Building secure file systems out of byzantine storage
Proceedings of the twenty-first annual symposium on Principles of distributed computing
Caches and Hash Trees for Efficient Memory Integrity Verification
HPCA '03 Proceedings of the 9th International Symposium on High-Performance Computer Architecture
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Secure untrusted data repository (SUNDR)
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Efficient fork-linearizable access to untrusted shared memory
Proceedings of the twenty-sixth annual ACM symposium on Principles of distributed computing
Attested append-only memory: making adversaries stick to their word
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Offline untrusted storage with immediate detection of forking and replay attacks
Proceedings of the 2007 ACM workshop on Scalable trusted computing
TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Athos: Efficient Authentication of Outsourced File Systems
ISC '08 Proceedings of the 11th international conference on Information Security
Efficient integrity checking of untrusted network storage
Proceedings of the 4th ACM international workshop on Storage security and survivability
TrInc: small trusted hardware for large distributed systems
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Integrity Protection for Revision Control
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Implementation of the AES-128 on virtex-5 FPGAs
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Venus: verification for untrusted cloud storage
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Smart Card Handbook
Depot: cloud storage with minimal trust
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
SPORC: group collaboration using untrusted cloud resources
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Integrity and consistency for untrusted services
SOFSEM'11 Proceedings of the 37th international conference on Current trends in theory and practice of computer science
Plutus: scalable secure file sharing on untrusted storage
FAST'03 Proceedings of the 2nd USENIX conference on File and storage technologies
Parallelizable authentication trees
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Hi-index | 0.00 |
A major security concern with outsourcing data storage to third-party providers is authenticating the integrity and freshness of data. State-of-the-art software-based approaches require clients to maintain state and cannot immediately detect forking attacks, while approaches that introduce limited trusted hardware (e.g., a monotonic counter) at the storage server achieve low throughput. This paper proposes a new design for authenticating data storage using a small piece of high-performance trusted hardware attached to an untrusted server. The proposed design achieves significantly higher throughput than previous designs. The server-side trusted hardware allows clients to authenticate data integrity and freshness without keeping any mutable client-side state. Our design achieves high performance by parallelizing server-side authentication operations and permitting the untrusted server to maintain caches and schedule disk writes, while enforcing precise crash recovery and write access control.