Security in Outsourced Storage: Efficiently Checking Integrity and Service Level Agreement Compliance

The storage as a service paradigma has recently raised interest in the security community, where a few works have been proposed to check whether an outsourcer has tampered with the integrity of the outsourced data. In this paper, we assume that storage is outsourced in accordance to some integrity enforcing protocol. Under this assumption, we focus on a specific issue; that is, when the outsourcer is requested to provide access to the outsourced data within a given time-bound—for instance, set in a Service Level Agreement (SLA). This paper provides several contributions: first, we identify and motivate the above requirement in the outsourced storage context; second, we show that current integrity enforcing protocols fail in detecting the violation of the time-bound limit against a rationale malicious outsourcer; third, we show how the outsourcer can actively perform such an attack. Results are supported by thorough analysis and extensive simulations.

[1]  Ethan L. Miller,et al.  Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[2]  Josep Domingo-Ferrer,et al.  Efficient Remote Data Possession Checking in Critical Information Infrastructures , 2008, IEEE Transactions on Knowledge and Data Engineering.

[3]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[4]  Moni Naor,et al.  The complexity of online memory checking , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[5]  Jia Xu,et al.  Remote Integrity Check with Dishonest Storage Server , 2008, ESORICS.

[6]  Stanislaw Jarecki,et al.  Cryptographic Primitives Enforcing Communication and Storage Complexity , 2002, Financial Cryptography.

[7]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[8]  M. E. Galassi,et al.  GNU SCIENTI C LIBRARY REFERENCE MANUAL , 2005 .

[9]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[10]  Manuel Blum,et al.  Checking the correctness of memories , 2005, Algorithmica.

[11]  Takuji Nishimura,et al.  Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator , 1998, TOMC.

[12]  Reza Curtmola,et al.  MR-PDP: Multiple-Replica Provable Data Possession , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[13]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[14]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[15]  David R. O'Hallaron,et al.  Computer Systems: A Programmer's Perspective , 1991 .

[16]  Dennis F. Galletta,et al.  Web Site Delays: How Tolerant are Users? , 2004, J. Assoc. Inf. Syst..

[17]  Fiona Fui-Hoon Nah,et al.  A study on tolerable waiting time: how long are Web users willing to wait? , 2004, AMCIS.