ABSTRACT
We address the problemof using an untrusted server with only a trusted timestamping device (TTD) to provide trusted storage for a large number of clients, where each client may own and use several different devices that may be offline at different times and may not be able to communicate with each other except through the untrusted server (over an untrusted network). We show how a TTD can be implemented using currently available Trusted Platform Module TPM 1.2 technology without having to assume trust in the BIOS, CPU, or OS of the TPM's server. We show how the TTD can be used to implement tamper-evident storagewhere clients are guaranteed to immediately detect illegitimate modifications to their data (including replay attacks and forking attacks) whenever they wish to perform a critical operation that relies on the freshness and validity of the data. In particular, we introduce and analyze a log-based scheme in which the TTD is used to securely implement a large number of virtual monotonic counters, which can then be used to time-stamp data and provide tamper-evident storage. We present performance results of an actual implementation using PlanetLab and a PC with a TPM 1.2 chip
- T. Arnold and L. van Doorn. The IBM PCIXCC: A new cryptograhic co-processor for the IBM eServer. IBM Journal of Research and Development, 48:475--487, 2004. Google ScholarDigital Library
- S. Balfe, A. Lakhani, and K. Paterson. Securing peer-to-peer networks using trusted computing. In C. Mitchell, editor, Trusted Computing, chapter 10. IEE, 2005.Google Scholar
- D. Bayer, S. Haber, and W. Stornetta. Improving the Efficiency and Reliability of Digital Time-Stamping. In Sequences II: Methods in Communication, Security, and Computer Science, pages 329--334, 1993.Google ScholarCross Ref
- A. Buldas, P. Laud, and H. Lipmaa. Accountable Certificate Management using Undeniable Attestations. In Proceedings of the 7th ACM Conference on Computer and Communications Security, pages 9--17, 2002. Google ScholarDigital Library
- A. Buldas, P. Laud, and H. Lipmaa. Eliminating Counterevidence with Applications to Accountable Certificate Management. Journal of Computer Security, 10:273--296, 2002. Google ScholarDigital Library
- D. Clarke, S. Devadas, M. van Dijk, B. Gassend, and G. E. Suh. Incremental Multiset Hash Functions and their Application to Memory Integrity Checking. In Advances in Cryptology - Asiacrypt 2003 Proceedings, volume 2894 of LNCS. Springer-Verlag, 2003.Google Scholar
- A. Dent and G. Price. Certificate management using distributed trusted third parties. In C. Mitchell, editor, Trusted Computing, chapter 9. IEE, 2005.Google Scholar
- E. Gallery. An overview of trusted computing technology. In C. Mitchell, editor, Trusted Computing, chapter 3. IEE, 2005.Google Scholar
- S. Haber and W. S. Stornetta. How to Time-Stamp a Digital Document. In CRYPTO ¿90: Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology, pages 437--455, 1991. Google Scholar
- M. Kallahala, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus: Scalable Secure File Sharing on Untrusted Storage. In Proceedings of the Second Conference on File and Storage Technologies (FAST 2003), 2003. Google ScholarDigital Library
- J. Li, M. Krohn, D. Mazières, and D. Shasha. Secure untrusted data repository (SUNDR). In Proceedings of the 6th Symposium on Operating Systems Design and Implementation, 2004. Google ScholarDigital Library
- D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural Support for Copy and Tamper Resistant Software. In Proceedings of the 9th Int¿l Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), pages 168--177, November 2000. Google ScholarDigital Library
- J. Marchesini, S. W. Smith, O. Wild, and R. MacDonald. Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear. Technical Report TR2003-476, Dartmouth College, Computer Science, Hanover, NH, December 2003.Google Scholar
