Abstract
Protecting data confidentiality and integrity is important to ensure secure computing. Approach that integrates encryption and hash tree based verification is proposed here to protect disk data. Together with sector-level operation, it can provide protection with characters as online checking, high resistance against attacks, any data protection and unified low-level mechanism. To achieve satisfied performance, it adopts a special structure hash tree, and defines hash sub-trees corresponding to the frequently accessed disk regions as hot-access-windows. Utilizing hot-access-windows, simplifying the layout of tree structure and correctly buffering portion nodes of hash tree, it can reduce the cost of protection sufficiently. At the same time, it is convenient for fast recovery to maintain consistency effectively. Related model, approach and system realization are elaborated, as well as testing results. Theoretical analysis and experimental simulation show that it is a practical and available way to build secure disk.
This work is supported by National Laboratory for Modern Communications (No. 51436050505KG0101).
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Merkle, R.C.: Protocols for public key cryptography. In: IEEE Symposium on Security and Privacy, pp. 122–134 (1980)
Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: IEEE Symposium on Foundations of Computer Science, pp. 90–99 (1991)
Gassend, B., Suh, G.E., Clarke, D., van Dijk, M., Devadas, S.: Caches and merkle trees for efficient memory authentication. In: Ninth International Symposium on High Performance Computer Architecture (2003)
Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Hardware Mechanisms for Memory Integrity Checking. Technical report, MIT LCS TR-872 (2003)
Blaze, M.: A cryptographic file system for unix. In: 1st ACM Conference on Communications and Computing Security, pp. 9–16 (1993)
Zadok, E., Badulescu, I., Shender, A.: Cryptfs: A stackable vnode level encryption file system. Technical report, Computer Science Department, Columbia University (1998)
Tripwire, http://www.tripwire.org
Fu, K., kaashoek, F., Mazieres, D.: Fast and secure distributed read-only file system. In: Proceedings of OSDI 2000 (2000)
Mazieres, D., Shasha, D.: Don’t trust your file server. In: 8th Workshop on Hot Topics in Operating Systems (2001)
Stein, C.A., Howard, J.H., Seltzer, M.I.: Unifying file system protection. In: 2001 USENIX Annual Technical Conference, pp. 79–90 (2001)
Tomonori, F., Masanori, O.: Protecting the Integrity of an Entire File System. In: First IEEE International Workshop on Information Assurance (2003)
Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Aegis: Architecture for tamper- evident and tamper-resistant processing. 17th Int’l Conference on Supercomputing (2003)
Hou, F., Wang, Z., Tang, Y., Liu, J.: Verify Memory Integrity Basing on Hash Tree and MAC Combined Approach. In: International Conference on Embedded and Ubiquitous Computing (2004)
Howard, J.H., Kazar, M.L., Menees, S.G., Nichols, D.A., Satyanarayanan, M., Sidebotham, R.N., West, M.J.: Scale and performance in a distributed file system. ACM Transactions on Computer Systems 6, 51–81 (February 1988)
HP Labs. Tools and traces, http://www.hpl.hp.com/research/
Bellare, M., Micciancio, D.: A New Paradigm for collision-free hashing: Incrementality at reduced cost. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 163–192. Springer, Heidelberg (1997)
Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. In: Crypto 2004 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hou, F., He, H., Wang, Z., Dai, K. (2006). An Efficient Way to Build Secure Disk. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2006. Lecture Notes in Computer Science, vol 3903. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11689522_27
Download citation
DOI: https://doi.org/10.1007/11689522_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33052-3
Online ISBN: 978-3-540-33058-5
eBook Packages: Computer ScienceComputer Science (R0)