Privacy-Preserving Audit and Extraction of Digital Contents

A growing number of online services, such as Google, Yahoo!, and Amazon, are starting to charge users for their storage. Customers often use these services to store valuable data such as email, family photos and videos, and disk backups. Today, a customer must entirely trust such external services to maintain the integrity of hosted data and return it intact. Unfortunately, no service is infallible. To make storage services accountable for data loss, we present protocols that allow a thirdparty auditor to periodically verify the data stored by a service and assist in returning the data intact to the customer. Most importantly, our protocols are privacy-preserving, in that they never reveal the data contents to the auditor. Our solution removes the burden of verification from the customer, alleviates both the customer’s and storage service’s fear of data leakage, and provides a method for independent arbitration of data retention contracts.

[1]  Mary Baker,et al.  Enabling the Archival Storage of Signed Documents , 2002, FAST.

[2]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[3]  Mary Baker,et al.  Preserving peer replicas by rate-limited sampled voting , 2003, SOSP '03.

[4]  Mary Baker,et al.  Auditing to Keep Online Storage Services Honest , 2007, HotOS.

[5]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[6]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[7]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[8]  Mihir Bellare,et al.  The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols , 2004, CRYPTO.

[9]  Eduardo Pinheiro,et al.  Failure Trends in a Large Disk Drive Population , 2007, FAST.

[10]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[11]  Mary Baker,et al.  A fresh look at the reliability of long-term digital storage , 2005, EuroSys.

[12]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[13]  Shankar Pasupathy,et al.  An analysis of latent sector errors in disk drives , 2007, SIGMETRICS '07.

[14]  Ethan L. Miller,et al.  POTSHARDS: Secure Long-Term Storage Without Encryption , 2007, USENIX Annual Technical Conference.

[15]  Andrea C. Arpaci-Dusseau,et al.  An analysis of data corruption in the storage stack , 2008, TOS.

[16]  Ethan L. Miller,et al.  Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[17]  Bianca Schroeder,et al.  Disk Failures in the Real World: What Does an MTTF of 1, 000, 000 Hours Mean to You? , 2007, FAST.

[18]  Brian D. Noble,et al.  Samsara: honor among thieves in peer-to-peer storage , 2003, SOSP '03.

[19]  Michael Burrows,et al.  A Cooperative Internet Backup Scheme , 2003, USENIX Annual Technical Conference, General Track.