LINCOS: A Storage System Providing Long-Term Integrity, Authenticity, and Confidentiality

The amount of digital data that requires long-term protection of integrity, authenticity, and confidentiality grows rapidly. Examples include electronic health records, genome data, and tax data. In this paper we present the secure storage system LINCOS, which provides protection of integrity, authenticity, and confidentiality in the long-term, i.e., for an indefinite time period. It is the first such system. It uses the long-term integrity scheme COPRIS, which is also presented here and is the first such scheme that does not leak any information about the protected data. COPRIS uses information-theoretic hiding commitments for confidentiality-preserving integrity and authenticity protection. LINCOS uses proactive secret sharing for confidential storage of secret data. We also present implementations of COPRIS and LINCOS. A special feature of our LINCOS implementation is the use of quantum key distribution and one-time pad encryption for information-theoretic private channels within the proactive secret sharing protocol. The technological platform for this is the Tokyo QKD Network, which is one of worlds most advanced networks of its kind. Our experimental evaluation establishes the feasibility of LINCOS and shows that in view of the expected progress in quantum communication technology, LINCOS is a promising solution for protecting very sensitive data in the cloud.

[1]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[2]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[3]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[4]  Eizen Kimura,et al.  Applying secret sharing for HIS backup exchange , 2013, 2013 35th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC).

[5]  Lo,et al.  Unconditional security of quantum key distribution over arbitrarily long distances , 1999, Science.

[6]  Ran Canetti,et al.  Maintaining Security in the Presence of Transient Faults , 1994, CRYPTO.

[7]  Dominic Mayers,et al.  Unconditional security in quantum cryptography , 1998, JACM.

[8]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[9]  Carlisle M. Adams,et al.  Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) , 2001, RFC.

[10]  Detlef Hühnlein,et al.  A Comprehensive Reference Architecture for Trustworthy Long-Term Archiving of Sensitive Data , 2009, 2009 3rd International Conference on New Technologies, Mobility and Security.

[11]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[12]  V. Scarani,et al.  The security of practical quantum key distribution , 2008, 0802.4155.

[13]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[14]  Johannes Braun,et al.  Long term confidentiality: a survey , 2014, Des. Codes Cryptogr..

[15]  Ahto Buldas,et al.  Long-Term Secure Commitments via Extractable-Binding Commitments , 2017, ACISP.

[16]  Denise Demirel,et al.  A security analysis of techniques for long-term integrity protection , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[17]  Stuart Haber,et al.  How to Time-Stamp a Digital Document , 1990, CRYPTO.

[18]  Ralf Brandner,et al.  Evidence Record Syntax (ERS) , 2007, RFC.

[19]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[20]  Jeannette M. Wing,et al.  Verifiable secret redistribution for archive systems , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[21]  Y. V. Natochin,et al.  Integrity , 2019, Neuroscience and Behavioral Physiology.

[22]  Daniel Slamanig,et al.  ARCHISTAR: Towards Secure and Robust Cloud Based Data Sharing , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[23]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[24]  Eizen Kimura,et al.  Simulating Cloud Environment for HIS Backup using Secret Sharing , 2013, MedInfo.

[25]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[26]  Nancy A. Lynch,et al.  Modeling Computational Security in Long-Lived Systems , 2007, CONCUR.

[27]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[28]  Masahide Sasaki,et al.  Unbreakable distributed storage with quantum key distribution network and password-authenticated secret sharing , 2016, Scientific Reports.

[29]  Ahto Buldas,et al.  Long-Term Secure Time-Stamping Using Preimage-Aware Hash Functions - (Short Version) , 2017, ProvSec.

[30]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[31]  Lau Cheuk Lung,et al.  An Infrastructure for Long-Term Archiving of Authenticated and Sensitive Electronic Documents , 2010, EuroPKI.

[32]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[33]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[34]  K. Gopinath,et al.  G_{its}^2 VSR: An Information Theoretical Secure Verifiable Secret Redistribution Protocol for Long-term Archival Storage , 2007 .

[35]  Gilles Brassard,et al.  A brief review on the impossibility of quantum bit commitment , 1997 .

[36]  A R Dixon,et al.  Field test of quantum key distribution in the Tokyo QKD Network. , 2011, Optics express.

[37]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[38]  Johannes A. Buchmann,et al.  Integrity, authenticity, non-repudiation, and proof of existence for long-term archiving: A survey , 2015, Comput. Secur..