Remote Data Checking Auditing the Preservation Status of Massive Data Sets on Untrusted Stores
MurtazaMagsi1
7 views
19 slides
Oct 14, 2024
Slide 1 of 19
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
About This Presentation
Slides by Randal Burns, Johns Hopkins University on the topic of Remote Data Checking Auditing the Preservation Status of Massive Data Sets on Untrusted Stores
Slide Content
Department of Computer Science, Johns Hopkins University
Remote Data Checking:
Auditing the Preservation Status of
Massive Data Sets on Untrusted Stores
Randal Burns
[email protected]
www.cs.jhu.edu/~randal/
Remote Data Checking:
Auditing the Preservation Status of
Massive Data Sets on Untrusted Stores
Randal Burns
[email protected]
www.cs.jhu.edu/~randal/
Burns, Remote Data Checking:… MSST, 24 September 2008.
Whatʼs Remote Data Checking?
Auditing protocols that verify the correctness of
data objects on remote, untrusted stores
Without transferring data to the client
– Constant network complexity per audit per object
– Constant amount of metadata per object
That do not require the store to access the entire file
– Constant amount of I/O per audit per object
Whatʼs Remote Data Checking?
Auditing protocols that verify the correctness of
data objects on remote, untrusted stores
Without transferring data to the client
– Constant network complexity per audit per object
– Constant amount of metadata per object
That do not require the store to access the entire file
– Constant amount of I/O per audit per object
Burns, Remote Data Checking:… MSST, 24 September 2008.
Service-Oriented Architectures
Outsourced storage commoditized and ubiquitous
– Cloud computing
– Amazon S3/EC
– SDSC Storage Resource Broker
And, the associated security problems
– How much trust must we place in services?
– For data, auditing services for correctness, availability, preservation
Service-Oriented Architectures
Outsourced storage commoditized and ubiquitous
– Cloud computing
– Amazon S3/EC
– SDSC Storage Resource Broker
And, the associated security problems
– How much trust must we place in services?
– For data, auditing services for correctness, availability, preservation
Burns, Remote Data Checking:… MSST, 24 September 2008.
Why Remote Data Checking?
Verifying integrity/content on retrieval is insufficient
– Too late, data are already damaged.
– Identifying damaged data quickly is critical to repair
Data are too large to retrieve and check
– I/O burden on servers
– Lots of network traffic
– Expensive! Services charge by byte of I/O and byte transferred
Exposure
– Data are held for long periods of time
– Much data are accessed infrequently or never
Why Remote Data Checking?
Verifying integrity/content on retrieval is insufficient
– Too late, data are already damaged.
– Identifying damaged data quickly is critical to repair
Data are too large to retrieve and check
– I/O burden on servers
– Lots of network traffic
– Expensive! Services charge by byte of I/O and byte transferred
Exposure
– Data are held for long periods of time
– Much data are accessed infrequently or never
Burns, Remote Data Checking:… MSST, 24 September 2008.
Donʼt I Trust Service Providers?
Financial motivations to cheat
– Charge for terabytes and store gigabytes
– Discard unaccessed data (based on statistical analysis)
– Keep fewer replicas than promised
Reputation
– Hide data loss incidents
Latent errors
– Of which service providers are unaware
Thereʼs a history of data-loss incidents
Donʼt I Trust Service Providers?
Financial motivations to cheat
– Charge for terabytes and store gigabytes
– Discard unaccessed data (based on statistical analysis)
– Keep fewer replicas than promised
Reputation
– Hide data loss incidents
Latent errors
– Of which service providers are unaware
Thereʼs a history of data-loss incidents
Burns, Remote Data Checking:… MSST, 24 September 2008.
RDC Storage Protocol
Data owner preprocesses file for RDC protocol
– May modify file (add bytes, tags, etc.)
– Generate a constant amount of (public or private) metadata
serverF owner F'
m
owner generates
metadata (m) and
modifed file (F')
metadata store server store
m F'
Input file
no server
processing
RDC Storage Protocol
Data owner preprocesses file for RDC protocol
– May modify file (add bytes, tags, etc.)
– Generate a constant amount of (public or private) metadata
serverF owner F'
m
owner generates
metadata (m) and
modifed file (F')
metadata store server store
m F'
Input file
no server
processing
Burns, Remote Data Checking:… MSST, 24 September 2008.
