CS252 Project An Encrypted File System using TPM
|
|
- Kathleen Randall
- 8 years ago
- Views:
Transcription
1 CS252 Project An Encrypted File System using TPM Steven Houston: Thomas Kho: May 14, 2007 Abstract We implement an encrypted file system that uses a Trusted Platform Module (TPM) to securely store file encryption keys. Key management is centralized. We identified the ability of a key server to verify deletion of file encryption keys on clients to reduce the amount of re-encryption necessary on key revocation. We place the TPM on the file-read datapath and encrypt files with RSA. In benchmarking filesystem performance, we found that read and write speeds were orders of magnitude slower than without encryption. Software decryption was about twice as fast as hardware decryption via TPM. 1 Introduction Trusted Platform Modules (TPMs) are microcontrollers with shielded non-volatile storage that are capable of cryptographic functions including asymmetric key and random number generation, encryption and decryption, and monotonic counters [3]. TPMs allow authenticated sessions via two mechanisms, Object-Independent Authorization Protocol (OIAP) and Object-Specific Authorization Protocol (OSAP). The two mechanisms are similar, so we discuss the features of OIAP. OIAP allows local and remote authenticated operations of the TPM on entities (e.g. keys) using hashed message authentication codes (HMACs) constructed from a shared secret and the operands to a TPM operation. Nonces are exchanged with each message to and from the TPM to prevent replay. Implementing access control in distributed storage systems is quite difficult and is an active area of research. In an encrypted distributed file system, encrypted files are stored on remote storage servers with no assumptions regarding trust of these servers. Traditionally, the clients keep all encryptions keys for the files they own or have proper access to. The main drawback with this setup is that read access revocation (revoking a client s ability to read a file) requires the reencryption of the file with a new key. We would like a method to verify the deletion of the decryption key, thereby eliminating a client s ability to decrypt a particular file in the future even though the file remains encrypted with the same key. In this project, we consider how TPMs can reduce the necessity to re-encrypt files on access 1
2 revocation by verifying deletion of keys. 2 TPM Details Throughout this section and the remainder of the paper, the term key refers to a 2048-bit RSA asymmetric key pair. The terms secret key and public key refer to the appropriate portions of the key pair. We use RSA key pairs because the TPM does not support symmetric key operations outside internal operations. Keys on a TPM form a hierarchy, where each key (except for the SRK) has a parent. The SRK (Storage Root Key), as its name suggests, is at the root of the hierarchy, with all other keys underneath it. Each key has a key handle, which is an integer value used as an index to the key in the TPM. Both the private and public portion of a key are stored on the TPM, and access to either of them requires an application to properly authenticate via a 160-bit authentication data word we refer to as the key password. By providing the key password, an application is able to view the public key and use (i.e. encrypt and decrypt) but not view the private key. Generally, private keys are never revealed in any unencrypted form outside of the TPM. Keys can either be created by the TPM or in software for loading into the TPM. If an application requests that the TPM create a key, it must choose a key password, a parent for the key (specified by they parent s key handle) and the password of the parent. The TPM creates the key internally using its random number generator and then concatenates the private key and key password, wrapped (encrypted) with the parent s public key, with the public key. This wrapped key is returned to the application, but the key will not remain in the TPM s storage until it is loaded. For wrapped keys created in software, only the parent s public key is needed. When an application wishes to load a key into the TPM, it must submit to the TPM a wrapped key along with the parent key s handle and password. The TPM will then decrypt the wrapped key using the parent key and store the unwrapped key and key password in its shielded storage. Future applications can use the secret key only if it is able to authenticate with knowledge of the key password, but in no case can it actually view the secret key. 3 Design 3.1 System Components In this section, we briefly describe the roles of the storage system, clients, and key servers Storage System The storage system is, in general, a heterogeneous system of storage servers distributed over some network. We are mainly concerned with the interaction between clients and key servers, and place few assumptions on the storage system that keep encrypted file data. Thus, how the storage servers store the encrypted data is of no concern to us. Some portions of the storage system may be malicious, so we place no trust in any particular component of the storage system Client The client is a machine with a TPM that wishes to read files encrypted via asymmetric encryption. The private portion of keys, when stored on the client, are protected inside the TPM. Users on the client machine cannot access the private 2
