skip to main content
research-article

Remote data checking using provable data possession

Published:06 June 2011Publication History
Skip Abstract Section

Abstract

We introduce a model for provable data possession (PDP) that can be used for remote data checking: A client that has stored data at an untrusted server can verify that the server possesses the original data without retrieving it. The model generates probabilistic proofs of possession by sampling random sets of blocks from the server, which drastically reduces I/O costs. The client maintains a constant amount of metadata to verify the proof. The challenge/response protocol transmits a small, constant amount of data, which minimizes network communication. Thus, the PDP model for remote data checking is lightweight and supports large data sets in distributed storage systems. The model is also robust in that it incorporates mechanisms for mitigating arbitrary amounts of data corruption.

We present two provably-secure PDP schemes that are more efficient than previous solutions. In particular, the overhead at the server is low (or even constant), as opposed to linear in the size of the data. We then propose a generic transformation that adds robustness to any remote data checking scheme based on spot checking. Experiments using our implementation verify the practicality of PDP and reveal that the performance of PDP is bounded by disk I/O and not by cryptographic computation. Finally, we conduct an in-depth experimental evaluation to study the tradeoffs in performance, security, and space overheads when adding robustness to a remote data checking scheme.

Skip Supplemental Material Section

Supplemental Material

References

  1. Abe, M. and Fehr, S. 2007. Perfect NIZK with adaptive soundness. In Proceedings of the Theory of Cryptography. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., and Song, D. 2007. Provable data possession at untrusted stores. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS'07), ACM, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Ateniese, G., Pietro, R. D., Mancini, L. V., and Tsudik, G. 2008. Scalable and efficient provable data possession. In Proceedings of Securecomm. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Bellare, M., Garay, J., and Rabin, T. 1998. Fast batch verification for modular exponentiation and digital signatures. In Advances of Cryptology (EUROCRYPT '98). Lecture Notes in Computer Science, vol. 1403, Springer, Berlin, 236--250.Google ScholarGoogle Scholar
  5. Bellare, M. and Goldreich, O. 1992. On defining proofs of knowledge. In Proceedings of CRYPTO'92. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Bellare, M. and Palacio, A. 2004a. The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In Advances in Cryptology (CRYPTO'04), Lecture Notes in Computer Science, vol. 3152, Springer, Berlin, 227--232.Google ScholarGoogle Scholar
  7. Bellare, M. and Palacio, A. 2004b. Towards plaintext-aware public-key encryption without random oracles. In Advances in Cryptology (ASIACRYPT'04), Lecture Notes in Computer Science, vol. 3329, Springer, Berlin, 48--62.Google ScholarGoogle Scholar
  8. Bellare, M. and Rogaway, P. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS'93). ACM, New York, 62--73. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Bellare, M. and Rogaway, P. 1996. The exact security of digital signatures—How to sign with RSA and Rabin. In Advances in Cryptology (EUROCRYPT'96), Lecture Notes in Computer Science, vol. 1070, Springer, Berlin, 399--416. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Bellare, M. and Rogaway, P. 1998. PSS: Provably secure encoding method for digital signatures. IEEE P1363a: Provably secure signatures.Google ScholarGoogle Scholar
  11. Black, J. and Rogaway, P. 2002. Ciphers with arbitrary finite domains. In Topics in Cryptology (CT-RSA), Lecture Notes in Computer Science, vol. 2271, Springer, Berlin, 185--203. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Boneh, D., Gentry, C., Lynn, B., and Shacham, H. 2003. Aggregate and verifiably encrypted signatures from bilinear maps. In Advances in Cryptology (EUROCRYPT'03), Lecture Notes in Computer Science, vol. 2656, Springer, Berlin, 416--432. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Bowers, K. D., Juels, A., and Oprea, A. 2009a. HAIL: A high-availability and integrity layer for cloud storage. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS'09). ACM, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Bowers, K. D., Juels, A., and Oprea, A. 2009b. Proofs of retrievability: Theory and implementation. In Proceedings of the ACM Workshop on Cloud Computing Security (CCSW'09). ACM, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Byers, J. W., Luby, M., Mitzenmacher, M., and Rege, A. 1998. A digital fountain approach to reliable distribution of bulk data. ACM SIGCOMM Comput. Comm. Rev. 28, 4, 56--67. