More Web Proxy on the site http://driver.im/

research-article

HAIL: a high-availability and integrity layer for cloud storage

Authors:

Kevin D. Bowers,

Alina OpreaAuthors Info & Claims

CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Pages 187 - 198

https://doi.org/10.1145/1653662.1653686

Published: 09 November 2009 Publication History

Abstract

We introduce HAIL (High-Availability and Integrity Layer), a distributed cryptographic system that allows a set of servers to prove to a client that a stored file is intact and retrievable. HAIL strengthens, formally unifies, and streamlines distinct approaches from the cryptographic and distributed-systems communities. Proofs in HAIL are efficiently computable by servers and highly compact---typically tens or hundreds of bytes, irrespective of file size. HAIL cryptographically verifies and reactively reallocates file shares. It is robust against an active, mobile adversary, i.e., one that may progressively corrupt the full set of servers. We propose a strong, formal adversarial model for HAIL, and rigorous analysis and parameter choices. We show how HAIL improves on the security and efficiency of existing tools, like Proofs of Retrievability (PORs) deployed on individual servers. We also report on a prototype implementation.

References

[1]

Amazon.com. Amazon simple storage service (Amazon S3), 2009. Referenced 2009 at aws.amazon.com/s3.

[2]

G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song. Provable data possession at untrusted stores. In 14th ACM CCS, pages 598--609, 2007.

Digital Library

[3]

G. Ateniese, R. Di Pietro, L. V. Mancini, and G. Tsudik. Scalable and efficient provable data possession, 2008. IACR ePrint manuscript 2008/114.

[4]

J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and secure message authentication. In CRYPTO, volume 1666 of LNCS, pages 216--233, 1999.

Digital Library

[5]

K. D. Bowers, A. Juels, and A Oprea. HAIL: A high-availability and integrity layer for cloud storage, 2008. IACR ePrint manuscript 2008/489.

[6]

K. D. Bowers, A. Juels, and A Oprea. Proofs of retrievability: Theory and implementation, 2008. IACR ePrint manuscript 2008/175.

[7]

C. Cachin, K. Kursawe, A. Lysyanskaya, and R. Strobl. Asynchronous verifiable secret sharing and proactive cryptosystems. In 9th ACM CCS, pages 88--97, 2002.

Digital Library

[8]

C. Cachin and S. Tessaro. Asynchronous verifiable information dispersal. In 24th IEEE SRDS, pages 191--202, 2005.

Digital Library

[9]

L. Carter and M. Wegman. Universal hash functions. Journal of Computer and System Sciences, 18(3), 1979.

[10]

R. Curtmola, O. Khan, and R. Burns. Robust remote data checking. In 4th ACM StorageSS, pages 63--68, 2008.

Digital Library

[11]

R. Curtmola, O. Khan, R. Burns, and G. Ateniese. MR--PDP: Multiple-replica provable data possession. In 28th IEEE ICDCS, pages 411--420, 2008.

Digital Library

[12]

Y. Dodis, S. Vadhan, and D. Wichs. Proofs of retrievability via hardness amplification. In 6th IACR TCC, volume 5444 of LNCS, pages 109--127, 2009.

Digital Library

[13]

C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia. Dynamic provable data possession. In 16th ACM CCS, 2009. To appear.

Digital Library

[14]

M. Etzel, S. Patel, and Z. Ramzan. SQUARE HASH: Fast message authentication via optimized universal hash functions. In CRYPTO, volume 1666 of LNCS, pages 234--251, 1999.

Digital Library

[15]

D.L.G. Filho and P.S.L.M. Barreto. Demonstrating data possession and uncheatable data transfer, 2006. IACR eArchive 2006/150.

[16]

J. A. Garay, R. Gennaro, C. Jutla, and T. Rabin. Secure distributed storage and retrieval. Theoretical Computer Science, 243(1--2):363--389, 2000.

Digital Library

[17]

G. R. Goodson, J. J. Wylie, G. R. Ganger, and M. K. Reiter. Efficient byzantine-tolerant erasure-coded storage. In 34th IEEE DSN, pages 135--144, 2004.

Digital Library

[18]

P. Gopalan, R.J. Lipton, and Y.Z. Ding. Error correction against computationally bounded adversaries, 2004. Manuscript.

[19]

S. Halevi and H. Krawczyk. MMH: Software message authentication in the Gbit/second rates. In Fast Software Encryption, volume 1267 of LNCS, pages 172--189, 1997.

Digital Library

[20]

J. Hendricks, G. R. Ganger, and M. K. Reiter. Verifying distributed erasure-coded data. In 26th ACM PODC, pages 139--146, 2007.

Digital Library

[21]

A. Herzberg, M. Jakobsson, H. Krawczyk, and M. Yung. Proactive public key and signature systems. In 4th ACM CCS, pages 100--110, 1997.

Digital Library

[22]

A. Herzberg, S. Jarecki, H. Krawczyk, and M. Yung. Proactive secret sharing, or: How to cope with perpetual leakage. In CRYPTO, volume 1963 of LNCS, pages 339--352, 1995.

