scispace - formally typeset
Search or ask a question
DOI

Provable Data Possession (PDP) and Proofs of Retrievability (POR) of Current Big User Data

TL;DR: In this article, two schemas/algorithms that allow users to check the integrity and availability of their outsourced data on untrusted data stores (i.e., third-party data storages) are reviewed.
Abstract: A growing trend over the last few years is storage outsourcing, where the concept of third-party data warehousing has become more popular. This trend prompts several interesting privacy and security issues. One of the biggest concerns with third-party data storage providers is accountability. This article, critically reviews two schemas/algorithms that allow users to check the integrity and availability of their outsourced data on untrusted data stores (i.e., third-party data storages). The reviewed schemas are provable data possession (PDP) and proofs of retrievability (POR). Both are cryptographic protocols designed to provide clients the assurance that their data are secure on the untrusted data storages. Furthermore, a conceptual framework is proposed to mitigate the weaknesses of the current storage solutions.

Content maybe subject to copyright    Report

References
More filters
Proceedings ArticleDOI
28 Oct 2007
TL;DR: The provable data possession (PDP) model as discussed by the authors allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it.
Abstract: We introduce a model for provable data possession (PDP) that allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. The model generates probabilistic proofs of possession by sampling random sets of blocks from the server, which drastically reduces I/O costs. The client maintains a constant amount of metadata to verify the proof. The challenge/response protocol transmits a small, constant amount of data, which minimizes network communication. Thus, the PDP model for remote data checking supports large data sets in widely-distributed storage system.We present two provably-secure PDP schemes that are more efficient than previous solutions, even when compared with schemes that achieve weaker guarantees. In particular, the overhead at the server is low (or even constant), as opposed to linear in the size of the data. Experiments using our implementation verify the practicality of PDP and reveal that the performance of PDP is bounded by disk I/O and not by cryptographic computation.

2,238 citations

Proceedings ArticleDOI
28 Oct 2007
TL;DR: In this article, the authors define and explore proofs of retrievability (PORs), which are a kind of cryptographic proof of knowledge (POK) that enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a target file F, that is, that the archive retains and reliably transmits file data sufficient for the user to recover F in its entirety.
Abstract: In this paper, we define and explore proofs of retrievability (PORs). A POR scheme enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a target file F, that is, that the archive retains and reliably transmits file data sufficient for the user to recover F in its entirety.A POR may be viewed as a kind of cryptographic proof of knowledge (POK), but one specially designed to handle a large file (or bitstring) F. We explore POR protocols here in which the communication costs, number of memory accesses for the prover, and storage requirements of the user (verifier) are small parameters essentially independent of the length of F. In addition to proposing new, practical POR constructions, we explore implementation considerations and optimizations that bear on previously explored, related schemes.In a POR, unlike a POK, neither the prover nor the verifier need actually have knowledge of F. PORs give rise to a new and unusual security definition whose formulation is another contribution of our work.We view PORs as an important tool for semi-trusted online archives. Existing cryptographic techniques help users ensure the privacy and integrity of files they retrieve. It is also natural, however, for users to want to verify that archives do not delete or modify files prior to retrieval. The goal of a POR is to accomplish these checks without users having to download the files themselves. A POR can also provide quality-of-service guarantees, i.e., show that a file is retrievable within a certain time bound.

1,652 citations

Proceedings ArticleDOI
22 Sep 2008
TL;DR: In this article, a provably secure storage outsourced data possession (PDP) technique based on symmetric key cryptography was proposed, which allows outsourcing of dynamic data, such as block modification, deletion and append.
Abstract: Storage outsourcing is a rising trend which prompts a number of interesting security issues, many of which have been extensively investigated in the past. However, Provable Data Possession (PDP) is a topic that has only recently appeared in the research literature. The main issue is how to frequently, efficiently and securely verify that a storage server is faithfully storing its client's (potentially very large) outsourced data. The storage server is assumed to be untrusted in terms of both security and reliability. (In other words, it might maliciously or accidentally erase hosted data; it might also relegate it to slow or off-line storage.) The problem is exacerbated by the client being a small computing device with limited resources. Prior work has addressed this problem using either public key cryptography or requiring the client to outsource its data in encrypted form.In this paper, we construct a highly efficient and provably secure PDP technique based entirely on symmetric key cryptography, while not requiring any bulk encryption. Also, in contrast with its predecessors, our PDP technique allows outsourcing of dynamic data, i.e, it efficiently supports operations, such as block modification, deletion and append.

1,146 citations

Book ChapterDOI
08 Jun 2004
TL;DR: The setting in which a user stores encrypted documents on an untrusted server is studied, in order to retrieve documents satisfying a certain search criterion, the user gives the server a capability that allows the server to identify exactly those documents.
Abstract: We study the setting in which a user stores encrypted documents (eg e-mails) on an untrusted server In order to retrieve documents satisfying a certain search criterion, the user gives the server a capability that allows the server to identify exactly those documents Work in this area has largely focused on search criteria consisting of a single keyword If the user is actually interested in documents containing each of several keywords (conjunctive keyword search) the user must either give the server capabilities for each of the keywords individually and rely on an intersection calculation (by either the server or the user) to determine the correct set of documents, or alternatively, the user may store additional information on the server to facilitate such searches Neither solution is desirable; the former enables the server to learn which documents match each individual keyword of the conjunctive search and the latter results in exponential storage if the user allows for searches on every set of keywords

800 citations

Proceedings ArticleDOI
13 Nov 2009
TL;DR: In this article, the authors propose a theoretical framework for the design of PORs and demonstrate practical encoding even for files F whose size exceeds that of client main memory, and also propose a new variant on the Juels-Kaliski protocol and describe a prototype implementation.
Abstract: A proof of retrievability (POR) is a compact proof by a file system (prover) to a client (verifier) that a target file F is intact, in the sense that the client can fully recover it. As PORs incur lower communication complexity than transmission of F itself, they are an attractive building block for high-assurance remote storage systems.In this paper, we propose a theoretical framework for the design of PORs. Our framework improves the previously proposed POR constructions of Juels-Kaliski and Shacham-Waters, and also sheds light on the conceptual limitations of previous theoretical models for PORs. It supports a fully Byzantine adversarial model, carrying only the restriction---fundamental to all PORs---that the adversary's error rate be bounded when the client seeks to extract F. We propose a new variant on the Juels-Kaliski protocol and describe a prototype implementation. We demonstrate practical encoding even for files F whose size exceeds that of client main memory.

570 citations