- D. Mazières and D. Shasha. Building Secure File Systems out of Byzantine Storage. In Proceedings of the Twenty-First Annual ACM Symposium on Principles of Distributed Computing, pages 108--117, 2002. Google ScholarDigital Library
- C. Mitchell, editor. Trusted Computing. The Institution of Electrical Engineers, 2005.Google Scholar
- M. Peinado, P. England, and Y. Chen. An overview of NGSCB. In C. Mitchell, editor, Trusted Computing, chapter 4. IEE, 2005.Google Scholar
- R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and Implementation of a TCG-based Integrity Measurement Architecture. In Proceedings 13th USENIX Security Symposium (San Diego, CA), 2004. Google ScholarDigital Library
- L. F. G. Sarmenta and contributors. TPM/J: Java-based API for the Trusted Platform Module (TPM). http://projects.csail.mit.edu/tc/tpmj/, Dec. 2006.Google Scholar
- L. F. G. Sarmenta, M. van Dijk, C. W. O'Donnell, J. Rhodes, and S. Devadas. Virtual Monotonic Counters and Count-Limited Objects using a TPM without a Trusted OS. In Proceedings of the 1st ACM CCS Workshop on Scalable Trusted Computing (STC¿06), Nov. 2006. Google ScholarDigital Library
- S. W. Smith and S. H. Weingart. Building a High-Performance, Programmable Secure Coprocessor. Computer Networks (Special Issue on Computer Network Security), 31(8):831--860, April 1999 Google ScholarDigital Library
- G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing. In Proceedings of the 17th Int¿l Conference on Supercomputing (MIT-CSAIL-CSG-Memo-474 is an updated version), New-York, June 2003. ACM. Google ScholarDigital Library
- The Trustees of Princeton University. PlanetLab - An open platform for developing, deploying, and accessing planetary-scale services. https://www.planet-lab.org/, 2007.Google Scholar
- Trusted Computing Group. Mobile Phone Specifications. https://www.trustedcomputinggroup.org/specs/mobilephone/.Google Scholar
- Trusted Computing Group. TPM v1.2 specification changes. https://www.trustedcomputinggroup.org/groups/tpm/TPM 1 2 Changes final.pdf, 2003.Google Scholar
- Trusted Computing Group. TCG TPM Specification version 1.2, Revisions 62--94 (Design Principles, Structures of the TPM, and Commands). https://www.trustedcomputinggroup.org/specs/TPM/, 2003-2006.Google Scholar
- M. van Dijk, L. Sarmenta, C. O'Donnell, J. Rhodes, and S. Devadas. Proof of Freshness: How to efficiently use on online single secure clock to secure shared untrusted memory. Technical report, 2006.Google Scholar
- M. van Dijk, L. F. G. Sarmenta, J. Rhodes, and S. Devadas. Securing Shared Untrusted Storage by using TPM 1.2 Without Requiring a Trusted OS. Technical report, MIT CSAIL CSG Technical Memo 498, May 2007.Google Scholar
- B. S. Yee. Using Secure Coprocessors. PhD thesis, Carnegie Mellon University, 1994.Google Scholar
Index Terms
- Offline untrusted storage with immediate detection of forking and replay attacks
Recommendations
Authenticated storage using small trusted hardware
CCSW '13: Proceedings of the 2013 ACM workshop on Cloud computing security workshopA major security concern with outsourcing data storage to third-party providers is authenticating the integrity and freshness of data. State-of-the-art software-based approaches require clients to maintain state and cannot immediately detect forking ...
Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol
In 2001, Lin, Sun, and Hwang proposed a strong-password authentication protocol, OSPA, which was later found to be vulnerable to a stolen-verifier attack and a man-in-the-middle attack. Recently, Lin, Shen, and Hwang [10] proposed an improved protocol ...
Forward-secure signatures with untrusted update
CCS '06: Proceedings of the 13th ACM conference on Computer and communications securityIn most forward-secure signature constructions, a program that updates a user's private signing key must have full access to the private key. Unfortunately, these schemes are incompatible with several security architectures including Gnu Privacy Guard (...
Comments