efficient data structures for tamper evident logging
play

Efficient Data Structures for Tamper-Evident Logging Scott A. - PowerPoint PPT Presentation

Aug 24, 2023 •490 likes •1.32k views

Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice University Everyone has logs Tamper evident solutions Current commercial solutions Write only hardware appliances Security depends on

  1. Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice University

  2. Everyone has logs

  3. Tamper evident solutions • Current commercial solutions – ‘Write only’ hardware appliances – Security depends on correct operation • Would like cryptographic techniques – Logger proves correct behavior – Existing approaches too slow

  4. Our solution • History tree – Logarithmic for all operations – Benchmarks at >1,750 events/sec – Benchmarks at >8,000 audits/sec • In addition – Propose new threat model – Demonstrate the importance of auditing

  5. Threat model • Forward integrity – Events prior to Byzantine failure are tamper-evident • Don’t know when logger becomes evil – Clients are trusted • Strong insider attacks – Malicious administrator • Evil logger – Clients may be mostly evil • Only trusted during insertion protocol

  6. Limitations and Assumptions • Limitations – Detect misbehaviour, not prevent it – Cannot prevent ‘junk’ from being logged • Assumptions – Privacy is outside our scope • Data may encrypted – Crypto is secure

  7. System design Client • Logger – Stores events Client Logger – Never trusted Client • Clients Auditor – Little storage Auditor – Create events to be logged – Trusted only at time of event creation – Sends commitments to auditors • Auditors – Verify correct operation – Little storage – Trusted, at least one is honest

  8. This talk • Discuss the necessity of auditing • Describe the history tree • Evaluation • Scaling the log

  9. Tamper evident log • Events come in • Commitments go out – Each commits to the entire past X n-3 C n-3 C n-2 Logger X n-2 C n-1 X n-1

  10. Hash chain log • Existing approach [Kelsey,Schneier] – C n =H(C n-1 || X n ) – Logger signs C n C n-3 X n-5 X n-4 X n-3

  11. Hash chain log • Existing approach [Kelsey,Schneier] – C n =H(C n-1 || X n ) – Logger signs C n C n-2 X n-5 X n-4 X n-3 X n-2

  12. Hash chain log • Existing approach [Kelsey,Schneier] – C n =H(C n-1 || X n ) – Logger signs C n C n-1 X n-5 X n-4 X n-3 X n-2 X n-1

  13. Problem • We don’t trust the logger! X n-4 X n-3 X n-2 X n-1 X n C n Logger returns a stream of commitments C n Each corresponds to a log C n-2 C n-1

  14. Problem • We don’t trust the logger! X n-4 X n-3 X n-2 X n-1 X n C n Does really contain the just inserted X n ? C n Do and really commit the same historical events? C n-2 C n-1 Is the event at index i in log really X i ? C n

  15. Problem • We don’t trust the logger! – Logger signs stream of log heads – Each corresponds to some log Does really contain the just inserted X n-3 ? C n-3 Do and really commit the same historical events? C n-2 C n-1 Is the event at index i in log really X i ? C n

  16. Solution: Audit the logger • Only way to detect tampering – Check the returned commitments  • For consistency C n-2 C n-1 X n-3  • For correct event lookup C n-3 • Previously – Auditing = looking historical events • Assumed to infrequent • Performance was ignored

  17. Solution • Auditors check the returned commitments  – For consistency C n-2 C n-1 X n-3  – For correct event lookup C n-3 • Previously – Auditing = looking historical events • Assumed to infrequent • Performance was ignored

  18. Auditing is a frequent operation • If the logger knows this commitment will not be audited for consistency with a later commitment. C’ n-1 X’ n-3 X n-2 X n-1 C n-3 X n-6 X n-5 X n-4 X n-3

  19. Auditing is a frequent operation • Successfully tampered with a ‘tamper evident’ log • Auditing required in forward integrity threat model C’ n-1 X’ n-3 X n-2 X n-1 C n-3 X n-6 X n-5 X n-4 X n-3

  20. Auditing is a frequent operation • Every commitment must have a non-zero probability of being audited C’ n-1 X’ n-3 X n-2 X n-1 C n-3 X n-6 X n-5 X n-4 X n-3

