Practical Share Renewal for Large Amounts of Data

Threshold secret sharing schemes encode data into several shares such that a threshold number of shares can be used to recover the data. Such schemes provide confidentiality of stored data without using encryption, thus avoiding the problems associated with key management. To provide long-term confidentiality, proactive secret sharing techniques can be used, where shares are refreshed or renewed periodically so that an adversary who obtains fewer than the threshold shares in each time period does not learn any information on the encoded data. Share renewal is an expensive process, in terms of the computation and network communication involved. In the proactive model, this share renewal process must complete as soon as possible so that an adversary who compromises servers in the present time period does not learn shares stored in the last time period. This paper proposes an algorithm where the shares of all the stored data are renewed by the share renewal of only one secret. The computation and network communication overheads are thus drastically reduced, allowing for the share renewal of all the stored data to complete quickly. These benefits are gained at the expense of some performance penalty during reads and writes, which is shown to be worthwhile.

[1]  Josh Benaloh,et al.  Secret Sharing Homomorphisms: Keeping Shares of A Secret Sharing , 1986, CRYPTO.

[2]  Aviel D. Rubin,et al.  Publius: a robust, tamper-evident, censorship-resistant web publishing system , 2000 .

[3]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[4]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[5]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[6]  Maurice Herlihy,et al.  How to Make Replicated Data Secure , 1987, CRYPTO.

[7]  Gagan Agrawal,et al.  Coding-Based Replication Schemes for Distributed Systems , 1995, IEEE Trans. Parallel Distributed Syst..

[8]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[9]  Ran Canetti,et al.  Proactive Security: Long-term protection against break-ins , 1997 .

[10]  H. Venkateswaran,et al.  Responsive Security for Stored Data , 2003, IEEE Trans. Parallel Distributed Syst..

[11]  Douglas M. Blough,et al.  Using Byzantine Quorum Systems to Manage Confidential Data , 2004 .

[12]  Robert S. Cahn,et al.  Design and Implementation of a Secure Distributed Data Repository , 1998 .

[13]  Roger Dingledine,et al.  The Free Haven Project: Distributed Anonymous Storage Service , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[14]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.

[15]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[16]  H. Venkateswaran,et al.  A secure and highly available distributed store for meeting diverse data storage needs , 2001, 2001 International Conference on Dependable Systems and Networks.

[17]  R. Anderson The Eternity Service , 1996 .

[18]  Douglas M. Blough,et al.  A reconfigurable Byzantine quorum approach for the Agile Store , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[19]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[20]  Andrew V. Goldberg,et al.  A prototype implementation of archival Intermemory , 1999, DL '99.

[21]  Jeannette M. Wing,et al.  Verifiable secret redistribution for archive systems , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[22]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).