Commit a3e96e49 authored by Xunnamius (Mega)'s avatar Xunnamius (Mega)

4asplos18

parent f32585f3
......@@ -12,8 +12,8 @@ axis x line* = top,
xlabel near ticks,
major x tick style = transparent,
height=5cm,
%width=0.95\columnwidth,
width=0.9\columnwidth,
%width=0.65\columnwidth,
width=0.6\columnwidth,
xmin=0,
xmax=3,
enlargelimits=false,
......@@ -45,8 +45,8 @@ axis x line* = bottom,
xlabel near ticks,
major x tick style = transparent,
height=5cm,
%width=0.95\columnwidth,
width=0.9\columnwidth,
%width=0.65\columnwidth,
width=0.6\columnwidth,
xmin=0,
xmax=3,
enlargelimits=false,
......
......@@ -13,7 +13,7 @@ xlabel near ticks,
major x tick style = transparent,
height=3.5cm,
%width=0.95\columnwidth,
width=4.2cm,
width=2cm,
xmin=0,
xmax=3,
enlargelimits=false,
......@@ -46,7 +46,7 @@ xlabel near ticks,
major x tick style = transparent,
height=3.5cm,
%width=0.95\columnwidth,
width=4.2cm,
width=2cm,
xmin=0,
xmax=3,
enlargelimits=false,
......
File mode changed from 100644 to 100755
@Comment{$ biblatex control file $}
@Comment{$ biblatex version 2.6 $}
@Comment{$ biblatex version 2.8 $}
Do not modify this file!
This is an auxiliary file used by the 'biblatex' package.
......@@ -7,5 +7,5 @@ This file may safely be deleted. It will be recreated as
required.
@Control{biblatex-control,
options = {2.6:0:0:1:0:0:1:1:0:0:0:0:2:1:2:1:79:+},
options = {2.8:0:0:1:0:1:1:0:0:0:0:2:2:1:79:+:nyt},
}
......@@ -51,8 +51,10 @@
<file>strongbox.bbl</file>
</requires>
<requires type="static">
<file>blx-dm.def</file>
<file>blx-compat.def</file>
<file>biblatex_legacy.def</file>
<file>blx-bibtex.def</file>
<file>biblatex.def</file>
<file>blx-natbib.def</file>
<file>numeric-comp.bbx</file>
<file>numeric.bbx</file>
......
......@@ -181,9 +181,9 @@ tick label style={font=\small},
\vspace{0.1cm}
\end{center}
\veryHuge \color{NavyBlue} \textbf{Strongbox: Fast Secure Storage for Mobile Devices} \color{Black}\\[0.5cm] % Title
\veryHuge \color{NavyBlue} \textbf{Strongbox: Using Stream Ciphers for Full-Drive Encryption} \color{Black}\\[0.5cm] % Title
% \Huge\textit{An Exploration of Complexity}\\[2cm] % Subtitle
\huge \textbf{Bernard Dickens, Ariel Feldman, Haryadi Gunawi, Henry Hoffmann}\\[0.25cm] % Author(s)
\huge \textbf{Bernard Dickens III, Ariel J. Feldman, Haryadi S. Gunawi, Henry Hoffmann}\\[0.25cm] % Author(s)
\Large University of Chicago %//[0.25cm] % University/organization
% \Large \texttt{bd3@cs.uchicago.edu}\\
\end{minipage}
......@@ -202,74 +202,98 @@ tick label style={font=\small},
\begin{abstract}
Full disk encryption (FDE) is especially important for mobile devices because
Full Drive Encryption (FDE) is especially important for mobile devices because
they both contain large amounts of sensitive data and are easily lost or stolen.
Yet, the conventional approach to FDE, AES in XTS mode, is 3--5x slower than
unencrypted storage. Authenticated encryption based on stream ciphers like
ChaCha20 is already used as a faster alternative to AES in other contexts, such
as HTTPS, but the conventional wisdom is that stream ciphers are a unsuitable
for FDE. Used naively in disk encryption, stream ciphers are vulnerable to
for FDE. Used naively in drive encryption, stream ciphers are vulnerable to
many-time pad attacks and rollback attacks, and mitigating these attacks with
on-disk metadata is generally believed to ruin performance.
In this paper, we argue that recent developments in mobile devices invalidate
this assumption and make it possible to use fast stream ciphers for disk
this assumption and make it possible to use fast stream ciphers for drive
encryption. Modern mobile devices rely on NAND-flash storage with a Flash
Translation Layer (FTL), which functions very similarly to a Log-structured File
System (LFS), and include trusted hardware such as Trusted Execution
Environments (TEEs) and secure storage areas. Leveraging these two trends, we
propose StrongBox, a stream cipher-based FDE layer that is a drop-in replacement
for dm-crypt, the standard Linux disk encryption module based on AES-XTS.
for dm-crypt, the standard Linux disk/drive encryption module based on AES-XTS.
StrongBox introduces a system design and on-disk data structures that exploit
LFS's lack of overwrites to avoid costly rekeying and a counter stored in
trusted hardware to implement rollback protection. We implement StrongBox on an
ARM big.LITTLE mobile processor and test its performance under the F2FS LFS.
trusted hardware to implement rollback protection.
We implement StrongBox on an ARM big.LITTLE mobile processor and test its
performance under the F2FS below (among others).
