Authenticated storage using small trusted hardware
Author(s)Yang, Hsin-Jung; Zeldovich, Nickolai; Devadas, Srinivas; Costan, Victor Marius
MetadataShow full item record
A major security concern with outsourcing data storage to third-party providers is authenticating the integrity and freshness of data. State-of-the-art software-based approaches require clients to maintain state and cannot immediately detect forking attacks, while approaches that introduce limited trusted hardware (e.g., a monotonic counter) at the storage server achieve low throughput. This paper proposes a new design for authenticating data storage using a small piece of high-performance trusted hardware attached to an untrusted server. The proposed design achieves significantly higher throughput than previous designs. The server-side trusted hardware allows clients to authenticate data integrity and freshness without keeping any mutable client-side state. Our design achieves high performance by parallelizing server-side authentication operations and permitting the untrusted server to maintain caches and schedule disk writes, while enforcing precise crash recovery and write access control.
DepartmentMassachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Proceedings of the 2013 ACM workshop on Cloud computing security workshop (CCSW '13)
Association for Computing Machinery (ACM)
Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srinivas Devadas. 2013. Authenticated storage using small trusted hardware. In Proceedings of the 2013 ACM workshop on Cloud computing security workshop (CCSW '13). ACM, New York, NY, USA, 35-46.
Author's final manuscript