on protecting integrity and confidentiality of
play

On Protecting Integrity and Confidentiality of Cryptographic File - PowerPoint PPT Presentation

Jun 01, 2023 •177 likes •348 views

On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage Aaram Yun , Chunhui Shi, Yongdae Kim University of Minnesota CCSW 2009, 13 Nov 2009 Cryptographic network file system How to achieve a

  1. On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage Aaram Yun , Chunhui Shi, Yongdae Kim University of Minnesota CCSW 2009, 13 Nov 2009

  2. Cryptographic network file system ✤ How to achieve ✤ a network file system ✤ where data storage can be outsourced ✤ securely and efficiently?

  3. Cryptographic network file system

  4. Goals ✤ Formal security definition for cryptographic file system ✤ confidentiality & integrity against attacker which controls data storage ✤ Efficient construction ✤ better computational overhead for crypto operations

  5. Requirements ✤ Confidentiality & integrity of stored data ✤ Random access ✤ Only constant amount of trusted storage per file ✤ Small computational overhead

  6. Merkle hash tree ✤ Popular solution for protecting data integrity (3) H 1 ✤ Data blocks at leaf nodes (2) (2) (2) H 1 H 2 H 3 ✤ Tree of hash values (1) (1) (1) (1) (1) (1) (1) (1) H 1 H 2 H 3 H 4 H 5 H 6 H 7 H 8 ✤ Root should be stored securely D 1 D 2 D 3 D 4 D 5 D 6 D 7 D 8 ✤ O(log n) cost for update

  7. Merkle hash tree + encryption ✤ Put encrypted data blocks at (3) H 1 leaf nodes (2) (2) (2) H 1 H 2 H 3 ✤ Blockwise encryption using CTR, for example (1) (1) (1) (1) (1) (1) (1) (1) H 1 H 2 H 3 H 4 H 5 H 6 H 7 H 8 ✤ Protects confidentiality and D 1 D 2 D 3 D 4 D 5 D 6 D 7 D 8 integrity

  8. How to enhance Merkle tree? ✤ Efficiency ✤ Hash function is fast, but not too fast ✤ Speed of SHA-1 only about 1.5 times faster than AES-128, in most software environments ✤ SHA-2 slower than AES-128 in general ✤ Security ✤ Secure, but could leak information if not used carefully

  9. Formalism ✤ A file represents a sequence of file blocks D 1 D 2 ...D n ✤ Allowed operations (file encryption key is implicit) ✤ Read(k), Length(), Update(k, D), Append(D), Delete() ✤ T: trusted storage, S: data storage ✤ (t, s) ∈ T × S: state of a file, starting from a fixed initial state, updated by file operations ✤ Failed operation cannot change t, but it may change s

  10. Security definitions ✤ Integrity: infeasibility of alteration of file content ✤ Attacker is allowed to interact with the file, making file operation queries ✤ Attacker can feed arbitrary state s’ before any file operation ✤ Attacker wins if he requests read(k) and obtain D’ ≠ D k ✤ D k : k th block of the correct file content

  11. Security definitions ✤ Confidentiality ✤ infeasibility to learn anything about a file block, other than by reading the block ✤ Even when the attacker somehow coerces a valid user to read a block of plaintext or eavesdrops it, still unread blocks do not give any information

  12. Universal hash-based MACs ✤ Universal hash function : Prob[H k (x)=H k (y)]< ε for any x ≠ y ✤ Structure of H k (x) is very simple ✤ Long data block is ‘compressed’ by cheap universal hashing, then ‘encrypted’ by XORing to an enciphered nonce τ = M k, k’ (N, M) = H k (M) ⊕ E k’ (N) ✤ Attacker cannot produce a forgery: (N, M, τ ) satisfying τ = H k (M) ⊕ E k’ (N) with new (N, M) ✤ We use Poly1305-AES, but other UH-based MACs are also usable

  13. Nonce-based MAC tree construction ✤ If nonce is untampered, validity of (2) N 1 (2) T 1 data & MAC can be checked M ✤ Root nonce is securely stored (1) (1) (1) N 1 N 2 N 3 ✤ Trust is transferred down the tree (1) (1) (1) T 1 T 2 T 3 ✤ Leaf nonces are used to encrypt M M M data blocks (0) (0) (0) (0) (0) (0) (0) (0) N 1 N 2 N 3 N 4 N 5 N 6 N 7 N 8 ✤ Needs only to protect nonces & nonces can be shorter than hashes!

