Performance and Consistency Improvements of Hash Tree Based Disk Storage Protection

Hash tree based disk storage integrity protection suffers from performance penalty and possible losing of consistency. FI-Tree deploys a fixed-structure tree and applies incremental-hash to tree node updating to solve the difficulties of performance and consistency. The biggest advantage of FI-Tree comes from that: to allow tree nodes to be cached to optimize performance, it can maintain consistency between the tree and the protected data with low cost at the same time. Basing on FI-Tree, TNSD constructs an instance of secure disk. TNSD associates one nonce with each data block to be protected, and applies FI-Tree to ensure the nonce to be un-tampered. In such way, data protection can be fulfilled with resistance against any attacks. Related approaches are elaborated, as well as testing results. Theoretical analysis and experimental simulation show that it is a practical and available way to build secure disk.

[1]  Mahadev Satyanarayanan,et al.  Scale and performance in a distributed file system , 1988, TOCS.

[2]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[3]  Fujita Tomonori,et al.  Protecting the integrity of an entire file system , 2003, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings..

[4]  Patrick D. McDaniel,et al.  Non-volatile memory and disks:: avenues for policy architectures , 2007, CSAW '07.

[5]  G. Edward Suh,et al.  Hardware Mechanisms for Memory Integrity Checking , 2002 .

[6]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[7]  Mihir Bellare,et al.  Incremental Cryptography: The Case of Hashing and Signing , 1994, CRYPTO.

[8]  Erez Zadok,et al.  Cryptfs: A Stackable Vnode Level Encryption File System , 1998 .

[9]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[10]  David A. McGrew Efficient authentication of large, dynamic data sets using Galois/counter mode (GCM) , 2005, Third IEEE International Security in Storage Workshop (SISW'05).

[11]  Margo I. Seltzer,et al.  Unifying File System Protection , 2001, USENIX Annual Technical Conference, General Track.

[12]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[13]  David A. Wagner,et al.  Security considerations for incremental hash functions based on pair block chaining , 2006, Comput. Secur..

[14]  Christian Cachin,et al.  Cryptographic Security for a High-Performance Distributed File System , 2007, 24th IEEE Conference on Mass Storage Systems and Technologies (MSST 2007).

[15]  Dwaine E. Clarke,et al.  Towards constant bandwidth overhead integrity checking of untrusted data , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[16]  Michael K. Reiter,et al.  Integrity Checking in Cryptographic File Systems with Constant Trusted Storage , 2007, USENIX Security Symposium.

[17]  Dennis Shasha,et al.  Don't trust your file server , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[18]  J. Howard Et El,et al.  Scale and performance in a distributed file system , 1988 .

[19]  Radek Vingralek,et al.  How to build a trusted database system on untrusted storage , 2000, OSDI.