SeFS: A Secure and Efficient File Sharing Framework based on the Trusted Execution Environment
DOI:
https://doi.org/10.4108/eetss.v9i1.2854Keywords:
Cloud storage, Trusted Execution Environment, Access ControlAbstract
As the cloud-based file sharing becomes increasingly popular, it is crucial to protect the outsourced data against unauthorized access. Existing cryptography-based approach suffers from expensive re-encryption upon permission revocation. Other solutions that utilize Trusted Execution Environment (TEE) to enforce access control either expose the plaintext keys to users or turn out incapable of handling concurrent requests. In this paper, we propose SeFS, a secure and practical file sharing framework that leverages cooperation of server-side and client-side enclaves to enforce access control, with the former responsible for registration, authentication and access control enforcement and the latter performing file decryption. Such design significantly reduces the computation workload of server-side enclave, thus capable of handling concurrent requests. Meanwhile, it also supports immediate permission revocation, since the file decryption keys inside the client-side enclaves are destroyed immediately after use. We implement a prototype of SeFS and the evaluation demonstrates it enforces access control securely with high throughput and low latency.
References
[1] Barth, A., Boneh, D. and Waters, B. (2006) Privacy in encrypted content distribution using private broadcast encryption. In Di Crescenzo, G. and Rubin, A. [eds.] Financial Cryptography and Data Security (Berlin, Heidelberg: Springer Berlin Heidelberg): 52–64
[2] Castiglione, A., Catuogno, L., Del Sorbo, A., Fiore, U. and Palmieri, F. (2014) A secure file sharing service for distributed computing environments. The Journal of Supercomputing 67: 691–710. doi:10.1007/s11227-013- 0975-y.
[3] Li, J., Qin, C., Lee, P.P.C. and Li, J. (2016) Rekeying for encrypted deduplication storage. In 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN): 618–629. doi:10.1109/DSN.2016.62.
[4] Popa, R.A., Lorch, J.R., Molnar, D., Wang, H.J. and Zhuang, L. (2011) Enabling security in cloud storage slas with cloudproof. In Proceedings of the 2011 USENIX Conference on USENIX Annual Technical Conference, USENIXATC’11 (USA: USENIX Association): 31.
[5] Goh, E.J., Shacham, H., Modadugu, N. and Boneh, D. (2003) Sirius: Securing remote untrusted storage.
[6] Boneh, D., Gentry, C. and Waters, B. (2005) Collusion resistant broadcast encryption with short ciphertexts and private keys. In Proceedings of the 25th Annual International Conference on Advances in Cryptology, CRYPTO’05 (Berlin, Heidelberg: Springer-Verlag): 258–275.
[7] Bethencourt, J., Sahai, A. and Waters, B. (2007) Ciphertext-policy attribute-based encryption. In 2007 IEEE Symposium on Security and Privacy (SP ’07): 321– 334.
[8] Contiu, S., Vaucher, S., Pires, R., Pasin, M., Felber, P. and Réveillère, L. (2019) Anonymous and confidential file sharing over untrusted clouds. In 2019 38th Symposium on Reliable Distributed Systems (SRDS): 21–2110. doi:10.1109/SRDS47363.2019.00013.
[9] Contiu, S., Pires, R., Vaucher, S., Pasin, M., Felber, P. and Réveillère, L. (2018) Ibbe-sgx: Cryptographic group access control using trusted execution environments. In 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN): 207–218. doi:10.1109/DSN.2018.00032.
[10] (2014), Intel® software guard extensions programming reference, https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf.
[11] Costan, V. and Devadas, S. (2016) Intel sgx explained. IACR Cryptol. ePrint Arch. 2016: 86.
[12] Hoekstra, M., Lal, R., Pappachan, P., Phegade, V. and Del Cuvillo, J. (2013) Using innovative instructions to create trustworthy software solutions. HASP ’13 (New York, NY, USA: Association for Computing Machinery). doi:10.1145/2487726.2488370.
[13] Delerablée, C. (2007) Identity-based broadcast encryption with constant size ciphertexts and private keys. In Kurosawa, K. [ed.] Advances in Cryptology – ASIACRYPT 2007 (Berlin, Heidelberg: Springer Berlin Heidelberg): 200–215.
[14] Garrison, W.C., Shull, A., Myers, S. and Lee, A.J. (2016) On the practicality of cryptographically enforcing dynamic access control policies in the cloud. In 2016 IEEE Symposium on Security and Privacy (SP): 819–838. doi:10.1109/SP.2016.54.
[15] Fuhry, B., Hirschoff, L., Koesnadi, S. and Kerschbaum, F. (2020) Segshare: Secure group file sharing in the cloud using enclaves. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN): 476–488. doi:10.1109/DSN48063.2020.00061.
[16] Djoko, J.B., Lange, J. and Lee, A.J. (2019) Nexus: Practical and secure access control on untrusted storage platforms using client-side sgx. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN): 401–413. doi:10.1109/DSN.2019.00049.
[17] (2020), owncloud, https://owncloud.com/product/.
[18] (2020), mbedtls, https://github.com/ARMmbed/mbedtls.
[19] Lee, D., Kohlbrenner, D., Shinde, S., Asanović, K. and Song, D. (2020) Keystone. In Proceedings of the Fifteenth European Conference on Computer Systems. doi:10.1145/3342195.3387532, URL http://dx.doi.org/10.1145/3342195.3387532.
[20] Feng, E., Lu, X., Du, D., Yang, B., Jiang, X., Xia, Y., Zang, B. et al. (2021) Scalable memory protection in the PENGLAI enclave. Operating Systems Design and Implementation,Operating Systems Design and Implementation .
[21] (2023), Amd sev-snp: Strengthening vm isolation with integrity protection and more, https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/solution-briefs/amd-secure-encrypted-virtualization-solution-brief.pdf.
[22] Cheng, P.C., Ozga, W., Valdez, E., Ahmed, S., Gu, Z., Jamjoom, H., Franke, H. et al. (2024) Intel tdx demystified: A top-down approach. ACM Comput. Surv. doi:10.1145/3652597, URL https://doi.org/10.1145/3652597. Just Accepted.
[23] Li, X., Li, X., Dall, C., Gu, R., Nieh, J., Sait, Y. and Stockwell, G. (2022) Design and verification of the arm confidential compute architecture. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22) (Carlsbad, CA: USENIX Association): 465–484. URL https://www.usenix.org/conference/osdi22/presentation/li.
[24] Pinto, S. and Santos, N. (2019) Demystifying arm trustzone: A comprehensive survey. ACM Computing Surveys : 1–36doi:10.1145/3291047, URL http://dx.d oi.org/10.1145/3291047.
[25] Gueron, S. (2016) Memory encryption for generalpurpose processors. IEEE Security Privacy 14(6): 54–62. doi:10.1109/MSP.2016.124.
[26] (2013), Innovative technology for cpu based attestation and sealing, https://software.intel.com/en-us/articles/innovative-technology-for-cpu-based-attestation-and-sealing.
[27] (2020), Intel® software guard extensions (intel® sgx) sdk for linux* os, https://download.01.org/intel-sgx/sgxlinux/2.12/docs/Intel_SGX_Developer_Reference_Linux_2.12_Open_Source.pdf.
[28] (2023), Runtime encryption of memory with intel® total memory encryption–multi-key (intel® tme-mk), https://www.intel.com/content/www/us/en/developer/articles/news/runtime-encryption-of-memory-with-intel-tme-mk.html.
[29] (2023), Intel® trust domain extension (intel® tdx) module, https://www.intel.com/content/www/us/en/download/738875/intel-trust-domain-extension-intel-tdx-module.html.
[30] (2023), Amd memory encryption, https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/memory-encryption-white-paper.pdf.
[31] Kaplan, D. (2016) AMD x86 memory encryption technologies (Austin, TX: USENIX Association).
[32] (2023), Protecting vm register state with sev-es, https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/Protecting-VM-Register-State-with-SEV-ES.pdf.
[33] (2020), Mega, https://mega.nz/.
[34] (2020), Nextcloud, https://nextcloud.com/.
[35] (2020), Amazon s3, https://aws.amazon.com/cn/s3/.
[36] (2020), aliyun oss, https://cn.aliyun.com/product/oss.
[37] (2020), Storage backends, https://doc.owncloud.com
/server/developer_manual/app/advanced/storage-backend.html.
[38] (2020), Openafs, http://www.openafs.org/.
[39] (2020), Fastdfs, https://github.com/happyfish100/fastdfs.
[40] (2020), Ceph, https://ceph.io/.
[41] Weichbrodt, N., Kurmus, A., Pietzuch, P. and Kapitza, R. (2016) Asyncshock: Exploiting synchronisation bugs in intel sgx enclaves. In Askoxylakis, I., Ioannidis, S., Katsikas, S. and Meadows, C. [eds.] Computer Security – ESORICS 2016 (Cham: Springer International Publishing): 440–457.
[42] Murdock, K., Oswald, D., Garcia, F.D., Van Bulck, J., Gruss, D. and Piessens, F. (2020) Plundervolt: Softwarebased fault injection attacks against intel sgx. In 2020 IEEE Symposium on Security and Privacy (SP): 1466– 1482. doi:10.1109/SP40000.2020.00057.
[43] Xu, Y., Cui, W. and Peinado, M. (2015) Controlledchannel attacks: Deterministic side channels for untrusted operating systems. In 2015 IEEE Symposium on Security and Privacy: 640–656. doi:10.1109/SP.2015.45.
[44] Shih, M.W., Lee, S., Kim, T. and Peinado, M. (2017) T-sgx: Eradicating controlled-channel attacks against enclave programs. In Proc. of NDSS.
[45] Ahmad, A., Kim, K., Sarfaraz, M.I. and Lee, B. (2018) OBLIVIATE: A data oblivious filesystem for intel SGX. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018 (The Internet Society).