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Chen, B., Curtmola, R., Ateniese, G., and Burns, R. 2010. Remote data checking for network coding-based distributed storage systems. In Proceedings of the ACM Cloud Computing Security Workshop (CCSW'10). ACM, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Curtmola, R., Khan, O., and Burns, R. 2008. Robust remote data checking. In Proceedings of the ACM International Workshop on Storage Security and Survivability (StorageSS'08), ACM, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Curtmola, R., Khan, O., Burns, R., and Ateniese, G. 2008. MR-PDP: Multiple-replica provable data possession. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS'08), IEEE, Los Alamitos, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Damgard, I. 1992. Towards practical public key systems secure against chosen ciphertext attacks. In Advances in Cryptology (CRYPTO'91), J. Feigenbaum Ed., Lecture Notes in Computer Science, vol. 576, Springer, Berlin, 445--456. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Dent, A. W. 2006a. The Cramer-Shoup encryption scheme is plaintext aware in the standard model. In Advances in Cryptology (EUROCRYPT'06), Lecture Notes in Computer Science, vol. 4004, Springer, Berlin, 289--307. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Dent, A. W. 2006b. The hardness of the DHK problem in the generic group model. Cryptology ePrint Archive rep. 2006/156. http://eprint.iacr.org/2006/156.Google ScholarGoogle Scholar
  22. Deswarte, Y., Quisquater, J.-J., and Saidane, A. 2003. Remote integrity checking. In Proceedings of the IFIP TC11/WG11.5 6th Working Conference on Integrity and Internal Control in Information Systems (IICIS). IFIP International Federation for Information Processing, 2004, vol. 140, 1--11.Google ScholarGoogle Scholar
  23. Erway, C., Kupcu, A., Papamanthou, C., and Tamassia, R. 2009. Dynamic provable data possession. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09). ACM, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Fiat, A. 1990. Batch RSA. In Advances in Cryptology (CRYPTO'89), Lecture Notes in Computer Science, vol. 435, Springer, Berlin,175--185. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Filho, D. L. G. and Baretto, P. S. L. M. 2006. Demonstrating data possession and uncheatable data transfer. IACR ePrint Archive. rep. 2006/150, http://eprint.iacr.org/2006/150.Google ScholarGoogle Scholar
  26. Golle, P., Jarecki, S., and Mironov, I. 2002. Cryptographic primitives enforcing communication and storage complexity. In Financial Cryptography, Lecture Notes in Computer Science, vol. 2357, Springer, Berlin, 120--135. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Hada, S. and Tanaka, T. 1998. On the existence of 3-round zero-knowledge protocols. In Advances In Cryptology (CRYPTO'98), Lecture Notes in Computer Science, vol. 1462, Springer, Berlin, 197--202. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Harn, L. 1998. Batch verifying multiple RSA digital signatures. Electron. Lett. 34, 12, 1219--1220.Google ScholarGoogle ScholarCross RefCross Ref
  29. Iozone. Iozone filesystem benchmark. http://www.iozone.org/.Google ScholarGoogle Scholar
  30. Juels, A. and Kaliski, B. S. 2007. PORs: Proofs of retrievability for large files. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS'07). ACM, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., and Fu, K. 2003. Plutus: Scalable secure file sharing on untrusted storage. In Proceedings of the 2nd USENIX Conference on File and Storage Technologies (FAST'03). USENIX Association Berkeley, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Kotla, R., Alvisi, L., and Dahlin, M. 2007. Safestore: A durable and practical storage system. In Proceedings of the USENIX Annual Technical Conference (ATC'07). USENIX Association Berkeley, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Krawczyk, H. 2005. HMQV: A high-performance secure Diffie-Hellman protocol. In Advances In Cryptology (CRYPTO'05), Lecture Notes in Computer Science, vol. 3621, Springer, Berlin, 546--566. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Kubiatowicz, J., Bindel, D., Chen, Y., Eaton, P., Geels, D., Gummadi, R., Rhea, S., Weatherspoon, H., Weimer, W., Wells, C., and Zhao, B. 2000. In Proceedings of the ACM 9th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'00). ACM, New York.Google ScholarGoogle Scholar
  35. Li, J., Krohn, M., Mazeres, D., and Shasha, D. 2004. Secure untrusted data repository (SUNDR). In Proceedings of the 6th Conference on the Symposium on Operating Systems Design & Implementation (OSDI'04). vol. 6, USENIX Association, Berkeley, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Maheshwari, U., Vingralek, R., and Shapiro, W. 2000. How to build a trusted database system on untrusted storage. In Proceedings of the 4th Conference on Symposium on Operating System Design & Implementation (OSDI'00). vol. 4, USENIX Association, Berkeley, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Maniatis, P., Roussopoulos, M., Giuli, T., Rosenthal, D., Baker, M., and Muliadi, Y. 2005. The LOCKSS peer-to-peer digital preservation system. ACM Trans. Comput. Syst. 23, 1, 2--50. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Maymounkov, P. 2003. Online codes. New York University, Tech. rep. TR2003-883.Google ScholarGoogle Scholar
