DOI QR코드

DOI QR Code

UTrustDisk: An Efficient Data Protection Scheme for Building Trusted USB Flash Disk

  • Cheng, Yong (School of Computer Science and Technology, National University of Defense Technology) ;
  • Ma, Jun (School of Computer Science and Technology, National University of Defense Technology) ;
  • Ren, Jiangchun (School of Computer Science and Technology, National University of Defense Technology) ;
  • Mei, Songzhu (School of Computer Science and Technology, National University of Defense Technology) ;
  • Wang, Zhiying (School of Computer Science and Technology, National University of Defense Technology)
  • Received : 2015.08.13
  • Accepted : 2016.07.19
  • Published : 2017.04.30

Abstract

Data protection of removable storage devices is an important issue in information security. Unfortunately, most existing data protection mechanisms are aimed at protecting computer platform which is not suitable for ultra-low-power devices. To protect the flash disk appropriately and efficiently, we propose a trust based USB flash disk, named UTrustDisk. The data protection technologies in UTrustDisk include data authentication protocol, data confidentiality protection and data leakage prevention. Usually, the data integrity protection scheme is the bottleneck in the whole system and we accelerate it by WH universal hash function and speculative caching. The speculative caching will cache the potential hot chunks for reducing the memory bandwidth pollution. We adopt the symmetric encryption algorithm to protect data confidentiality. Before mounting the UTrustDisk, we will run a trusted virtual domain based lightweight virtual machine for preventing information leakage. Besides, we prove formally that UTrustDisk can prevent sensitive data from leaking out. Experimental results show that our scheme's average writing throughput is 44.8% higher than that of NH scheme, and 316% higher than that of SHA-1 scheme. And the success rate of speculative caching mechanism is up to 94.5% since the access pattern is usually sequential.