  21. Forking the log • Rolls back the log and adds on different events – Attack requires two commitments on different forks disagree on the contents of one event. – If system has historical integrity, audits must fail or be skipped C’ n-1 X n-5 X’ n-4 X n-3 X n-2 X n-1 C n-3 X n-6 X n-5 X n-4 X n-3

  22. New paradigm • Auditing cannot be avoided • Audits should occur – On every event insertion – Between commitments returned by logger • How to make inserts and audits cheap – CPU – Communications complexity – Storage

  23. Two kinds of audits X i  • Membership auditing C n – Verify proper insertion – Lookup historical events • Incremental auditing  C i C n – Prove consistency between two commitments

  24. Membership auditing a hash chain X n-5  • Is ? C n-3 C n-3

  25. Membership auditing a hash chain X n-5  • Is ? C n-3 P X’ n-6 X’ n-5 X’ n-4 X’ n-3 C n-3 X n-5 X n-4 X n-3

  26. Membership auditing a hash chain X n-5  • Is ? C n-3 X’ n-6 X’ n-5 X’ n-4 X’ n-3 C n-3 X n-5 X n-4 X n-3

  27. Incremental auditing a hash chain  • Are ? C’’ n-5 C’ n-1

  28. Incremental auditing a hash chain P X n-6 X n-5 X n-4 X n-3 X n-2 X n-1 C’ n-1 X’ n-6 X’ n-5 X’ n-4 X’ n-3 X’ n-2 X’ n-1 X’’ n-6 X’’ n-5 C’’ n-5

  29. Incremental auditing a hash chain P C n-5 X n-6 X n-5 X n-4 X n-3 X n-2 X n-1 C’ n-1 X’ n-6 X’ n-5 X’ n-4 X’ n-3 X’ n-2 X’ n-1 X’’ n-6 X’’ n-5 C’’ n-5

  30. Incremental auditing a hash chain P C n-1 X n-6 X n-5 X n-4 X n-3 X n-2 X n-1 C’ n-1 X’ n-6 X’ n-5 X’ n-4 X’ n-3 X’ n-2 X’ n-1 X’’ n-6 X’’ n-5 C’’ n-5

  31. Incremental auditing a hash chain P C n-5 C n-1 X n-6 X n-5 X n-4 X n-3 X n-2 X n-1 C’ n-1 X’ n-6 X’ n-5 X’ n-4 X’ n-3 X’ n-2 X’ n-1 X’’ n-6 X’’ n-5 C’’ n-5

  32. Existing tamper evident log designs • Hash chain – Auditing is linear time – Historical lookups • Very inefficient • Skiplist history [Maniatis,Baker] – Auditing is still linear time – O(log n) historical lookups

  33. Our solution • History tree – O(log n) instead of O(n) for all operations – Variety of useful features • Write-once append-only storage format • Predicate queries + safe deletion • May probabilistically detect tampering – Auditing random subset of events – Not beneficial for skip-lists or hash chains

  34. History Tree • Merkle binary tree – Events stored on leaves – Logarithmic path length • Random access – Permits reconstruction of past version and past commitments

  35. History Tree C 2 X 1 X 2

  36. History Tree C 3 X 1 X 2 X 3

  37. History Tree C 4 X 1 X 2 X 3 X 4

  38. History Tree C 5 X 1 X 2 X 3 X 4 X 5

  39. History Tree C 6 X 1 X 2 X 3 X 4 X 5 X 6

  40. History Tree C 7 X 1 X 2 X 3 X 4 X 5 X 6 X 7

  41. History Tree X 1 X 2 X 3 X 4 X 5 X 6 X 7

  42. Incremental auditing

  43. Auditor C 3 C 3 X 1 X 2 X 3

  44. C 3 Auditor C 4 X 1 X 2 X 3 X 4

  45. C 3 Auditor C 5 X 1 X 2 X 3 X 4 X 5

  46. C 3 Auditor C 6 X 1 X 2 X 3 X 4 X 5 X 6

  47. C 3 Auditor C 7 C 7 X 1 X 2 X 3 X 4 X 5 X 6 X 7

  48. Incremental proof  C 3 C 7 C 3 C 3 Auditor C 7 C 7 X 1 X 2 X 3 X 4 X 5 X 6 X 7

  49. Incremental proof  C 3 C 7 C 3 C 3 Auditor C 7 C 7 X 1 X 2 X 3 X 4 X 5 X 6 X 7 • P is consistent with C 7 • P is consistent with C 3 • Therefore and are consistent. C 7 C 3

