Authenticated storage using small trusted hardware

Author(s)

Yang, Hsin-Jung; Zeldovich, Nickolai; Devadas, Srinivas; Costan, Victor Marius

Abstract

A major security concern with outsourcing data storage to third-party providers is authenticating the integrity and freshness of data. State-of-the-art software-based approaches require clients to maintain state and cannot immediately detect forking attacks, while approaches that introduce limited trusted hardware (e.g., a monotonic counter) at the storage server achieve low throughput. This paper proposes a new design for authenticating data storage using a small piece of high-performance trusted hardware attached to an untrusted server. The proposed design achieves significantly higher throughput than previous designs. The server-side trusted hardware allows clients to authenticate data integrity and freshness without keeping any mutable client-side state. Our design achieves high performance by parallelizing server-side authentication operations and permitting the untrusted server to maintain caches and schedule disk writes, while enforcing precise crash recovery and write access control.

Date issued

2013-11

URI

http://hdl.handle.net/1721.1/86161

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Proceedings of the 2013 ACM workshop on Cloud computing security workshop (CCSW '13)

Publisher

Association for Computing Machinery (ACM)

Citation

Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srinivas Devadas. 2013. Authenticated storage using small trusted hardware. In Proceedings of the 2013 ACM workshop on Cloud computing security workshop (CCSW '13). ACM, New York, NY, USA, 35-46.

Version: Author's final manuscript

ISBN

9781450324908