  14. How to encrypt using nonces ✤ Nonces at the leaf nodes, N k(0) are used for encrypting each file blocks in CTR mode, and also for authenticating file blocks ✤ If, N k(0) are kept in a trusted storage & incremented properly whenever update of a block happens, this encryption & authentication can be proven to be secure ✤ But, since N k(0) are protected by the MAC tree, still this is secure

  15. Implementation & performance '!!!!" ✤ Implemented the file system on &#!!!" -9*:1-*" );+." a FUSE based network file &!!!!" system %#!!!" %!!!!" $#!!!" ✤ One for our MAC tree, one $!!!!" #!!!" for Merkle hash tree !" ()*" .)/." ()*" .)/." ()*" .)/." ()*" .)/." ✤ Cost of authentication is about +,--" +,--" +,--" +,--" +,--" +,--" +,--" +,--" 50% of the Merkle tree 0-)12*.)," 0-)12345*6" 7,8+-2*.)," 7,8+-2345*6" construction in general

  16. Thank You!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Integrity and Confidentiality in Web Applications Jeff Johnson 1 Where We're At We have been

Integrity and Confidentiality in Web Applications Jeff Johnson 1 Where We're At We have been

Integrity and Confidentiality in Web Applications Jeff Johnson 1 Where We're At We have been mostly focusing on Fixing vulnerabilities inherent to languages Finding/protecting against programmer follies Today we will look at

682 views • 42 slides
Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity and Confidentiality MoSAIC MoSAIC M.O.Killijian, D.Powell, M.Bantre, P.Couderc, Y.Roudier LAAS-CNRS - IRISA- Eurcom Context Context 3

159 views • 14 slides
CRYPTDB:PROTECTING CONFIDENTIALITY WITH ENCRYPTED QUERY PROCESSING Why

CRYPTDB:PROTECTING CONFIDENTIALITY WITH ENCRYPTED QUERY PROCESSING Why

RALUCA ADA POPA, CATHERINE M. S. REDFIELD, NICKOLAI ZELDOVICH, AND HARI BALAKRISHNAN MIT CSAIL CRYPTDB:PROTECTING CONFIDENTIALITY WITH ENCRYPTED QUERY PROCESSING Why

1.45k views • 123 slides
Data confidentiality Protecting privacy in medical research Henk Jan van der Wijk Leiden

Data confidentiality Protecting privacy in medical research Henk Jan van der Wijk Leiden

Data confidentiality Protecting privacy in medical research Henk Jan van der Wijk Leiden University Medical Center (LUMC) Tuesday 1st April 2014 from 11.30 12.00 #EBMT2014 www.ebmt.org Data confidentiality requested topics Explanation

512 views • 20 slides
InterMAClib: Beyond Confidentiality and Integrity in Practice Torben B. Hansen

InterMAClib: Beyond Confidentiality and Integrity in Practice Torben B. Hansen

InterMAClib: Beyond Confidentiality and Integrity in Practice Torben B. Hansen @n_tbh Joint work with Martin R. Albrecht @martinralbrecht Kenneth G. Paterson @kennyog Information Security Group Centre

302 views • 18 slides
Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other threats Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity Metadata leaks Resource starvation Topic Virtual Private Networks (VPNs) Run as closed networks on Internet Use IPSEC to secure messages

736 views • 30 slides
Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity Metadata leaks Resource starvation Topic Virtual Private Networks (VPNs) Run as closed networks on Internet Use IPSEC to secure

605 views • 38 slides
CryptDB: Protecting Confidentiality with Encrypted Query Processing Li Xiong Slides credit:

CryptDB: Protecting Confidentiality with Encrypted Query Processing Li Xiong Slides credit:

CS573 Data Privacy and Security CryptDB: Protecting Confidentiality with Encrypted Query Processing Li Xiong Slides credit: Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL Problem Confidential

576 views • 31 slides
Attorney-Client Privilege in Insurance Disputes Protecting Confidentiality in Claims Handling and

Attorney-Client Privilege in Insurance Disputes Protecting Confidentiality in Claims Handling and

Presenting a live 90-minute webinar with interactive Q&amp;A Attorney-Client Privilege in Insurance Disputes Protecting Confidentiality in Claims Handling and Litigation WEDNESDAY, MAY 22, 2013 1pm Eastern | 12pm Central | 11am

1.17k views • 54 slides
Protecting patient confidentiality in research: the Scottish landscape Janet Murray Caldicott

Protecting patient confidentiality in research: the Scottish landscape Janet Murray Caldicott

Protecting patient confidentiality in research: the Scottish landscape Janet Murray Caldicott Guardian ISD Outline National data and SHIP Information governance The Scottish structures Legal NHS Scotland policy

327 views • 17 slides
Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound,

Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound,

Introduction to Cryptology: confidentiality, integrity, authenticity 2015/12 Yaound, Cameroun Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Institut de Mathmatiques de Bordeaux quipe MACISA, Laboratoire International de

753 views • 53 slides
Protecting Patient Confidentiality Thomas Talbot and Gwen LaSelva Environmental Health

Protecting Patient Confidentiality Thomas Talbot and Gwen LaSelva Environmental Health

GIS Tools for Sharing Health Data and Protecting Patient Confidentiality Thomas Talbot and Gwen LaSelva Environmental Health Surveillance Section New York State Department of Health NYGeoCon November 12-13, 2013 Saratoga Springs, NY Health

782 views • 43 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Web security Security basics: CIA Confidentiality

