Proof of retrievability with public verifiability resilient against related-key attacks

Modern technologies such as cloud computing, grid computing and software as a service all require data to be stored by the third parties. A specific problem encountered in this context is to convince a verifier that a user's data are kept intact at the storage servers. An important approach to achieve this goal is called proof of retrievability, by which a storage server can assure a verifier via a concise proof that a user's file is available. However, for most publicly verifiable systems, existing proof of retrievability solutions do not take physical attacks into consideration, where an adversary can observe the outcome of the computation with methods like fault injection techniques. In fact, the authors find that giving the adversary the ability to obtain the information about the relations between the private keys, those systems are not secure anymore. Motivated by the need of preventing this kind of attacks, they present the security model for related-key attacks in publicly verifiable proofs of retrievability, where the adversary can subsequently observe the outcome of the publicly verifiable proof of retrievability under the modified key. After pointing out a linear related-key attack on an existing proof of retrievability system with public verifiability, they present a secure and efficient proof of retrievability with public verifiability, against related-key attacks.

[1]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[2]  Eli Biham,et al.  New Types of Cryptanalytic Attacks Using related Keys (Extended Abstract) , 1994, EUROCRYPT.

[3]  Salve Bhagyashri Salve Bhagyashri,et al.  Privacy-Preserving Public Auditing For Secure Cloud Storage , 2014 .

[4]  Kenneth G. Paterson,et al.  RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures , 2012, IACR Cryptol. ePrint Arch..

[5]  Hoeteck Wee Public Key Encryption against Related Key Attacks , 2012, Public Key Cryptography.

[6]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[7]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[8]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[9]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[10]  Stefan Lucks Ciphers Secure against Related-Key Attacks , 2004, FSE.

[11]  M. Mrinalni Vaknishadh,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2012 .

[12]  M. Phil,et al.  PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING , 2015 .

[13]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[14]  David Cash,et al.  Pseudorandom Functions and Permutations Provably Secure against Related-Key Attacks , 2010, CRYPTO.

[15]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[16]  Ethan L. Miller,et al.  Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[17]  Dwaine E. Clarke,et al.  Towards constant bandwidth overhead integrity checking of untrusted data , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[18]  Ngoc Tram Anh Nguyen Fair and dynamic proofs of retrievability , 2014 .

[19]  Manuel Blum,et al.  Checking the correctness of memories , 2005, Algorithmica.

[20]  Yuval Ishai,et al.  Semantic Security under Related-Key Attacks and Applications , 2011, ICS.

[21]  Josep Domingo-Ferrer,et al.  Efficient Remote Data Possession Checking in Critical Information Infrastructures , 2008, IEEE Transactions on Knowledge and Data Engineering.

[22]  Adam O'Neill,et al.  Correlated-Input Secure Hash Functions , 2011, TCC.

[23]  Moni Naor,et al.  The Complexity of Online Memory Checking , 2005, FOCS.

[24]  Paulo S. L. M. Barreto,et al.  Demonstrating data possession and uncheatable data transfer , 2006, IACR Cryptol. ePrint Arch..