[Colloquium] Reminder: Dickens/MS Presentation/Jul 21, 2017

Margaret Jaffey via Colloquium colloquium at mailman.cs.uchicago.edu
Thu Jul 20 09:11:27 CDT 2017 

This is a reminder about Bernard's MS Presentation tomorrow.

------------------------------------------------------------------------------
Date:  Friday, July 21, 2017

Time:  2:00 PM

Place:  Ryerson 277

M.S. Candidate:  Bernard Dickens

M.S. Paper Title: Strongbox: Confidentiality, Integrity, and
Performance Using Stream Ciphers for Full-Disk Encryption

Abstract:
Full disk encryption (FDE) is especially important for mobile devices
because they both contain large amounts of sensitive data and are
easily lost or stolen. Yet, the conventional approach to FDE, AES in
XTS mode, is 3-5x slower than unencrypted storage. Authenticated
encryption based on stream ciphers like ChaCha20 is already used as a
faster alternative to AES in other contexts, such as HTTPS, but the
conventional wisdom is that stream ciphers are a unsuitable for FDE.
Used naively in disk encryption, stream ciphers are vulnerable to
many-time pad attacks and rollback attacks, and mitigating these
attacks with on-disk metadata is generally believed to ruin
performance.

In this paper, we argue that recent developments in mobile devices
invalidate this assumption and make it possible to use fast stream
ciphers for disk encryption. Modern mobile devices use Log-structured
File Systems and include trusted hardware such as Trusted Execution
Environments (TEEs) and secure storage areas. Leveraging these two
trends, we propose StrongBox, a stream cipher -based FDE layer that is
a drop-in replacement for dm-crypt, the standard Linux disk encryption
module based on AES-XTS. StrongBox introduces a system design and
on-disk data structures that exploit LFS's lack of overwrites to avoid
costly rekeying and a counter stored in trusted hardware to implement
rollback protection. We implement StrongBox on an ARM big.LITTLE
mobile processor and test its performance under multiple popular
production LFSes. We find that StrongBox generally improves read
performance by over 1.6× and write performance by over 1.2x compared
to dm-crypt while offering stronger integrity guarantees.

Bernard's advisor is Prof. Henry Hoffmann

Login to the Computer Science Department website for details:
 https://www.cs.uchicago.edu/phd/ms_announcements#bd3

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Margaret P. Jaffey            margaret at cs.uchicago.edu
Department of Computer Science
Student Support Rep (Ry 156)               (773) 702-6011
The University of Chicago      http://www.cs.uchicago.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

More information about the Colloquium mailing list