Fair and dynamic proofs of retrievability

Cloud computing is getting increasingly popular, but has yet to be widely adopted arguably because there are many security and privacy problems that have not been adequately addressed. A specific problem encountered in the context of cloud storage, where clients outsource their data (files) to untrusted cloud storage servers, is to convince the clients that their data are kept intact at the storage servers. An important approach to achieve this goal is called Proof of Retrievability (POR), by which a storage server can convince a client --- via a concise proof --- that its data can be recovered. However, existing POR solutions can only deal with static data (i.e., data items must be fixed), and actually are not secure when used to deal with dynamic data (i.e., data items need be inserted, deleted, and modified). Motivated by the need to securely deal with dynamic data, we propose the first dynamic POR scheme for this purpose. Moreover, we introduce a new property, called fairness, which is necessary and also inherent to the setting of dynamic data because, without ensuring it, a dishonest client could legitimately accuse an honest cloud storage server of manipulating its data. Our solution is based on two new tools, one is an authenticated data structure we call range-based 2-3 trees (rb23Tree for short), and the other is an incremental signature scheme we call hash-compress-and-sign (HCS for short). These tools might be of independent value as well.

[1]  Alfred V. Aho,et al.  The Design and Analysis of Computer Algorithms , 1974 .

[2]  Yevgeniy Dodis,et al.  Proofs of Retrievability via Hardness Amplification , 2009, IACR Cryptol. ePrint Arch..

[3]  Mihir Bellare,et al.  A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost , 1997, EUROCRYPT.

[4]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[5]  H. Chernoff A Measure of Asymptotic Efficiency for Tests of a Hypothesis Based on the sum of Observations , 1952 .

[6]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[7]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[8]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[9]  Ari Juels,et al.  Proofs of retrievability: theory and implementation , 2009, CCSW '09.

[10]  Moni Naor,et al.  How Efficient Can Memory Checking Be? , 2009, TCC.

[11]  Daniele Micciancio,et al.  Oblivious data structures: applications to cryptography , 1997, STOC '97.

[12]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[13]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[14]  Mihir Bellare,et al.  Incremental Cryptography: The Case of Hashing and Signing , 1994, CRYPTO.

[15]  Michael Burrows,et al.  A Cooperative Internet Backup Scheme , 2003, USENIX Annual Technical Conference, General Track.

[16]  Mihir Bellare,et al.  Incremental cryptography and application to virus protection , 1995, STOC '95.

[17]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[18]  Ronald L. Rivest,et al.  The Design and Analysis of Computer Algorithms , 1990 .

[19]  Ari Juels,et al.  HAIL: a high-availability and integrity layer for cloud storage , 2009, CCS.

[20]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[21]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .