Commit ccafa0b3 authored by Xunnamius (Morty)'s avatar Xunnamius (Morty)

added new resources, added extra line to includegraphics

parent ab391456
This image diff could not be displayed because it is too large. You can view the blob instead.
This image diff could not be displayed because it is too large. You can view the blob instead.
This image diff could not be displayed because it is too large. You can view the blob instead.
......@@ -24,7 +24,7 @@ xtick=\empty,
xticklabels={},
yticklabels={},
]
\nextgroupplot[ylabel={\scriptsize Time (s)},
\nextgroupplot[ylabel={\small Time (s)},
ylabel shift={6mm},
ymin=0,
ymax=1,
......@@ -57,8 +57,8 @@ xticklabel shift={-5pt},
%x tick label style={rotate=0, anchor=south},
%xlabel={\footnotesize $Platform$}
xtick={1,2},
xticklabels={{\scriptsize $\mathsf{Encrypt}$},
{\scriptsize $\mathsf{Decrypt}$}},
xticklabels={{\small $\mathsf{Encrypt}$},
{\small $\mathsf{Decrypt}$}},
ymin=0,
ymax=50,
ytick={0,12.5,25,37.5,50},
......@@ -70,8 +70,8 @@ grid style={dashed},
]
\nextgroupplot[ybar=\pgflinewidth,
bar width=15pt,
legend entries = {{\scriptsize $\mathsf{AES-XTS}$},
{\scriptsize $\mathsf{ChaCha+Poly1305}$}
legend entries = {{\small $\mathsf{AES-XTS}$},
{\small $\mathsf{ChaCha+Poly1305}$}
},
legend style={draw=none,legend columns=2,at={(0.5,1.35)},anchor=north},
]
......
@BOOK{Smith:2012qr,
title = {{B}ook {T}itle},
publisher = {Publisher},
author = {Smith, J.~M. and Jones, A.~B.},
year = {2012},
edition = {7th},
}
@ARTICLE{Smith:2013jd,
author = {Jones, A.~B. and Smith, J.~M.},
title = {{A}rticle {T}itle},
journal = {Journal title},
year = {2013},
volume = {13},
pages = {123-456},
number = {52},
month = {March},
publisher = {Publisher}
}
\ No newline at end of file
@techreport{Poly1305,
institution="University of Illinois at Chicago",
title="The Poly1305-AES message-authentication code",
author="Daniel J. Bernstein",
year="2005",
}
@techreport{ChaCha20,
institution="University of Illinois at Chicago",
title="ChaCha, a variant of Salsa20",
author="Daniel J. Bernstein",
year="2008",
}
@techreport{XEX,
institution="University of California at Davis",
title="Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC",
author="Phillip Rogaway",
year="2004",
}
@Inbook{CipherTextStealing,
author="Rogaway, Phillip
and Wooding, Mark
and Zhang, Haibin",
editor="Canteaut, Anne",
title="The Security of Ciphertext Stealing",
bookTitle="Fast Software Encryption: 19th International Workshop, FSE 2012, Washington, DC, USA, March 19-21, 2012. Revised Selected Papers",
year="2012",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="180--195",
isbn="978-3-642-34047-5",
doi="10.1007/978-3-642-34047-5_11",
url="http://dx.doi.org/10.1007/978-3-642-34047-5_11",
}
@misc{XTSComments,
author="NIST",
title="Public Comments on the XTS-AES Mode",
year=2008,
}
@online{BUSE,
title = "A block device in userspace",
year = 2012,
url = "https://github.com/acozzette/BUSE",
urldate = "2017-04-26",
}
@online{dmcrypt,
title = "Linux kernel device-mapper crypto target",
year = 2013,
url = "https://gitlab.com/cryptsetup/cryptsetup",
urldate = "2017-04-26",
}
@inproceedings{energymon,
author = "Imes, Connor and Bergstrom, Lars and Hoffmann, Henry",
title = "A Portable Interface for Runtime Energy Monitoring",
booktitle = "Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering",
series = "FSE 2016",
year = "2016",
isbn = "978-1-4503-4218-6",
location = "Seattle, WA, USA",
pages = "968--974",
numpages = "7",