RDC Audit Protocol
Verify that an untrusted store retains the correct data
– Without transferring the data to the verifier (homomorphism)
RDC Audit Protocol
Verify that an untrusted store retains the correct data
– Without transferring the data to the verifier (homomorphism)
Burns, Remote Data Checking:… MSST, 24 September 2008.
Many RDC Protocols
Hot topic of recent industrial and academic research
– Security [AB+08, BJO08, SW08]
– Others that donʼt quite fit our definition [JK07, KAD07, SM06]
– Related concepts and extensions [CK+08, CKB08, SS+08]
Several core principles have emerged
– Compact signature for multiple blocks: homomorphic tags
– Probabilistic audits via spot checking
– Redundancy in storage with forward error correction
I will explain with Provable Data Possession (PDP)
– Our system [AB+08, CK+08, CKB08]
Many RDC Protocols
Hot topic of recent industrial and academic research
– Security [AB+08, BJO08, SW08]
– Others that donʼt quite fit our definition [JK07, KAD07, SM06]
– Related concepts and extensions [CK+08, CKB08, SS+08]
Several core principles have emerged
– Compact signature for multiple blocks: homomorphic tags
– Probabilistic audits via spot checking
– Redundancy in storage with forward error correction
I will explain with Provable Data Possession (PDP)
– Our system [AB+08, CK+08, CKB08]
Burns, Remote Data Checking:… MSST, 24 September 2008.
b
1
b
2
b
3
b
4
b
5
b
7
b
n
b
9
b
8 ......
b
6
auditor
t
1
t
2
t
3
t
4
t
5
t
6
t
7
t
8
t
9
t
n
PDPʼs Spot Checking
Auditor randomly selects a set
of blocks to challenge
– A constant number for files of any size
b
1
b
2
b
3
b
4
b
5
b
7
b
n
b
9
b
8 ......
b
6
auditor
t
1
t
2
t
3
t
4
t
5
t
6
t
7
t
8
t
9
t
n
PDPʼs Spot Checking
Auditor randomly selects a set
of blocks to challenge
– A constant number for files of any size
Burns, Remote Data Checking:… MSST, 24 September 2008.
b
1
b
2
b
3
b
4
b
5
b
7
b
n
b
9
b
8 ......
b
6
auditor
t
1
t
2
t
3
t
4
t
5
t
6
t
7
t
8
t
9
t
n
Server computes
function of
random block set
s
R
f
R
Small constant amount of data
verifies possession of all blocks
b
2
t
2
b
3
t
3
b
5
t
5
b
8
t
8
=
b
R
t
R
+ f
R+ +
x x x
=
exp
PDPʼs Homomorphic Tags
Server processing is I/O bound
– Single exponentiation per challenge
b
1
b
2
b
3
b
4
b
5
b
7
b
n
b
9
b
8 ......
b
6
auditor
t
1
t
2
t
3
t
4
t
5
t
6
t
7
t
8
t
9
t
n
Server computes
function of
random block set
s
R
f
R
Small constant amount of data
verifies possession of all blocks
b
2
t
2
b
3
t
3
b
5
t
5
b
8
t
8
=
b
R
t
R
+ f
R+ +
x x x
=
exp
PDPʼs Homomorphic Tags
Server processing is I/O bound
– Single exponentiation per challenge
Burns, Remote Data Checking:… MSST, 24 September 2008.
Forward Error Correcting (FEC) Codes
Integrating data checking with redundancy
– Improves possession guarantee realized from spot checking
Attacker cannot effectively delete data
– Big attacks are easy to detect
– Small attacks are recoverable
Use systematic codes [BJO08,CKB08]
– To preserve sequential file layout for read performance
Forward Error Correcting (FEC) Codes
Integrating data checking with redundancy
– Improves possession guarantee realized from spot checking
Attacker cannot effectively delete data
– Big attacks are easy to detect
– Small attacks are recoverable
Use systematic codes [BJO08,CKB08]
– To preserve sequential file layout for read performance
Burns, Remote Data Checking:… MSST, 24 September 2008.