[46] Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I. and Costa, M. (2017) Strong and efficient cache side-channel protection using hardware transactional memory. In 26th USENIX Security Symposium (USENIX Security 17) (Vancouver, BC: USENIX Association): 217–233.
[47] Crane, S., Homescu, A., Brunthaler, S., Larsen, P. and Franz, M. (2015) Thwarting cache side-channel attacks through dynamic software diversity. In In Network and Distributed System Security Symposium.
[48] (2020), Gnu wget, https://www.gnu.org/software/wget/.
[49] (2020), Elliptic curve digital signature algorithm, https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm.
[50] (2021), Intel(r) software guard extensions (sgx) protected code loader (pcl) for linux* os, https://github.com/intel/linux-sgx-pcl.
[51] (2020), Hmac, https://en.wikipedia.org/wiki/HMAC.
[52] (2020), mbedtls-sgx: a tls stack in sgx, https://github.com/bl4ck5un/mbedtls-SGX.
[53] (2020), Azure confidential computing, https://azure.microsoft.com/en-us/solutions/confidential-compute/.
[54] (2023), Amd sev tool, https://github.com/AMDESE/sev-tool.
[55] (2023), Jinzhao attest, https://github.com/asterinas/jinzhao-attest.
[56] (2023), confidential-containers, https://github.com/confidential-containers/confidential-containers.
[57] (2023), incubator-teaclave-trustzone-sdk, https://github.com/apache/incubator-teaclave-trustzone-sdk/wiki/.
[58] Merkle, R.C. (1987) A digital signature based on a conventional encryption function. In A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, CRYPTO ’87 (Berlin, Heidelberg: Springer-Verlag): 369–378.
[59] (2017), Some notes on the monotonic counter in intel sgxand me, https://davejingtian.org/2017/11/10/some-notes-on-the-monotonic-counter-in-intel-sgx-and-me/.(2020), Sealeddata example missing platform servicecapability, https://github.com/intel/linux-sgx/issues/541.
[61] Strackx, R. and Piessens, F. (2016) Ariadne: A minimal approach to state continuity. In 25th USENIX Security Symposium (USENIX Security 16) (Austin, TX: USENIX Association): 875–892.
[62] Matetic, S., Ahmed, M., Kostiainen, K., Dhar, A., Sommer, D., Gervais, A., Juels, A. et al. (2017) ROTE: Rollback protection for trusted execution. In 26th USENIX Security Symposium (USENIX Security 17) (Vancouver, BC: USENIX Association): 1289–1306.
[63] Brandenburger, M., Cachin, C., Lorenz, M. and Kapitza, R. (2017), Rollback and forking detection for trusted execution environments using lightweight collective memory. 1701.00981.
[64] Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S. and Sadeghi, A.R. (2017) Software grand exposure: SGX cache attacks are practical. In 11th USENIX Workshop on Offensive Technologies (WOOT 17) (Vancouver, BC: USENIX Association).
[65] Chen, S., Zhang, X., Reiter, M.K. and Zhang, Y. (2017) Detecting privileged side-channel attacks in shielded execution with déjà vu. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’17 (New York, NY, USA: Association for Computing Machinery): 7–18. doi:10.1145/3052973.3053007.
[66] (2021) Voltpillager: Hardware-based fault injection attacks against intel SGX enclaves using the SVID voltage scaling interface. In 30th USENIX Security Symposium (USENIX Security 21) (Vancouver, B.C.: USENIX Association).
[67] Alves, T. and Felton, D. (2004) Trustzone: Integrated hardware and software security .
[68] Cai, Y., Wang, Y., Lei, L., Zhou, Q. and Li, J. (2019) Suit: Secure user interface based on trustzone. In ICC 2019 - 2019 IEEE International Conference on Communications(ICC): 1–7. doi:10.1109/ICC.2019.8761616.
[69] Krahn, R., Trach, B., Vahldiek-Oberwagner, A., Knauth, T., Bhatotia, P. and Fetzer, C. (2018) Pesos: Policy enhanced secure object store. In Proceedings of the Thirteenth EuroSys Conference, EuroSys ’18 (New York, NY, USA: Association for Computing Machinery). doi:10.1145/3190508.3190518.
[70] (2020), Kinetic, https://www.seagate.com/cn/zh/support/enterprise-servers-storage/nearline-storage/kinetic-hdd/.
[71] Arnautov, S., Trach, B., Gregor, F., Knauth, T., Martin, A., Priebe, C., Lind, J. et al. (2016) Scone: Secure linux containers with intel sgx. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, OSDI’16 (USA: USENIX Association): 689–703.
[72] Sasy, S., Gorbunov, S. and Fletcher, C.W. (2018) Zerotrace : Oblivious memory primitives from intel SGX. In 25th Annual Network and Distributed SystemSecurity Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018 (The Internet Society).
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 EAI Endorsed Transactions on Security and Safety
This work is licensed under a Creative Commons Attribution 4.0 International License.
This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 4.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.
