ABSTRACT
Removing hard drives from a data center may expose sensitive data, such as encryption keys or passwords. To prevent exposure, data centers have security policies in place to physically secure drives in the system, and securely delete data from drives that are removed. Despite advances in security technology and best practices, implementation of these security measures is often done incorrectly. We anticipate that physical security will fail, and fixing the issue after the failure is costly and ineffective.
We propose Inkpack, a protocol that prevents an attacker from reading data from a drive removed from the data center even if the attacker has the user key linked to the data. An implementation of this protocol encrypts data, and secret splits the key over a number of drives. Recovering the key requires communicating with other drives, thereby denying access to the data if a few drives have been removed. Inkpack also requires the system to verify the validity of individual drives before normal operation. A prototype created within the Ceph storage system executed individual key split, key rebuild, and drive validation operations in 100--150 μs. We also show that our protocol is sensitive to small data write overheads, demonstrating potential performance gains if implemented on smart solid state storage devices, and propose a solution to increase performance.
- Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benalob, Matt Blaze, Whitfield Diffie, John Gilmore, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, and Bruce Schneier. 1997. The Risks of Key Recovery, Key Escrow, and Trusted Third-party Encryption. World Wide Web J. 2, 3 (June 1997), 241--257. http://dl.acm.org/citation.cfm?id=275079.275104 Google ScholarDigital Library
- Jae-Yeon Ahn. 2005. Theft prevention device for information-stored disk. (Aug. 23 2005). US Patent 6,931,895.Google Scholar
- Beimel Amos. 2011. Secret-sharing Schemes: A Survey. In Proceedings of the Third International Conference on Coding and Cryptology (IWCC 11). Springer-Verlag, Berlin, Heidelberg, 11--46. http://dl.acm.org/citation.cfm?id=2017916.2017918 Google ScholarDigital Library
- Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson, and Dawn Song. 2007. Provable data possession at untrusted stores. In Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM, 598--609. Google ScholarDigital Library
- Jeffery Jay Bobzin. 2015. Secure boot administration in a Unified Extensible Firmware Interface (UEFI)-compliant computing device. (28 April 2015). US Patent 9,021,244.Google Scholar
- Kun-Fa Chang. 2003. Anti-theft compact disk casings. (Aug. 5 2003). US Patent 6,601,414.Google Scholar
- Robert Chesebrough and Gael. 2012. Introduction to Intel AESNI and Intel secure key instructions. (26 July 2012). https://software.intel.com/en-us/node/256280#section1Google Scholar
- John Colgrove, John Davis, John Hayes, Ethan L. Miller, Cary Sandvig, Russell Sears, Ari Tamches, Neil Vachharajani, and Feng Wang. 2015. Purity: Building Fast, Highly-Available Enterprise Flash Storage from Commodity Components.Google Scholar
- Weishi Feng. 2010. Secure digital content distribution system and secure hard drive. (Jan. 12 2010). US Patent 7,647,507.Google Scholar
- Joel Frank, Shayna Frank, Lincoln Thurlow, Thomas Kroeger, Ethan L. Miller, and Darrell D. E. Long. 2015. Percival: A Searchable Secret Split Datastore. In Proceedings of the 31st IEEE Conference on Mass Storage Systems and Technologies. http://www.ssrc.ucsc.edu/Papers/frank-msst15.pdfGoogle Scholar
- Christopher L Hamlin. 2007. Secure disk drive comprising a secure drive key and a drive ID for implementing secure communication over a public network. (May 8 2007). US Patent 7,215,771.Google Scholar