3 keys for decryption directly. Users can, however, store the public key outside the TPM and use it for software encryption of files Key Server The key server is a trusted machine (or small group of trusted machines) that keeps track of the keys distributed in the system and is the point-of-contact for all clients that need to checkout a read decryption or write signature key. The server keeps track of all keys loaded on all clients; when a client s access is revoked, the server checks that the corresponding private key is not loaded on the revoked client s TPM, indicating that the client can no longer decrypt the associated file. Only when the client is uncooperative (and the client continues to keep a copy of the key checked out) will the server re-encrypt the files in the storage system with a new key. 3.2 Client-Server Interaction Client Verification We first discuss how the key server verifies that it is communicating with an authentic TPM. Before the server wraps keys for the client TPM using the storage rook key (SRK) public key, it must be sure that the public key it receives from the client is actually the SRK public key of the client s TPM and not an arbitrary RSA public key. We propose doing this via the logged transport session mechanism signed by the endorsement key of the client s TPM (the endorsement key is unique for each TPM and cannot be changed). The endorsement key can be verified authentic by a third party. Alternatively, we could have pre-established an owner password on the TPM known only to the server. This would have allowed retrieval of Figure 1: Interaction of the client and key server when checking out keys. the SRK from the TPM, with the server being ensured that the SRK public key request was handled by the correct TPM and not faked by the client because of OSAP authentication. This approach has the restriction that only one application can have control of the TPM Checking Out Keys Figure 1 shows how a client application checks out keys from the key server. By checking out a key from the key server, the client can then use that key via the TPM (and only within the TPM) for decryption and signing of files. The client first requests an application-specific master key from the key server (1). The server 3
4 then creates a master key wrapped with the client TPM s SRK public key and returns the wrapped master key to the client (2). This key will be the parent key for all file keys granted to the client by the server and only the server knows the key password to this master key. Steps (1) and (2) are performed only once per application, and the client can cache this key indefinitely. When the client desires access to a file, it requests a file key from the server (3). The server takes the unwrapped file keypair from its stable storage and then wraps it with the master public key of the requesting client. This wrapped key is loaded into the client s TPM by the server via a remote OIAP session (4) and the client TPM returns the key handle to the server (5), which then returns the handle to the client (6). The client can only see a file key wrapped by the master key (see Figure 2), so it cannot load the file key as a child of any other key. This means that even though the client knows the SRK password, it will not be able to load the file key as a child of the SRK. Furthermore, the client does not know the master key password and, as such, the client cannot itself load file keys (and in particular, replay loading of file keys) Verifying Key Deletion When a client wishes to delete a key, we propose two methods depending on whether or not the client is online and can reach a key server. If the client is online, the client can request that the server initiate key deletion via a remote OIAP session. The server receives verification of key deletion via HMAC based on the shared secret between the TPM and the server. If the client is offline, the client can evict the Figure 2: The client application only sees wrapped (encrypted) keys. The corresponding private keys used for decryption are always stored secretly in the TPM. key in a logged transport session so that the server can later verify that the key was indeed deleted from the TPM. This accounting reduces the frequency of re-encryption on key revocation Key Revocation When a key is revoked in the system, the key server checks to see if any of the clients who currently have the key checked out have been revoked access. If not, then no action needs to be taken. If so, the server may attempt to use one of the previous methods request verification of key deletion on the client. Only when the client is offline or uncooperative must the key server create a new file key and re-encrypt the file in the storage system. 4
5 4 Implementation We describe the software and hardware components of our system that reside on both the client and the server 1. We used open-source file system components and TPM tools, and tested our system on Apple MacBook Pro machines with Infineon SLB 9635 TT 1.2 TPM chips. The Infineon TPM 1.2 is a 16-bit microprocessor made on a 0.22 µm process that complies with the TCG 1.2 specification [3]. It has a single 33 MHz clock, 24 Platform Configuration Registers (PCRs), 10 key slots, 1.5 KB of generalpurpose NVRAM, a cryptographic engine with up to 2048-bit RSA keys supported, a hashing engine with hardware-accelerated SHA-1, a true random number generator, a tick counter with tamper detection. 4.1 Client We implement a filesystem interface using several open-source packages and libraries: Mac- Fuse, Fuse-J and TPM/J. We used a Mac OS X kernel module (called a kext) written by Amit Singh [9] to communicate with the TPM. The module is a driver, and when loaded into the kernel, it exposes the TPM via the special device /dev/tpm. TPM/J is a library of Java classes containing several useful high-level TPM routines. These classes, such as TPMCreateKey and TPMLoadKey, provide an object-oriented interface to interact directly with the TPM kernel driver via /dev/tpm. This library 1 The source code for our project is available at tkho/classes/252/ was extremely useful as the interface provided by the driver was too low-level to be efficiently utilized. MacFuse is a library and kernel module that allows mounting of userland file system drivers in Mac OS X. It is basically Fuse but modified to work for Mac OS X. Userland file systems mean that all filesystem functions (such as read and getattr) are implemented in user-provided code. Fuse creates the special device /dev/fuse that allow communication between the Fuse library and kernel module. Fuse-J is a Java binding to MacFuse that allows us to implement our userspace filesystem in Java. Because the TPM/J provides all the useful library routines in Java, this turned out to be a small but crucial part of our implementation. The block size of the filesystem was set to 128 bytes, which was the largest power of two less than the 2048-bit RSA key. Therefore, each file is split into 128-byte blocks, and reading (writing) leads to decryption (encryption) of the appropriate block. We use local memory as the backing store for the filesystem. This is easier to implement and sufficient for benchmarking purposes. We did not implement the log verification of the storage root key as described in Key Server The key server does not require direct access to its own separate TPM; it only communicates with clients TPMs. Accordingly, we implement the server as a Java object accessible by clients through the thin interface a network-connected 5
6 Figure 3: Components of the filesystem implementation on MacOS X server would expose. In a practical implementation with a remote key server, the performance overhead of communicating to the server over the network would be small compared to the time spent decrypting/encrypting files by the client. 5 Evaluation We benchmarked our filesystem using Iozone [2] on Mac OS X. We looked at small file sizes ( 32 KB) because the maximum throughput of our encrypted filesystem was reached immediately (due to the low rate of block decryption by the TPM). All Iozone benchmarks were run with caching disabled. This is because the original benchmark failed to call the custom MacFuse read function when the dirty block recently written to cache was fetched. As seen in the graphs, the performance of our implementation suffered. The read performance to existing files and to recently read files is shown in Figures 4 and 5, respectively. The write performance both to new files and existing files is Figure 4: Performance of read access to existing file. shown in Figures 6 and 7, respectively. Random read performance is shown in Figure 8 and random write performance is shown in Figure 9. In the write performance graphs, we compare no encryption (but with the baseline MacFuse filesystem) versus encryption in software. Notice that there is no need for encryption to be done 6
7 Figure 5: Performance of read access to recently read file. Figure 6: Performance of write access to new file. in the TPM. In the read performance graphs, we compare no decryption (again with the baseline MacFuse filesystem) versus decryption in software versus decryption on the TPM chip. All of these graphs clearly show that our encrypted file system performs orders of magnitude slower than a comparable unencrypted file system regardless of the type of read or write being performed. Figure 10 shows that RSA encryption performs much better than RSA decryption, independent of whether or not the decryption is done in hardware or software. If the RSA encryption was performed in hardware, this result would be an artifact of the public exponent e = being hardwired into the TPM to provide fast forward encryption. However, since our benchmarks used software encryption, we are unsure as to why the RSA software encryption performed approximately 60 times faster than the RSA software decryption, unless this is some mathematical property of the algorithms that we are unaware of. It is unfortunate that RSA decryption is so much slower than encryption, because RSA encryption is the single operation on our filesys- tem s critical path. Figure 11 shows that the benchmark with decryption in hardware using the TPM chip fared about 2 times slower than the benchmark with decryption in software. This is very encouraging, as future modifications to TPM (such as a faster cryptoengine or support for symmetric encryption) could easily improve this slowdown to an acceptable value. Our implementation was only a prototype, and several bottlenecks led to the performance degradation. First, all file decryption (reads) takes place within a single bandwidth-limited TPM. Each file is split into small 128 byte blocks, and each block is decrypted/encrypted separately. For reads of only 4 KB, our filesystem must partition the read into 32 block decrypts. It is clear that the overhead of breaking the file into blocks and decrypting them separately becomes substantial with large files. 7