  50. Incremental proof  C 3 C 7 C 3 C 3 Auditor C 7 C 7 X 1 X 2 X 3 X 4 X 5 X 6 X 7 • P is consistent with C 7 • P is consistent with C 3 • Therefore and are consistent. C 7 C 3

  51. Incremental proof  C 3 C 7 C 3 C 3 Auditor C 7 C 7 X 1 X 2 X 3 X 4 X 5 X 6 X 7 • P is consistent with C 7 • P is consistent with C 3 • Therefore and are consistent. C 7 C 3

  52. Incremental proof  C 3 C 7 C 3 C 3 Auditor C 7 C 7 X 1 X 2 X 3 X 4 X 5 X 6 X 7 • P is consistent with C 7 • P is consistent with C 3 • Therefore and are consistent. C 7 C 3

  53. Pruned subtrees C 3 C 3 Auditor C 7 C 7 X 1 X 2 X 3 X 4 X 5 X 6 X 7 • Although not sent to auditor – Fixed by hashes above them – , fix the same (unknown) events C 3 C 7

  54. Membership proof that  X 3 C’’ 7 C’’ 7 X 1 X 2 X 3 X 4 X 5 X 6 X 7 • Verify that has the same contents as P C’’ 7 • Read out event X 3

  55. Merkle aggregation

  56. Merkle aggregation • Annotate events with attributes $1 $8 $3 $2 $5 $2 $2

  57. Aggregate them up the tree • Max() $8 $5 $8 $8 $3 $5 $4 $1 $8 $3 $2 $5 $2 $4 Included in hashes and checked during audits

  58. Querying the tree • Max() $8 $5 $8 $8 $3 $5 $4 $1 $8 $3 $2 $5 $2 $4 Find all transactions over $6

  59. Safe deletion • Max() $8 $5 $8 $8 $3 $5 $4 $1 $8 $3 $3 $3 $3 $2 $2 $2 $5 $2 $4 Authorized to delete all transactions under $4

  60. Merkle aggregation is flexible • Many ways to map events to attributes – Arbitrary computable function • Many attributes – Timestamps, dollar values, flags, tags • Many aggregation strategies +, *, min(), max(), ranges, and/or, Bloom filters

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology L C S Cases for Physical Security Applications

519 views • 23 slides
TAMPER EVIDENT BYPASSES BY MOS AND BOO THE PACKAGING COUNCIL OF AUSTRALIA Packaging which

TAMPER EVIDENT BYPASSES BY MOS AND BOO THE PACKAGING COUNCIL OF AUSTRALIA Packaging which

TAMPER EVIDENT BYPASSES BY MOS AND BOO THE PACKAGING COUNCIL OF AUSTRALIA Packaging which possesses a barrier to entry which, if breached or missing, will provide visible evidence to consumers that tampering had occurred MESOPOTAMIAN

516 views • 30 slides
New Insights to Key Derivation for Tamper-Evident Physical Unclonable Functions (PUFs) Vincent

New Insights to Key Derivation for Tamper-Evident Physical Unclonable Functions (PUFs) Vincent

New Insights to Key Derivation for Tamper-Evident Physical Unclonable Functions (PUFs) Vincent Immler, Karthik Uppund Conference on Cryptographic Hardware and Embedded Systems, Atlanta, Aug 26, 2019 PUF in a Nutshell: Biometrics of Objects PUF

403 views • 21 slides
VoteBox: a verifiable, tamper-evident electronic voting system

VoteBox: a verifiable, tamper-evident electronic voting system

VoteBox: a verifiable, tamper-evident electronic voting system Daniel R. Sandler Rice University

1.38k views • 86 slides
MA Final Talk: Tamper-Evident Publication of Internet Measurements Max Helm Advisors: Oliver

MA Final Talk: Tamper-Evident Publication of Internet Measurements Max Helm Advisors: Oliver