url = "http://doi.acm.org/10.1145/2950290.2983956",
doi = "10.1145/2950290.2983956",
acmid = "2983956",
publisher = "ACM",
keywords = "portable energy measurement",
}
@online{LinuxDeviceMapper,
title = "RedHat: Device-mapper Resource Page",
url = "https://www.sourceware.org/dm",
urldate = "2017-04-26",
}
@online{eMMC-standard,
title = "EMBEDDED MULTI-MEDIA CARD (e•MMC), ELECTRICAL STANDARD (5.1)",
year = 2015,
url = "https://www.jedec.org/standards-documents/results/jesd84-b51",
urldate = "2017-04-26",
}
@online{DmC-Android,
title = "Android Open Source Project: Full-Disk Encryption",
url = "https://source.android.com/security/encryption/full-disk",
urldate = "2017-04-26",
}
@online{ZFS,
title = "Oracle blog: ZFS End-to-End Data Integrity",
year = 2005,
url = "https://blogs.oracle.com/bonwick/zfs-end-to-end-data-integrity",
urldate = "2017-04-26",
}
@online{google-blog,
title = "TLS Symmetric Crypto",
year = 2014,
url = "https://www.imperialviolet.org/2014/02/27/tlssymmetriccrypto.html",
urldate = "2017-04-26",
}
@inproceedings {F2FS,
author = "Changman Lee and Dongho Sim and Jooyoung Hwang and Sangyeun Cho",
title = "F2FS: A New File System for Flash Storage",
booktitle = "13th USENIX Conference on File and Storage Technologies (FAST 15)",
year = "2015",
isbn = "978-1-931971-201",
address = "Santa Clara, CA",
pages = "273--286",
url = "https://www.usenix.org/conference/fast15/technical-sessions/presentation/lee",
publisher = "USENIX Association",
}
@article{LFS,
author = "Rosenblum, Mendel and Ousterhout, John K.",
title = "The Design and Implementation of a Log-structured File System",
journal = "ACM Trans. Comput. Syst.",
issue_date = "Feb. 1992",
volume = "10",
number = "1",
month = feb,
year = "1992",
issn = "0734-2071",
pages = "26--52",
numpages = "27",
url = "http://doi.acm.org/10.1145/146941.146943",
doi = "10.1145/146941.146943",
acmid = "146943",
publisher = "ACM",
address = "New York, NY, USA",
keywords = "Unix, disk storage management, fast crash recovery, file system organization, file system performance, high write performance, log-structured, logging",
}
@misc{NISTXTS,
title = "Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices",
url = "http://nvlpubs.nist.gov/",
note = "NIST Special Publication 800-38E",
year = "2010",
}
@misc{XTS,
title = "The XTS-AES Tweakable Block Cipher",
note = "IEEE Std 1619-2007",
year = "2008",
}
@article{NILFS,
author = "Konishi, Ryusuke and Amagai, Yoshiji and Sato, Koji and Hifumi, Hisashi and Kihara, Seiji and Moriai, Satoshi",
title = "The Linux Implementation of a Log-structured File System",
journal = "SIGOPS Oper. Syst. Rev.",
issue_date = "July 2006",
volume = "40",
number = "3",
month = jul,
year = "2006",
issn = "0163-5980",
pages = "102--107",
numpages = "6",
url = "http://doi.acm.org/10.1145/1151374.1151375",
doi = "10.1145/1151374.1151375",
acmid = "1151375",
publisher = "ACM",
address = "New York, NY, USA",
}
@INPROCEEDINGS{SBD,
author="D. Hein and J. Winter and A. Fitzek",
booktitle="2015 IEEE Trustcom/BigDataSE/ISPA",
title="Secure Block Device -- Secure, Flexible, and Efficient Data Storage for ARM TrustZone Systems",
year="2015",
volume="1",
pages="222-229",