8 Figure 7: Performance of write access to existing file. 6 Related Work Sarmenta et al. [8] apply logged transport sessions to implement trusted monotonic counters. Third parties can verify the current value of a monotonic counter, and a client can produce a chain of logs of each time the monotonic counter is incremented. We borrow from this idea of using logged transport sessions to verify actions taken by the TPM. Chun [4] introduces a trusted component called Attested Append-Only Memory and shows improvements to fault tolerance in distributed systems. Plutus [5] and OceanStore [7] are distributed storage systems with distributed key management. Both systems assume untrusted file servers and implement client-side security. In OceanStore, files have an owner identified by a public key which in turn secures an ACL that gives write permission. Plutus employs lazy revocation, which delays re-encryption of files until they are modified. BitLocker Drive Encryption [6] for Windows Vista and ecryptfs [1] for Linux provide whole- Figure 8: Performance of random read access. disk symmetric encryption, enabling use of the disk via password verification of the TPM where the symmetric key is bound in stable storage. However, all current techniques ultimately rely on a trusted OS, something we cannot do since we wish to occasionally revoke read access on potentially malicious clients. Because the symmetric key is eventually loaded into memory in BitLocker and ecryptfs, a root exploit unnoticed by system administrators can reveal the key. 7 Future Work In this project, we showed that it was possible to implement an encrypted storage system where a trusted key server could be assured that clients deleted their decryption keys. We propose future work to evolve this into a usable system. The current implementation only encrypts file data, and a practical extension would be to additionally encrypt the accompanying file metadata. We use an in-memory object store; it would be instructive to analyze performance if the backing store were a distributed storage system. Our 8
9 Figure 9: Performance of random write access. trusted server is currently implemented as a Java object with a strict API between it and the client and strong encapsulation; measuring the effect of network performance of an standalone server may be fruitful. It would also be interesting to look at the resulting performance changes when varying the RSA key size and the filesystem block size. Our original motivation was to improve the state of key revocation in distributed storage systems. Modeling the reduction in re-keying of files given verified key deletion on clients would provide further impetus for this work. The file read/write experiments were conducted with one file key for all files. Because of the limited amount of key storage in the TPM and the strict check-out policy of the key server, future work would be to look at 1) the granularity of file keys and the result on performance and 2) the management of keys to reduce the impact of exchanging file keys with the key server. Performance of the TPM was limiting, but software RSA key generation was also an impediment; the use of cryptographic accelerators may help on this front. Figure 10: RSA encryption vs RSA decryption runtimes. Finally, we need to better detail the revocation of write access. In our current implementation, readers are writers and vice-versa. One such strategy implemented in several existing systems is to have the notion of an owner of a file that controls read and write access. 8 Conclusion We proposed and implemented a trusted file system that used the TPM to securely store file encryption keys. Our design contained a trusted key server that keeps track of keys on client machines. Benchmarking showed that performance was orders of magnitude slower when encryption was enabled. Further, hardware decryption was about one-half the speed of software encryption. With the growing need to protect sensitive documents, we see a place for secure symmetric encryption on TPMs and cryptographic coprocessors that would enable the realization of our trusted file system design. 9
10 [7] S. Rhea, P. Eaton, D. Geels, H. Weatherspoon, B. Zhao, and J. Kubiatowicz. Pond: The oceanstore prototype. In Proceedings of the Conference on File and Storage Technologies. USENIX, Figure 11: RSA decryption in software vs hardware. References [1] ecryptfs. [8] L. Sarmenta, M. van Dijk, C. O Donnell, J. Rhodes, and S. Devadas. Virtual monotonic counters and count-limited objects using a tpm without a trusted os (extended version). In MIT Computer Science and Artificial Intelligence Laboratory Technical Report, [9] Amit Singh. Trusted computing for mac os x. chapter10/tpm/, [2] Iozone filesystem benchmark. [3] Trusted platform module (tpm) specification version 1.2 revision specs/tpm, [4] B. Chun. Improving the fault tolerance of distributed systems with attested appendonly memory. Berkeley Systems Lunch. [5] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus scalable secure file sharing on untrusted storage. In Proceedings of the 2nd Conference on File and Storage Technologies (FAST 03), March [6] Microsoft. Windows vista bitlocker drive encryption: Executive overview. 10
Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory
Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed
More informationEncrypted File Systems. Don Porter CSE 506
Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest (i.e., on disk) Even if the media is lost or stolen Protecting confidentiality of in-memory data much harder Continue
More informationPlutus: scalable secure file sharing on untrusted storage
Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work with Erik Riedel (Seagate Research), Ram Swaminathan (HP Labs), Qian Wang (Penn State), Kevin Fu (MIT) March
More informationTPM Key Backup and Recovery. For Trusted Platforms
TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationProof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory.