  39. Micali, S., Ohta, K., and Reyzin, L. 2001. Accountable-subgroup multisignatures: extended abstract. In Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS'01), ACM, New York, 245--254. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Miller, G. L. 1976. Riemann's hypothesis and tests for primality. J. Comput. Syst. Sci. 13, 3, 300--317. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Mykletun, E., Narasimha, M., and Tsudik, G. 2006. Authentication and integrity in outsourced databases. ACM Trans. Storage. 2, 2. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Naor, M. and Rothblum, G. N. 2005. The complexity of online memory checking. In Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05). IEEE, Los Alamitos, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Okamoto, T. 1988. A digital multisignature schema using bijective public-key cryptosystems. ACM Trans. Comput. Syst. 6, 4, 432--441. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Oprea, A., Reiter, M. K., and Yang, K. 2005. Space-efficient block storage integrity. In Proceedings of the NDSS Symposium.Google ScholarGoogle Scholar
  45. Plank, J. S. 2005. Erasure codes for storage applications. Tutorial Slides, USENIX FAST'05.Google ScholarGoogle Scholar
  46. Plank, J. S., Simmerman, S., and Schuman, C. D. 2008. Jerasure: A library in C/C++ facilitating erasure coding for storage applications, Version 1.2. Tech. rep. CS-08-627, University of Tennessee.Google ScholarGoogle Scholar
  47. Plank, J. S. and Xu, L. 2006. Optimizing Cauchy Reed-Solomon codes for fault-tolerant network storage applications. In Proceedings of the 5th IEEE International Symposium on Network Computing and Applications (NCA'06). IEEE, Los Alamitos, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Schwarz, T. S. J. and Miller, E. L. 2006. Store, forget, and check: Using algebraic signatures to check remotely administered storage. In Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06), IEEE, Los Alamitos, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Sebe, F., Martinez-Balleste, A., Deswarte, Y., Domingo-Ferrer, J., and Quisquater, J.-J. 2004. Time bounded remote file integrity checking. Tech. rep. 04429, LAAS.Google ScholarGoogle Scholar
  50. Shacham, H. and Waters, B. 2008. Compact proofs of retrievability. In Advances in Cryptology (ASIACRYPT'08), Lecture Notes in Computer Science, vol. 5350, Springer, Berlin, 90--107. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Shah, M., Baker, M., Mogul, J. C., and Swaminathan, R. 2007. Auditing to keep online storage services honest. In Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems (HOTOS'07), USENIX Association, Berkeley, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Shah, M. A., Swaminathan, R., and Baker, M. 2008. Privacy-preserving audit and extraction of digital contents. ePrint Archive rep. 2008/186.Google ScholarGoogle Scholar
  53. Shamir, A. 1983. On the generation of cryptographically strong pseudorandom sequences. ACM Trans. Comput. Syst. 1, 1, 38--44. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Wang, C., Wang, Q., Ren, K., and Lou, W. 2009. Ensuring data storage security in cloud computing. In Proceedings of the 17th International Workshop on Quality of Service (IWQoS), IEEE, Los Alamitos, CA, 1--9.Google ScholarGoogle Scholar
  55. Yamamoto, G., Fujisaki, E., and Abe, M. 2005. An efficiently-verifiable zero-knowledge argument for proofs of knowledge. Tech. rep. ISEC2005-48, IEICE.Google ScholarGoogle Scholar
  56. Yamamoto, G., Oda, S., and Aoki, K. 2007. Fast integrity for large data. In Proceedings of SPEED'07.Google ScholarGoogle Scholar
  57. Yumerefendi, A. Y. and Chase, J. 2007. Strong accountability for network storage. In Proceedings of the Workshop Record on Fast Integrity for Large Data (FAST'07). Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Remote data checking using provable data possession

          Recommendations

          Reviews

          Rajat Ravinder

          As we increasingly embrace the concept of cloud computing, the risks of losing data could not be greater. This paper describes those risks, and offers a solution by providing a model for provable data possession. This approach is novel in the sense that it provides lightweight, homomorphic data checking, which allows us to verify the integrity of a file without having to access the entire file. The provable data possession model samples the server's storage, accessing a random subset of blocks. It accomplishes this by offering a random challenge to the storage. If the corresponding answer is correct, then we assume that the files in the storage have full integrity. In this study, the authors assume that the challenge file is not corrupt. It would be interesting to discuss the converse, and how it would affect remote data checking capabilities. Further, it would be helpful to the reader to see proof of the concept, or at least a real-time scenario on a Windows/Linux server, rather than a load of mathematical probabilistic models. Overall, I would recommend this paper to anyone interested in mathematical probabilities and protecting the integrity of data. Online Computing Reviews Service

          Access critical reviews of Computing literature here

          Become a reviewer for Computing Reviews.

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!