This action might not be possible to undo. Are you sure you want to continue?

BooksAudiobooksComicsSheet Music### Categories

### Categories

### Categories

Editors' Picks Books

Hand-picked favorites from

our editors

our editors

Editors' Picks Audiobooks

Hand-picked favorites from

our editors

our editors

Editors' Picks Comics

Hand-picked favorites from

our editors

our editors

Editors' Picks Sheet Music

Hand-picked favorites from

our editors

our editors

Top Books

What's trending, bestsellers,

award-winners & more

award-winners & more

Top Audiobooks

What's trending, bestsellers,

award-winners & more

award-winners & more

Top Comics

What's trending, bestsellers,

award-winners & more

award-winners & more

Top Sheet Music

What's trending, bestsellers,

award-winners & more

award-winners & more

Welcome to Scribd! Start your free trial and access books, documents and more.Find out more

**Research paper survey
**

C. Y. Lee

Benefits of Cloud Computing

2

Secure Storage

& Management

Traditional Data Possession Scheme

3

Files

Challenge Lists

{T’}

CheckProof(T, T’)

Success ? Failure ?

S

e

t

u

p

C

h

a

l

l

e

n

g

e

File F

File F

T’

T’

T = Crypto-Hash(F)

or

T = MAC

key

(F)

T’ = Crypto-Hash(F)

or

T’ = MAC

key

(F)

File F

File F

Provable Data Possession

• Provable Data Possession (PDP)

– Clients need to be able to verify that an untrusted

server has retained file data.

– Without retrieving the data from the server.

– Without having the server access the entire file

(probabilistic proofs).

– Also called Proof of Data Retrivability (POR).

4

PROVABLE DATA POSSESSION AT

UNTRUSTED STORES

Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring,

Lea Kissner, Zachary Peterson,Dawn Song,

CCS’07, October 29–November 2, 2007, pp. 598-610, Alexandria,

Virginia, USA.

5

Homomorphic Verifiable Tags (HVTs)

• HVT is a pair of values (T

i,m

, W

i

) stored at the

server.

– Given a message m, T

m

is its HVT.

– W

i

is a random value with index i.

• Properties:

– Blockless verification

– Homomorphic tags

• A value T

m

i

+m

j

corresponding to the sum of the messages m

i

+

m

j.

6

Provable Data Possession Scheme

(PDP)

7

m

1

m

2

…

m

t

…

m

n

File F

Tags E

1,

1

2,

2

,

,

…

…

KeyGen(1

k

) → (pk, sk)

TagBlock(pk, sk, m) → T

m

pk. File, Tags

GenProof(pk, F, chal,E) → v

Challenge chal

v

CheckProof(pk, sk, chal, v)

Success ? Failure ?

S

e

t

u

p

C

h

a

l

l

e

n

g

e

Data Possession Game (Setup)

8

Client Server

(pk, sk) ÷ KeyGen(1

k

):

Three primes: p = 2p’+1, q = 2q’+1, and e.

pk = (N, g), N = pq is RSA modulus, g is a generator of QR

N

sk = (e, d, v), ed ÷ 1 (mod p’q’),

*0,1+

¬ 1 s i s n, (T

i,m

i

, W

i

) ÷ TagBlock(pk, (d, v), m

i

, i):

W

i

= v || i, T

i, m

i

= (h(W

i

)·g

m

i

)

d

mod N

pk, F, E=(T

1, m

1

, …, T

n,m

n

)

*

QR

N

is the set of quadratic residues modulo N.

*

H, h: a cryptographic hash function.

*

f

key

: a pseudo-random function (PRF) index on key.

*

t

key

: a pseudo-random permutation (PRP) index on key..

*

k: security parameter.

Provable Data Possession Scheme

(PDP)

9

m

1

m

2

…

m

t

…

m

n

File F

Tags E

1,

1

2,

2

,

,

…

…

KeyGen(1

k

) → (pk, sk)

TagBlock(pk, sk, m) → T

m

pk. File, Tags

GenProof(pk, F, chal,E) → v

Challenge chal

v

CheckProof(pk, sk, chal, v)

Success ? Failure ?

S

e

t

u

p

C

h

a

l

l

e

n

g

e

CheckProof(pk, sk, chal’, v)

sk = (e, d, v), chal’ = (c, k

1

, k

2

, s), =

,

for 1 s j s c,

=

1

,

=

2

,

= ||

=

ℎ(

)

=

1

1

+⋯+

if

**= , “success”, else “failure”.
**

Data Possession Game (Challenge)

10

Client Server

CHAL = (c, k

1

, k

2

, g

s

)

v

CHAL=(c, k

1

, k

2

, g

s

)

1

*0,1+

,

2

*0,1+

,

=

, ℤ

∗

,

c: # of proofs of possessed blocks

v ÷GenProof(pk, F, chal, E)

for 1 s j s c,

=

1

,

=

2

(),

=

1

1

,

1

∙ ⋯∙

,

= (

1

1

∙ ⋯∙

∙

1

1

+⋯+

)

=

1

1

+⋯+

v = (, )

SCALABLE AND EFFICIENT

PROVABLE DATA POSSESSION

Giuseppe Ateniese, Roberto Di Pietro, Luigi V. Mancini, Gene

Tsudik,

SecureComm 2008 September 22 - 25, 2008, Istanbul, Turkey.

11

Notations

• F: outsourced file data

– d equal-sized blocks: F[1], …, F[d].

