Protect Disk Integrity: Solid Security, Fine Performance and Fast Recovery

  • Fangyong Hou
  • Nong Xiao
  • Yuhua Tang
  • Hongjun He
  • Fang Liu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5576)


Hash tree based verification can give solid data integrity protection to disk data; however, it suffers from performance penalty and consistency difficulty. AFI-HTree is proposed to solve such problems. To optimize performance, it utilizes hot-access-windows to buffer the frequently used hash tree nodes to quicken the checking speed. To maintain consistency without compromising security and performance, it fixes the structure of hash tree to make it very regular; then, it applies incremental hash to reduce the update cost of synchronization between the tree and the data; at the end, it records any possible inconsistent states to make fast recovery. In such way, AFI-HTree realizes both high performance and fine consistency, while preserving the required security at the same time. Related approach is elaborated, as well as experiment result. Theoretical analysis and experimental simulation show that it is an optimized way to protect disk data integrity.


disk integrity hash tree performance consistency 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Hardware Mechanisms for Memory Integrity Checking. Technical report, MIT LCS TR-872 (2003)Google Scholar
  2. 2.
    Merkle, R.C.: Protocols for public key cryptography. In: IEEE Symposium on Security and Privacy, pp. 122–134. IEEE Press, Los Alamitos (1980)Google Scholar
  3. 3.
  4. 4.
    Security Model for the Next-Generation Secure Computing Base. Microsoft white paper (2003)Google Scholar
  5. 5.
    Kevin Fu, M., Kaashoek, F., Mazieres, D.: Fast and secure distributed read-only file system. ACM Transactions on Computer Systems 20, 1–24 (2002)CrossRefGoogle Scholar
  6. 6.
    Mazires, D., Shasha, D.: Don’t trust your file server. In: Workshop on Hot Topics in Operating Systems, pp. 113–118 (2001)Google Scholar
  7. 7.
    Maheshwari, U., Vingralek, R., Shapiro, W.: How to build a trusted database system on untrusted storage. In: Symp. Operating System Design & Implementation (OSDI), San Diego, p. 10 (2000)Google Scholar
  8. 8.
    Stein, C.A., Howard, J.H., Seltzer, M.I.: Unifying file system protection. In: USENIX Annual Technical Conference, pp. 79–90 (2001)Google Scholar
  9. 9.
    Tomonori, F., Masanori, O.: Protecting the integrity of an entire file system. In: Workshop on Information Assurance (IWIA), Darmstadt, Germany, pp. 95–105 (2003)Google Scholar
  10. 10.
    Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: PLUTUS: Scalable secure file sharing on untrusted storage. In: USENIX Conference on File and Storage Technologies (FAST), San Francisco, pp. 29–42 (2003)Google Scholar
  11. 11.
    Pletka, R., Cachin, C.: Cryptographic security for a high-performance distributed file system. In: Mass Storage Systems and Technologies (MSST), San Diego, pp. 227–232 (2007)Google Scholar
  12. 12.
    Oprea, A., Reiter, M.K.: Integrity checking in cryptographic file systems with constant trusted storage. In: USENIX Security Symposium, Boston, pp. 183–198 (2007)Google Scholar
  13. 13.
    Ferguson, N.: AES-CBC + Elephant diffiuser, A Disk Encryption Algorithm for Windows Vista Bitlocker. Technical report, Microsoft (2006)Google Scholar
  14. 14.
    IEEE P1619, .x. IEEE Security in Storage Workgroup,
  15. 15.
    Gassend, B., Suh, G.E., Clarke, D., van Dijk, M., Devadas, S.: Caches and hash trees for efficient memory integrity verification. In: International Symposium on High-Performance Computer Architecture (HPCA), Anaheim, CA, pp. 295–306 (2003)Google Scholar
  16. 16.
    Hou, F., He, H., Wang, Z., Dai, K.: An Efficient Way to Build Secure Disk. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds.) ISPEC 2006. LNCS, vol. 3903, pp. 290–301. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Clarke, D., Suh, G.E., Gassend, B., Sudan, A., van Dijk, M., Devadas, S.: Towards constant bandwidth overhead integrity checking of untrusted data. In: IEEE Symposium Security and Privacy, pp. 139–153. IEEE Press, Oakland (2005)Google Scholar
  18. 18.
    McGrew, D.: Efficient authentication of large, dynamic data sets using Galois/Counter Mode (GCM). In: IEEE International Security in Storage Workshop, San Francisco, pp. 88–94 (2005)Google Scholar
  19. 19.
    Phan, R.C.-W., Wagner, D.: Security considerations for incremental hash functions based on pair block chaining. Computers & Security 25, 131–136 (2006)CrossRefGoogle Scholar
  20. 20.
    Bisson, T., Brandt, S.A.: Reducing Hybrid Disk Write Latency with Flash-Backed I/O Requests. Technical report, TR UCSC-SSRC-07-03, University of California (2007)Google Scholar
  21. 21.
    Howard, J.H., et al.: Scale and performance in a distributed file system. ACM Transactions on Computer Systems (TOCS), 51–81 (1988)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Fangyong Hou
    • 1
  • Nong Xiao
    • 1
  • Yuhua Tang
    • 1
  • Hongjun He
    • 1
  • Fang Liu
    • 1
  1. 1.School of ComputerNational University of Defense TechnologyChangshaChina

Personalised recommendations