Chair of Network Architectures and Services Department of Informatics Technical University of Munich MA Final Talk: Tamper-Evident Publication of Internet Measurements Max Helm Advisors: Oliver Gasser, Benjamin Hof, Quirin Scheitle July 16,

423 views • 26 slides
5/24/10 Modern Hardware is Complex Modern systems built on layers of hardware Tamper Evident

5/24/10 Modern Hardware is Complex Modern systems built on layers of hardware Tamper Evident

5/24/10 Modern Hardware is Complex Modern systems built on layers of hardware Tamper Evident Microprocessors Applications OS Hypervisor Motherboard/ Slave Chips Adam Waksman CPU Simha Sethumadhavan Complexity increases risk of

340 views • 4 slides
Publius: A robust, tamper-evident, censorship-resistant web publishing system M Waldman, A Rubin

Publius: A robust, tamper-evident, censorship-resistant web publishing system M Waldman, A Rubin

Publius: A robust, tamper-evident, censorship-resistant web publishing system M Waldman, A Rubin and L Cranor Ranjit Randhawa Department of Computer Science Virginia Tech Outline Overview of Publius Anonymity tools Publius in

414 views • 13 slides
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution Riccardo

Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution Riccardo

Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher W. Fletcher, Andrew Miller, Dave Tian Logs Are Useful 2 Custos: Practical

730 views • 58 slides
Space Efficient Data Structures and FM index Venkatesh Raman The Institute of Mathematical

Space Efficient Data Structures and FM index Venkatesh Raman The Institute of Mathematical

Space Efficient Data Structures and FM index Venkatesh Raman The Institute of Mathematical Sciences, Chennai NISER Bhubaneshwar, February 9, 2019 Introduction Data Structures Libraries Conclusions Overview Introduction Data Structures

1.92k views • 159 slides
Efficient Data Structures for the Factor Periodicity Problem Tomasz Kociumaka Jakub Radoszewski

Efficient Data Structures for the Factor Periodicity Problem Tomasz Kociumaka Jakub Radoszewski

Efficient Data Structures for the Factor Periodicity Problem Tomasz Kociumaka Jakub Radoszewski Wojciech Rytter Tomasz Wale University of Warsaw, Poland SPIRE 2012 Cartagena, October 23, 2012 Tomasz Kociumaka Efficient Data Structures

1.23k views • 64 slides
Space and Time-Efficient Data Structures for Massive Datasets Giulio Ermanno Pibiri

Space and Time-Efficient Data Structures for Massive Datasets Giulio Ermanno Pibiri

Space and Time-Efficient Data Structures for Massive Datasets Giulio Ermanno Pibiri giulio.pibiri@di.unipi.it Supervisor Rossano Venturini Computer Science Department University of Pisa 10/10/2017 1 High Level Thesis Data Structures +

1.16k views • 87 slides
Efficient Public-Key Cryptography with Bounded Leakage and Tamper Resilience Antonio Faonio 1

Efficient Public-Key Cryptography with Bounded Leakage and Tamper Resilience Antonio Faonio 1

Efficient Public-Key Cryptography with Bounded Leakage and Tamper Resilience Antonio Faonio 1 Daniele Venturi 2 Department of Computer Science, Aarhus University, Aarhus, Denmark Department of Information Engineering and Computer Science,

763 views • 34 slides
Data Structures + BIG-O Notation Understanding the engineering trade-offs when storing data

Data Structures + BIG-O Notation Understanding the engineering trade-offs when storing data

CSSE 220 Data Structures + BIG-O Notation Understanding the engineering trade-offs when storing data Checkout LinkedListSimple project from public git Checkout SinglyLinkedList homework from git Data Structures Efficient ways to store data

239 views • 9 slides
Efficient Hardware-based Undo+Redo Logging for Persistent Memory Systems Matheus Ogleari Prof.

Efficient Hardware-based Undo+Redo Logging for Persistent Memory Systems Matheus Ogleari Prof.

