Toward securing untrusted storage without public-key operations

Adding security capabilities to shared, remote and untrusted storage file systems leads to performance degradation that limits their use. Public-key cryptographic primitives, widely used in such file systems, are known to have worse performance than their symmetric key counterparts. In this paper we examine design alternatives that avoid public-key cryptography operations to achieve better performance. We present the trade-offs and limitations that are introduced by these substitutions.

[1]  Adrian Perrig,et al.  The BiBa one-time signature and broadcast authentication protocol , 2001, CCS '01.

[2]  Markus Jakobsson,et al.  Fractal hash sequence representation and traversal , 2002, Proceedings IEEE International Symposium on Information Theory,.

[3]  Smitha Surapaneni Secret Key Agreement without Public-Key Cryptography , 2003 .

[4]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[5]  Dennis Shasha,et al.  Don't trust your file server , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[6]  Paul Stanton Securing Data in Storage: A Review of Current Research , 2004, ArXiv.

[7]  Avishai Wool,et al.  One-Time Signatures Revisited: Have They Become Practical? , 2005, IACR Cryptol. ePrint Arch..

[8]  Rolf Blom,et al.  An Optimal Class of Symmetric Key Generation Systems , 1985, EUROCRYPT.

[9]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[10]  David Mazières,et al.  Separating key management from file system security , 1999, SOSP.

[11]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[12]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[13]  Moti Yung,et al.  Perfectly Secure Key Distribution for Dynamic Conferences , 1998, Inf. Comput..

[14]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[15]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[16]  Darrell D. E. Long,et al.  Strong Security for Network-Attached Storage , 2002, FAST.

[17]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[18]  Erik Riedel,et al.  A Framework for Evaluating Storage System Security , 2002, FAST.

[19]  Howard Gobioff,et al.  Security for Network Attached Storage Devices , 1997 .

[20]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.