TrInc: Small Trusted Hardware for Large Distributed Systems

Slide Note
Embed
Share

TrInc is a system designed to provide trusted hardware for large distributed systems, aiming to prevent equivocation, ensure trust in distributed systems, and enhance security through various applications and features. Developed by Jacob R. Lorch and team, TrInc offers solutions such as BFT with fewer nodes and messages, prevention of Sybil attacks, fast digital signatures, and more. The system's outline includes its motivation, workings, specification, applications, implementation, evaluation, related work, and conclusions.


Uploaded on Oct 01, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. TrInc: Small Trusted Hardware for Large Distributed Systems Dave Levin John R. Douceur Jacob R. Lorch Thomas Moscibroda

  2. Trust in distributed systems B A C Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  3. Trusted hardware A B Goal: Prevent equivocation C Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  4. What can TrInc do? BFT with fewer nodes and messages BFT with fewer nodes and messages Prevent Sybil attacks Fast digital signatures Untrusted file server Version control on untrusted servers Reduce network overhead of PeerReview Reduce network overhead of PeerReview Prevent BitTorrent under-reporting Prevent BitTorrent under-reporting Ensure DHT participants provide fresh data Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  5. Outline Motivation How TrInc works Specification Applications Implementation and evaluation Related and future work Conclusions Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  6. Outline Motivation How TrInc works Specification Applications Implementation and evaluation Related and future work Conclusions Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  7. Equivocation A B I vote for A to be the leader. I vote for B to be the leader. C Leader election Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  8. Equivocation A B Your edits to file F are confirmed. There s no file named F. C Distributed storage Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  9. Equivocation A B Operation #57 should be Add 2 Operation #57 should be Add 3 C Replicated state machine Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  10. Equivocation A B C Many more: auctions, voting, digital currency, games, version control, secure DNS, DHTs, secure-origin BGP, etc. Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  11. Attested Append-Only Memory (A2M) [Chun et al., SOSP 2007] A B 1 1 1 C 2 3 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  12. Reducing overhead in A2M [Chun et al., SOSP 2007] Just the fact that there s only one is good enough for me. 3 B A Assigning semantic meaning to message counters obviates full log transmission. When correctness of a prefix has been established, one can do log truncation. 1 C 2 3 3 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  13. Reducing hardware requirement trinket 4 4 1 1 2 2 3 3 Tr usted Inc rement Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  14. Minimality TrInc storage requirement is minimal: a counter and a key Storage requirement of a counter is log2(# of messages) 5 1 2 3 4 5 6 7 8 9 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  15. Outline Motivation How TrInc works Specification Applications Implementation and evaluation Related and future work Conclusions Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  16. Trinket specification overview Exporting public key Allocating counters Attesting to counter values Symmetric keys Dealing with power failure Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  17. Trinket specification Private key (Kpriv) Public key (Kpub) Public key certificate (Kpub, A) Cryptographic processing Trinket state Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  18. Trinket specification GetCertificate() Private key (Kpriv) Public key (Kpub) Public key certificate (Kpub, A) Cryptographic processing Trinket state Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  19. Trinket specification 1: Private key (Kpriv) Counters Counter 2: Public key (Kpub) Public key certificate (Kpub, A) 3: Cryptographic processing Meta-counter (M) Trinket state Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  20. Trinket specification CreateCounter() 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) 3: 4: Cryptographic processing Meta-counter (M) Trinket state 4 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  21. Trinket specification FreeCounter(2) 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) 3: 4: Cryptographic processing Meta-counter (M) Trinket state Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  22. TrInc specification Attest( , , ) 2 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) 3: 4: Cryptographic processing Meta-counter (M) Trinket state < , 2 , > Kpriv Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  23. How attestations can be used < , 2 , > is message # Kpriv is message # and there is no message # or # < , 2 , > Kpriv no message > sent before nonce was generated and I own the trinket < , 2 , > is message # Kpriv Prevent Sybil attacks Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  24. Symmetric keys Asymmetric key operations can be slow Insight: Trusted hardware allows secure storage of symmetric keys How we do it: Trusted administrator creates symmetric key Admin encrypts symmetric key with trinkets private keys Admin sends encrypted keys to trinket owners Each trinket owner associates key with a counter S S S S Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  25. Symmetric keys ImportSymmetricKey(3, ) S 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) S 3: 4: Cryptographic processing Meta-counter (M) Trinket state But, with secret key inaccessible, how do untrusted parties verify attestations? Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  26. Symmetric keys VerifyAttestation(3, ) <Kpub, , , > 2 S 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) S 3: 4: OK Cryptographic processing Meta-counter (M) Trinket state Fast digital signatures Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  27. Dealing with power failures 4 4 1 2 3 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  28. Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  29. Dealing with power failures 5 5 1 2 3 5 Maybe it s something he doesn t want me to Hey, why won t he tell me his message #4? know about! Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  30. Dealing with power failures Attest( , , ) 2 Recent attestation queue (Q) 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) 3: 1. 2. 3. 4: Cryptographic processing Meta-counter (M) Trinket state < , 2 , > Kpriv Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  31. Dealing with power failures GetRecentAttestations() Recent attestation queue (Q) 1: Private key (Kpriv) Counters 2: Public key (Kpub) Public key certificate (Kpub, A) 3: 1. 2. 3. 4: Cryptographic processing Meta-counter (M) Trinket state Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  32. Dealing with power failures 4 4 1 2 3 4 User can protect himself from power failures by: Logging messages before attestation Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  33. Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  34. Dealing with power failures 1 2 3 4 User can protect himself from power failures by Logging messages before attestation Requesting attestation queue after power failure Limiting outstanding attestations to |Q| Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  35. Is TrInc practical? Trusted Platform Module (TPM) is ubiquitous Has everything we need Tamper resilience Small amount of storage Computation Crypto Counters Essentially, all it lacks is the right interface Source: IDC 2006 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  36. TrInc vs. TPM Operation #57 should be Add 2 Can be peripheral Platform-neutral Simple Requires integration Limits platforms Complex Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  37. Outline Motivation How TrInc works Specification Applications Implementation and evaluation Related and future work Conclusions Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  38. Replicated state machines B A Operation #57 should be Add 2 Operation #57 should be Add 3 C D 3f+1 machines instead of 2f+1 protocol more complex with longer latency Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  39. Byzantine fault tolerance with A2M [Chun et al., SOSP 2007] Only requires 2f+1 machines and Paxos protocol Assigning semantic meaning to counters reduces traffic prepare 0000200007 view number operation number Group attestations allow log truncation f+1 machines can attest to a summary of M s log up to a certain point After this, M can truncate its log Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  40. Building A2M with TrInc Attested Append-Only Memory (A2M) A2M on TrInc BFT with fewer nodes and messages Untrusted file server 1 1 Enables Byzantine fault tolerance SUNDR Q/U 2 2 3 3 Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  41. PeerReview [Haeberlen et al., SOSP 2007] Goal: Detect Byzantine behavior in a distributed system Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  42. PeerReview 4 A B 1 2 3 5 D C Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  43. PeerReview-TrInc 4 A B 1 2 3 4 Reduce network overhead of PeerReview D C Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  44. Under-reporting in BitTorrent [Levin et al., SIGCOMM 2008] I have Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  45. Under-reporting in BitTorrent I have Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  46. Under-reporting in BitTorrent Equivocation! I have Ack Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  47. TrInc-BitTorrent Avoid full log transmission by applying semantic meaning to counter: # of pieces received I have , the last of which I received was . I have , the last of which I received was . I have , the last of which I received was . Last piece received Bitfield of available pieces Size must match counter Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  48. Why attest to last piece received? I have . Lesson: Without full log transmission, receiver must be able to verify proper behavior at each step. I have . Prevent BitTorrent under-reporting I have . Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  49. Outline Motivation How TrInc works Specification Applications Implementation and evaluation Related and future work Conclusions Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

  50. Implementation Gemalto .NET Smartcard Crypto unit (RSA & 3-DES) 32-bit micro-controller 80 KB persistent memory A few dozen lines of C# Jacob R. Lorch TrInc: Small Trusted Hardware for Large Distributed Systems October 1, 2024

Related


More Related Content