Proof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory. Marten van Dijk, Luis F. G. Sarmenta, Charles W. O Donnell, and Srinivas Devadas MIT Computer
More informationPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
More informationWHITE PAPER www.tresorit.com
WHITE PAPER tresor [tʀeˈzoːɐ ] noun (German) 1. lockable, armoured cabinet THE CLOUD IS UNTRUSTED The cloud has huge potential when it comes to storing, sharing and exchanging files, but the security provided
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More informationSAS Data Set Encryption Options
Technical Paper SAS Data Set Encryption Options SAS product interaction with encrypted data storage Table of Contents Introduction: What Is Encryption?... 1 Test Configuration... 1 Data... 1 Code... 2
More informationBypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken
Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis
More informationOpal SSDs Integrated with TPMs
Opal SSDs Integrated with TPMs August 21, 2012 Robert Thibadeau, Ph.D. U.S. Army SSDs Must be Opal s We also Studied using the TPM (Trusted Platform Module) with an Opal SSD (Self-Encrypting Drive) 2 Security
More informationvtpm: Virtualizing the Trusted Platform Module
vtpm: Virtualizing the Trusted Platform Module Stefan Berger Ramón Cáceres Kenneth A. Goldman Ronald Perez Reiner Sailer Leendert van Doorn {stefanb, caceres, kgoldman, ronpz, sailer, leendert}@us.ibm.com
More informationSoftware-based TPM Emulator for Linux
Software-based TPM Emulator for Linux Semester Thesis Mario Strasser Department of Computer Science Swiss Federal Institute of Technology Zurich Summer Semester 2004 Mario Strasser: Software-based TPM
More informationDisk encryption... (not only) in Linux. Milan Brož mbroz@redhat.com
Disk encryption... (not only) in Linux Milan Brož mbroz@redhat.com FDE - Full Disk Encryption FDE (Full Disk Encryption) whole disk FVE (Full Volume Encryption) just some volumes (dis)advantages? + for
More informationReview On Incremental Encrypted Backup For Cloud
Review On Incremental Encrypted Backup For Cloud Rohini Ghenand, Pooja Kute, Swapnil Shinde, Amit Shinde, Mahesh Pavaskar, Shitalkumar Jain Department of Computer Engineering MIT AOE rohinighenand26@gmail.com
More informationWhitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015
Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is
More informationBackground. TPMs in the real world. Components on TPM chip TPM 101. TCG: Trusted Computing Group. TCG: changes to PC or cell phone
CS 155 Spring 2006 Background TCG: Trusted Computing Group Dan Boneh TCG consortium. Founded in 1999 as TCPA. Main players (promotors): (>200 members) AMD, HP, IBM, Infineon, Intel, Lenovo, Microsoft,
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationStrong Security for Distributed File Systems
Strong Security for Distributed File Systems Ethan Miller Darrell Long William Freeman Benjamin Reed University of California, Santa CruzTRW IBM Research Abstract We have developed a scheme to secure networkattached
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationFile System Encryption in C#
INTEGRATED FILE-LEVEL CRYPTOGRAPHICAL ACCESS CONTROL Abstract Ryan Seifert ryanseifert@earthlink.net T. Andrew Yang Yang@UHCL.edu Division of Computing and Mathematics University of Houston - Clear Lake,
More informationSoftware Execution Protection in the Cloud
Software Execution Protection in the Cloud Miguel Correia 1st European Workshop on Dependable Cloud Computing Sibiu, Romania, May 8 th 2012 Motivation clouds fail 2 1 Motivation accidental arbitrary faults
More informationUsing the TPM: Data Protection and Storage
Using the TPM: Data Protection and Storage Ariel Segall ariels@alum.mit.edu Day 2 Approved for Public Release: 12-2749. Distribution unlimited License All materials are licensed under a Creative Commons
More informationHardware Security Modules for Protecting Embedded Systems
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
More informationTrustKey Tool User Manual
TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...
