Ramya Prabhakar, Seung Woo Son, Christina Patrick, Sri Hari Krishna Narayanan, Mahmut Kandemir

Pennsylvania State University

4th International IEEE Security in Storage Workshop ‘0727th September, 2007

Securing Disk-Resident Data through Application Level

Encryption

Ramya Prabhakar

Outline

Motivation

Data Reuse in Applications

Eg. Matrix – Matrix Multiplication A X B = CMatrix B is read every time an element of C is computed

=X

Reuse Potential

•Reuse potential is a measure of amount of data read/written repeatedly by the application

• Different applications have different reuse potentials

The Two Extremes…Always Encrypt/Decrypt

Never Encrypt/Decrypt

•Minimum Vulnerability Factor•Maximum security•Maximum I/O Time•Significant Performance overhead

•Minimum I/O Time•Significant Performance improvement•Maximum exposure•Maximum Vulnerability Factor

Reuse oriented approach

write_encrypt (…, offset)

write_encrypt (…, offset)

read_decrypt (…, offset)

read_decrypt (…, offset)

read_decrypt (…, offset)

write_encrypt (…, offset)

read_decrypt (…, offset)

read_decrypt (…, offset)R

euse

dis

tan

ce(δ

)

δ

thre

shold

δ

thre

shold

plain_write(…, offset)

plain_read(…, offset)

Distribution of Reuse

Metrics of Interest• I/O Time (IOT) • I/O latency when encryption/ decryption is

included. • Normalized to base version

• Vulnerability Factor (VF) • percentage of data stored in plain text during

execution• Two variants:• Average Vulnerability Factor (AVF)• Maximum Vulnerability Factor (MVF)Ideal case reduce both IOT and VF

Metrics Vs Reuse Distance

NED DES scheme reduces IOT over AED DES by 74%NED DES scheme reduces IOT over AED

DES by 26%

But…Reuse oriented approach is idealistic

Analysis is perfect; derives maximum benefit

Requires knowledge of future references

Not possible to implement

Profile Guided ApproachProfiling

Collect statistical informationObtain dynamic behavior of each static

call

An implementable method to approximate reuse-oriented approach

Static I/O call results in many dynamic instances of the same call

Profile Guided Approach

Profile Guided Approach Profiler inserts hints to every static callThree types of static calls:

Group IAlways interpreted as read_decrypt / write_encrypt

Group IIAlways interpreted as plain_read / plain_write

Group IIIDecision varies dynamically. Non-deterministic

Profile Guided Approach Distribution of static I/O calls among groups

I/O Call Splitting

I/O Call Splitting

I/O Call SplittingGroup III references optimized in two ways

Performance oriented approach (PO)Profiles with higher δ thresholdPerformance is favored in the tradeoff

Security oriented approach (SO)Profiles with higher δ thresholdPerformance is favored in the tradeoff

ResultsVariation of IOT(DES) with different

approaches

ResultsVariation of IOT(AES) with different

approaches

ResultsVariation of AVF with different approaches

ResultsVariation of MVF with different approaches

Guidelines for suitable δthreshold

Performance ratio for δk is IOT for lowest δ divided by IOT for δk

Security ratio for δk is portion of secure data at δk divided by portion of secure data for highest δ

Combined metric is Performance ratio divided by security ratioAt δk represents unit gain in performance for unit loss in

securityCM is less than, equal to or greater than 1

ConclusionQuantitative analysis of performance and

confidentiality tradeoff

Disk resident data remains secured

Encryption/decryption overheads significantly reduced

46.5% with 3-DES

30.63% with AES