\end{abstract}
%----------------------------------------------------------------------------------------
% INTRODUCTION
%----------------------------------------------------------------------------------------
\vspace{-1cm}
\color{SaddleBrown} % SaddleBrown color for the introduction
\section*{Motivation}
Full disk encryption (FDE) is an essential technique for protecting the privacy
Full Drive Encryption (FDE) is an essential technique for protecting the privacy
of data at rest. Considering the state of the art, the conventional wisdom for
securing this data is to use the AES block cipher in XTS mode~\cite{NISTXTS}.
Potentially more performant steam ciphers are not typically considered.
However, technological shifts in mobile devices overturn this conventional
wisdom and make it possible to use more performant stream ciphers for disk
encryption. First, mobile devices commonly use Flash Translation Layers (FTL)
and/or Log-structured File Systems (LFSes)~\cite{LFS,F2FS,NILFS} to increase the
lifetime of their solid-state drives (SSDs). Second, modern mobile devices like
wisdom and make it possible to use more performant stream ciphers for drive
encryption.
\vspace{0.5cm}
\begin{minipage}{0.4\columnwidth}
\PAD
\centering
\includegraphics{ftl}
\captionof{figure}{Mobile devices commonly use Flash Translation Layers (FTL)
and/or Log-structured File Systems (LFS)~\cite{LFS,F2FS,NILFS} to increase the
lifetime of their solid-state drives (SSD).}
\PAD
\end{minipage}
\hfill%
\begin{minipage}{0.4\columnwidth}
\PAD
\centering
\includegraphics{tpm}
\captionof{figure}{Modern mobile devices like
smartphones now come equipped with trusted hardware~\cite{TEE,TrustZone}, such
as Trusted Execution Environments (TEEs) and secure storage
areas~\cite{eMMC-standard}.
as Trusted Execution Environments (TEE) and secure storage
areas~\cite{eMMC-standard}.}
\PAD
\end{minipage}
\vspace{0.5cm}
We demonstrate the potential performance win from switching to a stream cipher
We demonstrate the FDE performance win from switching to a stream cipher
by comparing AES-XTS to ChaCha20+Poly1305. \figref{motivation} shows the
distinct advantage of the stream cipher over AES: a consistent $2.7\times$
reduction in run time.
We believe stream ciphers are best suited for encrypting block devices backing
Log-structured File Systems, as these filesystems are designed to append data to
LFSes, as these filesystems are designed to append data to
the end of a log rather than over-write data. In practice, some overwrites
occur; \eg{in metadata}, but they are small in number during normal execution.
This motivates our approach of using a stream cipher to perform full disk
encryption under Log-structured File Systems.
occur; \eg{in metadata}, but they are small in number during normal execution (\figref{overwrites}).
This motivates our approach of using a stream cipher to perform FDE under LFSes.
\color{DarkSlateGray} % DarkSlateGray color for the rest of the content
\vspace{0.5cm}
\begin{minipage}{\columnwidth}
\begin{minipage}{0.5\columnwidth}
\PAD
\input{img/heuristics-time.tex}
\captionof{figure}{AES-XTS and ChaCha20+Poly1305 Comparison.}\label{fig:motivation}
\PAD
\end{minipage}\\
\begin{minipage}{\columnwidth}
\end{minipage}
\begin{minipage}{0.5\columnwidth}
\PAD
\centering
\begin{tabular}{l|c|c}
......@@ -283,18 +307,16 @@ encryption under Log-structured File Systems.
\hline
\hline
\end{tabular}
\captionof{table}{File System Overwrite Behavior}\label{tbl:overwrites}
\captionof{table}{File System Overwrite Behavior}\label{fig:overwrites}
\PAD
\end{minipage}
\vspace{-1cm}
\vspace{-0.25cm}
%----------------------------------------------------------------------------------------
% OBJECTIVES
%----------------------------------------------------------------------------------------
\color{DarkSlateGray} % DarkSlateGray color for the rest of the content
\section*{StrongBox Design}
StrongBox's design is illustrated in \figref{overview}. StrongBox's metadata---
......@@ -323,7 +345,6 @@ fulfilling high-level I/O requests received from the overlying LFS.
%----------------------------------------------------------------------------------------
% MATERIALS AND METHODS
%----------------------------------------------------------------------------------------
\section*{StrongBox vs Dm-crypt under F2FS}
To evaluate the performance of StrongBox, we measure the latency
......@@ -367,15 +388,15 @@ of using a stream cipher.
\item The proliferation of NAND-flash FTL/LFS and secure hardware on
modern/mobile devices overturns the conventional wisdom, making it practical to
use a stream ciphers to secure data at rest.
use stream ciphers to secure data at rest.
\item We propose StrongBox, a stream cipher-based FDE layer and drop-in
\item We propose \emph{StrongBox}: a stream cipher-based FDE layer and drop-in
replacement for dm-crypt. StrongBox exploits LFS’s lack of overwrites and the
availability of trusted hardware to overcome the limitations of stream ciphers.
\item Our results show that under F2FS, StrongBox provides upwards of
$2\times$ improvement on read performance and $1.3\times$ improvement on write
performance over a standard dm-crypt configuration.
\item Our results show that, under F2FS, StrongBox provides upwards of
$2\times$ improvement on read performance and $1.3\times$
improvement on write performance over a standard dm-crypt configuration.
\end{itemize}
......@@ -383,6 +404,8 @@ performance over a standard dm-crypt configuration.
\color{DarkSlateGray} % Set the color back to DarkSlateGray for the rest of the content
\vspace{-0.25cm}
%----------------------------------------------------------------------------------------
% REFERENCES
%----------------------------------------------------------------------------------------
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment