STRONGBOX: CONFIDENTIALITY, INTEGRITY, AND PERFORMANCE USING STREAM CIPHERS FOR FULL-DISK ENCRYPTION Bernard Dickens III.

Slides:



Advertisements
Similar presentations
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
Advertisements

Full-Datapath Secure Deletion Sarah Diesburg 1. Overview Problem  Current secure deletion methods do not work State of the art  Optimistic system-wide.
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Institut Mines-Télécom “Digital Safe Client via HTML5 ” Mayssa JEMEL Ahmed SERHROUCHNI Journée: Cloud Coffre Fort Numérique 26 Février 2015.
Operating Systems CMPSC 473 I/O Management (2) December Lecture 24 Instructor: Bhuvan Urgaonkar.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
Computer Safety Workshop Presented by Roy Coleman April 14, 2015 © 2015 Roy Coleman.
Operating System Review September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1.
Protecting Data on Smartphones and Tablets from Memory Attacks
Full-Datapath Secure Data Deletion Sarah Diesburg 5/4/
IT253: Computer Organization
Resolving Journaling of Journal Anomaly in Android I/O: Multi-Version B-tree with Lazy Split Wook-Hee Kim 1, Beomseok Nam 1, Dongil Park 2, Youjip Won.
Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
Storage Systems CSE 598d, Spring 2007 Lecture 13: File Systems March 8, 2007.
TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering.
Protecting Data at Rest Through Encryption CIO Summit November 30, 2007.
Operating System Concepts with Java – 7 th Edition, Nov 15, 2006 Silberschatz, Galvin and Gagne ©2007 Chapter 11: File System Implementation.
Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016.
UNM Encryption Services in Development
Chapters 3 and 5 Possible questions
Storage Devices CS 161: Lecture 11 3/21/17.
Virtualization.
Chapter 5 Electronic Commerce | Security Threats - Solution
Protecting Interprocess Communications
Protecting Interprocess Communications
Processes and threads.
Protecting Interprocess Communications
Andy Wang COP 5611 Advanced Operating Systems
Outline What does the OS protect? Authentication for operating systems
Chapter 5 Electronic Commerce | Security Threats - Solution
CSE451 I/O Systems and the Full I/O Path Autumn 2002
Operating System I/O System Monday, August 11, 2008.
Deferred Lighting.
Information and Network Security
Outline What does the OS protect? Authentication for operating systems
STRONGBOX: CONFIDENTIALITY, INTEGRITY, AND PERFORMANCE USING STREAM CIPHERS FOR FULL-DISK ENCRYPTION Bernard Dickens III.
Operating Systems ECE344 Lecture 11: SSD Ding Yuan
File Processing : Storage Media
Encryption The Good kind of obscurity
I'm Kenichi Kourai from Kyushu Institute of Technology.
McGraw-Hill Technology Education
POS 355 Competitive Success/snaptutorial.com
POS 355 Education for Service-- snaptutorial.com.
POS 355 Teaching Effectively-- snaptutorial.com
EECS 582 Midterm Review Mosharaf Chowdhury EECS 582 – F16.
Cryptography Lecture 12.
Filesystems 2 Adapted from slides of Hank Levy
January 15th Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Security protocol for Body area networks]
File Processing : Storage Media
Overview Continuation from Monday (File system implementation)
Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.
Hints on Writing (C) Common Mistakes From My Graduate Students
Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit
Lecture Topics: 11/1 General Operating System Concepts Processes
Full Title of Research Proposal
Block Ciphers (Crypto 2)
Shielding applications from an untrusted cloud with Haven
McGraw-Hill Technology Education
Title of your paper goes here
Xen and the Art of Virtualization
Cryptography Lecture 11.
Protecting Interprocess Communications
DEFY:A Deniable,Encrypted File System for Log-Structured Storage
Lightweight Security Scheme for Vehicle Tracking System Using CoAP
CS 514 Class presentation template [Replace it with the title of your project] Xiaowei Yang.
Dong Hyun Kang, Changwoo Min, Young Ik Eom
Presentation transcript:

STRONGBOX: CONFIDENTIALITY, INTEGRITY, AND PERFORMANCE USING STREAM CIPHERS FOR FULL-DISK ENCRYPTION Bernard Dickens III

Roadmap Motivation Current State of the Art Key Insight of Log-structured File Systems StrongBox Implementation Overview Threat Model Performance Evaluation Contribution and Limitations Conclusion Future Work

Motivation Modern devices use fast flash-based storage Flash storage, including SSDs, flash drives, eMMC, etc. are extremely popular Extremely fast unencrypted storage Full disk encryption is slow Really slow: 3-5x slower than unencrypted storage … because the AES block cipher is slow (in XTS mode) Full disk encryption (FDE) is ubiquitous Every Android device at or past Android M employs FDE by default Windows 10 devices come with TPM-based BitLocker FDE schemes Trusted hardware TPMs/TEEs are already widely integrated Stream ciphers are very fast Google replaced AES with a fast stream cipher for HTTPS in 2014! Can we leverage the speed of modern stream ciphers to make FDE faster? Split into two Better (more provocative) titles: securing data at rest, technology trends

Current Solutions (State of the Art) Everyone implements FDE using AES in XTS mode dm-crypt is standard for Linux/Android; uses AES-XTS All Windows computers, laptops, tablets with BitLocker use AES-XTS Apple iOS/FileVault uses AES-XTS VeraCrypt/TrueCrypt et al. employ AES-XTS by default Add illustration of AES-XTS (basic internal diagrams of AES-XTS/block cipher) Better title Split this into two columns: how block cipher works vs stream cipher works w/ diagrams too Really slow vs really fast Why is one favored over the other? <add more pictures> Technology trends lead to the second being favored now (flash over normal disks; hardware secure counter support)

The Problem with FDE and Stream Ciphers Naïve FDE implementations using stream ciphers are trivially vulnerable! Trivial many-time pad attacks Rollback attacks These problems with stream ciphers and FDE are well understood by the community The common assumption: workarounds for the above problems are too expensive The general wisdom: use a block cipher instead of a stream cipher for FDE

Key Insight In context, the disks that are being encrypted are often flash-based Flash-based storage allows I/O via Flash Translation Layer (FTL) FTLs behaves very similarly to Log-structured File Systems (LFS) LFSes are filesystems that write data and metadata to a circular buffer in a sequential fashion LFSes (and FTLs) are in effect append-only filesystems with garbage colletion We can avoid the many-time pad vulnerability if the filesystem consistently makes forward writes (i.e. append-only) 5 minutes by this point!

Solution: StrongBox We propose StrongBox A drop-in replacement for AES-XTS-backed FDE providers such as dm-crypt Goals of our StrongBox implementation Provide a transparent encryption layer without API changes Track writes to ensure that the same location is never overwritten Ensure metadata used for tracking writes is secure and is not subject to side channel leaks or rollback attacks Accomplishing the above without cutting too deep into the performance gained by use of the stream cipher

StrongBox Illustration

Threat 1: Passive Attacker (describe standard attacks that all FDE was created to defend against) (describe solution)

Threat 2: Many-time Pad Attack (describe many-time pad attack unique to stream cipher use in FDE) (describe solution)

Threat 3: Rollback Attack (describe rollback attack) (describe how it’s handled with AES-XTS) (describe how it’s different with stream ciphers) (describe solution)

Performance Evaluation (add metrics from paper showing the defeat of dm-crypt in majority of cases as ratios; i.e. 2.5x faster than Y) Multiple slides, one result/sentence per slide

X Contribution (Key insight is a contribution?) (StrongBox itself?) <<is this a necessary page at all?>>

X Limitations (describe the several limitations inherent in the current StrongBox implemention)

Conclusion (tell them what you told them but succinctly)

Future Work and Improvements (summarize the three future work sections from the paper)

Reference (paper url or something goes here?) (link to anonymous repo goes here)

END Any Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.