presentation - ESORICS 2014
StealthGuard: Proofs of Retrievability with Hidden Watchdogs Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva and Melek Önen ESORICS, Wrocław, Poland, September 7, 2014
Cloud Computing – Data Outsourcing § Advantages Ø High availability Ø Multi-tenancy Ø Elasticity & Flexibility Ø Decreased Costs
§ Drawbacks Ø Loss of Control Ø Lack of Trust
Slide 2
Data Loss Examples in the Cloud 2009, the Sidekick data loss System failure Loss of contact list, messages, e-mails, photos, calendar entries
2009
2010
2011, Hotmail webmail service Service outage Loss of contact list and e-mails
2011
2012
2013
2011, Gmail Software update Loss of e-mails 2011, Amazon Web Services
2013, Data loss: 2nd Notorious Nine Top Threat in Cloud Computing
Server crash Loss of data
Slide 3
Data Retrievability in the Cloud § Retrievability = Integrity + Availability
§ Challenges Ø Big data Ø No more physical possession of the data by the client Ø Limited resources at the client
Slide 4
Proofs of Retrievability: Related Work § Deterministic solutions: [Deswarte et. al, Filho et. al, ..] Ø Verification of the entire data ⇒ costly
§ Probabilistic solutions: [Ateniese et. al., Juels et. al., Shacham et.al...] Ø Homomorphic tag and random verification ⇒ Costly generation of tags Ø Randomly located sentinels ⇒ Limited number of verifications Ø Other techniques F Authenticated rank-based skip lists [Erway et al.] F Lagrangian interpolation [Krzywiecki et al.] F Polynomial commitment [Xu et al.] Slide 5
Proofs of Retrievability: StealthGuard E n c r y p t
w
Slide 6
Proofs of Retrievability: StealthGuard Watchdog Search Query (Privacy Preserving)
w1 w2 w3 w4 wn Yes/No Yes/No Yes/No Yes/No Yes/No Missing watchdog
Missing data split
Slide 7
StealthGuard: Setup phase S1
S2
Si
Sn
F= Split-level ECC
File-level permutation
Encryption
Watchdog creation and insertion
w1j w1v w2j w2v wij wiv wnj wnv
Slide 8
StealthGuard: Watchdog Search Fid, index i, nonce r ⇒ w w ⇒ PIR (X,Y)
Verifier Cloud
w
H(
1
1
,r)
…
Split i
1101001…
0
1
Slide 9
StealthGuard: Watchdog Search Fid, index i, nonce r ⇒ w w ⇒ PIR (X,Y)
Verifier Cloud
w PIR (X,Y)
Split i
… x
1 1 0 1
1 0 0 1
0 0 1 1
1 0 1 0
1 0 1 0
1 1 0 1
1 1 1 1
0 0 1 1
0 0 1 0
0 0 1 1
0 0 1 1
1 0 0 1
=
=
=
=
Resp 1
Resp 2
Resp j
Resp q
Slide 10
StealthGuard: Verification Cloud Resp 1
Resp 2
Resp j
Resp q
Verifier Response Unblinding
0
0
1
1
0011…
? = H(wdog, r)
True ⇒ Integrity
False ⇒ Corruption Slide 11
Security Analysis of StealthGuard § Completeness § Soundness
§
Ex: File of 4 GB of n=32768 splits, D=4552 blocks, ρ=5%, τ=60
⇒ γ = 1719 times
Slide 12
Performance Evaluation of StealthGuard §
Scheme
Setup
Storage
Server
Verification
Comm.
Ateniese et al.
105 exp 106 mul
267 MB
103 PRP, 103 PRF 103 exp, 104 mul
104 exp 104 PRP
316 B
Juels and Kaliski
106 PRF
30 MB
N/A
104 PRP
33 MB
Shacham and Waters
107 PRF 109 mul
51 MB
104 mul
102 mul
3 KB
Xu et al.
