Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusted Platform Modules for Encrypted File System Access Control Steven Houston & Thomas Kho CS 252 May 9, 2007 Steven Houston & Thomas Kho CS 252 May.

Published byLogan Thompson Modified over 8 years ago

Similar presentations

Presentation on theme: "Trusted Platform Modules for Encrypted File System Access Control Steven Houston & Thomas Kho CS 252 May 9, 2007 Steven Houston & Thomas Kho CS 252 May."— Presentation transcript:

1 Trusted Platform Modules for Encrypted File System Access Control Steven Houston & Thomas Kho CS 252 May 9, 2007 Steven Houston & Thomas Kho CS 252 May 9, 2007

2 Motivation  Efficient access revocation is a problem in distributed storage systems.

3 Current Approaches  Key revocation  Active - re-encrypt on revocation  Con: expensive  Lazy - re-encrypt on file change  Revoked client can’t read more data than before  Con: revoked client still has some access  Key revocation  Active - re-encrypt on revocation  Con: expensive  Lazy - re-encrypt on file change  Revoked client can’t read more data than before  Con: revoked client still has some access

4 Goals  Gain? Minimize key revocation (=> re- keying) by maximizing access revocation  Active revocation of less keys?  Explore what extra security we can get  Even the type that minimizes windows of vulnerability  Quantify performance when TPM is on the datapath  What could make TPMs even more useful?  Gain? Minimize key revocation (=> re- keying) by maximizing access revocation  Active revocation of less keys?  Explore what extra security we can get  Even the type that minimizes windows of vulnerability  Quantify performance when TPM is on the datapath  What could make TPMs even more useful?

5 Trusted Platform Modules  Enables trusted platforms/secure bootstrapping  (We assume it’s not widely available)  Signing/binding/sealing/attestation  Wrapped keys, migratable and not  Transport session logging  Monotonic counters  NOT a crypto accelerator, but we use it like one!  Enables trusted platforms/secure bootstrapping  (We assume it’s not widely available)  Signing/binding/sealing/attestation  Wrapped keys, migratable and not  Transport session logging  Monotonic counters  NOT a crypto accelerator, but we use it like one!

6 Access Revocation  We assume an untrusted storage system and eventually malicious clients  We want  to be able to revoke access  offline access to (some) data  Attested destruction of capabilities  Implemented as transport-logged eviction/flush  “You can only checkout 10 keys at once”  Don’t let keys get into the wild  Remote auth sessions (server “owns” TPM)  Disallow key migration  We assume an untrusted storage system and eventually malicious clients  We want  to be able to revoke access  offline access to (some) data  Attested destruction of capabilities  Implemented as transport-logged eviction/flush  “You can only checkout 10 keys at once”  Don’t let keys get into the wild  Remote auth sessions (server “owns” TPM)  Disallow key migration

7 Architecture os userland apps tpm kext fuse kext secure fs tpm/jfuse-j storage system fs calls vnode layer e-2-e security storage system layering Authorization Server

8 Architecture (2) OIAP Client A’s TPMAuthorization Server Object Independent Auth Protocol  Gives capabilities in the form of keys  Knows (client, tpmownerpass)  Gives capabilities in the form of keys  Knows (client, tpmownerpass)

9 Key management  SK locked to TPM, can export PK  Write  Encrypt with R_PK, signed with W_SK  Read  Decrypt with R_SK, check signature  Write revocation  Unload W_SK; server verifies secure transport log; storage system & clients reject unsigned data  Read revocation  Unload R_SK; server verifies secure transport log  SK locked to TPM, can export PK  Write  Encrypt with R_PK, signed with W_SK  Read  Decrypt with R_SK, check signature  Write revocation  Unload W_SK; server verifies secure transport log; storage system & clients reject unsigned data  Read revocation  Unload R_SK; server verifies secure transport log

10 Are we crazy?  We noticed…  (Untuned) software RSA-2048 encrypt: 75KB/s  TPM RSA-2048 decrypt: 600B/s (yes, bytes!)  Joy’s law, right?  Remember, TPM wasn’t designed as a crypto coprocessor, and it won’t do symmetric crypto (for us)  We noticed…  (Untuned) software RSA-2048 encrypt: 75KB/s  TPM RSA-2048 decrypt: 600B/s (yes, bytes!)  Joy’s law, right?  Remember, TPM wasn’t designed as a crypto coprocessor, and it won’t do symmetric crypto (for us)

11 Conclusion  TPM + Storage System (+ auth server) =  Limited, enforced key distribution (bound to machine)  Attested access revocation  Status: we’re still coding!  TPM + Storage System (+ auth server) =  Limited, enforced key distribution (bound to machine)  Attested access revocation  Status: we’re still coding!

Download ppt "Trusted Platform Modules for Encrypted File System Access Control Steven Houston & Thomas Kho CS 252 May 9, 2007 Steven Houston & Thomas Kho CS 252 May."

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Re-envisioning of the TPM

Re-envisioning of the TPM
Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.
Vpn-info.com.

Vpn-info.com.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Java Security CS-328. JDK 1.0 Security Model Sandbox Java Virtual Machine Local Code Remote Code Local Host System Resources (File System, Sockets, Printers…)

Java Security CS-328. JDK 1.0 Security Model Sandbox Java Virtual Machine Local Code Remote Code Local Host System Resources (File System, Sockets, Printers…)
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
Offline Untrusted Storage with Immediate Detection of Forking and Replay Attacks Marten van Dijk, Jonathan Rhodes, Luis Sarmenta Srini Devadas MIT Computer.

Offline Untrusted Storage with Immediate Detection of Forking and Replay Attacks Marten van Dijk, Jonathan Rhodes, Luis Sarmenta Srini Devadas MIT Computer.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
Systems and Internet Infrastructure Security (SIIS) LaboratoryPage Systems and Internet Infrastructure Security Network and Security Research Center Department.

Systems and Internet Infrastructure Security (SIIS) LaboratoryPage Systems and Internet Infrastructure Security Network and Security Research Center Department.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Similar presentations

Ads by Google