Presentation is loading. Please wait.

Presentation is loading. Please wait.

STRONGBOX: CONFIDENTIALITY, INTEGRITY, AND PERFORMANCE USING STREAM CIPHERS FOR FULL-DISK ENCRYPTION Bernard Dickens III.

Published byVirgil Warren Modified over 6 years ago

Similar presentations

Presentation on theme: "STRONGBOX: CONFIDENTIALITY, INTEGRITY, AND PERFORMANCE USING STREAM CIPHERS FOR FULL-DISK ENCRYPTION Bernard Dickens III."— Presentation transcript:

1 STRONGBOX: CONFIDENTIALITY, INTEGRITY, AND PERFORMANCE USING STREAM CIPHERS FOR FULL-DISK ENCRYPTION
Bernard Dickens III

2 Roadmap Motivation StrongBox Contribution and Limitations Conclusion
Implementation Overview Threat Model Performance Evaluation Contribution and Limitations Conclusion Future Work

3 Motivation Part 1: Technology Trends
Then: HDD Now: SSD/eMMC/Flash Infrequently used in mobile/portable electronics Offers direct LBA API (no translation layer) Increasingly popular I/O managed by Flash Translation Layer (FTL) FTL operates very similarly to a Log- structured File System (LFS) Logical Block Addressing API instead of going through an FTL

4 Motivation Part 1: Technology Trends
Trusted Platform Module (TPM) Supports secure monotonic counters TPM/TEE enjoy increasingly widespread adoption As of 2009, TPM is used by nearly all PC manufacturers and exists in nearly 600 million PCs, mobile devices, and hard drives*** ARM has supported TEE since ARMv6 Secure counters are good for preserving state and protecting against rollback attacks!

5 Motivation Part 2: Securing Data at Rest
The State of the Art for FDE: AES in XTS mode Everyone implements FDE using AES in XTS mode dm-crypt is standard for Linux/Android; uses AES-XTS All Windows computers, laptops, tablets with BitLocker use AES-XTS Apple iOS/FileVault uses AES-XTS VeraCrypt/TrueCrypt et al. employ AES-XTS by default

6 Motivation Part 2: Securing Data at Rest
FDE with a Stream Cipher Sectors don’t even factor in when we’re using a stream cipher.

7 Motivation Part 2: Securing Data at Rest
FDE with a Block Cipher (AES) FDE with a Stream Cipher

8 The Problem with FDE & Stream Ciphers
Naïve FDE implementations using stream ciphers are trivially vulnerable! Many-time pad attacks Rollback attacks The general wisdom: use the slower block cipher (AES) instead of a stream cipher These problems with stream ciphers and FDE are well understood by the community The common assumption: workarounds for the above problems are too expensive; result in steep performance degradation

9 Solution: StrongBox We propose StrongBox
A drop-in replacement for AES-XTS-backed FDE providers such as dm-crypt Goals of our StrongBox implementation Provide a transparent performant encryption layer to OS without API changes Leverage FTL/LFS append-only nature to protect against many-time pad attacks Leverage TPM/TEE secure counter support to protect against metadata rollback

10 StrongBox Illustration
Merkle Tree: … Keycount Store: … Transaction Journal: … Device controller can be crafted to communicate with SSD controllers, HDD drivers, VFS, etc.

11 Threat 1: Passive Attack
(describe standard attacks that all FDE was created to defend against) (describe solution)

12 Threat 2: Many-time Pad Attack
(describe many-time pad attack unique to stream cipher use in FDE) (describe solution) Track writes to ensure that the same location is never overwritten

13 Threat 3: Rollback Attack
(describe rollback attack) (describe how it’s handled with AES-XTS) (describe how it’s different with stream ciphers) (describe solution)

14 Performance Evaluation
(add metrics from paper showing the defeat of dm-crypt in majority of cases as ratios; i.e. 2.5x faster than Y) Multiple slides, one result/sentence per slide

15 Conclusion (tell them what you told them but succinctly)

16 Future Work and Improvements
(summarize the three future work sections from the paper)

17 Reference StrongBox Repo: https://github.com/ananonrepo2/StrongBox
Images are from Wikipedia/OS *** TCG: How to use TPM. Technical report, Trusted Computing Group (2009, 2012)

18 END Any Questions?

Download ppt "STRONGBOX: CONFIDENTIALITY, INTEGRITY, AND PERFORMANCE USING STREAM CIPHERS FOR FULL-DISK ENCRYPTION Bernard Dickens III."

Similar presentations

Security for Mobile Devices

Security for Mobile Devices
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
BitLocker™ Drive Encryption A look under the covers Steve Lamb Technical Security Advisor, Microsoft UK

BitLocker™ Drive Encryption A look under the covers Steve Lamb Technical Security Advisor, Microsoft UK
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Web Cryptography & Utilizing ARM TrustZone® based TEE for Authentication & Cryptography Ilhan Gurel September 10th & 11th, 2014.

Web Cryptography & Utilizing ARM TrustZone® based TEE for Authentication & Cryptography Ilhan Gurel September 10th & 11th, 2014.
0x1A Great Papers in Computer Security

0x1A Great Papers in Computer Security
Windows 7 Windows Server 2008 R2 VirtualizationVirtualization Heterogeneous Server Environment Inventory Linux, Unix & VMware Windows 7 & Server 2008.

Windows 7 Windows Server 2008 R2 VirtualizationVirtualization Heterogeneous Server Environment Inventory Linux, Unix & VMware Windows 7 & Server 2008.
MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,
File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.
ENCRYPTION Coffee Hour for August 2014. HISTORY OF ENCRYPTION Scytale Ciphers – paper wrapped around rod, receiver needed same size rod to get the message.

ENCRYPTION Coffee Hour for August HISTORY OF ENCRYPTION Scytale Ciphers – paper wrapped around rod, receiver needed same size rod to get the message.
Transactions and Reliability. File system components Disk management Naming Reliability  What are the reliability issues in file systems? Security.

Transactions and Reliability. File system components Disk management Naming Reliability  What are the reliability issues in file systems? Security.
Slide 1 Windows PC Accelerators Reporter :吳柏良. Slide 2 Outline l Introduction l Windows SuperFetch l Windows ReadyBoost l Windows ReadyDrive l Conclusion.

Slide 1 Windows PC Accelerators Reporter :吳柏良. Slide 2 Outline l Introduction l Windows SuperFetch l Windows ReadyBoost l Windows ReadyDrive l Conclusion.
INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.

INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.
Protecting Data on Smartphones and Tablets from Memory Attacks

Protecting Data on Smartphones and Tablets from Memory Attacks
Data Storage Systems: A Survey Abdullah Aldhamin July 29, 2013 CMPT 880: Large-Scale Multimedia Systems and Cloud Computing Course Project.

Data Storage Systems: A Survey Abdullah Aldhamin July 29, 2013 CMPT 880: Large-Scale Multimedia Systems and Cloud Computing Course Project.
Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems.

Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems.
TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.

TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.

Similar presentations

Ads by Google