Authenticated storage using small trusted hardware
A major security concern with outsourcing data storage to third-party providers is authenticating the integrity and freshness of data. State-of-the-art software-based approaches require clients to maintain state and cannot immediately detect forking attacks, while approaches that introduce limited t...
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | en_US |
| Published: |
Association for Computing Machinery (ACM)
2014
|
| Online Access: | http://hdl.handle.net/1721.1/86161 https://orcid.org/0000-0001-8253-7714 https://orcid.org/0000-0002-0990-7763 https://orcid.org/0000-0003-0238-2703 https://orcid.org/0000-0002-7770-1273 |
| _version_ | 1811084855043162112 |
|---|---|
| author | Yang, Hsin-Jung Zeldovich, Nickolai Devadas, Srinivas Costan, Victor Marius |
| author2 | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory |
| author_facet | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Yang, Hsin-Jung Zeldovich, Nickolai Devadas, Srinivas Costan, Victor Marius |
| author_sort | Yang, Hsin-Jung |
| collection | MIT |
| description | A major security concern with outsourcing data storage to third-party providers is authenticating the integrity and freshness of data. State-of-the-art software-based approaches require clients to maintain state and cannot immediately detect forking attacks, while approaches that introduce limited trusted hardware (e.g., a monotonic counter) at the storage server achieve low throughput. This paper proposes a new design for authenticating data storage using a small piece of high-performance trusted hardware attached to an untrusted server. The proposed design achieves significantly higher throughput than previous designs. The server-side trusted hardware allows clients to authenticate data integrity and freshness without keeping any mutable client-side state. Our design achieves high performance by parallelizing server-side authentication operations and permitting the untrusted server to maintain caches and schedule disk writes, while enforcing precise crash recovery and write access control. |
| first_indexed | 2024-09-23T12:58:39Z |
| format | Article |
| id | mit-1721.1/86161 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T12:58:39Z |
| publishDate | 2014 |
| publisher | Association for Computing Machinery (ACM) |
| record_format | dspace |
| spelling | mit-1721.1/861612022-09-28T11:16:57Z Authenticated storage using small trusted hardware Yang, Hsin-Jung Zeldovich, Nickolai Devadas, Srinivas Costan, Victor Marius Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Yang, Hsin-Jung Costan, Victor Marius Zeldovich, Nickolai Devadas, Srinivas A major security concern with outsourcing data storage to third-party providers is authenticating the integrity and freshness of data. State-of-the-art software-based approaches require clients to maintain state and cannot immediately detect forking attacks, while approaches that introduce limited trusted hardware (e.g., a monotonic counter) at the storage server achieve low throughput. This paper proposes a new design for authenticating data storage using a small piece of high-performance trusted hardware attached to an untrusted server. The proposed design achieves significantly higher throughput than previous designs. The server-side trusted hardware allows clients to authenticate data integrity and freshness without keeping any mutable client-side state. Our design achieves high performance by parallelizing server-side authentication operations and permitting the untrusted server to maintain caches and schedule disk writes, while enforcing precise crash recovery and write access control. 2014-04-14T17:56:32Z 2014-04-14T17:56:32Z 2013-11 Article http://purl.org/eprint/type/ConferencePaper 9781450324908 http://hdl.handle.net/1721.1/86161 Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srinivas Devadas. 2013. Authenticated storage using small trusted hardware. In Proceedings of the 2013 ACM workshop on Cloud computing security workshop (CCSW '13). ACM, New York, NY, USA, 35-46. https://orcid.org/0000-0001-8253-7714 https://orcid.org/0000-0002-0990-7763 https://orcid.org/0000-0003-0238-2703 https://orcid.org/0000-0002-7770-1273 en_US http://dx.doi.org/10.1145/2517488.2517494 Proceedings of the 2013 ACM workshop on Cloud computing security workshop (CCSW '13) Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/ application/pdf Association for Computing Machinery (ACM) MIT web domain |
| spellingShingle | Yang, Hsin-Jung Zeldovich, Nickolai Devadas, Srinivas Costan, Victor Marius Authenticated storage using small trusted hardware |
| title | Authenticated storage using small trusted hardware |
| title_full | Authenticated storage using small trusted hardware |
| title_fullStr | Authenticated storage using small trusted hardware |
| title_full_unstemmed | Authenticated storage using small trusted hardware |
| title_short | Authenticated storage using small trusted hardware |
| title_sort | authenticated storage using small trusted hardware |
| url | http://hdl.handle.net/1721.1/86161 https://orcid.org/0000-0001-8253-7714 https://orcid.org/0000-0002-0990-7763 https://orcid.org/0000-0003-0238-2703 https://orcid.org/0000-0002-7770-1273 |
| work_keys_str_mv | AT yanghsinjung authenticatedstorageusingsmalltrustedhardware AT zeldovichnickolai authenticatedstorageusingsmalltrustedhardware AT devadassrinivas authenticatedstorageusingsmalltrustedhardware AT costanvictormarius authenticatedstorageusingsmalltrustedhardware |