More informationSecure Storage. Lost Laptops
Secure Storage 1 Lost Laptops Lost and stolen laptops are a common occurrence Estimated occurrences in US airports every week: 12,000 Average cost of a lost laptop for a corporation is $50K Costs include
More informationHow to Secure Infrastructure Clouds with Trusted Computing Technologies
How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.
More informationBitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation
BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker
More informationvtpm: Virtualizing the Trusted Platform Module
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA vtpm: Virtualizing the
More informationeid Security Frank Cornelis Architect eid fedict 2008. All rights reserved
eid Security Frank Cornelis Architect eid The eid Project > Provides Belgian Citizens with an electronic identity card. > Gives Belgian Citizens a device to claim their identity in the new digital age.
More informationSGFS: Secure, Flexible, and Policy-based Global File Sharing
SGFS: Secure, Flexible, and Policy-based Global File Sharing Vishal Kher Eric Seppanen Cory Leach Yongdae Kim {vkher,seppanen,leach,kyd}@cs.umn.edu University of Minnesota Motivation for Network attached
More informationTrusted Platforms for Homeland Security
Trusted Platforms for Homeland Security By Kevin Schutz, Product Manager Secure Products Summary Ongoing threats from hackers, viruses, and worms continue to make security a top priority for IT and business
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationERserver. iseries. Secure Sockets Layer (SSL)
ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted
More informationProperty Based TPM Virtualization
Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationSecuring Shared Untrusted Storage by using TPM 1.2 Without Requiring a Trusted OS
Securing Shared Untrusted Storage by using TPM 1.2 Without Requiring a Trusted OS Marten van Dijk, Luis F. G. Sarmenta, Jonathan Rhodes, and Srinivas Devadas MIT Computer Science and Artificial Intelligence
More informationReconfigurable Architecture Requirements for Co-Designed Virtual Machines
Reconfigurable Architecture Requirements for Co-Designed Virtual Machines Kenneth B. Kent University of New Brunswick Faculty of Computer Science Fredericton, New Brunswick, Canada ken@unb.ca Micaela Serra
More informationPlutus: Scalable secure file sharing on untrusted storage
Plutus: Scalable secure file sharing on untrusted storage Mahesh Kallahalla Erik Riedel Ram Swaminathan Qian Wang Kevin Fu Hewlett Packard Labs Palo Alto, CA 94304 Abstract Plutus is a cryptographic storage
More informationZooKeeper. Table of contents
by Table of contents 1 ZooKeeper: A Distributed Coordination Service for Distributed Applications... 2 1.1 Design Goals...2 1.2 Data model and the hierarchical namespace...3 1.3 Nodes and ephemeral nodes...
More informationTrusted Platform Module
Trusted Platform Module TPM Fundamental APTISS, August 2008 Raymond Ng Infineon Technologies Asia Pacific Pte Ltd Raymond.ng@infineon.com TPM Fundamental Introduction to TPM Functional Component of TPM
More informationIntroduction to Computer Security
Introduction to Computer Security Authentication and Access Control Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests
More informationJob Reference Guide. SLAMD Distributed Load Generation Engine. Version 1.8.2
Job Reference Guide SLAMD Distributed Load Generation Engine Version 1.8.2 June 2004 Contents 1. Introduction...3 2. The Utility Jobs...4 3. The LDAP Search Jobs...11 4. The LDAP Authentication Jobs...22
More informationKey & Data Storage on Mobile Devices
Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography
More informationIBM Crypto Server Management General Information Manual
CSM-1000-0 IBM Crypto Server Management General Information Manual Notices The functions described in this document are IBM property, and can only be used, if they are a part of an agreement with IBM.
