Protecting Mass Data Basing on Small Trusted Agent

  • Fangyong Hou
  • Zhiying Wang
  • Kui Dai
  • Yun Liu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3439)


Providing data confidentiality and integrity is essential to ensure secure or trusted computing. Designs for such purpose always face substaintial difficulties, as providing solid security will be contrary to achieving satisfied performance. Basing on a less rigor precondition that will be tenable in many cases, such designs can be implemented with smaller endeavors. The core idea is to let a trusted agent to trustworthily hold one unique timestamp for each untrusted data block; and encrypts each block, as well as the related integrity code, through the corresponding timestamp. In such way, any malicious disclosure and tamper can be prevented. At the same time, each block can be directly verified by the associated timestamp without requiring additional data to minimize the cost of integrity checking, and OTP encryption scheme can pre-computes keystream to remove most encryption latencies.


Hash Function File System Data Block Replay Attack Authentication Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Merkle, R.C.: Protocols for public key cryptography. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 122–134 (1980)Google Scholar
  2. 2.
    Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: IEEE Symposium on Foundations of Computer Science, San Juan, Puerto Rico, pp. 90–99 (1991)Google Scholar
  3. 3.
    Gassend, B., Suh, G.E., Clarke, D., van Dijk, M., Devadas, S.: Caches and merkle trees for efficient memory authentication. In: Ninth International Symposium on High Performance Computer Architecture, Anaheim, California, pp. 8–12 (2003)Google Scholar
  4. 4.
    Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Hardware Mechanisms for Memory Integrity Checking. MIT Laboratory for Computer Science, MIT LCS TR, 872 (2003)Google Scholar
  5. 5.
    Blaze, M.: A cryptographic file system for unix. In: 1st ACM Conference on Communications and Computing Security, pp. 9–16 (1993)Google Scholar
  6. 6.
  7. 7.
    Fu, K., Kaashoek, F., Mazieres, D.: Fast and secure distributed read-only file system. In: Proceedings of OSDI 2000 (2000)Google Scholar
  8. 8.
    Mazieres, D., Shasha, D.: Don’t trust your file server. In: Proceedings of the 8th Workshop on Hot Topics in Operating Systems (2001)Google Scholar
  9. 9.
    Maheshwari, U., Vingralek, R., Shapiro, W.: How to Build a Trusted Database System on Untrusted Storage. In: Proceedings of OSDI 2000 (2000)Google Scholar
  10. 10.
    Stein, C.A., Howard, J.H., Seltzer, M.I.: Unifying file system protection. In: 2001 USENIX Annual Technical Conference, pp. 79–90 (2001)Google Scholar
  11. 11.
    Tomonori, F., Masanori, O.: Protecting the Integrity of an Entire File System. In: First IEEE International Workshop on Information Assurance, pp. 95–105 (2003)Google Scholar
  12. 12.
    SHA-2 Standard. National Institute of Standards and Technology (NIST), Secure Hash Standard, FIPS PUB 180-2,
  13. 13.
    Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley and Sons, Chichester (2001)Google Scholar
  14. 14.
    Hou, F., Wang, Z., Tang, Y., Liu, Z.: Protecting Integrity and Confidentiality for Data Communication. In: Ninth IEEE Symposium on Computers and Communications, Alexandria, Egypt, pp. 357–362 (2004)Google Scholar
  15. 15.
    Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Fangyong Hou
    • 1
  • Zhiying Wang
    • 1
  • Kui Dai
    • 1
  • Yun Liu
    • 1
  1. 1.School of ComputerNational University of Defense TechnologyChangshaP.R.China

Personalised recommendations