- James Hughes and D Corcoran. 1999. A universal access, smart-card-based, secure file system. In Atlanta Linux Showcase, Vol. 10. Google ScholarDigital Library
- Tom N. Jagatic, Nathaniel A. Johnson, Markus Jakobsson, and Filippo Menczer. 2007. Social Phishing. Commun. ACM 50, 10 (Oct. 2007), 94--100. Google ScholarDigital Library
- Yanqin Jin, Hung-Wei Tseng, Yannis Papakonstantinou, and Steven Swanson. 2017. KAML: A Flexible, High-Performance Key-Value SSD. In Proceedings of the 23rd Int'l Symposium on High Performance Computer Architecture (HPCA-23). IEEE, 373--384.Google ScholarCross Ref
- Mahesh Kallahalla, Erik Riedel, Ram Swaminathan, Qian Wang, and Kevin Fu. 2003. Plutus: Scalable Secure File Sharing on Untrusted Storage.. In Proceedings of the 2nd USENIX Conference on File and Storage Technologies (FAST '03), Vol. 3. 29--42. Google ScholarDigital Library
- Michael Kan. 2016. Used hard drives on eBay, Craigslist are often still ripe with leftover data. (28 June 2016). https://www.pcworld.com/article/3089343/security/resold-hard-drives-on-ebay-craigslist-are-often-still-ripe-with-leftover-data.htmlGoogle Scholar
- Erik Lacitis. 2017. WSU gets costly lesson in theft of hard drive with more than 1 million people's personal data. (July 2017). https://goo.gl/Ujr8wTGoogle Scholar
- David Mazières, Michael Kaminsky, M. Frans Kaashoek, and Emmett Witchel. 1999. Separating Key Management from File System Security. SIGOPS Oper. Syst. Rev. 33, 5 (Dec. 1999), 124--139. Google ScholarDigital Library
- Douglas MendizÃąbal, Ade Lee, Chad Lung, Dave McCowan, Fernando Diaz, John Wood, Juan Antonio Osorio Robles, Kaitlin Farr, Nathan Reller, and Steve Heyman. {n. d.}. Barbican. ({n. d.}). https://wiki.openstack.org/wiki/BarbicanGoogle Scholar
- Ulrike Meyer and Susanne Wetzel. 2004. A Man-in-the-middle Attack on UMTS. In Proceedings of the 3rd ACM Workshop on Wireless Security (WiSe '04). ACM, New York, NY, USA, 90--97. Google ScholarDigital Library
- LSU Health Network. 2017. Theft of external hard drive containing user information. (May 2017). http://www.lsuhn.com/healthnews/Theft-of-External-Hard-Drive-1Google Scholar
- Patrick O'Neil, Edward Cheng, Dieter Gawlick, and Elizabeth O'Neil. 1996. The Log-Structured Merge-Tree (LSM-Tree). Acta Informatica 33 (1996), 351--385. http://www.ssrc.ucsc.edu/PaperArchive/oneilactainformatica96.pdf Google ScholarDigital Library
- Abhishek Parakh and Subhash Kak. 2011. Space efficient secret sharing for implicit data security. Information Sciences 181, 2 (2011), 335--341. Google ScholarDigital Library
- James Plank, Kevin Greenan, and Ethan L. Miller. 2013. Screaming Fast Galois Field Arithmetic Using Intel SIMD Extensions. In Proceedings of the 11th USENIX Conference on File and Storage Technologies (FAST). Google ScholarDigital Library
- Associated Press. 2017. 20,000+ tribal members warned of data breach. (2017).Google Scholar
- Inc Red Hat. 2016. Ceph-mgr Administrator's Guide. (2016). http://docs.ceph.com/docs/master/mgr/administrator/Google Scholar
- Inc Red Hat. 2016. Hardware Recommendations. (2016). http://docs.ceph.com/docs/kraken/start/hardware-recommendations/Google Scholar
- Jason K. Resch and James S. Plank. 2011. AONT-RS: Blending Security and Performance in Dispersed Storage Systems. In Proceedings of the 9th USENIX Conference on File and Storage Technologies (FAST) (FAST'11). USENIX Association, Berkeley, CA, USA, 14--14. http://dl.acm.org/citation.cfm?id=1960475.1960489 Google ScholarDigital Library
- James Risen. 2000. Missing Nuclear Data Found Behind a Los Alamos Copier. (June 2000).Google Scholar
- Bruce Schneider. 1996. Applied cryptography: protocols, algorithms, and source code in C. John Wiley & Sons. Google ScholarDigital Library
- Thomas S. J. Schwarz and Ethan L. Miller. 2006. Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage. In Proceedings of the 26th International Conference on Distributed Computing Systems (ICDCS '06) (ICDCS '06). IEEE Computer Society, Washington, DC, USA, 12--. Google ScholarDigital Library
- Sudharsan Seshadri, Mark Gahagan, Meenakshi Sundaram Bhaskaran, Trevor Bunker, Arup De, Yanqin Jin, Yang Liu, and Steven Swanson. 2014. Willow: A user-programmable SSD. In Proceedings of the 11th Symposium on Operating Systems Design and Implementation. 67--80. Google ScholarDigital Library
- Adi Shamir. 1979. How To Share a Secret. Commun. ACM 22, 11 (Nov. 1979), 612--613. http://www.ssrc.ucsc.edu/PaperArchive/shamir-cacm79.pdf Google ScholarDigital Library
- Mark W. Storer, Kevin Greenan, Ethan L. Miller, and Kaladhar Voruganti. 2006. POTSHARDS: Secure Long-Term Archival Storage Without Encryption. In Technical Report UCSC-SSRC-06-03, Storage Systems Research Center, University of California, Santa Cruz.Google Scholar
- Lincoln Thurlow, Andrew Kwong, Thomas J. E. Schwarz, and Ethan L. Miller. 2017. gferasure: a high performance Galois field library for erasure coding and algebraic signature computation. https://bitbucket.org/ssrc/gferasure. (2017).Google Scholar
- Michael Yung Chung Wei, Laura M Grupp, Frederick E Spada, and Steven Swanson. 2011. Reliably Erasing Data from Flash-Based Solid State Drives.. In Proceedings of the 9th USENIX Conference on File and Storage Technologies (FAST), Vol. 11.8. Google ScholarDigital Library
- Sage Weil, Scott A. Brandt, Ethan L. Miller, and Carlos Maltzahn. 2006. CRUSH: Controlled, Scalable, Decentralized Placement of Replicated Data. In Proceedings of the 2006 ACM/IEEE Conference on Supercomputing (SC '06). Google ScholarDigital Library
- Johannes Winter. 2008. Trusted Computing Building Blocks for Embedded Linux-based ARM Trustzone Platforms. In Proceedings of the third ACM Workshop on Scalable Trusted Computing (STC '08). ACM, New York, NY, USA, 21--30. Google ScholarDigital Library
- Xingbo Wu, Yuehai Xu, Zili Shao, and Song Jiang. 2015. LSM-trie: An LSM-tree-based Ultra-Large Key-Value Store for Small Data. In Proceedings of the 2015 USENIX Annual Technical Conference, http://www.ssrc.ucsc.edu/PaperArchive/wu-atc15.pdf Google ScholarDigital Library
- Guy Zyskind, Oz Nathan, et al. 2015. Decentralizing privacy: Using blockchain to protect personal data. In Security and Privacy Workshops (SPW), 2015 IEEE. IEEE, 180--184. Google ScholarDigital Library
Index Terms
- Inkpack: A Secure, Data-Exposure Resistant Storage System
Recommendations
Parameter manipulation attack prevention and detection by using web application deception proxy
IMCOM '17: Proceedings of the 11th International Conference on Ubiquitous Information Management and CommunicationThe attack abusing web application vulnerabilities are currently classified into traditional attack threats. However, security breaches by web application attacks are still reported via mass media. Although the vulnerabilities in popular products such ...
An analysis of how many undiscovered vulnerabilities remain in information systems
AbstractVulnerability management strategy, from both organizational and public policy perspectives, hinges on an understanding of the supply of undiscovered vulnerabilities. If the number of undiscovered vulnerabilities is small enough, then a ...
Breaking the memory secrecy assumption
EUROSEC '09: Proceedings of the Second European Workshop on System SecurityMany countermeasures exist that attempt to protect against buffer overflow attacks on applications written in C and C++. The most widely deployed countermeasures rely on artificially introducing randomness in the memory image of the application. ...
Comments