Belisarius: BFT Storage with Confidentiality

Traditional approaches to byzantine fault-tolerance have mostly avoided the problem of confidentiality. Current confidentiality-aware solutions rely on a heavy infrastructure investment or depend on complex key management schemes. The framework presented in this paper relies on a novel approach that combines byzantine fault-tolerance, secure storage and verifiable secret sharing to significantly reduce the additional infra-structure and complexity required by confidentiality protection. The proposed framework was compared to other solutions using a micro-benchmark, and an implementation of TPC-B and NFS.

[1]  Miguel Castro,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OPSR.

[2]  Robert C. Newman Covert computer and network communications , 2007, InfoSecCD '07.

[3]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[4]  I. Damglurd Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation , 2006 .

[5]  Josh Benaloh,et al.  Secret Sharing Homomorphisms: Keeping Shares of A Secret Sharing , 1986, CRYPTO.

[6]  Ramakrishna Kotla,et al.  Zyzzyva , 2007, SOSP.

[7]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[8]  Douglas R. Stinson,et al.  An explication of secret sharing schemes , 1992, Des. Codes Cryptogr..

[9]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[10]  Elaine B. Barker,et al.  Recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes , 2010 .

[11]  Matthew K. Franklin,et al.  The Ω key management service , 1996, CCS '96.

[12]  Martin Tompa,et al.  How to share a secret with cheaters , 1988, Journal of Cryptology.

[13]  Idit Keidar,et al.  Trusting the cloud , 2009, SIGA.

[14]  Rodrigo Rodrigues,et al.  Byzantine Clients Rendered Harmless , 2005, DISC.

[15]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[16]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[17]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[18]  H. Venkateswaran,et al.  Responsive Security for Stored Data , 2003, IEEE Trans. Parallel Distributed Syst..

[19]  Miguel Correia,et al.  DepSky: Dependable and Secure Storage in a Cloud-of-Clouds , 2013, TOS.

[20]  Caroline Fontaine,et al.  A Survey of Homomorphic Encryption for Nonspecialists , 2007, EURASIP J. Inf. Secur..

[21]  Chin-Chen Chang,et al.  Detecting dealer cheating in secret sharing systems , 2000, Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000.

[22]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[23]  Lein Harn,et al.  Detection and identification of cheaters in (t, n) secret sharing scheme , 2009, Des. Codes Cryptogr..

[24]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[25]  Arun Venkataramani,et al.  Separating agreement from execution for byzantine fault tolerant services , 2003, SOSP '03.

[26]  Ethan L. Miller,et al.  POTSHARDS: Secure Long-Term Storage Without Encryption , 2007, USENIX Annual Technical Conference.

[27]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[28]  Miguel Correia,et al.  DepSpace: a byzantine fault-tolerant coordination service , 2008, Eurosys '08.

[29]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[30]  Kaoru Kurosawa,et al.  Optimum Secret Sharing Scheme Secure against Cheating , 1996, EUROCRYPT.

[31]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[32]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[33]  Ed Dawson,et al.  The breadth of Shamir's secret-sharing scheme , 1994, Comput. Secur..