Keywords

References

  1. Computer Security Institute, 16th annual CSI computer crime and security survey executive summary, http://www.gocsi.com, 2011.
  2. Trusted Computing Group, TCG storage architecture core specification, http://www.trustedcomputinggroup.org, 2011.
  3. F. Hou, D. Gu, N. Xiao, and Y. Tang, "Data privacy and integrity appropriate for disk protection," in Proc. of the 8th IEEE Int. Conf. on Computer and Information Technology, pp.414-419, July 8-11, 2008.
  4. Y. Cheng, Z. Wang, J. Wu, S. Mei, J. Ren, and J. Ma, "SWHash: An Efficient Data Integrity Verification Scheme Appropriate for USB Flash Disk," in Proc. of the 10th Int. Conf. on Trust, Security and Privacy in Computing and Communications, pp.381-388, November 16-18, 2010.
  5. J. Ma, Z. Wang, J. Ren, C. Liu, J. Wu, Y. Cheng, and S. Mei, "Trsf: Implementing active removable storage protection via trusted virtual domains," Chinese Journal of Electronics, vol. 40, no. 2, pp.376-383, February, 2011.
  6. Nationz Technologies Company, Secure storage chips, http://www.nationz.com.cn/Products2.aspx?id=36, 2011.
  7. R.C. Merkle, "Protocols for public key cryptosystems," in Proc. of the 1980 IEEE Symposium on Security and privacy, pp.122-134, April, 1980.
  8. J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway, "Umac: Fast and secure message authentication," in Proc. of the 19th Annual International Cryptology Conference (CRYPTO'99), pp.79-79, August 15-19, 1999.
  9. R. Huang and G.E. Suh, "Ivec: off-chip memory integrity protection for both security and reliability," ACM SIGARCH Computer Architecture News, vol. 38, no. 3, pp.395-406, June, 2010. https://doi.org/10.1145/1816038.1816015
  10. W. Shi, H.H.S. Lee, M. Ghosh, and C. Lu, "Architectural support for high speed protection of memory integrity and confidentiality in multiprocessor systems," in Proc. of the 13th Int. Conf. on Parallel Architectures and Compilation Techniques, pp.123-134, September 29-October 3, 2004.
  11. C. Yan, D. Englender, M. Prvulovic, B. Rogers, and Y. Solihin, "Improving cost, performance, and security of memory encryption and authentication," ACM SIGARCH Computer Architecture News, vol. 34, no. 2, pp.179-190, May, 2006. https://doi.org/10.1145/1150019.1136502
  12. J.P. Kaps, K. Yuksel, and B. Sunar, "Energy scalable universal hashing," IEEE Transactions on Computers, vol. 54, no. 12, pp.1484-1495, December, 2005. https://doi.org/10.1109/TC.2005.195
  13. Y. Hu, G. Hammouri, and B. Sunar, "A fast real-time memory authentication protocol," in Proc. of the 3rd ACM workshop on Scalable trusted computing, pp.31-40, October 27-31, 2008.
  14. J.L. Griffin, T. Jaeger, R. Perez, R. Sailer, and L. Van Doorn, "Trusted virtual domains: Toward secure distributed services," in Proc. of the 1st IEEE Workshop on Hot Topics in System Dependability, June 28-July 1, 2005.
  15. I. Burdonov, A. Kosachev, and P. Iakovenko, "Virtualization-based separation of privilege: working with sensitive data in untrusted environment," in Proc. of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems, pp.1-6, April 1-3, 2009.
  16. Y. Yu, "OS-level virtualization and its applications," PhD thesis, State University of New York At Stony Brook, 2009.
  17. Nationz Technologies Company, Armordisk (security usbkey) encrypted storage," http://www.nationz.com.cn/Solutions2.aspx?id=4, 2011.
  18. D.Williams and E.G. Sirer, "Optimal parameter selection for efficient memory integrity verification using merkle hash trees," in Proc. of the 3rd IEEE Int. Symposium on Network Computing and Applications, pp.383-388, August 30- September 1, 2004.
  19. U. Maheshwari, R. Vingralek, and W. Shapiro, "How to build a trusted database system on untrusted storage," in Proc. of the 4th Conf. on Symposium on Operating System Design & Implementation, pp.1-10, October 22-25, 2000.
  20. B. Gassend, G.E. Suh, D. Clarke, M. Van Dijk, and S. Devadas, "Caches and hash trees for efficient memory integrity verification," in Proc. of the Ninth Int. Symposium on High-Performance Computer Architecture, pp.295-306, February 8-12, 2003.
  21. Y. Hu and B. Sunar, "An improved memory integrity protection," in Proc. of the 3rd Int. Conf. on Trust and Trustworthy Computing, June, 2010.
  22. M. Bellare, O. Goldreich, and S. Goldwasser, "Incremental cryptography: The case of hashing and signing," in Proc. of the 14th Annual International Cryptology Conference (CRYPTO'94), pp. 216-233, August 21-25, 1994.
  23. J.L. Carter and M.N. Wegman, "Universal classes of hash functions," Journal of computer and system sciences, vol. 18, no. 2, pp.143-154, 1979. https://doi.org/10.1016/0022-0000(79)90044-8
  24. W. Nevelsteen and B. Preneel, "Software performance of universal hash functions," in Proc. of the 1999 Int. Conf. on the Theory and Application of Cryptographic Techniques (EUROCRYPT'99), pp.24-41, May 2-6, 1999.
  25. Y. Yu, F. Guo, S. Nanda, L. Lam, and T. Chiueh, "A feather-weight virtual machine for windows applications," in Proc. of the 2nd Int. Conf. on Virtual Execution Environments, pp.24-34, June 14-16, 2006.
  26. L. Catuogno, H. Lohr, M. Manulis, A.R. Sadeghi, and M. Winandy, "Transparent mobile storage protection in trusted virtual domains," in Proc. of the 23rd Conf. on Large Installation System Administration, pp.1-12, November 1-6, 2009.
  27. W. Sun, Z. Liang, R. Sekar, and VN Venkatakrishnan, "One-way isolation: An effective approach for realizing safe execution environments," in Proc. of the 2005 Network and Distributed Systems Symposium, February 3-4, 2005.
  28. D.E. Denning, "A lattice model of secure information flow," Communications of the ACM, vol. 19, no. 5, pp.236-243, May, 1976. https://doi.org/10.1145/360051.360056
  29. Samsung, "Products flash," http://www.samsung.com/global/business/semiconductor/products/flash/Products/Flash.html, 2011.
  30. ATTO Technology Inc, "Disk benchmark," http://www.attotech.com/products, 2011.
  31. M. Etzel, S. Patel, and Z. Ramzan, "Square hash: Fast message authentication via optimized universal hash functions," in Proc. of the 19th Annual International Cryptology Conference (CRYPTO'99), pp.786-786, August 15-19, 1999.