105 mul 106 PRF
26 MB
102 exp 105 mul
104 mul 104 PRF
36 KB
StealthGuard
105 PRF 105 PRF
8 MB
105 mul
106 mul
50 MB
Slide 13
Summary and Future Work § StealthGuard: a new POR scheme Ø Privacy-preserving watchdog search Ø Unbounded number of verifications Ø Generic security model for POR
§ Prototype and experimental validation § Future Work: StealthGuard with dispute resolution
Slide 14
THANK YOU
References [ABC2007] Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson, and Dawn Song. 2007. Provable data possession at untrusted stores. In Proceedings of the 14th ACM conference on Computer and communications security (CCS '07). ACM, New York, NY, USA, 598-609 [DQ2004] Yves Deswarte, Jean-Jacques Quisquater. Remote integrity checking. In Proc. of Conference on Integrity and Internal Control in Information Systems (IICIS’03), November 2003. [FB2006] Décio Luiz Gazzoni Filho and Paulo Sergio Licciardi Messeder Baretto. Demonstrating data possession and uncheatable data transfer. IACR ePrint archive, 2006. Report 2006/150 [JK2007] Ari Juels and Burton S. Kaliski, Jr.. 2007. Pors: proofs of retrievability for large files. In Proceedings of the 14th ACM conference on Computer and communications security (CCS '07). ACM, New York, NY, USA, 584-597 [SW2008] Hovav Shacham and Brent Waters. 2008. Compact Proofs of Retrievability. In Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT '08), Josef Pieprzyk (Ed.). Springer-Verlag, Berlin, Heidelberg, 90-107
Slide 16
Cloud Computing – Data Outsourcing § Advantages Ø High availability Ø Multi-tenancy Ø Elasticity & Flexibility Ø Decreased Costs
§ Drawbacks Ø Loss of Control Ø Lack of Trust
Slide 2
Data Loss Examples in the Cloud 2009, the Sidekick data loss System failure Loss of contact list, messages, e-mails, photos, calendar entries
2009
2010
2011, Hotmail webmail service Service outage Loss of contact list and e-mails
2011
2012
2013
2011, Gmail Software update Loss of e-mails 2011, Amazon Web Services
2013, Data loss: 2nd Notorious Nine Top Threat in Cloud Computing
Server crash Loss of data
Slide 3
Data Retrievability in the Cloud § Retrievability = Integrity + Availability
§ Challenges Ø Big data Ø No more physical possession of the data by the client Ø Limited resources at the client
Slide 4
Proofs of Retrievability: Related Work § Deterministic solutions: [Deswarte et. al, Filho et. al, ..] Ø Verification of the entire data ⇒ costly
§ Probabilistic solutions: [Ateniese et. al., Juels et. al., Shacham et.al...] Ø Homomorphic tag and random verification ⇒ Costly generation of tags Ø Randomly located sentinels ⇒ Limited number of verifications Ø Other techniques F Authenticated rank-based skip lists [Erway et al.] F Lagrangian interpolation [Krzywiecki et al.] F Polynomial commitment [Xu et al.] Slide 5
Proofs of Retrievability: StealthGuard E n c r y p t
w
Slide 6
Proofs of Retrievability: StealthGuard Watchdog Search Query (Privacy Preserving)
w1 w2 w3 w4 wn Yes/No Yes/No Yes/No Yes/No Yes/No Missing watchdog
Missing data split
Slide 7
StealthGuard: Setup phase S1
S2
Si
Sn
F= Split-level ECC
File-level permutation
Encryption
Watchdog creation and insertion
w1j w1v w2j w2v wij wiv wnj wnv
Slide 8
StealthGuard: Watchdog Search Fid, index i, nonce r ⇒ w w ⇒ PIR (X,Y)
Verifier Cloud
w
H(
1
1
,r)
…
Split i
1101001…
0
1
Slide 9
StealthGuard: Watchdog Search Fid, index i, nonce r ⇒ w w ⇒ PIR (X,Y)
Verifier Cloud
w PIR (X,Y)
Split i
… x
1 1 0 1
1 0 0 1
0 0 1 1
1 0 1 0
1 0 1 0
1 1 0 1
1 1 1 1
0 0 1 1
0 0 1 0
0 0 1 1
0 0 1 1
1 0 0 1
=
=
=
=
Resp 1
Resp 2
Resp j
Resp q
Slide 10
StealthGuard: Verification Cloud Resp 1
Resp 2
Resp j
Resp q
Verifier Response Unblinding
0
0
1
1
0011…
? = H(wdog, r)
True ⇒ Integrity
False ⇒ Corruption Slide 11
Security Analysis of StealthGuard § Completeness § Soundness
§
Ex: File of 4 GB of n=32768 splits, D=4552 blocks, ρ=5%, τ=60
⇒ γ = 1719 times
Slide 12
Performance Evaluation of StealthGuard §
Scheme
Setup
Storage
Server
Verification
Comm.
Ateniese et al.
105 exp 106 mul
267 MB
103 PRP, 103 PRF 103 exp, 104 mul
104 exp 104 PRP
316 B
Juels and Kaliski
106 PRF
30 MB
N/A
104 PRP
33 MB
Shacham and Waters
107 PRF 109 mul
51 MB
104 mul
102 mul
3 KB
Xu et al.
105 mul 106 PRF
26 MB
102 exp 105 mul
104 mul 104 PRF
36 KB
StealthGuard
105 PRF 105 PRF
8 MB
105 mul
106 mul
50 MB
Slide 13
Summary and Future Work § StealthGuard: a new POR scheme Ø Privacy-preserving watchdog search Ø Unbounded number of verifications Ø Generic security model for POR
§ Prototype and experimental validation § Future Work: StealthGuard with dispute resolution
Slide 14
THANK YOU
References [ABC2007] Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson, and Dawn Song. 2007. Provable data possession at untrusted stores. In Proceedings of the 14th ACM conference on Computer and communications security (CCS '07). ACM, New York, NY, USA, 598-609 [DQ2004] Yves Deswarte, Jean-Jacques Quisquater. Remote integrity checking. In Proc. of Conference on Integrity and Internal Control in Information Systems (IICIS’03), November 2003. [FB2006] Décio Luiz Gazzoni Filho and Paulo Sergio Licciardi Messeder Baretto. Demonstrating data possession and uncheatable data transfer. IACR ePrint archive, 2006. Report 2006/150 [JK2007] Ari Juels and Burton S. Kaliski, Jr.. 2007. Pors: proofs of retrievability for large files. In Proceedings of the 14th ACM conference on Computer and communications security (CCS '07). ACM, New York, NY, USA, 584-597 [SW2008] Hovav Shacham and Brent Waters. 2008. Compact Proofs of Retrievability. In Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT '08), Josef Pieprzyk (Ed.). Springer-Verlag, Berlin, Heidelberg, 90-107
Slide 16
