Optimal parameter selection for efficient memory integrity verification using Merkle hash trees

A secure, tamperproof execution environment is critical for trustworthy network computing. Newly emerging hardware, such as those developed as part of the TCPA and Palladium initiatives, enables operating systems to implement such an environment through Merkle hash trees. We examine the selection of optimal parameters, namely blocksize and tree depth, for Merkle hash trees based on the size of the memory region to be protected and the number of memory updates between updates of the hash tree. We analytically derive an expression for the cost of updating the hash tree, show that there is an optimal blocksize for the leaves of a Merkle tree for a given file size and update interval that minimizes the cost of update operations, and describe a general method by which the parameters of such a tree can be determined optimally.

[1]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[2]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[3]  Bennet S. Yee,et al.  Dyad : a system for using physically secure coprocessors , 1991 .

[4]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[5]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[6]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[7]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[8]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[9]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[10]  Radek Vingralek,et al.  How to build a trusted database system on untrusted storage , 2000, OSDI.

[11]  Radek Vingralek,et al.  How to Manage Persistent State in DRM Systems , 2001, Digital Rights Management Workshop.

[12]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[13]  Srinivas Devadas,et al.  Incremental Multiset Hashes and their Application to Integrity Checking , 2003 .

[14]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[15]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[16]  Markus Jakobsson,et al.  Fractal Merkle Tree Representation and Traversal , 2003, CT-RSA.

[17]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[18]  Mark Horowitz,et al.  Implementing an untrusted operating system on trusted hardware , 2003, SOSP '03.

[19]  Marten van Dijk,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS '03.

[20]  Manuel Blum,et al.  Checking the correctness of memories , 2005, Algorithmica.