ADAM-CS: Advanced Asynchronous Monotonic Counter Service

Publikation: Beitrag zu KonferenzenPaperBeigetragenBegutachtung

Beitragende

Abstract

Trusted execution environments (TEEs) offer the technological breakthrough to allow several applications to be deployed and executed over untrusted public cloud environments. Although TEEs (e. g., Intel SGX, ARM TrustZone, AMD SEV) provide several mechanisms to ensure confidentiality and integrity of data and code, they do not offer freshness out of the box, a critical aspect yet often overlooked, for instance, to protect against rollback attacks. Monotonic counters are a popular way to detect rollbacks, as their counter values cannot be decremented. However, counter increments are slow (i.e., 10 th of milliseconds), making their use impractical for distributed services and applications processing thousands of transactions simultaneously, for which an order of magnitude improvement is needed. ADAM-CS is an asynchronous monotonic counter service to protect such high-traffic applications against rollback attacks. Leveraging a set of distributed monotonic counters and specific algorithms, ADAM-CS minimizes the maximum vulnerability window (MVW), i.e., the amount of transactions an adversary could successfully rollback. Thanks to its asynchronous nature, ADAM-CS supports thousands of increments per second without introducing additional latency in the transactions performed by applications. Our measurements indicate that we can keep the MVW well below 10ms while supporting a throughput of more than 21K requests/s when using eight counters.

Details

OriginalspracheEnglisch
Seiten426-437
Seitenumfang12
PublikationsstatusVeröffentlicht - Juni 2021
Peer-Review-StatusJa

Externe IDs

ORCID /0000-0003-0768-6351/work/141545304
Scopus 85114882756

Schlagworte

Forschungsprofillinien der TU Dresden

DFG-Fachsystematik nach Fachkollegium

Schlagwörter

  • TPM, monotonic counters, rollback attacks