CS/COE 1520 pitt.edu/~ach54/cs1520 Web security Security basics: CIA Confidentiality

CS/COE 1520 pitt.edu/~ach54/cs1520 Web security Security basics: CIA Confidentiality Keeping information secret from those who should not be able to see it Integrity Two portions: Data integrity: has the content of

680 views • 19 slides
Protecting Your Integrity and Getting Value from GDPR 2 June 2017 AGENDA 9.30am Arrival

Protecting Your Integrity and Getting Value from GDPR 2 June 2017 AGENDA 9.30am Arrival

Protecting Your Integrity and Getting Value from GDPR 2 June 2017 AGENDA 9.30am Arrival 10.00am Karen Patterson, BBC Journalist, Host Introduction 10.05am Shauna Dunlop, Regional Manager Northern Ireland, Information Commissioners Office

1.45k views • 96 slides
CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska University of Warsaw January 21, 2012 Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Why secure data? Medical data Contact data Payment

1.27k views • 78 slides
CREDENTIALS PRESENTATION Corporate Advisory Solutions INTEGRITY, CONFIDENTIALITY, EXPERIENCE

CREDENTIALS PRESENTATION Corporate Advisory Solutions INTEGRITY, CONFIDENTIALITY, EXPERIENCE

CREDENTIALS PRESENTATION Corporate Advisory Solutions INTEGRITY, CONFIDENTIALITY, EXPERIENCE ABOUT CORPORATE ADVISORY SOLUTIONS CAS is a merchant bank based in Philadelphia and Washington, D.C., specializing in M&amp;A, and strategic advisory

338 views • 13 slides
TAGSPACES Free your health data from the tracking apps and devices! (or how to use your files

TAGSPACES Free your health data from the tracking apps and devices! (or how to use your files

TAGSPACES Free your health data from the tracking apps and devices! (or how to use your files system as a database) by Ilian Sapundshiev @ilianste Munich QS Meetup at [20140320] TABLE OF CONTENT Motivation Envisioned Solution

654 views • 29 slides
IT 1100 : Introduction to Operating Systems Chapter 12 Text Editors There are two types of text

IT 1100 : Introduction to Operating Systems Chapter 12 Text Editors There are two types of text

IT 1100 : Introduction to Operating Systems Chapter 12 Text Editors There are two types of text editors: GUI based and Text based. GUI based editors only work on GUI based systems. Text based editors work on both GUI and CLI systems. Text

484 views • 3 slides
Files and Streams File Directories File Directory A set of files and other (sub)directories

Files and Streams File Directories File Directory A set of files and other (sub)directories

Files and Streams File Directories File Directory A set of files and other (sub)directories Principle function: help people find their way around data on a system Implementation Directories are stored as additional files OS maintains a file

486 views • 9 slides
kill Run default signal handler! Process Process A B kill signal(SIGINT, func) Process

kill Run default signal handler! Process Process A B kill signal(SIGINT, func) Process

Process Process A B kill Run default signal handler! Process Process A B kill signal(SIGINT, func) Process Process A B signal(SIGINT, func) Process Process A B kill Run fun signal handler! Terminate process Generate Core

506 views • 23 slides
CSE306 Software Quality in Practice Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall

CSE306 Software Quality in Practice Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall

CSE306 Software Quality in Practice Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall Syllabus Posted on website Academic Integrity Departmental Policy on Violations of Academic Integrity (AI) The CSE Department has a zero-tolerance

669 views • 29 slides
CS415 Project #6: File System Krzysztof Ostrowski krzys@cs.cornell.edu What do you have to do?

CS415 Project #6: File System Krzysztof Ostrowski krzys@cs.cornell.edu What do you have to do?

CS415 Project #6: File System Krzysztof Ostrowski krzys@cs.cornell.edu What do you have to do? Implement a virtual file system On top of a raw virtual block device provided by us Storing all blocks of the virtual disk device in a

793 views • 27 slides
Emulating Windows file serving on POSIX Jeremy Allison Samba Team jra@samba.org But isn't it

Emulating Windows file serving on POSIX Jeremy Allison Samba Team jra@samba.org But isn't it

Wider World Opening Windows to a Emulating Windows file serving on POSIX Jeremy Allison Samba Team jra@samba.org But isn't it easy ? Wider World Opening Windows to a Just take a kernel, add your own file system and.. Not if you don't own

549 views • 30 slides
17 Locking Intro to Database Systems Andy Pavlo AP AP 15-445/15-645 Computer Science

17 Locking Intro to Database Systems Andy Pavlo AP AP 15-445/15-645 Computer Science

Two-Phase 17 Locking Intro to Database Systems Andy Pavlo AP AP 15-445/15-645 Computer Science Carnegie Mellon University Fall 2020 2 ADM IN ISTRIVIA Project #3 is due Sun Nov 22 nd @ 11:59pm. Homework #4 is due Sun Nov 8 th @ 11:59pm.

1.07k views • 79 slides

More recommend