keywords="cloud computing;data integrity;data protection;private key cryptography;public key cryptography;storage management;trusted computing;ARM TrustZone systems;ARM TrustZone trusted execution environment;Data at Rest integrity;Merkle-Tree;authenticated encryption scheme;cloud storage;confidential block device;cryptographic keys;cryptographic methods;data confidentiality;data integrity protection;integrity protected block device;memory protection;open source C software library;secure block device;secure file systems;secure storage trusted application;secure-flexible-efficient-data storage;trusted computing base solution;Cryptography;Hardware;Kernel;Memory;Program processors;Secure storage;ARM TrustZone;Authenicated Encryption;Merkle-Tree;Secure storage;Trusted Applications",
doi="10.1109/Trustcom.2015.378",
}
@misc{TPM,
title="TCG: Trusted platform module summary",
author="Trusted Computing Group",
year="2008",
}
@misc{TrustZone,
title="ARM security technology: Building a secure system using TrustZone technology",
author="ARM Limited",
note="PRD29-GENC-009492C",
year="2009",
}
@misc{TEE,
title="TEE client API specification version 1.0",
author="Global Platform Device Technology",
note="GPD\_SPE\_007",
year="2010",
}
@article{SSD,
author = "Cornwell, Michael",
title = "Anatomy of a Solid-state Drive",
journal = "Queue",
issue_date = "October 2012",
volume = "10",
number = "10",
month = oct,
year = "2012",
issn = "1542-7730",
pages = "30:30--30:36",
articleno = "30",
numpages = "7",
url = "http://doi.acm.org/10.1145/2381996.2385276",
doi = "10.1145/2381996.2385276",
acmid = "2385276",
publisher = "ACM",
address = "New York, NY, USA",
}
@ARTICLE{STES,
author={D. Chakraborty and C. Mancillas-López and P. Sarkar},
journal={IEEE Transactions on Computers},
title={STES: A Stream Cipher Based Low Cost Scheme for Securing Stored Data},
year={2015},
volume={64},
number={9},
pages={2691-2707},
keywords={cryptography;field programmable gate arrays;file organisation;FPGAs-Xilinx Spartan 3;Lattice ICE40;STES;data storage security;low cost scheme;multilinear hash function;pseudodot product based hash function;stream cipher;tweakable enciphering scheme;Ciphers;Encryption;Field programmable gate arrays;Hardware;Throughput;FPGA;SD card;Tweakable enciphering scheme;USB memory;disk encryption;stream ciphers},
doi={10.1109/TC.2014.2366739},
ISSN={0018-9340},
}
@Inbook{CMC,
author="Halevi, Shai
and Rogaway, Phillip",
editor="Boneh, Dan",
title="A Tweakable Enciphering Mode",
bookTitle="Advances in Cryptology - CRYPTO 2003: 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17-21, 2003. Proceedings",
year="2003",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="482--499",
isbn="978-3-540-45146-4",
doi="10.1007/978-3-540-45146-4_28",
url="http://dx.doi.org/10.1007/978-3-540-45146-4_28",
}
@Inbook{HCTR,
author="Wang, Peng
and Feng, Dengguo
and Wu, Wenling",
editor="Feng, Dengguo
and Lin, Dongdai
and Yung, Moti",
title="HCTR: A Variable-Input-Length Enciphering Mode",
bookTitle="Information Security and Cryptology: First SKLOIS Conference, CISC 2005, Beijing, China, December 15-17, 2005. Proceedings",
year="2005",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="175--188",
isbn="978-3-540-32424-9",
doi="10.1007/11599548_15",
url="http://dx.doi.org/10.1007/11599548_15"
}
@techreport{TES-From-Stream-Cipher,
institution="Indian Statistical Institute",
title="Tweakable Enciphering Schemes From Stream Ciphers With IV",
author="Palash Sarkar",
year="2009",
}
......@@ -29,7 +29,7 @@
\columnsep=100pt % This is the amount of white space between the columns in the poster
\columnseprule=1pt % This is the thickness of the black line between the columns in the poster
\usepackage[svgnames]{xcolor} % Specify colors by their 'svgnames', for a full list of all colors available see here: http://www.latextemplates.com/svgnames-colors
