Offline untrusted storage with immediate detection of forking and replay attacks

We address the problemof using an untrusted server with only a trusted timestamping device (TTD) to provide trusted storage for a large number of clients, where each client may own and use several different devices that may be offline at different times and may not be able to communicate with each other except through the untrusted server (over an untrusted network). We show how a TTD can be implemented using currently available Trusted Platform Module TPM 1.2 technology without having to assume trust in the BIOS, CPU, or OS of the TPM's server. We show how the TTD can be used to implement tamper-evident storagewhere clients are guaranteed to immediately detect illegitimate modifications to their data (including replay attacks and forking attacks) whenever they wish to perform a critical operation that relies on the freshness and validity of the data. In particular, we introduce and analyze a log-based scheme in which the TTD is used to securely implement a large number of virtual monotonic counters, which can then be used to time-stamp data and provide tamper-evident storage. We present performance results of an actual implementation using PlanetLab and a PC with a TPM 1.2 chip

[1]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[2]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[3]  Marten van Dijk,et al.  Securing Shared Untrusted Storage by using TPM 1 . 2 Without Requiring a Trusted OS , 2007 .

[4]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[5]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[6]  Aaron Weiss Trusted computing , 2006, NTWK.

[7]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[8]  Eimear Gallery An overview of trusted computing technology , 2005 .

[9]  Peeter Laud,et al.  Eliminating Counterevidence with Applications to Accountable Certificate Management , 2002, J. Comput. Secur..

[10]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[11]  Srinivas Devadas,et al.  Virtual monotonic counters and count-limited objects using a TPM without a trusted OS , 2006, STC '06.

[12]  A. Dent,et al.  Certificate management using distributed trusted third parties , 2005 .

[13]  Stuart Haber,et al.  Improving the Efficiency and Reliability of Digital Time-Stamping , 1993 .

[14]  Dennis Shasha,et al.  Building secure file systems out of byzantine storage , 2002, PODC '02.

[15]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[16]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[17]  Peeter Laud,et al.  Accountable certificate management using undeniable attestations , 2000, CCS.

[18]  Kenneth G. Paterson,et al.  Securing peer-to-peer networks usingtrusted computing , 2005 .

[19]  Marten van Dijk,et al.  Proof of Freshness : How to efficiently use an online single secure clock to secure shared untrusted memory , 2006 .

[20]  Leendert van Doorn,et al.  The IBM PCIXCC: A new cryptographic coprocessor for the IBM eServer , 2004, IBM J. Res. Dev..

[21]  Sean W. Smith,et al.  Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear , 2003 .

[22]  Paul England,et al.  An overview of NGSCB , 2005 .

[23]  G. Edward Suh,et al.  Incremental Multiset Hash Functions and Their Application to Memory Integrity Checking , 2003, ASIACRYPT.