PDP with Reed-Solomon Coding
Systematic RS code keeps original file sequential
– Practical RS codes fixed/limited widths
Layout must conceal coding constraints among blocks
– Random selection of input blocks
– Encryption and permutation of redundancy blocks
b
1
b
2
b
3
b
4
b
5
b
7
b
8
b
6
r
1
r
2
r
3
r
4
6,4 RS Encoder
randomly select groups
of k blocks from b
e
1
e
2
e
4
e
3
b
1
b
2
b
3
b
4
b
5
b
7
b
8
b
6
encrypt and permute
+ = Output File
PDP with Reed-Solomon Coding
Systematic RS code keeps original file sequential
– Practical RS codes fixed/limited widths
Layout must conceal coding constraints among blocks
– Random selection of input blocks
– Encryption and permutation of redundancy blocks
b
1
b
2
b
3
b
4
b
5
b
7
b
8
b
6
r
1
r
2
r
3
r
4
6,4 RS Encoder
randomly select groups
of k blocks from b
e
1
e
2
e
4
e
3
b
1
b
2
b
3
b
4
b
5
b
7
b
8
b
6
encrypt and permute
+ = Output File
Burns, Remote Data Checking:… MSST, 24 September 2008.
PDP+FEC: An Attackerʼs Perspective
Successful attack probability < 0.00001
– 10% redundancy, checking 500kb of a 600MB file
0!
0.2!
0.4!
0.6!
0.8!
1!
0! 1000! 2000! 3000! 4000! 5000!
Blocks Deleted!
Pr(Detect)!Pr(No Damage)!
PDP+FEC: An Attackerʼs Perspective
Successful attack probability < 0.00001
– 10% redundancy, checking 500kb of a 600MB file
0!
0.2!
0.4!
0.6!
0.8!
1!
0! 1000! 2000! 3000! 4000! 5000!
Blocks Deleted!
Pr(Detect)!Pr(No Damage)!
Burns, Remote Data Checking:… MSST, 24 September 2008.
Additional Desirable Properties
Dynamic (or incremental)
– Can modify file contents without exposure to replay attacks
Publicly verifiable
– No secret material needed to conduct audits
Efficient (for pre-processing files)
– Auditing is already quite fast (I/O bound)
Multiple-replica
Privacy preserving [SS+08]
– RDC protocol reveals nothing about the content to the verifier
No single protocol provides all
– Notably, publicly verifiable conflicts with dynamic and efficient
Additional Desirable Properties
Dynamic (or incremental)
– Can modify file contents without exposure to replay attacks
Publicly verifiable
– No secret material needed to conduct audits
Efficient (for pre-processing files)
– Auditing is already quite fast (I/O bound)
Multiple-replica
Privacy preserving [SS+08]
– RDC protocol reveals nothing about the content to the verifier
No single protocol provides all
– Notably, publicly verifiable conflicts with dynamic and efficient
Burns, Remote Data Checking:… MSST, 24 September 2008.
PDP: Observations about RSA
Provably secure
Allows for public-verifiability
– Anyone can check possession (even if they canʼt access content)
– Metadata easy to manage. Itʼs not secret and can be replicated widely or
published.
Supports multi-replica protocols
– Differentiate copies of the same data in network
– Dynamic creation of new copies
Performance limitations for storage
– Must exponentiate every block: to generate the tag
– Suitable for archival data (store once)
– Good audit performance
PDP: Observations about RSA
Provably secure
Allows for public-verifiability
– Anyone can check possession (even if they canʼt access content)
– Metadata easy to manage. Itʼs not secret and can be replicated widely or
published.
Supports multi-replica protocols
– Differentiate copies of the same data in network
– Dynamic creation of new copies
Performance limitations for storage
– Must exponentiate every block: to generate the tag
– Suitable for archival data (store once)
– Good audit performance
Burns, Remote Data Checking:… MSST, 24 September 2008.
Multiple-Replica PDP [CB+08]
Multiple copies in untrusted
networks to protect data
For storing/auditing replicas
– Ensure system stores t unique copies
– Create new replicas on demand
– Need efficient techniques to define
replicas, i.e. better than PDP t times
MR-PDP (Multiple-replica)
– All the above and
– Verify all replicas with single set of
signatures, i.e. O(1) metadata
Multiple-Replica PDP [CB+08]
Multiple copies in untrusted
networks to protect data
For storing/auditing replicas
– Ensure system stores t unique copies
– Create new replicas on demand
– Need efficient techniques to define
replicas, i.e. better than PDP t times
MR-PDP (Multiple-replica)
– All the above and
– Verify all replicas with single set of
signatures, i.e. O(1) metadata
Burns, Remote Data Checking:… MSST, 24 September 2008.
