Venue | Category |
---|---|
FAST'22 | Secure Deduplication |
DUPEFS: Leaking Data Over the Network With Filesystem Deduplication Side Channels1. SummaryMotivation of this paperDUPEFSImplementation and Evaluation2. Strength (Contributions of the paper)3. Weakness (Limitations of the paper)4. Some Insights (Future work)
motivation
the implementation in today's advanced filesystems such as ZFS and Btrfs yields timing side channels that can reveal whether a chunk of data has been deduplicated
main goal
use carefully-crafted read/write operations that show exploitation is not only feasible, but that the signal can be amplified to mount byte-granular attacks over the network
the main difference from previous secure deduplication work (memory deduplication):
threat model
an attacker who has direct or indirect (possible remote) access to the same filesystem as a victim, and the filesystem performs inline deduplication
local: using low-level system calls such as write(), read(), sync(), fsync()
remote: interacts with the filesystem through a program that is not under the attacker control
challenges
performance: the I/O operations are mostly asynchronous to hide the latency
reliability: even if data is deduplicated, the metadata still needs to be written to disk, which interferes with the timing channel
capacity: modern filesystems perform deduplication only across many blocks that are either temporally or spatially close to each other, clustered together in a deduplication record
data fingerprinting
data exfiltration
data leak
alignment probing
secret spraying
attack primitives
mitigation
using pseudo-same-behavior
write path
read path
evaluation
on FreeBSD for ZFS, and Linux for Btrfs
attack effectiveness
data fingerprinting, data exfiltration, data leak
analyze filesystem deduplication side channels and differentiate it with previous work (asynchronous disk accesses and large deduplication granularities)
propose some light-weight mitigation for such attacks
SHA-256 vs. faster hashing
it can also rely on faster hash functions that are not collision-resistant (such as fletcher4)
Deduplication granularity in filesystem deduplication
filesystems perform deduplication at a granularity that is a multiple of the data block size
the timed write primitive
the timing difference of handling unique data and duplicate data
allow attacker to leak whether certain data is present on the filesystem during a write operation
the timed read primitive
duplicated data from different files end up in distinct physical memory pages
if a block of a file becomes deduplicated, its physical location on the disk differs from its surrounding blocks