by Alina Oprea, Michael K. Reiter, Ke Yang
In Proc. of NDSS ’05
http://www-2.cs.cmu.edu/~alina/papers/storageint.pdf
Add To MetaCart
Abstract:
We present new methods to provide block-level integrity in encrypted storage systems, i.e., so that a client will detect the modification of data blocks by an untrusted storage server. We present cryptographic definitions for this setting, and develop solutions that change neither the block size nor the number of sectors accessed, an important consideration for modern storage systems. In order to achieve this, a trusted client component maintains state with which it can authenticate blocks returned by the storage server, and we explore techniques for minimizing the size of this state. We demonstrate a scheme that provably implements basic block integrity (informally, that any block accepted was previously written), that exhibits a tradeoff between the level of security and the additional client’s storage overhead, and that in empirical evaluations requires an average of only 0.01 bytes per 1024-byte block. We extend this to a scheme that implements integrity resistant to replay attacks (informally, that any block accepted was the last block written to that address) using only 1.82 bytes per block, on average, in our one-month long empirical tests. 1.
Citations
|
354
|
Relations among notions of security for public-key encryption schemes
– Bellare, Desai, et al.
- 1462
|
|
154
|
A Cryptographic File System for Unix
– Blaze
- 1993
|
|
145
|
Separating Key Management From File System Security
– Mazières, Kaminsky, et al.
- 1999
|
|
116
|
Authenticated encryption: Relations among notions and analysis of the generic composition paradigm
– Bellare, Namprempre
- 2000
|
|
69
|
The order of encryption and authentication for protecting communications (or: How secure is SSL
– Krawczyk
- 2001
|
|
68
|
The Design and Implementation of a Transparent Cryptographic File
– Cattaneo, Catuogno, et al.
- 2001
|
|
65
|
On the construction of pseudo-random permutations: Luby-Rackoff revisited
– Naor, Reingold
- 1999
|
|
49
|
Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography
– Bellare, Rogaway
|
|
49
|
Plutus: Scalable Secure File Sharing on Untrusted Storage
– Kallahala, Riedel, et al.
- 2003
|
|
49
|
The RC6 block cipher
– Rivest, Robshaw, et al.
- 1996
|
|
43
|
SiRiUS: Securing Remote Untrusted Storage
– Goh, Shacham, et al.
- 2003
|
|
41
|
A framework for evaluating storage system security
– Riedel, Kallahalla
|
|
39
|
Group sharing and random access in cryptographic storage file systems
– Fu
- 1999
|
|
37
|
Strong Security for Network-Attached Storage
– Miller, Freeman, et al.
- 2002
|
|
34
|
A tweakable enciphering mode
– Halevi, Rogaway
- 2003
|
|
24
|
Security for Network Attached Storage Devices
– Gobioff, Gibson, et al.
- 1997
|
|
24
|
Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation
– Katz, Yung
- 1978
|
|
18
|
A Parallelizable Enciphering Mode
– Halevi, Rogaway
- 2004
|
|
16
|
Does encryption with redundancy provide authenticity
– An, Bellare
|
|
12
|
Integrity and Performance in Network Attached Storage
– Gobioff, Nagle, et al.
- 1998
|
|
11
|
Authenticated Encryption in SSH: Provably Fixing the SSH Binary Packet Protocol
– Bellare, Namprempre, et al.
- 2004
|
|
7
|
Secure Untrusted Data Repository
– Li, Krohn, et al.
- 2004
|
|
5
|
Extended cryptographic file system. Unpublished manuscript
– Bindel, Chew, et al.
- 1999
|
|
1
|
Building Secure Cryptographic Transforms, or How to Encrypt and MAC. Cryptology ePrint Archive, Report 2003/177
– Kohno, Palacio, et al.
|