Other Interesting Ideas
Commitment schemes (Safestore [KAD07])
– Have a server provide fresh signatures for many files
– Check a few files among the fresh signatures
– Spot checking across files can be used in conjunction with RDC
Symmetric key homomorphisms [MS06,SW08]
– Makes pre-processing fast
– Supports dynamic RDC
– Not publicly verifiable and metadata must be kept secret
Hierarchical redundancy encoding
– Split redundancy across multiple servers and within file [KAD07]
– Use redundancy in challenge protocol and within file [BJO08]
Other Interesting Ideas
Commitment schemes (Safestore [KAD07])
– Have a server provide fresh signatures for many files
– Check a few files among the fresh signatures
– Spot checking across files can be used in conjunction with RDC
Symmetric key homomorphisms [MS06,SW08]
– Makes pre-processing fast
– Supports dynamic RDC
– Not publicly verifiable and metadata must be kept secret
Hierarchical redundancy encoding
– Split redundancy across multiple servers and within file [KAD07]
– Use redundancy in challenge protocol and within file [BJO08]
Burns, Remote Data Checking:… MSST, 24 September 2008.
Conclusions
Remote data checking supports the outsourced
storage model of service-oriented architectures
PDP and other RDC schemes provide secure and
efficient (in both I/O and network) auditing
– We have yet to get all the desirable features in a single system
Important systems issues remain
– File layouts and redundancy
– Distributed implementations
– Many usable security schemes
Conclusions
Remote data checking supports the outsourced
storage model of service-oriented architectures
PDP and other RDC schemes provide secure and
efficient (in both I/O and network) auditing
– We have yet to get all the desirable features in a single system
Important systems issues remain
– File layouts and redundancy
– Distributed implementations
– Many usable security schemes
Burns, Remote Data Checking:… MSST, 24 September 2008.
References
[AB+07] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson,
and D. Song. “Provable data possession at untrusted stores,” ACM CCS, 2008.
[BJO08] K. Bowers, A. Juels, and A. Oprea, “Proofs of retrievability: Theory and
implementation,” ePrint Archive Report, 2008/175, 2008.
[CKB08] R. Curtmola, O. Khan, and R. Burns. “Robust Remote Data Checking,”
Workshop on Storage Security and Survivability, 2008.
[CK+08] R. Curtmola, O. Khan, R. Burns, and G. Ateniese, “MR-PDP: Multiple-
replica provable data possession,” ICDCS, 2008.
[JK07] A. Juels and B. Kaliski. PORs: Proofs of Retrievability for Large Files.
ACM CCS, 2008.
[KD07] R. Kotla and M. Dahlin. SafeStore: A Durable and Practical Storage
System. USENIX Annual Technical Conference, 2007.
[SM06] T. Schwarz and E. Miller. Store, Forget, and Check: Using Algebraic
Signature to Check Remotely Administered Storage. ICDCS, 2006.
[SS+08] M. A. Shah, R. Swaminathan, and M. Baker, “Privacy-preserving audit
and extraction of digital contents,” ePrint Archive Report, 2008/186, 2008.
[SW08] H. Shacham and B. Waters, “Compact proofs of retrievability,” ePrint
Archive Report, 2008/073, 2008.
References
[AB+07] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson,
and D. Song. “Provable data possession at untrusted stores,” ACM CCS, 2008.
[BJO08] K. Bowers, A. Juels, and A. Oprea, “Proofs of retrievability: Theory and
implementation,” ePrint Archive Report, 2008/175, 2008.
[CKB08] R. Curtmola, O. Khan, and R. Burns. “Robust Remote Data Checking,”
Workshop on Storage Security and Survivability, 2008.
[CK+08] R. Curtmola, O. Khan, R. Burns, and G. Ateniese, “MR-PDP: Multiple-
replica provable data possession,” ICDCS, 2008.
[JK07] A. Juels and B. Kaliski. PORs: Proofs of Retrievability for Large Files.
ACM CCS, 2008.
[KD07] R. Kotla and M. Dahlin. SafeStore: A Durable and Practical Storage
System. USENIX Annual Technical Conference, 2007.
[SM06] T. Schwarz and E. Miller. Store, Forget, and Check: Using Algebraic
Signature to Check Remotely Administered Storage. ICDCS, 2006.
[SS+08] M. A. Shah, R. Swaminathan, and M. Baker, “Privacy-preserving audit
and extraction of digital contents,” ePrint Archive Report, 2008/186, 2008.
[SW08] H. Shacham and B. Waters, “Compact proofs of retrievability,” ePrint
Archive Report, 2008/073, 2008.
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 7
- Slides 19
- Age 415 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
21 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views