When cryptography meets storage

Confidential data storage through encryption is becoming increasingly important. Designers and implementers of encryption methods of storage media must be aware that storage has different usage patterns and properties compared to securing other information media such as networks. In this paper, we empirically demonstrate two-time pad vulnerabilities in storage that are exposed via shifting file contents, in-place file updates, storage mechanisms hidden by layers of abstractions, inconsistencies between memory and disk content, and backups. We also demonstrate how a simple application of Bloom filters can automatically extract plaintexts from two-time pads. Further, our experience sheds light on system research directions to better support cryptographic assumptions and guarantees.

[1]  Robert L. Solso,et al.  Frequency and versatility of letters in the English language , 1976 .

[2]  Mendel Rosenblum,et al.  The design and implementation of a log-structured file system , 1991, SOSP '91.

[3]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[4]  R. Conrad,et al.  Letter Structure of the English Language , 1960, Nature.

[5]  Yale N. Patt,et al.  Metadata update performance in file systems , 1994, OSDI '94.

[6]  Michael N Jones,et al.  Case-sensitive letter and bigram frequency counts from large-scale English corpora , 2004, Behavior research methods, instruments, & computers : a journal of the Psychonomic Society, Inc.

[7]  Alexander Griffing Solving XOR Plaintext Strings with the Viterbi Algorithm , 2006, Cryptologia.

[8]  A. M. Abdullah,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1997 .

[9]  Randy H. Katz,et al.  A case for redundant arrays of inexpensive disks (RAID) , 1988, SIGMOD '88.

[10]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[11]  Ed Dawson,et al.  Automated Cryptanalysis of XOR Plaintext Strings , 1996, Cryptologia.

[12]  Victor Boyko,et al.  On the Security Properties of OAEP as an All-or-Nothing Transform , 1999, CRYPTO.

[13]  Sivan Toledo,et al.  Mapping structures for flash memories: techniques and open problems , 2005, IEEE International Conference on Software - Science, Technology & Engineering (SwSTE'05).

[14]  Mike Halcrow eCryptfs: a stacked cryptographic filesystem , 2007 .

[15]  Abhi Shelat,et al.  Remembrance of Data Passed: A Study of Disk Sanitization Practices , 2003, IEEE Secur. Priv..

[16]  Li-Pin Chang,et al.  On efficient wear leveling for large-scale flash-memory storage systems , 2007, SAC '07.

[17]  Red Hat JFFS : The Journalling Flash File System , 2001 .

[18]  Tal Garfinkel,et al.  Data lifetime is a systems problem , 2004, EW 11.

[19]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, Journal of Cryptology.

[20]  Craig Valli Throwing out the Enterprise with the Hard Disk , 2004, Australian Computer, Network & Information Forensics Conference.

[21]  Van Nostrand,et al.  Error Bounds for Convolutional Codes and an Asymptotically Optimum Decoding Algorithm , 1967 .

[22]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[23]  Randal C. Burns,et al.  Ext3cow: a time-shifting file system for regulatory compliance , 2005, TOS.

[24]  Norman C. Hutchinson,et al.  Elephant: the file system that never forgets , 1999, Proceedings of the Seventh Workshop on Hot Topics in Operating Systems.

[25]  Tal Garfinkel,et al.  Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation , 2005, USENIX Security Symposium.

[26]  Ronald L. Rivest,et al.  The RC4 encryption algorithm , 1992 .

[27]  M. S. Mayzner,et al.  Tables of single-letter and digram frequency counts for various word-length and letter-position combinations. , 1965 .

[28]  Hiroshi Motoda,et al.  A Flash-Memory Based File System , 1995, USENIX.

[29]  P.F. Bennison,et al.  Data security issues relating to end of life equipment , 2004, IEEE International Symposium on Electronics and the Environment, 2004. Conference Record. 2004.

[30]  Randal C. Burns,et al.  Secure deletion for a versioning file system , 2005, FAST'05.

[31]  H. F. Gaines,et al.  Cryptanalysis: A Study of Ciphers and Their Solution , 1956 .

[32]  Jason Eisner,et al.  A natural language approach to automated cryptanalysis of two-time pads , 2006, CCS '06.

[33]  Nj Piscataway,et al.  Wireless LAN medium access control (MAC) and physical layer (PHY) specifications , 1996 .

[34]  Tal Garfinkel,et al.  Understanding data lifetime via whole system simulation , 2004 .