Abstract
Providing data confidentiality and integrity is essential to ensure secure or trusted computing. Designs for such purpose always face substaintial difficulties, as providing solid security will be contrary to achieving satisfied performance. Basing on a less rigor precondition that will be tenable in many cases, such designs can be implemented with smaller endeavors. The core idea is to let a trusted agent to trustworthily hold one unique timestamp for each untrusted data block; and encrypts each block, as well as the related integrity code, through the corresponding timestamp. In such way, any malicious disclosure and tamper can be prevented. At the same time, each block can be directly verified by the associated timestamp without requiring additional data to minimize the cost of integrity checking, and OTP encryption scheme can pre-computes keystream to remove most encryption latencies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Merkle, R.C.: Protocols for public key cryptography. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 122–134 (1980)
Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: IEEE Symposium on Foundations of Computer Science, San Juan, Puerto Rico, pp. 90–99 (1991)
Gassend, B., Suh, G.E., Clarke, D., van Dijk, M., Devadas, S.: Caches and merkle trees for efficient memory authentication. In: Ninth International Symposium on High Performance Computer Architecture, Anaheim, California, pp. 8–12 (2003)
Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Hardware Mechanisms for Memory Integrity Checking. MIT Laboratory for Computer Science, MIT LCS TR, 872 (2003)
Blaze, M.: A cryptographic file system for unix. In: 1st ACM Conference on Communications and Computing Security, pp. 9–16 (1993)
Tripwire, http://www.tripwire.org
Fu, K., Kaashoek, F., Mazieres, D.: Fast and secure distributed read-only file system. In: Proceedings of OSDI 2000 (2000)
Mazieres, D., Shasha, D.: Don’t trust your file server. In: Proceedings of the 8th Workshop on Hot Topics in Operating Systems (2001)
Maheshwari, U., Vingralek, R., Shapiro, W.: How to Build a Trusted Database System on Untrusted Storage. In: Proceedings of OSDI 2000 (2000)
Stein, C.A., Howard, J.H., Seltzer, M.I.: Unifying file system protection. In: 2001 USENIX Annual Technical Conference, pp. 79–90 (2001)
Tomonori, F., Masanori, O.: Protecting the Integrity of an Entire File System. In: First IEEE International Workshop on Information Assurance, pp. 95–105 (2003)
SHA-2 Standard. National Institute of Standards and Technology (NIST), Secure Hash Standard, FIPS PUB 180-2, http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley and Sons, Chichester (2001)
Hou, F., Wang, Z., Tang, Y., Liu, Z.: Protecting Integrity and Confidentiality for Data Communication. In: Ninth IEEE Symposium on Computers and Communications, Alexandria, Egypt, pp. 357–362 (2004)
Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hou, F., Wang, Z., Dai, K., Liu, Y. (2005). Protecting Mass Data Basing on Small Trusted Agent. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31979-5_31
Download citation
DOI: https://doi.org/10.1007/978-3-540-31979-5_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25584-0
Online ISBN: 978-3-540-31979-5
eBook Packages: Computer ScienceComputer Science (R0)