Ramya Prabhakar, Seung Woo Son, Christina Patrick,

1
Securing Disk-Resident Data through Application
Level Encryption
Ramya Prabhakar

• Ramya Prabhakar, Seung Woo Son, Christina
  Patrick,
• Sri Hari Krishna Narayanan, Mahmut Kandemir
• Pennsylvania State University
• 4th International IEEE Security in Storage
  Workshop 07
• 27th September, 2007

2
Outline
3
Motivation
4
Data Reuse in Applications

X
Eg. Matrix Matrix Multiplication A X B
C Matrix B is read every time an element of C is
computed
5
Reuse Potential

• Reuse potential is a measure of amount of data
  read/written repeatedly by the application
• Different applications have different reuse
  potentials

6
The Two Extremes

• Always Encrypt/Decrypt

• Never Encrypt/Decrypt

• Minimum Vulnerability Factor
• Maximum security
• Maximum I/O Time
• Significant Performance overhead

• Minimum I/O Time
• Significant Performance improvement
• Maximum exposure
• Maximum Vulnerability Factor

7
Reuse oriented approach
write_encrypt (, offset) write_encrypt (,
offset) read_decrypt (, offset) read_decrypt
(, offset) read_decrypt (, offset)
write_encrypt (, offset) read_decrypt (,
offset) read_decrypt (, offset)
plain_write(, offset)

d threshold
d threshold
Reuse distance(d)
plain_read(, offset)
8
Distribution of Reuse
9
Metrics of Interest

• I/O Time (IOT)
• I/O latency when encryption/ decryption is
  included.
• Normalized to base version
• Vulnerability Factor (VF)
• percentage of data stored in plain text during
  execution
• Two variants
• Average Vulnerability Factor (AVF)
• Maximum Vulnerability Factor (MVF)

Ideal case reduce both IOT and VF
10
Metrics Vs Reuse Distance
NED DES scheme reduces IOT over AED DES by 74
NED DES scheme reduces IOT over AED DES by 26
11
But

• Reuse oriented approach is idealistic
• Analysis is perfect derives maximum benefit
• Requires knowledge of future references
• Not possible to implement

12
Profile Guided Approach

• Profiling
• Collect statistical information
• Obtain dynamic behavior of each static call
• An implementable method to approximate
  reuse-oriented approach
• Static I/O call results in many dynamic instances
  of the same call

13
Profile Guided Approach
14
Profile Guided Approach

• Profiler inserts hints to every static call
• Three types of static calls
• Group I
• Always interpreted as read_decrypt /
  write_encrypt
• Group II
• Always interpreted as plain_read / plain_write
• Group III
• Decision varies dynamically. Non-deterministic

15
Profile Guided Approach

• Distribution of static I/O calls among groups

16
I/O Call Splitting
17
I/O Call Splitting
18
I/O Call Splitting

• Group III references optimized in two ways
• Performance oriented approach (PO)
• Profiles with higher d threshold
• Performance is favored in the tradeoff
• Security oriented approach (SO)
• Profiles with higher d threshold
• Performance is favored in the tradeoff

19
Results

• Variation of IOT(DES) with different approaches

20
Results

• Variation of IOT(AES) with different approaches

21
Results

• Variation of AVF with different approaches

22
Results

• Variation of MVF with different approaches

23
Guidelines for suitable dthreshold

• Performance ratio for dk is IOT for lowest d
  divided by IOT for dk
• Security ratio for dk is portion of secure data
  at dk divided by portion of secure data for
  highest d
• Combined metric is Performance ratio divided by
  security ratio
• At dk represents unit gain in performance for
  unit loss in security
• CM is less than, equal to or greater than 1

24
Conclusion

• Quantitative analysis of performance and
  confidentiality tradeoff
• Disk resident data remains secured
• Encryption/decryption overheads significantly
  reduced
• 46.5 with 3-DES
• 30.63 with AES

25

• IO Time contribution to overall execution latency
  is between 64.2 and 96.6.
• The absolute IOT values measured for base version
  are 2873.24, 2678.45, 5676.32, 5940.22 and
  3453.79 msec for swim, mgrid, lu, mxm and tsf
  respectively.

26
Characteristics of Applications