research-article

Multi-user dynamic proofs of data possession using trusted hardware

Authors:
Stephen R. Tate

UNC Greensboro, Greensboro, USA

UNC Greensboro, Greensboro, USA
View Profile

,
Roopa Vishwanathan

UNC Greensboro, Greensboro, USA

UNC Greensboro, Greensboro, USA
View Profile

,
Lance Everhart

UNC Greensboro, Greensboro, USA

UNC Greensboro, Greensboro, USA
View Profile

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacyFebruary 2013Pages 353–364https://doi.org/10.1145/2435349.2435400

Published:18 February 2013Publication History

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

Pages 353–364

ABSTRACT

In storage outsourcing services, clients store their data on a potentially untrusted server, which has more computational power and storage capacity than the individual clients. In this model, security properties such as integrity, authenticity, and freshness of stored data ought to be provided, while minimizing computational costs at the client, and communication costs between the client and the server. Using trusted computing technology on the server's side, we propose practical constructions in the provable data possession model that provide integrity and freshness in a dynamic, multi-user setting, where groups of users can update their shared files on the remote, untrusted server. Unlike previous solutions based on a single-user, single-device model, we consider a multi-user, multi-device model. Using trusted hardware on the server helps us to eliminate some of the previously known challenges with this model, such as forking and rollback attacks by the server. We logically separate bulk storage and data authentication issues to different untrusted remote services, which can be implemented either on the same or different physical servers. With only minor modifications to existing services, the bulk storage component can be provided by large-scale storage providers such as Google, CloudDrive, DropBox, and a smaller specialized server equipped with a trusted hardware chip can be used for providing data authentication. Our constructions eliminate client-side storage costs (clients do not need to maintain persistent state), and are suitable for situations in which multiple clients work collaboratively on remotely stored, outsourced data.

References

G. Ateniese, R. C. Burns, R. Curtmola, J. Herring, L. Kissner, Z. N. J. Peterson, and D. X. Song. Provable data possession at untrusted stores. In ACM CCS, pages 598--609, 2007. Google ScholarDigital Library
G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik. A practical and provably secure coalition resistant group signature scheme. In CRYPTO, pages 255--270, 2000. Google ScholarDigital Library
G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik. Scalable and efficient provable data possession. In SecureComm, 2008. Article 9. Google ScholarDigital Library
K. D. Bowers, A. Juels, and A. Oprea. Hail: a high-availability and integrity layer for cloud storage. In ACM CCS, pages 187--198, 2009. Google ScholarDigital Library
C. Cachin. Integrity and consistency for untrusted services. In SOFSEM, pages 1--14, 2011. Google ScholarDigital Library
C. Cachin, I. Keidar, and A. Shraer. Fail-aware untrusted storage. In DSN, pages 494--503, 2009.Google ScholarCross Ref
B.-G. Chun, P. Maniatis, S. Shenker, and J. Kubiatowicz. Attested append-only memory: making adversaries stick to their word. In SOSP, pages 189--204, 2007. Google ScholarDigital Library
C. C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia. Dynamic provable data possession. In ACM CCS, pages 213--222, 2009. Google ScholarDigital Library
A. J. Feldman, W. P. Zeller, M. J. Freedman, and E. W. Felten. SPORC: Group collaboration using untrusted cloud resources. In OSDI, pages 337--350, 2010. Google ScholarDigital Library
J. Feng, Y. Chen, D. Summerville, W.-S. Ku, and Z. Su. Enhancing cloud storage security against roll-back attacks with a new fair multi-party non-repudiation protocol. In Proc. IEEE Consumer Communications and Networking Conference (CCNC), pages 521--522, 2011.Google ScholarCross Ref
M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia. Practical oblivious storage. In ACM CODASPY, pages 13--24, 2012. Google ScholarDigital Library
V. Gunupudi and S. R. Tate. Timing-accurate TPM simulation for what-if explorations in trusted computing. In Proceedings of the International Symposium on Performance Evaluation of Computer and Telecommunicatoin Systems (SPECTS), pages 171--178, 2010.Google Scholar
A. Juels and B. S. Kaliski, Jr. PORs: Proofs of retrievability for large files. In ACM CCS, pages 584--597, 2007. Google ScholarDigital Library
H. Kaplan. Persistent data structures. In Handbook on Data Structures and Applications. CRC Press, 2001.Google Scholar
D. Levin, J. R. Douceur, J. R. Lorch, and T. Moscibroda. TrInc: Small trusted hardware for large distributed systems. In NSDI, pages 1--14, 2009. Google ScholarDigital Library
J. Li, M. N. Krohn, D. Mazieres, and D. Shasha. Secure untrusted data repository (SUNDR). In OSDI, pages 121--136, 2004. Google ScholarDigital Library
J. Li and D. Mazieres. Beyond one-third faulty replicas in Byzantine fault tolerant systems. In NSDI, 2007. Google ScholarDigital Library
P. Mahajan, S. T. V. Setty, S. Lee, A. Clement, L. Alvisi, M. Dahlin, and M. Walfish. Depot: Cloud storage with minimal trust. In OSDI, pages 307--322, 2010. Google ScholarDigital Library
D. Mazieres and D. Shasha. Don't trust your file server. In Workshop on Hot Topics in Operating Systems, pages 113--118, 2001. Google ScholarDigital Library
D. Mazi`eres and D. Shasha. Building secure file systems out of Byzantine storage. In ACM PODC, pages 108--117, 2002. Google ScholarDigital Library
J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. D. Gligor, and A. Perrig. TrustVisor: Efficient TCB reduction and attestation. In IEEE Symposium on Security and Privacy, pages 143--158, 2010. Google ScholarDigital Library
J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In EuroSys, pages 315--328, 2008. Google ScholarDigital Library
R. C. Merkle. A digital signature based on a conventional encryption function. In CRYPTO, pages 369--378, 1987. Google ScholarDigital Library
T. Moyer, K. Butler, J. Schiffman, P. McDaniel, and T. Jaeger. Scalable web content attestation. In ACSAC, pages 95--104, 2009. Google ScholarDigital Library
L. F. G. Sarmenta, M. v. Dijk, C. W. O'Donnell, J. Rhodes, and S. Devadas. Virtual monotonic counters and count-limited objects using a TPM without a trusted OS. In Proceedings of the First ACM Workshop on Scalable Trusted Computing, pages 27--42, 2006. Google ScholarDigital Library
H. Shacham and B. Waters. Compact proofs of retrievability. In ASIACRYPT, pages 90--107, 2008. Google ScholarDigital Library
A. Shraer, C. Cachin, A. Cidon, I. Keidar, Y. Michalevsky, and D. Shaket. Venus: verification for untrusted cloud storage. In CCSW, pages 19--30, 2010. Google ScholarDigital Library
E. Stefanov, M. van Dijk, A. Oprea, and A. Juels. Iris: A scalable cloud file system with efficient integrity checks. IACR Cryptology ePrint Archive, 2011, 2011.Google Scholar
S. R. Tate and R. Vishwanathan. Performance evaluation of TPM-based digital wallets. In International Symposium on Performance Evaluation of Computer and Telecommunication Systems, pages 179--186, 2010.Google Scholar
S. R. Tate, R. Vishwanathan, and L. Everhart. Multi-user dynamic proofs of data possession using trusted hardware - expanded version. Available at http://span.uncg.edu/pubs, 2012.Google Scholar
Trusted Computing Group. Trusted Platform Module Specifications - Parts 1-3. Available at https://www.trustedcomputinggroup.org/specs/TPM/.Google Scholar
M. van Dijk, J. Rhodes, L. F. G. Sarmenta, and S. Devadas. Offline untrusted storage with immediate detection of forking and replay attacks. In Workshop on Scalable Trusted Computing, pages 41--48, 2007. Google ScholarDigital Library
M. van Dijk, L. Sarmenta, C. O'Donnell, and S. Devadas. Proof of freshness: How to efficiently use an online single secure clock to secure shared untrusted memory. Technical Report CSG Memo 496, MIT, 2006.Google Scholar
H. Xiong, X. Zhang, D. Yao, X. Wu, and Y. Wen. Towards end-to-end secure content storage and delivery with public cloud. In ACM CODASPY, pages 257--266, 2012. Google ScholarDigital Library
Q. Zheng and S. Xu. Fair and dynamic proofs of retrievability. In ACM CODASPY, pages 237--248, 2011. Google ScholarDigital Library

Index Terms

Multi-user dynamic proofs of data possession using trusted hardware
1. Information systems
  1. Information systems applications

Recommendations

Dynamic Provable Data Possession

As storage-outsourcing services and resource-sharing networks have become popular, the problem of efficiently proving the integrity of data stored at untrusted servers has received increased attention. In the Provable Data Possession (PDP) model, the ...
Read More
Authenticated storage using small trusted hardware
CCSW '13: Proceedings of the 2013 ACM workshop on Cloud computing security workshop

A major security concern with outsourcing data storage to third-party providers is authenticating the integrity and freshness of data. State-of-the-art software-based approaches require clients to maintain state and cannot immediately detect forking ...
Read More
Identity-based provable data possession revisited

Provable Data Possession (PDP), which enables cloud users to verify the data integrity without retrieving the entire file, is highly essential for cloud storage. Observing all the existing PDP schemes rely on the Public Key Infrastructure (PKI), Wang ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy
February 2013
400 pages
ISBN:9781450318907
DOI:10.1145/2435349
General Chairs:
Elisa Bertino
Purdue University, USA
,
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Lujo Bauer
Carnegie Mellon University, USA
,
Publications Chair:
Jaehong Park
University of Texas at San Antonio, USA
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 18 February 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
cloud storage
data outsourcing
trusted hardware
Qualifiers
- research-article
Conference

Acceptance Rates
CODASPY '13 Paper Acceptance Rate24of107submissions,22%Overall Acceptance Rate149of789submissions,19%
More
Upcoming Conference
CODASPY '24

Sponsor:

sigsac

Fourteenth ACM Conference on Data and Application Security and Privacy

June 19 - 21, 2024

Porto , Portugal
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 22
  Total Citations
  View Citations
- 323
  Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Multi-user dynamic proofs of data possession using trusted hardware

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

ABSTRACT

References

Cited By

Index Terms

Recommendations

Dynamic Provable Data Possession

Authenticated storage using small trusted hardware

Identity-based provable data possession revisited