Commit eb37860d authored by Xunnamius (Zara)'s avatar Xunnamius (Zara)

Merge branch 'master' of psd-repo.uchicago.edu:bd3/strongbox2-paper

parents dee01bb1 ce9c8c90
......@@ -15,6 +15,7 @@ switching. We revisit the motivating example from \secref{motivation},
demonstrating that the ability to re-cipher individual nuggets allows us to
complete our task while staying within our energy budget.
\TODO{We may need to say something about how/why these file sizes were chosen. We want to make it clear that they are not magic numbers and the results would hold with different sizes.}
We begin sequentially writing 10 40MB files using the Freestyle Balanced cipher
configuration. After 5 seconds, the device enters ``battery saver'' mode. We
simulate this event by 1) underclocking the cores to their lowest frequencies
......@@ -58,7 +59,14 @@ This usecase illustrates utility of spatial Selective switching to achieve a
performance win over prior work, where the entire drive is encrypted with a
single cipher. We demonstrate \emph{Variable Security Regions} (VSR), where we
can choose to encrypt select files or portions of files with different keys and
ciphers below the filesystem level.
ciphers below the filesystem level.
The goal is that if only a small percentage
of the data needs the strongest encryption, then only a small percentage of the
data should have that associated overhead. Using prior techniques, either all
the data would be stored with high overhead, the critical data would be stored
without sufficient security, or the data would have to be split among separate
files and stored across partitioned stores.
Communicating classified materials, corporate secrets, etc. require the highest
level of discretion when handled, yet sensitive information like this can
......@@ -137,14 +145,14 @@ ability to quickly converge the entire backing store to a single high-security
cipher leveraging SSD Instant Secure Erase (ISE).
Nation-state and other ``adversaries'' have extensive compute resources,
knowledge of side-channels, and access to technology like q-bit computers.
knowledge of side-channels, and access to technology like q-bit computers. \TODO{Do you mean quantum?}
Suppose a scientist were attempting to re-enter her country through a border
entry point when she is stopped. Further suppose her laptop containing sensitive
priceless research data is confiscated from her custody. Being a security
researcher, she has a chance to trigger a remote wipe, where the laptop uses
Instant Secure Erase to reset its internal storage, permanently destroying all
her data. While she certainly doesn't want her data falling into the wrong
hands, she can't afford to lose that data either. In such a scenario, it would
hands, she cannot afford to lose that data either. In such a scenario, it would
be useful if, instead of destroying the data, the storage layer could switch
itself to a more secure state as quickly as possible.
......@@ -160,12 +168,12 @@ In \figref{usecase-eol-tradeoff}, we see the system begins at 0 seconds, where
all data is mirrored across the backing store (perhaps consisting of multiple
physical drives). Both the desired and minimum security score of the drive is
1.5, a balance between performance and security. At 6 seconds, custody panic is
triggered--desired minimum security score reaches maximum--at which point the
triggered---the desired minimum security score goes to 3, the highest possible---at which point the
system executes ISE and completely erases the drive containing the minimally
scored data. ISE is known to be much faster than TRIM and completes in as little
as 3 seconds~\cite{SeaGate,Samsung,ThatOtherOEM}. Once complete, the most secure
form of the data is all that remains. The backing store has been ``locked
down''.
down.''
Our goal is to lock down the backing store, slowing down any attacker as
much as possible such that, even if they copy and permanently store her data
......@@ -176,3 +184,5 @@ and the Mirrored strategy, we can quickly and practically converge the backing
store to this locked down state. With prior work, data is either too weakly
encrypted or the device becomes too slow for daily use (latency ceiling). In
exchange, we trade off half of our drive's writeable space.
\TODO{Again, need some summary of what we just saw in this section. What are the lessons learned from these four case studies? How do they relate to the other points in the paper?}
\ No newline at end of file
\section{Related Work}\label{sec:related}
The standard approach to FDE, using AES-XTS, introduces significant overhead. It
is well known that encryption using \emph{stream ciphers} is faster than using
The standard approach to FDE, using AES-XTS, introduces significant overhead.
Within the last year and a half it has been established that encryption
using \emph{stream ciphers} for FDE is faster than using
AES~\cite{StrongBox, AnotherPaper1, AnotherPaper2}. However, when used naively
in drive encryption, stream ciphers are widely known to be vulnerable to
``overwrite attacks'' like pad reuse and rollback~\cite{KatzLindell, StrongBox}.
......@@ -38,4 +39,4 @@ Device; include other ciphers in the same vein as Freestyle}
\TODO{Include papers that trade energy/perf vs securty; Scalable Encryption
paper, energy saving cryptosystems, LastPass whitepaper trading crypto for
reduced latency in PBKDF2, etc.}
reduced latency in PBKDF2, etc.} \TODO{Agreed that this last one is critical. PErhaps cut the prior todo for space.}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment