Using Key Rotation and TPMs for Encrypted File System Access Control – ased on Antiquity Storage System
Date Issued
2008
Date
2008
Author(s)
Wang, Pei-Yu
Abstract
Abstract. In this thesis, we address the problem of low-efficiency and high-cost access revocation in a distributed storage system. The design of our security model is based on two concepts. First, to reduce the amount of re-encryption, we assume our system is based on lazy revocation. Second, we show how to enhance the security of access control by implementing the current Trusted Platform Module TPM 1.2 technology without any assumption of trust in the BIOS, CPU, or OS of the client. We use a version-based archival storage system called Antiquity, which stores each version of a data object in a permanent, read-only form. In addition, we explain how to use key chains (key rotation) for file version control in a distributed storage system based on the concept of ‘one key per new version.’ To strengthen the servers trust in the client, we use the trusted hardware of the TPM (Trusted Platform Module) technology for network access control and hide a portion of the key information from users. We evaluate the performance of the implementation using the Antiquity Storage on an IBM laptop embedded with a TPM 1.2 chip, and demonstrate how access revocation security can be enhanced by using trusted computing technology.
Subjects
TPM, key rotation, key chain, Antiquity Storage System, access control, key management
File(s)![Thumbnail Image]()
Loading...
Name
ntu-97-R95725016-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):b6ed2e1553cbb4a777c6988b7492989b