\usepackage[svgnames]{xcolor} % Specify colors by their 'svgnames', for a full list of all colors available
\usepackage{times} % Use the times font
%\usepackage{palatino} % Uncomment to use the Palatino font
......@@ -158,6 +158,7 @@ tick label style={font=\small},
\usepackage[natbib=true,backend=bibtex,firstinits=true,style=numeric-comp,sorting=nyt,defernumbers,maxnames=2,maxcitenames=2,doi=false,isbn=false,url=false]{biblatex}
\bibliography{strongbox}
\renewcommand*{\bibfont}{\normalfont\footnotesize}
\begin{document}
......@@ -172,6 +173,7 @@ tick label style={font=\small},
\begin{minipage}[b]{\linewidth}
\includegraphics[height=5cm]{figures/uchicago_logo.png}
\includegraphics[height=5cm]{figures/uchicago_logo.png}
\vspace{0.1cm}
\begin{center}
......@@ -233,6 +235,20 @@ ARM big.LITTLE mobile processor and test its performance under the F2FS LFS.
\section*{Motivation}
Full disk encryption (FDE) is an essential technique for protecting the privacy
of data at rest. Considering the state of the art, the conventional wisdom for
securing this data is to use the AES block cipher in XTS mode~\cite{NISTXTS}.
Potentially more performant steam ciphers are not typically considered.
However, technological shifts in mobile devices overturn this conventional
wisdom and make it possible to use more performant stream ciphers for disk
encryption. First, mobile devices commonly use Flash Translation Layers (FTL)
and/or Log-structured File Systems (LFSes)~\cite{LFS,F2FS,NILFS} to increase the
lifetime of their solid-state drives (SSDs). Second, modern mobile devices like
smartphones now come equipped with trusted hardware~\cite{TEE,TrustZone}, such
as Trusted Execution Environments (TEEs) and secure storage
areas~\cite{eMMC-standard}.
We demonstrate the potential performance win from switching to a stream cipher
by comparing AES-XTS to ChaCha20+Poly1305. \figref{motivation} shows the
distinct advantage of the stream cipher over AES: a consistent $2.7\times$
......@@ -247,18 +263,17 @@ encryption under Log-structured File Systems.
\vspace{0.5cm}
\begin{minipage}{0.5\columnwidth}
\begin{minipage}{\columnwidth}
\PAD
\input{img/heuristics-time.tex}
\captionof{figure}{AES-XTS and ChaCha20+Poly1305 Comparison.}\label{fig:motivation}
\PAD
\end{minipage}%
\begin{minipage}{0.5\columnwidth}
\end{minipage}\\
\begin{minipage}{\columnwidth}
\PAD
\centering
\footnotesize
\begin{tabular}{l|c|c}
\textbf{File System} & \textbf{Total Write Ops} & \textbf{Overwrites} \\
\small{\textbf{File System}} & \small{\textbf{Total Write Ops}} & \small{\textbf{Overwrites}} \\
\hline
\hline
ext4 & 16,756 & 10,787\\
......@@ -272,24 +287,38 @@ encryption under Log-structured File Systems.
\PAD
\end{minipage}
\vspace{-1cm}
%----------------------------------------------------------------------------------------
% OBJECTIVES
%----------------------------------------------------------------------------------------
\color{DarkSlateGray} % DarkSlateGray color for the rest of the content
\section*{Design and Implementation}
\section*{StrongBox Design}
\begin{enumerate}
\item Lorem ipsum dolor sit amet, consectetur.
\item Nullam at mi nisl. Vestibulum est purus, ultricies cursus volutpat sit amet, vestibulum eu.
\item Praesent tortor libero, vulputate quis elementum a, iaculis.
\item Phasellus a quam mauris, non varius mauris. Fusce tristique, enim tempor varius porta, elit purus commodo velit, pretium mattis ligula nisl nec ante.
\item Ut adipiscing accumsan sapien, sit amet pretium.
\item Estibulum est purus, ultricies cursus volutpat
\item Nullam at mi nisl. Vestibulum est purus, ultricies cursus volutpat sit amet, vestibulum eu.
\item Praesent tortor libero, vulputate quis elementum a, iaculis.
\end{enumerate}
StrongBox's design is illustrated in \figref{overview}. StrongBox's metadata---
the key to its operation---is encapsulated in three primary components: an in-
memory \emph{Merkle Tree} and two disk-backed byte arrays, the \emph{Keycount
Store} and the \emph{Transaction Journal}. These components are integrated into
the \emph{Cryptographic Driver}, which is responsible for handling data
encryption, verification, and decryption. These interactions take place while
fulfilling high-level I/O requests received from the overlying LFS.
\begin{minipage}{0.6\columnwidth}
\PAD
\centering
\includegraphics{overview}
\captionof{figure}{Overview of the StrongBox construction.}\label{fig:overview}
\PAD
\end{minipage}
\begin{minipage}{0.4\columnwidth}
\PAD
\centering
\includegraphics{backstore}
\captionof{figure}{Layout of StrongBox’s backing storage.}\label{fig:backstore}
\PAD
\end{minipage}
%----------------------------------------------------------------------------------------
% MATERIALS AND METHODS
......@@ -297,7 +326,30 @@ encryption under Log-structured File Systems.
\section*{StrongBox vs Dm-crypt under F2FS}
Fusce magna risus, molestie ut porttitor in, consectetur sed mi. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Pellentesque consectetur blandit pellentesque. Sed odio justo, viverra nec porttitor vel, lacinia a nunc. Suspendisse pulvinar euismod arcu, sit amet accumsan enim fermentum quis. In id mauris ut dui feugiat egestas. Vestibulum ac turpis lacinia nisl commodo sagittis eget sit amet sapien.
To evaluate the performance of StrongBox, we measure the latency
(seconds/milliseconds per operation) of both sequential and random read and
write I/O operations across four different standard Linux filesystems: NILFS2,
F2FS (shown below), Ext4 in ordered journaling mode, and Ext4 in full journaling mode.
We include results of the F2FS LFS mounted atop both dm-crypt and StrongBox;
median latency of different sized whole file read and write operations were
normalized to unencrypted access. By harmonic mean, StrongBox is 1.6$\times$
faster than dm-crypt for reads and 1.2$\times$ faster for writes.
\begin{minipage}{\columnwidth}
\PAD
\centering
\includegraphics[scale=0.85]{first_bars}
\captionof{figure}{Sequential I/O expanded F2FS result set.}\label{fig:microbench-f2fs-sequential}
\PAD
\end{minipage}\\[1ex]
\begin{minipage}{\columnwidth}
\PAD
\centering
\includegraphics[scale=0.85]{second_bars}
\captionof{figure}{Random I/O expanded F2FS result set.}\label{fig:microbench-f2fs}
\PAD
\end{minipage}
%----------------------------------------------------------------------------------------
% CONCLUSIONS
......@@ -327,6 +379,8 @@ performance over a standard dm-crypt configuration.
\end{itemize}
\textcolor{black}{\footnotesize{*StrongBox source is available on GitHub @ \texttt{https://github.com/ananonrepo2/StrongBox}}}
\color{DarkSlateGray} % Set the color back to DarkSlateGray for the rest of the content
%----------------------------------------------------------------------------------------
......@@ -341,11 +395,4 @@ performance over a standard dm-crypt configuration.
%----------------------------------------------------------------------------------------
\end{multicols}
\begin{minipage}[b]{\linewidth}
\vspace{1cm}
\noindent\makebox[\linewidth]{\rule{0.9\paperwidth}{0.4pt}}
StrongBox source is available on GitHub @ \texttt{https://github.com/ananonrepo2/StrongBox}
\end{minipage}
\end{document}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment