Dynamic Proofs of Retrievability Via Oblivious RAM
Tóm tắt
Proofs of retrievability allow a client to store her data on a remote server (e.g., “in the cloud”) and periodically execute an efficient audit protocol to check that all of the data are being maintained correctly and can be recovered from the server. For efficiency, the computation and communication of the server and client during an audit protocol should be significantly smaller than reading/transmitting the data in its entirety. Although the server is only asked to access a few locations of its storage during an audit, it must maintain full knowledge of all client data to be able to pass. Starting with the work of Juels and Kaliski (CCS ’07), all prior solutions to this problem crucially assume that the client data are static and do not allow it to be efficiently updated. Indeed, they all store a redundant encoding of the data on the server, so that the server must delete a large fraction of its storage to “lose” any actual content. Unfortunately, this means that even a single bit modification to the original data will need to modify a large fraction of the server storage, which makes updates highly inefficient. Overcoming this limitation was left as the main open problem by all prior works. In this work, we give the first solution providing proofs of retrievability for dynamic storage, where the client can perform arbitrary reads/writes on any location within her data by running an efficient protocol with the server. At any point in time, the client can execute an efficient audit protocol to ensure that the server maintains the latest version of the client data. The computation and communication complexity of the server and client in our protocols are only polylogarithmic in the size of the client’s data. The starting point of our solution is to split up the data into small blocks and redundantly encode each block of data individually, so that an update inside any data block only affects a few codeword symbols. The main difficulty is to prevent the server from identifying and deleting too many codeword symbols belonging to any single data block. We do so by hiding where the various codeword symbols for any individual data block are stored on the server and when they are being accessed by the client, using the algorithmic techniques of oblivious RAM.
Tài liệu tham khảo
G. Ateniese, R.C. Burns, R. Curtmola, J. Herring, L. Kissner, Z.N.J. Peterson, D. Song. Provable data possession at untrusted stores, in P. Ning, S.D.C. di Vimercati, P.F. Syverson, editors, ACM CCS 07 (ACM Press, 2007), pp. 598–609.
G. Ateniese, S. Kamara, and J. Katz. Proofs of storage from homomorphic identification protocols, in M. Matsui, editor, ASIACRYPT 2009, vol. 5912 of LNCS (Springer, 2009), pp. 319–333.
G. Ateniese, R.D. Pietro, L.V. Mancini, G. Tsudik. Scalable and efficient provable data possession. Cryptology ePrint Archive, Report 2008/114 (2008). http://eprint.iacr.org/.
M. Bellare and O. Goldreich. On defining proofs of knowledge, in E.F. Brickell, editor, CRYPTO’92, vol. 740 of LNCS (Springer, 1993), pp. 390–420.
M. Blum, W.S. Evans, P. Gemmell, S. Kannan, M. Naor. Checking the correctness of memories. Algorithmica, 12(2/3):225–244, (1994).
K. D. Bowers, A. Juels, A. Oprea. HAIL: a high-availability and integrity layer for cloud storage. in E. Al-Shaer, S. Jha, A.D. Keromytis, editors, ACM CCS 09 (ACM Press, 2009), pp. 187–198.
K.D. Bowers, A. Juels, A. Oprea. Proofs of retrievability: theory and implementation, in R. Sion and D. Song, editors, CCSW (ACM, 2009), pp. 43–54.
D. Cash, A. Küpçü, D. Wichs. Dynamic proofs of retrievability via oblivious ram, in EUROCRYPT, (2013).
N. Chandran, B. Kanukurthi, R. Ostrovsky. Locally updatable and locally decodable codes, in TCC, (2014).
B. Chen, R. Curtmola, G. Ateniese, R.C. Burns. Remote data checking for network coding-based distributed storage systems, in A. Perrig and R. Sion, editors, CCSW (ACM, 2010), pp. 31–42.
R. Curtmola, O. Khan, R. Burns, G. Ateniese. Mr-pdp: Multiple-replica provable data possession, in ICDCS, (2008).
Y. Dodis, S.P. Vadhan, D. Wichs. Proofs of retrievability via hardness amplification, in O. Reingold, editor, TCC 2009, vol. 5444 of LNCS (Springer, 2009), pp. 109–127.
C. Dwork, M. Naor, G.N. Rothblum, V. Vaikuntanathan. How efficient can memory checking be? in O. Reingold, editor, TCC 2009, vol. 5444 of LNCS (Springer, 2009), pp. 503–520.
C.C. Erway, A. Küpçü, C. Papamanthou, R. Tamassia. Dynamic provable data possession, in E. Al-Shaer, S. Jha, A.D. Keromytis, editors, ACM CCS 09 (ACM Press, 2009), pp. 213–222.
M. Etemad, A. Küpçü. Transparent, distributed, and replicated dynamic provable data possession, in ACNS (2013).
O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious RAMs. Journal of the ACM, 43(3):431–473, 1996.
S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1):186–208, 1989.
M.T. Goodrich, M. Mitzenmacher. Privacy-preserving access of outsourced data via oblivious RAM simulation, in L. Aceto, M. Henzinger, and J. Sgall, editors, ICALP 2011, Part II, vol. 6756 of LNCS (Springer, 2011), pp. 576–587.
M.T. Goodrich, M. Mitzenmacher, O. Ohrimenko, R. Tamassia. Oblivious RAM simulation with efficient worst-case access overhead, in CCSW (2011), pp. 95–100.
M.T. Goodrich, M. Mitzenmacher, O. Ohrimenko, R. Tamassia. Privacy-preserving group data access via stateless oblivious ram simulation, in SODA (2012), pp. 157–167.
W. Hoeffding. Probability inequalities for sums of bounded random variables. Journal of the American Statistical Association, 58(301):13–30, 1963.
A. Juels, B.S. Kaliski Jr. Pors: proofs of retrievability for large files, in P. Ning, S.D.C. di Vimercati, P.F. Syverson, editors, ACM CCS 07 (ACM Press, 2007), pp. 584–597.
A. Kirsch, M. Mitzenmacher, and U. Wieder. More robust hashing: Cuckoo hashing with a stash. SIAM J. Comput., 39(4):1543–1561, 2009.
A. Küpçü. Efficient Cryptography for the Next Generation Secure Cloud. Ph.D. thesis, Brown University (2010).
A. Küpçü. Efficient Cryptography for the Next Generation Secure Cloud: Protocols, Proofs, and Implementation. (Lambert Academic Publishing, 2010).
M. Naor, G.N. Rothblum. The complexity of online memory checking, in 46th FOCS (IEEE Computer Society Press, 2005), pp. 573–584.
R. Ostrovsky, V. Shoup. Private information storage (extended abstract), in 29th ACM STOC (ACM Press, 1997), pp. 294–303.
R. Pagh and F. F. Rodler. Cuckoo hashing. J. Algorithms, 51(2):122–144, 2004.
B. Pinkas, T. Reinman. Oblivious RAM revisited. In T. Rabin, editor, CRYPTO, vol. 6223 of LNCS (Springer, 2010), pp. 502–519.
H. Shacham, B. Waters. Compact proofs of retrievability, in J. Pieprzyk, editor, ASIACRYPT 2008, vol. 5350 of LNCS (Springer, 2008), pp. 90–107.
E. Shi, T.-H.H. Chan, E. Stefanov, M. Li. Oblivious ram with o((logn)3) worst-case cost, in D.H. Lee, X. Wang, editors, ASIACRYPT, vol. 7073 of Lecture Notes in Computer Science (Springer, 2011), pp. 197–214.
E. Shi, E. Stefanov, C. Papamanthou. Practical dynamic proofs of retrievability, in ACM CCS (2013).
E. Stefanov, M. van Dijk, A. Oprea, A. Juels. Iris: a scalable cloud file system with efficient integrity checks. Cryptology ePrint Archive, Report 2011/585 (2011). http://eprint.iacr.org/.
E. Stefanov, M. van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, S. Devadas. Path oram: An extremely simple oblivious ram protocol, in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS ’13 (2013), pp. 299–310.
Q. Wang, C. Wang, J. Li, K. Ren, W. Lou. Enabling public verifiability and data dynamics for storage security in cloud computing. In M. Backes, P. Ning, editors, ESORICS 2009, vol. 5789 of LNCS (Springer, 2009), pp. 355–370.
P. Williams, R. Sion, B. Carbunar. Building castles out of mud: practical access pattern privacy and correctness on untrusted storage, in P. Ning, P.F. Syverson, S. Jha, editors, ACM CCS 08 (ACM Press, 2008), pp. 139–148.
C. C. Erway, A. Küpçü, C. Papamanthou, R. Tamassia. Dynamic provable data possession. ACM Trans. Inf. Syst. Secur., 17(4):15, 2015.