold request response store state release response

  45. Design: Crash Recovery Mechanism • Goal: to recover the system from crashes – Even if the server crashes, the disk can be recovered to be consistent with the root hash stored on the S chip • Solution:

  46. Implementation • ABS (authenticated block storage) server architecture

  47. Implementation • ABS client model

  48. Performance Evaluation • Experiment configuration – Disk size: 1TB – Block size: 1MB – Server: Intel Core i7-980X 3.33GHz 6-core processor with 12GB of DDR3-1333 RAM – FPGA: Xilinx Virtex-5 XC5VLX110T – Client: Intel Core i7-920X 2.67GHz 4-core processor – FPGA-server connection: Gigabit Ethernet – Client-server connection: Gigabit Ethernet

  49. File System Benchmarks (Mathmatica) • Fast network: – Latency: 0.2ms – Bandwidth: 1Gbit/s pure writes pure reads reads + writes

  50. File System Benchmarks (Mathmatica) • Slow network: – Latency: 30.2ms – Bandwidth: 100Mbit/s pure writes pure reads reads + writes

  51. File System Benchmarks (Modified Andrew Benchmark) • Slow network: – Latency: 30.2ms – Bandwidth: 100Mbit/s

  52. Customized Solutions • Hardware requirements Demand Focused Performance Budget Connection PCIe x16 (P) / USB (S) USB Hash Engine 8 + 1 (Merkle) 0 + 1 (Merkle) Tree Cache large none Response Buffer 2 KB 300 B • Estimated performance Demand Focused Performance Budget Throughput 2.4 GB/s 377 MB/s Randomly Write Latency 12.3 ms + 32 ms 2.7 ms + 32 ms Throughput 2.4 GB/s Randomly Read Latency 0.4 ms # HDDs supported 24 4

  53. Customized Solutions • Hardware requirements Single chip! Demand Focused Performance Budget Connection PCIe x16 (P) / USB (S) USB Hash Engine 8 + 1 (Merkle) 0 + 1 (Merkle) Tree Cache large none Response Buffer 2 KB 300 B • Estimated performance Demand Focused Performance Budget Throughput 2.4 GB/s 377 MB/s Randomly Write Latency 12.3 ms + 32 ms 2.7 ms + 32 ms Throughput 2.4 GB/s Randomly Read Latency 0.4 ms # HDDs supported 24 4

Recommend

Tr I nc: Small Trusted Hardware for Large Distributed Systems Dave Levin University of Maryland

Tr I nc: Small Trusted Hardware for Large Distributed Systems Dave Levin University of Maryland

Tr I nc: Small Trusted Hardware for Large Distributed Systems Dave Levin University of Maryland John R. Douceur Jacob R. Lorch Microsoft Research Thomas Moscibroda Trust in distributed systems Selfish Malicious Participants Participants

1.62k views • 124 slides
Trusted Platform Modules and Hardware-based Security Andreas Nilsson Masters Student at Nada,

Trusted Platform Modules and Hardware-based Security Andreas Nilsson Masters Student at Nada,

Trusted Platform Modules and Hardware-based Security Andreas Nilsson Masters Student at Nada, KTH Pointsec Mobile Technologies TPM Introduction Microcontroller affixed to the motherboard. Cryptographic functions like key storage

834 views • 35 slides
Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1 OReilly 2 Trusted or Trustworthy? An object is trusted if and only if it operates as expected An object is trustworthy if and only if it is

707 views • 45 slides
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklins 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have trusted hardware?

315 views • 27 slides
&amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

&amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

Hardware Security Trusted Execution Environments (TEEs) &amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic hardware-backed security solutions smartcard for users HSM (Hardware Security Module) in

774 views • 63 slides
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian Tramr (joint work with Dan Boneh) Intel, Santa Clara August 30 th 2018 Trusted execution of ML: 3 motivating scenarios 1. Outsourced ML Data

781 views • 21 slides
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware F LORIAN T

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware F LORIAN T

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware F LORIAN T RAMR &amp; D AN B ONEH ICLR, New Orleans May 7 th 2019 2 Securely outsourcing ML inference with hardware isolation - Intel SGX input X -

554 views • 10 slides
mLSM : Making Authenticated Storage Faster in Ethereum Pandian Raju 1 , Soujanya Ponnapalli 1 ,

mLSM : Making Authenticated Storage Faster in Ethereum Pandian Raju 1 , Soujanya Ponnapalli 1 ,

mLSM mLSM : Making Authenticated Storage Faster in Ethereum Pandian Raju 1 , Soujanya Ponnapalli 1 , Evan Kaminsky 1 , Gilad Oved 1 , Zachary Keener 1 Vijay Chidambaram 1,2 , Ittai Abraham 2 1 The University of Texas at Austin; 2 VMware Research 1

1.34k views • 92 slides
for TPM API Aybek Mukhamedov, Andy Gordon and Mark Ryan Trusted Platform Module Trusted

for TPM API Aybek Mukhamedov, Andy Gordon and Mark Ryan Trusted Platform Module Trusted

Towards Verified C specification for TPM API Aybek Mukhamedov, Andy Gordon and Mark Ryan Trusted Platform Module Trusted Computing, an initiative by major IT vendors Functions: integrity measurement, reporting &amp; protected storage

374 views • 16 slides
Protecting Password Databases using Trusted Hardware Klaudia Krawiecka, Andrew Paverd, N.

Protecting Password Databases using Trusted Hardware Klaudia Krawiecka, Andrew Paverd, N.

Protecting Password Databases using Trusted Hardware Klaudia Krawiecka, Andrew Paverd, N. Asokan Aalto University, Finland This work was supported by the Cloud Security Services (CloSer) project funded by Tekes - the Finnish Funding

351 views • 20 slides
Re-think Data Management Software Design Upon the Arrival of Storage Hardware with Built-in

Re-think Data Management Software Design Upon the Arrival of Storage Hardware with Built-in

Re-think Data Management Software Design Upon the Arrival of Storage Hardware with Built-in Transparent Compression 07/2020 1 The Rise of Computational Storage Homogeneous Computing Heterogenous Computing Compute Networking Storage

163 views • 12 slides
Extending the GC hardware Rob Reilink Extending the GC hardware Why? GC can be an embedded

Extending the GC hardware Rob Reilink Extending the GC hardware Why? GC can be an embedded

Extending the GC hardware Rob Reilink Extending the GC hardware Why? GC can be an embedded computer Home automation Cinema set Car Infotainment system ... But: Essential hardware lacks: Data storage (harddisk and/or flash)

221 views • 9 slides
FileSender FileSender http://www.filesender.org/ J Jan Meijer M ij TF St TF-Storage 7 7

FileSender FileSender http://www.filesender.org/ J Jan Meijer M ij TF St TF-Storage 7 7

FileSender FileSender http://www.filesender.org/ J Jan Meijer M ij TF St TF-Storage 7 7 9+10 September 2010 Poznan value proposition value proposition easy sharing arbitrarily large files through a trusted intermediary through a trusted

401 views • 13 slides
Batteries 101: Solar + Storage for the Home or Small Business St Storage has been getting a lot

Batteries 101: Solar + Storage for the Home or Small Business St Storage has been getting a lot

Batteries 101: Solar + Storage for the Home or Small Business St Storage has been getting a lot of press lately wh what do does it it mean for you? Pr Presentation i in t three p parts: 1. Technology 2. Economics 3. Future

941 views • 32 slides
Efficient and Fair MPC using Blockchain and Trusted Hardware Souradyuti Paul Ananya Shrivastava

Efficient and Fair MPC using Blockchain and Trusted Hardware Souradyuti Paul Ananya Shrivastava

Efficient and Fair MPC using Blockchain and Trusted Hardware Souradyuti Paul Ananya Shrivastava (IIT Bhilai) (IIT Gandhinagar) Latincrypt 2019 Santiago, Chile October 3, 2019 Outline Multiparty Computation (MPC) Security

613 views • 22 slides
Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet,

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet,

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck 1st RISE Annual Conference, November 14, 2018 A primer on software security Secure program:

952 views • 79 slides
Authenticated ciphers D. J. Bernstein University of Illinois at Chicago Joint work with: Tanja

Authenticated ciphers D. J. Bernstein University of Illinois at Chicago Joint work with: Tanja

Authenticated ciphers D. J. Bernstein University of Illinois at Chicago Joint work with: Tanja Lange Technische Universiteit Eindhoven Advertisement: SHARCS 2012 (Special-Purpose Hardware for Attacking Cryptographic Systems) is right before

1.03k views • 61 slides
System Notes 02: Hardware Hector Garcia-Molina CS 245 Notes 2 1 Outline Hardware: Disks

System Notes 02: Hardware Hector Garcia-Molina CS 245 Notes 2 1 Outline Hardware: Disks

CS 554: Advanced Database System Notes 02: Hardware Hector Garcia-Molina CS 245 Notes 2 1 Outline Hardware: Disks Access Times (disk) Optimizations (disk access time) Other Topics: Storage costs Using secondary storage

1.24k views • 61 slides
Data Protection and Access-accounting with Trusted Storage Deepak Garg Joint work with: Anjo

Data Protection and Access-accounting with Trusted Storage Deepak Garg Joint work with: Anjo

Data Protection and Access-accounting with Trusted Storage Deepak Garg Joint work with: Anjo Vahldiek, Eslam Elnikety, Aastha Mehta, Peter Druschel ( MPI-SWS ) With contributions from: Ansley Post ( Google ), Rodrigo Rodrigues ( Universidade Nova

284 views • 11 slides
Hardware Enclaves &amp; In Intel SGX CS261 Hardware Enclaves HW abstractions for

Hardware Enclaves &amp; In Intel SGX CS261 Hardware Enclaves HW abstractions for

Hardware Enclaves &amp; In Intel SGX CS261 Hardware Enclaves HW abstractions for distributing trusted execution to untrusted platforms 2 Hardware Enclaves HW abstractions for distributing trusted execution to untrusted platforms

1.06k views • 18 slides
Cloud Computing Yes No Data centre filled Virtual compute, No with identical storage and

Cloud Computing Yes No Data centre filled Virtual compute, No with identical storage and

Cloud Computing Yes No Data centre filled Virtual compute, No with identical storage and network hardware modules Fit and forget; Software defined Because Use commodity Failed hardware hardware; component(s) simply

330 views • 19 slides
RustZone: Writing Trusted Applications in Rust Eric Evenchick Black Hat Asia 2018 About Me

RustZone: Writing Trusted Applications in Rust Eric Evenchick Black Hat Asia 2018 About Me

RustZone: Writing Trusted Applications in Rust Eric Evenchick Black Hat Asia 2018 About Me Principal Research Consultant @ Atredis Partners Founder, Developer of Open Source Hardware Things @ Linklayer Labs Outline Trusted

847 views • 30 slides
Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers Yusuke Naito *

Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers Yusuke Naito *

Workshop on Cryptographic Hardware and Embedded Systems (CHES 2020) Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers Yusuke Naito * and Takeshi Sugawara ** * Mitsubishi Electric Corporation ** The University of

420 views • 22 slides
Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers Avik Chakraborti 1 ,

Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers Avik Chakraborti 1 ,

Introduction Motivation Specification for Beetle Hardware Implementation Results of Beetle Conclusions Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers Avik Chakraborti 1 , Nilanjan Datta 2 , Mridul Nandi 3 and Kan

614 views • 32 slides

More recommend