Protecting the integrity of an entire file system

2009 Fifth International Conference on Information Assurance and Security

Liu

et al. 2009

To protect hard disk data confidentiality and integrity, AEIVV associates one unique IV with each disk sector; then, it applies authenticated encryption of AES-CCM to the protected sector and constructs hash tree upon IV storage. Through assuring IV to be trusted or un-tampered, data can be protected firmly. To make it an available way for disk protection, various optimizing measures are applied to quicken the running speed. With the emphasis of reducing extra latencies caused by protection, IV/MAC storage is allocated using interlaced layout to decrease seek time of disk I/O, IV checking penalty is reduced by buffering the frequently used hash tree nodes and IV/MAC values. Related approaches are elaborated, as well as experimental results. It shows that AEIVV is a practical and available way to build secure disk.

“…There exist many systems that protect mass data [2,3,4,5,6,7,8,9]. But nearly all of them have certain limitations.…”

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Secure Disk with Authenticated Encryption and IV Verification

2009 Fifth International Conference on Information Assurance and Security

Liu

et al. 2009

“…Among them, SFSRO [3] uses a hash of a file-data block as the block identifier to guarantee the integrity of content data; SUNDR [4] uses a hash of a block as the block identifier and a hash tree to provide data integrity at the file system level; TDB [5] describes a database in which it integrates encryption and hashing with a low-level data model that protects data and metadata uniformly; PFS [6] protects data integrity at the block level without tightly integrated into the file system design; Arbre [7] builds hash tree into file system design tightly to protect integrity of the entire file system; many others system can be listed here, such as Sirius [8] and Plutus [9]; two most recent publications are Pletka et al [10] and Oprea et al [11], and one most remarkable endeavor to establish standard of storage device protection is IEEE P1619.x [12]. These works make promising progresses in data storage security; however, there still exist some problems that hold back data applications in real world.…”

Section: Introductionmentioning

confidence: 99%

Secure Remote Storage through Authenticated Encryption

2008 International Conference on Networking, Architecture, and Storage

et al. 2008

Storage systems are more distributed and more subject to attacks. Cryptographic file system gives a promising way to mitigate the danger of exposing data by using encryption and integrity protection methods and guarantee end-to-end security to clients. This paper describes SRSAE, a generic approach to cryptographic file system, as well as its realization in a distributed data storage environment. SRSAE applies authenticated encryption to each data block transferred between clients and the remote block devices. It provides strong data confidentiality and integrity protections through trusted IV (Initialization Vector) and MAC (Message Authentication Code) comparison. Performance is optimized by buffering IV and MAC locally. Integration into original file system is presented with specific implementation. Related model, approach and system realization are elaborated, as well as testing results. Theoretical analysis and experimental simulations show that it is a practical and available way to build secure network storage system.

“…Cryptfs [4] encrypt file data; Tripwire [5] uses the principle of MAC to check the integrity of files, while trusted computing system like NGSCB [6] verifying "program hashes" is similar; SFSRO [7] uses hash of a file-data block to guarantee the integrity of content data; SUNDR [8] uses a hash of a block and hash tree to provide file system integrity; PFS [9] protects data integrity at the block level without integrated into the file system, while Arbre [10] builds hash tree into file system tightly. Recently, several important techniques to protect the locally connected hard disk have appeared; for examples: Windows-Vista BitLocker [11], IEEE P1619.x [12] and Seagate Momentus 5400 FDE.2 Hard Drives [13].…”

Section: Introductionmentioning

confidence: 99%

Data privacy and integrity appropriate for disk protection

2008 8th IEEE International Conference on Computer and Information Technology

et al. 2008

To protect data privacy and integrity, it encrypts each protected disk sector and creates hash tree upon all the protected sectors to resist against any possible attacks. To make it an appropriate way for disk protection, it designs the required solutions of disk layout, performance optimizing and consistency maintaining. Disk layout uses a fixed disk region to preserve hash tree nodes; performance optimizing utilizes system memory to buffer those frequently used hash tree nodes to offload the big working cost; and consistency maintaining logs disk modifications to recovery the valid result after unexpected failures. The implementation cost is low and running performance is satisfiable. Analysis and experimental simulations show that it is a practical and available way to build secure disk.