AONT-RS: Blending Security and Performance in Dispersed Storage Systems

Dispersing files across multiple sites yields a variety of obvious benefits, such as availability, proximity and reliability. Less obviously, it enables security to be achieved without relying on encryption keys. Standard approaches to dispersal either achieve very high security with correspondingly high computational and storage costs, or low security with lower costs. In this paper, we describe a new dispersal scheme, called AONT-RS, which blends an All-Or-Nothing Transform with Reed-Solomon coding to achieve high security with low computational and storage costs. We evaluate this scheme both theoretically and as implemented with standard open source tools. AONTRS forms the backbone of a commercial dispersed storage system, which we briefly describe and then use as a further experimental testbed. We conclude with details of actual deployments.

[1]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[2]  John Aycock Computer Viruses and Malware (Advances in Information Security) , 2006 .

[3]  Hugo Krawczyk,et al.  Secret Sharing Made Short , 1994, CRYPTO.

[4]  Antony I. T. Rowstron,et al.  Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility , 2001, SOSP.

[5]  Ying Ding,et al.  Note: Correction to the 1997 tutorial on Reed–Solomon coding , 2005, Softw. Pract. Exp..

[6]  Marek Karpinski,et al.  An XOR-based erasure-resilient coding scheme , 1995 .

[7]  Alan D. Martin,et al.  Review of Particle Physics , 2010 .

[8]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[9]  Catherine D. Schuman,et al.  A Performance Evaluation and Examination of Open-Source Erasure Coding Libraries for Storage , 2009, FAST.

[10]  Jérôme Lacan,et al.  Systematic MDS erasure codes based on Vandermonde matrices , 2004, IEEE Communications Letters.

[11]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[12]  Bruce Schneier,et al.  Cryptography Engineering - Design Principles and Practical Applications , 2010 .

[13]  Michael K. Reiter,et al.  Efficient Byzantine-tolerant erasure-coded storage , 2004, International Conference on Dependable Systems and Networks, 2004.

[14]  Stafford E. Tavares,et al.  On the Design of S-Boxes , 1985, CRYPTO.

[15]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[16]  Ethan L. Miller,et al.  POTSHARDS—a secure, recoverable, long-term archival storage system , 2009, TOS.

[17]  Andreas Haeberlen,et al.  Glacier: highly durable, decentralized storage despite massive correlated failures , 2005, NSDI.

[18]  G. S. Vernam Cipher printing telegraph systems: For secret wire and radio telegraphic communications , 2022, Journal of the A.I.E.E..

[19]  B. Cohen,et al.  Incentives Build Robustness in Bit-Torrent , 2003 .

[20]  Ethan L. Miller,et al.  Optimizing Galois Field Arithmetic for Diverse Processor Architectures and Applications , 2008, 2008 IEEE International Symposium on Modeling, Analysis and Simulation of Computers and Telecommunication Systems.

[21]  Mary Baker,et al.  The LOCKSS peer-to-peer digital preservation system , 2005, TOCS.

[22]  GhemawatSanjay,et al.  The Google file system , 2003 .

[23]  James S. Plank A tutorial on Reed-Solomon coding for fault-tolerance in RAID-like systems , 1997 .

[24]  Ethan L. Miller,et al.  Pergamum: Replacing Tape with Energy Efficient, Reliable, Disk-Based Archival Storage , 2008, FAST.

[25]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[26]  Douglas M. Blough,et al.  An approach for fault tolerant and secure data storage in collaborative work environments , 2005, StorageSS '05.

[27]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[28]  Peter Druschel,et al.  Storage management and caching in PAST , 2001 .

[29]  Ben Y. Zhao,et al.  Maintenance-Free Global Data Storage , 2001, IEEE Internet Comput..