• H(·): cryptographic hash function.

• AE

key

(·): authenticated encryption scheme.

– Ex: OCB, XCBC, IAPM

• f

key

(·): pseudo-random function(PRF) index on

key.

• t

key

(·): pseudo-random permutation(PRP) index

on key.

12

Basic Setup Phases

13

Client Server

Choose parameters t, k, L and functions f, t;

Choose the number t of tokens;

Choose the number r of indices per verification;

Generate randomly master keys W, Z, K e {0, 1}

k

.

for (i ÷ 1 to t) do

begin Round i

k

i

= f

W

(i) and c

i

= f

Z

(i)

= (

,

1 , …,

′

=

(,

)

end

(D, {[i, v’

i

] for 1 s i s t})

*

Treat f and g as AES, L = 128.

Basic Verification Phases

14

Client Server

Challenge i

k

i

= f

W

(i) and c

i

= f

Z

(i)

{k

i

, c

i

}

*

Treat f and g as AES, L = 128.

= (

,

1 , …,

{z, v’

i

}

, =

−1

(′

)

If decryption fails or (, ) ≠ (, ) then REJECT.

Supporting Dynamic Outsourced Data

• Data block operations

– Update

– Delete

– Append

– Insert

15

Update i

th

Data Block

16

Client Server

To modify F[i] ÷F’[i]:

{n, F’[n],{i, v’

i

}|1s i s t}}

*

Treat f and t as AES, L = 128.

{i, v’

i

}|1s i s t

ctr = ctr + 1;

for (i ÷ 1 to t) do

(,

) =

−1

(′

);

k

i

= f

W

(i), c

i

= f

Z

(i);

for (j ÷ 1 to r) do

if (

== ) then

v

i

= v

i

© H(c

i

, j, F[n]) © H(c

i

, j, F’[n]);

v’

i

= AE

K

(ctr, i, v

i

);

Block Deletion, Append, Insert

• Block deletion:

– Large portion basic PDP scheme on the new file.

– # of blocks modified data update procedure.

17

v

i

= v

i

© H(c

i

, j, F[n]) © H(c

i

, j, DBlock);

Block Deletion, Append, Insert

• Single-block append:

– Append a new block to one of the original blocks

D[1],…, D[d] in a round-robin fashion.

• Insert:

– Apply to append operation.

18

H(c

i

, j, ,

()])©H(c

i

, d+j, ,

+

])©…©H(c

i

, od+j, ,

+ ])

′

,1- = 1 , , + 1-

′

,2-

⋯

=

2 , , + 2-

′

,-

⋯

′

,-

=

=

, , + -

,-

Discussion

• Bandwidth-storage tradeoff

– Verification tags/tokens

• Stored in client Storage + Computation cost

• Retrieved from server Bandwidth cost

• Limited number of verifications

– How often to query a proof of possession?

19

Probabilistic Framework

• Sampling ability greatly reduces the workload on

the server

– Provide the probabilistic guarantees.

• Assume S deletes t blocks out of the n-block file

F.

– c: # of different blocks involved in a challenge.

– X: # of blocks chosen by C that match the blocks

deleted by S.

– P

X

: the probability that at least one of the blocks

picked by C matches one of the blocks deleted by S.

•

= (1 −

)

– P

x

< 0.6% if c > 512 ,

= 1%.

20

Probabilistic Framework

21

Thanks for your listening

&

Welcome to Mr. Kilo’s talk

APPENDIX

24

Probabilistic Framework

• Assume S deletes t blocks out of the n-block file F.

– c: # of different blocks for challenge.

– X: # of blocks chosen by C that match the blocks deleted

by S.

– P

X

: the probability that at least one of the blocks picked

by C matches one of the blocks deleted by S.

• P

x

= P{X > 1} = 1 - P{X = 0}

–

= 1 −

−

∙

−1−

−1

∙

−2−

−2

∙ ⋯∙

−−

−

.

– Since

−−

−

≥

−−1−

−−

, 1 −

−

≤

≤ 1 −

−+1−

−+1

25

Provable Data Possession at Untrusted Stores, CCS 07.

Research paper survey:
Provable Data Possession at Untrusted Stores: Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson,Dawn Song, CCS’07, October 29–Nov...

Research paper survey:

Provable Data Possession at Untrusted Stores: Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson,Dawn Song, CCS’07, October 29–November 2, 2007, pp. 598-610, Alexandria, Virginia, USA.

Scalable and Efficient Provable Data Possession: Giuseppe Ateniese, Roberto Di Pietro, Luigi V. Mancini, Gene Tsudik, SecureComm 2008 September 22 - 25, 2008, Istanbul, Turkey.

Provable Data Possession at Untrusted Stores: Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson,Dawn Song, CCS’07, October 29–November 2, 2007, pp. 598-610, Alexandria, Virginia, USA.

Scalable and Efficient Provable Data Possession: Giuseppe Ateniese, Roberto Di Pietro, Luigi V. Mancini, Gene Tsudik, SecureComm 2008 September 22 - 25, 2008, Istanbul, Turkey.

The Allocation Algorithm for Data Centers in Cloud Computing Architecture from a Security Perspective

by Warren Smith QC (Quantum Cryptanalyst)

Are you sure?

This action might not be possible to undo. Are you sure you want to continue?

We've moved you to where you read on your other device.

Get the full title to continue

Get the full title to continue listening from where you left off, or restart the preview.

scribd