STEP-archival: Storage integrity and anti-tampering using data entanglement

Mercier, Hugues; Augier, Maxime; Lenstra, Arjen K.

doi:10.1109/isit.2015.7282724

Cited by 8 publications

(5 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We presented a preliminary version of this work at the 2015 International Symposium on Information Theory [31]. This extended version includes additional material such as the hardness of the optimal attack, additional suboptimal attacks, extended simulations, the proofs, implementation details, and a comprehensive discussion of the security and implementation strengths and weaknesses of the architecture.…”

Section: Publication Notementioning

confidence: 99%

STeP-Archival: Storage Integrity and Tamper Resistance Using Data Entanglement

Mercier

Augier

Lenstra

2018

IEEE Trans. Inform. Theory

Self Cite

View full text Add to dashboard Cite

We present STEP-archives, a novel and practical data archival architecture, where an attacker who wants to censor or tamper with a data object must cause obvious collateral damage to a large number of other objects in the system. We use maximum distance separable erasure codes to entangle unrelated data blocks and provide redundancy against storage failures, which results in an archive with constant time read-write operations. We show a tradeoff for the attacker between attack complexity, irrecoverability, and collateral damage. We also show that the problem is asymmetric between attackers and defenders; while a defender can efficiently recover from imperfect attacks, an attacker must solve an NP-hard problem to find a perfect (irrecoverable) attack that minimizes collateral damage to other data objects, or even approximate its size. We then study efficient sample-heuristic attack algorithms that lead to irrecoverable but large damage and demonstrate how some strategies and parameter choices allow to resist these sample attacks. Finally, we provide empirical evidence that an attacker who wants to irrecoverably tamper with a document archived long enough must destroy a constant fraction of the archive.

show abstract

Section: Publication Notementioning

confidence: 99%

STeP-Archival: Storage Integrity and Tamper Resistance Using Data Entanglement

Mercier

Augier

Lenstra

2018

IEEE Trans. Inform. Theory

Self Cite

View full text Add to dashboard Cite

show abstract

“…If the system creates strong dependencies among the files, data loss can be recovered by exploiting the relationships between files. The idea was explored in Tangler [25], Dagster [26], STEP-archival [41] and Entangled Cloud [42]. Aspnes et al studied the theoretical aspects [23].…”

Section: ) Metric: Data Lossmentioning

confidence: 99%

Alpha Entanglement Codes: Practical Erasure Codes to Archive Data in Unreliable Environments

Estrada-Galiñanes

Miller

Felber

et al. 2018

2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

View full text Add to dashboard Cite

Data centres that use consumer-grade disks drives and distributed peer-to-peer systems are unreliable environments to archive data without enough redundancy. Most redundancy schemes are not completely effective for providing high availability, durability and integrity in the long-term. We propose alpha entanglement codes, a mechanism that creates a virtual layer of highly interconnected storage devices to propagate redundant information across a large scale storage system. Our motivation is to design flexible and practical erasure codes with high faulttolerance to improve data durability and availability even in catastrophic scenarios. By "flexible and practical", we mean code settings that can be adapted to future requirements and practical implementations with reasonable trade-offs between security, resource usage and performance. The codes have three parameters. Alpha increases storage overhead linearly but increases the possible paths to recover data exponentially. Two other parameters increase fault-tolerance even further without the need of additional storage. As a result, an entangled storage system can provide high availability, durability and offer additional integrity: it is more difficult to modify data undetectably. We evaluate how several redundancy schemes perform in unreliable environments and show that alpha entanglement codes are flexible and practical codes. Remarkably, they excel at code locality, hence, they reduce repair costs and become less dependent on storage locations with poor availability. Our solution outperforms Reed-Solomon codes in many disaster recovery scenarios.

show abstract

“…The encrypted object, the secret key, and the cipher type are then divided using secret sharing. Some systems offer censorship-resistant storage by creating dependencies, or entanglement, across stored data [22]. Such entanglement makes it difficult for unauthorized parties to censor or tamper with data, but usually require modifying the implementation of storage backends.…”

Section: B Secure Multi-cloudmentioning

confidence: 99%

“…A censorship resistant system makes it difficult to selectively refuse to answer requests without denying service for other unrelated requests. The following three levels of censorship resistance (CR) were defined in [22]:…”

Section: Storage Security For End Usersmentioning

confidence: 99%

On the Cost of Safe Storage for Public Clouds: An Experimental Evaluation

Burihabwa

Pontes

Felber

et al. 2016

2016 IEEE 35th Symposium on Reliable Distributed Systems (SRDS)

Self Cite

View full text Add to dashboard Cite

Cloud-based storage services such as Dropbox, Google Drive and OneDrive are increasingly popular for storing enterprise data, and they have already become the de facto choice for cloud-based backup of hundreds of millions of regular users. Drawn by the wide range of services they provide, no upfront costs and 24/7 availability across all personal devices, customers are well-aware of the benefits that these solutions can bring. However, most users tend to forget-or worse ignore-some of the main drawbacks of such cloud-based services, namely in terms of privacy. Data entrusted to these providers can be leaked by hackers, disclosed upon request from a governmental agency's subpoena, or even accessed directly by the storage providers (e.g., for commercial benefits). While there exist solutions to prevent or alleviate these problems, they typically require direct intervention from the clients, like encrypting their data before storing it, and reduce the benefits provided such as easily sharing data between users.This practical experience report studies a wide range of security mechanisms that can be used atop standard cloud-based storage services. We present the details of our evaluation testbed and discuss the design choices that have driven its implementation. We evaluate several state-of-the-art techniques with varying security guarantees responding to user-assigned security and privacy criteria. Our results reveal the various trade-offs of the different techniques by means of representative workloads on top of industry-grade storage services.

show abstract

STEP-archival: Storage integrity and anti-tampering using data entanglement

Cited by 8 publications

References 8 publications

STeP-Archival: Storage Integrity and Tamper Resistance Using Data Entanglement

STeP-Archival: Storage Integrity and Tamper Resistance Using Data Entanglement

Alpha Entanglement Codes: Practical Erasure Codes to Archive Data in Unreliable Environments

On the Cost of Safe Storage for Public Clouds: An Experimental Evaluation

Contact Info

Product

Resources

About