Securing the Storage Data Path with SGX Enclaves

06/28/2018
by   Danny Harnik, et al.
0

We explore the use of SGX enclaves as a means to improve the security of handling keys and data in storage systems. We study two main configurations for SGX computations, as they apply to performing data-at-rest encryption in a storage system. The first configuration aims to protect the encryption keys used in the encryption process. The second configuration aims to protect both the encryption keys and the data, thus providing end-to-end security of the entire data path. Our main contribution is an evaluation of the viability of SGX for data-at-rest encryption from a performance perspective and an understanding of the details that go into using enclaves in a performance sensitive environment. Our tests paint a complex picture: On the one hand SGX can indeed achieve high encryption and decryption throughput, comparable to running without SGX. On the other hand, there are many subtleties to achieving such performance and careful design choices and testing are required.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
11/06/2017

Mobile Encryption Gateway (MEG) for Email Encryption

Email cryptography applications often suffer from major problems that pr...
research
01/19/2019

Weak Keys and Cryptanalysis of a Cold War Block Cipher

T-310 is a cipher that was used for encryption of governmental communica...
research
09/28/2021

Physical Unclonable Functions using speckle patterns of perfect optical vortices

Encryption techniques demonstrate a great deal of security when implemen...
research
04/30/2022

Scattering of perfect optical vortex beams: Physical Unclonable Function

Now-a-days, data security has become an important part for anyone connec...
research
02/21/2019

Manual Encryption Revisited

This document brings together several articles devoted to manual encrypt...
research
07/11/2021

Fairer Software Made Easier (using "Keys")

Can we simplify explanations for software analytics? Maybe. Recent resul...
research
05/31/2022

Rethinking Block Storage Encryption with Virtual Disks

Disk encryption today uses standard encryption methods that are length p...

Please sign up or login with your details

Forgot password? Click here to reset