Efficient Hardware-based Undo+Redo Logging for Persistent Memory Systems Matheus Ogleari Prof. Ethan Miller Prof. Jishen Zhao 1 Overview Background/Motivation Hardware-Driven Logging Design Evaluation 2 Background

232 views • 20 slides
Data Structures 1 / 27 Built-in Data Structures Values can be collected in data structures:

Data Structures 1 / 27 Built-in Data Structures Values can be collected in data structures:

Data Structures 1 / 27 Built-in Data Structures Values can be collected in data structures: Lists Tuples Dictionaries Sets This lecture just an overview. See the Python documentation for complete details. 2 / 27 Lists A list

396 views • 27 slides
Efficient Hardware-assisted Logging with Asynchronous and Direct Update for Persistent Memory

Efficient Hardware-assisted Logging with Asynchronous and Direct Update for Persistent Memory

Efficient Hardware-assisted Logging with Asynchronous and Direct Update for Persistent Memory Jungi Jeong , Chang Hyun Park, Jaehyuk Huh, and Seungryoul Maeng International Symposium on Microarchitecture (MICRO) 2018 Storage-Class Memory

1.95k views • 155 slides
Prioritization of Tasks integrated Rule Oriented Data System Reagan Moore {moore, sekar, mwan,

Prioritization of Tasks integrated Rule Oriented Data System Reagan Moore {moore, sekar, mwan,

Prioritization of Tasks integrated Rule Oriented Data System Reagan Moore {moore, sekar, mwan, schroeder, bzhu, ptooby, antoine, sheauc}@diceresearch.org {chienyi, marciano, michael_conway}@email.unc.edu 1 Future Development Development of

689 views • 20 slides
Planning and Research Peer Engagement Group October 2020 Data-Driven Justice Johnson County,

Planning and Research Peer Engagement Group October 2020 Data-Driven Justice Johnson County,

Data-Driven Ju Justice: Planning and Research Peer Engagement Group October 2020 Data-Driven Justice Johnson County, Iowa David Schwindt david-schwindt@iowa-city.org Existing Data vs New Data Housing First Study Housing First Study

620 views • 34 slides
Top 3 Tech Challenges of 2019 AEC industry report reveals which data points will make or break

Top 3 Tech Challenges of 2019 AEC industry report reveals which data points will make or break

Top 3 Tech Challenges of 2019 AEC industry report reveals which data points will make or break your business Presented by Marge Hart, VP, Product Management Sponsored by MA MARGE HA E HART VP, Product Management 20 years experience with

569 views • 30 slides
We have to t st t rt tt

We have to t st t rt tt

We have to t st t rt tt r so that we can catch terrorists, drug dealers, pedophiles, and organized criminals. Some of this data is sent

906 views • 48 slides
Evidence-Based Elections CDAR Risk Seminar Philip B. Stark 15 September 2020 University of

Evidence-Based Elections CDAR Risk Seminar Philip B. Stark 15 September 2020 University of

Evidence-Based Elections CDAR Risk Seminar Philip B. Stark 15 September 2020 University of California, Berkeley 1 Many collaborators including (most recently) Andrew Appel, Josh Benaloh, Matt Bernhard, Michelle Blom, Andrew Conway, Rich

1.12k views • 100 slides
JSONB AUDITS PRO & CONTRA WIR HABEN EINEN TRAUM DIE STAUFREIE STADT 2

JSONB AUDITS PRO & CONTRA WIR HABEN EINEN TRAUM DIE STAUFREIE STADT 2

Felix Kunde and Petra Sauer JSONB AUDITS PRO & CONTRA WIR HABEN EINEN TRAUM DIE STAUFREIE STADT 2 Wirtschaftsatlas Berlin In the GIS scene more and more users are interested in data curation. Data creation has been too

909 views • 31 slides
The Battle for Principles & concepts Trust and DREs Accountable Voting Voter

The Battle for Principles & concepts Trust and DREs Accountable Voting Voter

Outline The Battle for Principles & concepts Trust and DREs Accountable Voting Voter verifiable audit trail Systems Future Conclusion Prof. David L. Dill Department of Computer Science Stanford University

298 views • 7 slides
CSE306 Software Quality in Practice Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall

CSE306 Software Quality in Practice Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall

CSE306 Software Quality in Practice Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall Recall the rules 1. Understand the requirements 2. Make it fail 3. Simplify the test case 4. Read the right error message 5. Check the plug 6.

637 views • 20 slides

More recommend