TrInc: Small Trusted Hardware for Large Distributed Systems
TrInc is a system designed to provide trusted hardware for large distributed systems, aiming to prevent equivocation, ensure trust in distributed systems, and enhance security through various applications and features. Developed by Jacob R. Lorch and team, TrInc offers solutions such as BFT with fewer nodes and messages, prevention of Sybil attacks, fast digital signatures, and more. The system's outline includes its motivation, workings, specification, applications, implementation, evaluation, related work, and conclusions.
Uploaded on Oct 01, 2024 | 0 Views
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
TrInc: Small Trusted Hardware for Large Distributed Systems Dave Levin John R. Douceur Jacob R. Lorch Thomas Moscibroda
Trust in distributed systems B A C Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Trusted hardware A B Goal: Prevent equivocation C Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
What can TrInc do? BFT with fewer nodes and messages BFT with fewer nodes and messages Prevent Sybil attacks Fast digital signatures Untrusted file server Version control on untrusted servers Reduce network overhead of PeerReview Reduce network overhead of PeerReview Prevent BitTorrent under-reporting Prevent BitTorrent under-reporting Ensure DHT participants provide fresh data Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Outline Motivation How TrInc works Specification Applications Implementation and evaluation Related and future work Conclusions Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Outline Motivation How TrInc works Specification Applications Implementation and evaluation Related and future work Conclusions Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Equivocation A B I vote for A to be the leader. I vote for B to be the leader. C Leader election Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Equivocation A B Your edits to file F are confirmed. There s no file named F. C Distributed storage Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Equivocation A B Operation #57 should be Add 2 Operation #57 should be Add 3 C Replicated state machine Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Equivocation A B C Many more: auctions, voting, digital currency, games, version control, secure DNS, DHTs, secure-origin BGP, etc. Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Attested Append-Only Memory (A2M) [Chun et al., SOSP 2007] A B 1 1 1 C 2 3 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Reducing overhead in A2M [Chun et al., SOSP 2007] Just the fact that there s only one is good enough for me. 3 B A Assigning semantic meaning to message counters obviates full log transmission. When correctness of a prefix has been established, one can do log truncation. 1 C 2 3 3 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Reducing hardware requirement trinket 4 4 1 1 2 2 3 3 Tr usted Inc rement Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Minimality TrInc storage requirement is minimal: a counter and a key Storage requirement of a counter is log2(# of messages) 5 1 2 3 4 5 6 7 8 9 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Outline Motivation How TrInc works Specification Applications Implementation and evaluation Related and future work Conclusions Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Trinket specification overview Exporting public key Allocating counters Attesting to counter values Symmetric keys Dealing with power failure Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Trinket specification Private key (Kpriv) Public key (Kpub) Public key certificate (Kpub, A) Cryptographic processing Trinket state Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Trinket specification GetCertificate() Private key (Kpriv) Public key (Kpub) Public key certificate (Kpub, A) Cryptographic processing Trinket state Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Trinket specification 1: Private key (Kpriv) Counters Counter 2: Public key (Kpub) Public key certificate (Kpub, A) 3: Cryptographic processing Meta-counter (M) Trinket state Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Trinket specification CreateCounter() 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) 3: 4: Cryptographic processing Meta-counter (M) Trinket state 4 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Trinket specification FreeCounter(2) 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) 3: 4: Cryptographic processing Meta-counter (M) Trinket state Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
TrInc specification Attest( , , ) 2 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) 3: 4: Cryptographic processing Meta-counter (M) Trinket state < , 2 , > Kpriv Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
How attestations can be used < , 2 , > is message # Kpriv is message # and there is no message # or # < , 2 , > Kpriv no message > sent before nonce was generated and I own the trinket < , 2 , > is message # Kpriv Prevent Sybil attacks Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Symmetric keys Asymmetric key operations can be slow Insight: Trusted hardware allows secure storage of symmetric keys How we do it: Trusted administrator creates symmetric key Admin encrypts symmetric key with trinkets private keys Admin sends encrypted keys to trinket owners Each trinket owner associates key with a counter S S S S Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Symmetric keys ImportSymmetricKey(3, ) S 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) S 3: 4: Cryptographic processing Meta-counter (M) Trinket state But, with secret key inaccessible, how do untrusted parties verify attestations? Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Symmetric keys VerifyAttestation(3, ) <Kpub, , , > 2 S 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) S 3: 4: OK Cryptographic processing Meta-counter (M) Trinket state Fast digital signatures Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Dealing with power failures 4 4 1 2 3 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Dealing with power failures 5 5 1 2 3 5 Maybe it s something he doesn t want me to Hey, why won t he tell me his message #4? know about! Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Dealing with power failures Attest( , , ) 2 Recent attestation queue (Q) 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) 3: 1. 2. 3. 4: Cryptographic processing Meta-counter (M) Trinket state < , 2 , > Kpriv Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Dealing with power failures GetRecentAttestations() Recent attestation queue (Q) 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) 3: 1. 2. 3. 4: Cryptographic processing Meta-counter (M) Trinket state Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Dealing with power failures 4 4 1 2 3 4 User can protect himself from power failures by: Logging messages before attestation Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Dealing with power failures 1 2 3 4 User can protect himself from power failures by Logging messages before attestation Requesting attestation queue after power failure Limiting outstanding attestations to |Q| Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Is TrInc practical? Trusted Platform Module (TPM) is ubiquitous Has everything we need Tamper resilience Small amount of storage Computation Crypto Counters Essentially, all it lacks is the right interface Source: IDC 2006 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
TrInc vs. TPM Operation #57 should be Add 2 Can be peripheral Platform-neutral Simple Requires integration Limits platforms Complex Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Outline Motivation How TrInc works Specification Applications Implementation and evaluation Related and future work Conclusions Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Replicated state machines B A Operation #57 should be Add 2 Operation #57 should be Add 3 C D 3f+1 machines instead of 2f+1 protocol more complex with longer latency Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Byzantine fault tolerance with A2M [Chun et al., SOSP 2007] Only requires 2f+1 machines and Paxos protocol Assigning semantic meaning to counters reduces traffic prepare 0000200007 view number operation number Group attestations allow log truncation f+1 machines can attest to a summary of M s log up to a certain point After this, M can truncate its log Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Building A2M with TrInc Attested Append-Only Memory (A2M) A2M on TrInc BFT with fewer nodes and messages Untrusted file server 1 1 Enables Byzantine fault tolerance SUNDR Q/U 2 2 3 3 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
PeerReview [Haeberlen et al., SOSP 2007] Goal: Detect Byzantine behavior in a distributed system Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
PeerReview 4 A B 1 2 3 5 D C Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
PeerReview-TrInc 4 A B 1 2 3 4 Reduce network overhead of PeerReview D C Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Under-reporting in BitTorrent [Levin et al., SIGCOMM 2008] I have Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Under-reporting in BitTorrent I have Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Under-reporting in BitTorrent Equivocation! I have Ack Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
TrInc-BitTorrent Avoid full log transmission by applying semantic meaning to counter: # of pieces received I have , the last of which I received was . I have , the last of which I received was . I have , the last of which I received was . Last piece received Bitfield of available pieces Size must match counter Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Why attest to last piece received? I have . Lesson: Without full log transmission, receiver must be able to verify proper behavior at each step. I have . Prevent BitTorrent under-reporting I have . Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Outline Motivation How TrInc works Specification Applications Implementation and evaluation Related and future work Conclusions Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024
Implementation Gemalto .NET Smartcard Crypto unit (RSA & 3-DES) 32-bit micro-controller 80 KB persistent memory A few dozen lines of C# Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024