More informationFile System Encryption with Integrated User Management
File System Encryption with Integrated User Management Stefan Ludwig Corporate Technology Siemens AG, Munich fsfs@stefan-ludwig.de Prof. Dr. Winfried Kalfa Operating Systems Group Chemnitz University of
More informationSecurity in Storage Networks A Current Perspective
Security in Storage Networks A Current Perspective Christian Cachin ZISC Colloquium www.zurich.ibm.com Overview Networked storage systems NAS, SAN, OBS Design options for security
More informationCrashPlan Security SECURITY CONTEXT TECHNOLOGY
TECHNICAL SPECIFICATIONS CrashPlan Security CrashPlan is a continuous, multi-destination solution engineered to back up mission-critical data whenever and wherever it is created. Because mobile laptops
More informationKey Management Interoperability Protocol (KMIP)
(KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).
More informationMobile Device Security and Encryption Standard and Guidelines
Mobile Device Security and Encryption Standard and Guidelines University Mobile Computing and Device best practices are currently defined as follows: 1) The use of any sensitive or private data on mobile
More informationIndex. BIOS rootkit, 119 Broad network access, 107
Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationCertifying Program Execution with Secure Processors
Certifying Program Execution with Secure Processors Benjie Chen Robert Morris MIT Laboratory for Computer Science {benjie,rtm}@lcs.mit.edu Abstract Cerium is a trusted computing architecture that protects
More informationAttestation and Authentication Protocols Using the TPM
Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all
More informationIntroducing etoken. What is etoken?
Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant
More informationCS 416: Opera-ng Systems Design
Question 1 Explain the major difference between a file system that supports journaling (e.g., Linux ext4) versus a log-structured file system (e.g., YAFFS2). Operating Systems 2015 Exam 3 Review Paul Krzyzanowski
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationPlutus Security Paper - A Brief Overview
USENIX Association Proceedings of FAST 03: 2nd USENIX Conference on File and Storage Technologies San Francisco, CA, USA March 31 April 2, 2003 2003 by The USENIX Association All Rights Reserved For more
More informationEncrypt-FS: A Versatile Cryptographic File System for Linux
Encrypt-FS: A Versatile Cryptographic File System for Linux Abstract Recently, personal sensitive information faces the possibility of unauthorized access or loss of storage devices. Cryptographic technique
More informationSecurity in Storage and File Systems. Rajeev Thakur Argonne National Laboratory
Security in Storage and File Systems Rajeev Thakur Argonne National Laboratory Nice Survey Papers Securing Data in Storage: A Review of Current Research Paul Stanton, UIUC http://arxiv.org/ftp/cs/papers/0409/0409034.pdf
More informationOn the security of Virtual Machine migration and related topics
Master thesis On the security of Virtual Machine migration and related topics Ramya Jayaram Masti Submitted in fulfillment of the requirements of Master of Science in Computer Science Department of Computer
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationG22.3250-001. Porcupine. Robert Grimm New York University
G22.3250-001 Porcupine Robert Grimm New York University Altogether Now: The Three Questions! What is the problem?! What is new or different?! What are the contributions and limitations? Porcupine from
More informationSecurity Technology for Smartphones
Security Technology for Smartphones Yasuhiko Abe Hitoshi Ikeda Masafumi Emura Service functions are implemented on smartphones by storing on them personal information, network-operator information, corporate
More informationProtocols for Secure Cloud Computing
IBM Research Zurich Christian Cachin 28 September 2010 Protocols for Secure Cloud Computing 2009 IBM Corporation Where is my data? 1985 2010 Who runs my computation? 1985 2010 IBM Research - Zurich Overview
More informationSecurity of Google Chromebook
Security of Google Chromebook Katherine Fang, Deborah Hanus, Yuzhi Zheng Massachusetts Institute of Technology Cambridge, MA 02139 katfang, dhanus, yuzhi@mit.edu 1. Introduction The Chrome Operating System
More informationYubiKey Integration for Full Disk Encryption
YubiKey Integration for Full Disk Encryption Pre-Boot Authentication Version 1.2 May 7, 2012 Introduction Disclaimer yubico Yubico is the leading provider of simple, open online identity protection. The
More informationCRUST: Cryptographic Remote Untrusted Storage without Public Keys
CRUST: Cryptographic Remote Untrusted Storage without Public Keys Erel Geron Avishai Wool July 10, 2007 Abstract This paper presents CRUST, a stackable file system layer designed to provide secure file
More informationSecure data storage. André Zúquete Security 1
Secure data storage André Zúquete Security 1 Problems (1/3) ( The classical file system protection is limited Physical protection assumptions Physical confinement of storage devices Logical protection
More informationGuidelines on use of encryption to protect person identifiable and sensitive information
Guidelines on use of encryption to protect person identifiable and sensitive information 1. Introduction David Nicholson, NHS Chief Executive, has directed that there should be no transfers of unencrypted
More informationIntroduction to Computer Security
Introduction to Computer Security Identification and Authentication Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests
More informationSecure Cloud Storage and Computing Using Reconfigurable Hardware
Secure Cloud Storage and Computing Using Reconfigurable Hardware Victor Costan, Brandon Cho, Srini Devadas Motivation Computing is more cost-efficient in public clouds but what about security? Cloud Applications
More informationData At Rest Protection
Data At Rest Protection Dell Data Protection Encryption Full Volume Encryption Whitepaper October 2011 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL
More informationCisco Trust Anchor Technologies
Data Sheet Cisco Trust Anchor Technologies Overview Cisco Trust Anchor Technologies provide the foundation for trustworthy systems across Cisco. The Cisco Trust Anchor and a Secure Boot check of signed
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationPROXKey Tool User Manual
PROXKey Tool User Manual 1 Table of Contents 1 Introduction...4 2 PROXKey Product... 5 2.1 PROXKey Tool... 5 2.2 PROXKey function modules...6 2.3 PROXKey using environment...6 3 PROXKey Tool Installation...7
More informationAnalyzing the Security Schemes of Various Cloud Storage Services
Analyzing the Security Schemes of Various Cloud Storage Services ECE 646 Project Presentation Fall 2014 12/09/2014 Team Members Ankita Pandey Gagandeep Singh Bamrah Pros and Cons of Cloud Storage Services
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More informationConfiguring Security Features of Session Recording
Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording
More informationIntroduction to Computer Security
Introduction to Computer Security Access Control and Authorization Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access recapitulated 1. Identification Which object O requests
More informationCS 155 Spring 2010. TCG: Trusted Computing Architecture
CS 155 Spring 2010 TCG: Trusted Computing Architecture Background! TCG consortium. Founded in 1999 as TCPA. Main players (promotors):! Goals: AMD, HP, IBM, Infineon, Intel, Lenovo, Microsoft, Sun (>200
More informationMaster s Thesis. End-To-End Application Security Using Trusted Computing. Michiel Broekman. August 18, 2005
Master s Thesis End-To-End Application Security Using Trusted Computing Michiel Broekman August 18, 2005 University of Oxford Software Engineering Programme University of Nijmegen Security of Systems Group
More informationAssessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives
Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives Main Line / Date / Etc. June May 2008 2nd Line 80-11-01583 xx-xx-xxxx Revision 1.0 Tagline Here Table of Contents
More informationEmbedded Trusted Computing on ARM-based systems
1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationTrusted Computing. Insecure PCs. Foundations for secure e-commerce (bmevihim219)
Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu
More informationWindows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org
Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes
More informationAlliance Key Manager Solution Brief
Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major
More informationGPU File System Encryption Kartik Kulkarni and Eugene Linkov
GPU File System Encryption Kartik Kulkarni and Eugene Linkov 5/10/2012 SUMMARY. We implemented a file system that encrypts and decrypts files. The implementation uses the AES algorithm computed through
More informationCycurHSM An Automotive-qualified Software Stack for Hardware Security Modules
CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded
More informationIoT Security Platform
IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationThreat Model for Software Reconfigurable Communications Systems
Threat Model for Software Reconfigurable Communications Systems Presented to the Management Group 6 March 007 Bernard Eydt Booz Allen Hamilton Chair, SDR Security Working Group Overview Overview of the
More informationWindows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation
Boot Manager Security Policy Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation v 1.3 6/8/11 1 INTRODUCTION... 1 1.1 Cryptographic Boundary for BOOTMGR... 1 2 SECURITY POLICY...
More information