Digital Library

[23]

A. Juels and B. Kaliski. PORs: Proofs of retrievability for large files. In 14th ACM CCS, pages 584--597, 2007.

Digital Library

[24]

H. Krawczyk. LFSR-based hashing and authentication. In CRYPTO, volume 839 of LNCS, pages 129--139, 1994.

Digital Library

[25]

M. Lillibridge, S. Elnikety, A. Birrell, M. Burrows, and M. Isard. A cooperative Internet backup scheme. In USENIX Annual Technical Conference, pages 29--41, 2003.

Digital Library

[26]

S. Micali, C. Peikert, M. Sudan, and D. Wilson. Optimal error correction against computationally bounded noise. In TCC, pages 1--16.

Digital Library

[27]

M. Naor and G. N. Rothblum. The complexity of online memory checking. In 46th IEEE FOCS, pages 573--584, 2005.

Digital Library

[28]

W. Nevelsteen and B. Preneel. Software performance of universal hash functions. In EUROCRYPT, volume 1233 of LNCS, pages 24--41, 1997.

Digital Library

[29]

J. S. Plank, J. Luo, C. D. Schuman, L. Xu, and Z. W. O'Hearn. A performance evaluation and examination of open-source erasure coding libraries for storage. In 7th USENIX FAST, pages 253--265, 2009.

Digital Library

[30]

P. Rogaway. Bucket hashing and its application to fast message authentication. In CRYPTO, volume 963 of LNCS, pages 29--42, 1995.

Digital Library

[31]

T. J. E. Schwarz and E. L. Miller. Store, forget, and check: Using algebraic signatures to check remotely administered storage. In 26th IEEE ICDCS, page 12, 2006.

Digital Library

[32]

H. Shacham and B. Waters. Compact proofs of retrievability. In ASIACRYPT, volume 5350 of LNCS, pages 90--107, 2008.

Digital Library

[33]

M. A. Shah, M. Baker, J. C. Mogul, and R. Swaminathan. Auditing to keep online storage services honest. In 11th USENIX HotOS, pages 1--6, 2007.

Digital Library

[34]

V. Shoup. On fast and provably secure message authentication based on universal hashing. In CRYPTO, volume 1109 of LNCS, pages 313--328, 1996.

Digital Library

[35]

M. Wegman and L. Carter. New hash functions and their use in authentication and set equality. Journal of Computer and System Sciencies, 22(3):265--279, 1981.

Cited By

Kowalski VMostéfaoui APerrin MSengupta S(2025)Byzantine-Tolerant Privacy-Preserving Atomic RegisterProceedings of the 26th International Conference on Distributed Computing and Networking10.1145/3700838.3700867(201-210)Online publication date: 4-Jan-2025
https://dl.acm.org/doi/10.1145/3700838.3700867
Goel P(2024)Privacy-Preserving Data Storage and Processing in the CloudDriving Transformative Technology Trends With Cloud Computing10.4018/979-8-3693-2869-9.ch009(149-178)Online publication date: 21-Jun-2024
https://doi.org/10.4018/979-8-3693-2869-9.ch009
Alqahtani FAlmutairi MSheldon F(2024)Cloud Security Using Fine-Grained Efficient Information Flow TrackingFuture Internet10.3390/fi1604011016:4(110)Online publication date: 25-Mar-2024
https://doi.org/10.3390/fi16040110
Show More Cited By

Index Terms

HAIL: a high-availability and integrity layer for cloud storage

Recommendations

RACS: a case for cloud storage diversity
SoCC '10: Proceedings of the 1st ACM symposium on Cloud computing

The increasing popularity of cloud storage is leading organizations to consider moving data out of their own data centers and into the cloud. However, success for cloud storage providers can present a significant risk to customers; namely, it becomes ...
Proofs of retrievability: theory and implementation
CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security

A proof of retrievability (POR) is a compact proof by a file system (prover) to a client (verifier) that a target file F is intact, in the sense that the client can fully recover it. As PORs incur lower communication complexity than transmission of F ...
Towards efficient proofs of retrievability
ASIACCS '12: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

Proofs of Retrievability (POR) is a cryptographic formulation for remotely auditing the integrity of files stored in the cloud, without keeping a copy of the original files in local storage. In a POR scheme, a user Alice backups her data file together ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

November 2009

664 pages

ISBN:9781605588940

DOI:10.1145/1653662

General Chair:
Ehab Al-Shaer
University of North Carolina, Charlotte, USA
,
Program Chairs:
Somesh Jha
University of Wisconsin, USA
,
Angelos D. Keromytis
Columbia University, USA and Symantec Research Labs Europe, France

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 9 - 13, 2009

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

495
Total Citations
View Citations
4,317
Total Downloads

Downloads (Last 12 months)68
Downloads (Last 6 weeks)11

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kowalski VMostéfaoui APerrin MSengupta S(2025)Byzantine-Tolerant Privacy-Preserving Atomic RegisterProceedings of the 26th International Conference on Distributed Computing and Networking10.1145/3700838.3700867(201-210)Online publication date: 4-Jan-2025
https://dl.acm.org/doi/10.1145/3700838.3700867
Goel P(2024)Privacy-Preserving Data Storage and Processing in the CloudDriving Transformative Technology Trends With Cloud Computing10.4018/979-8-3693-2869-9.ch009(149-178)Online publication date: 21-Jun-2024
https://doi.org/10.4018/979-8-3693-2869-9.ch009
Alqahtani FAlmutairi MSheldon F(2024)Cloud Security Using Fine-Grained Efficient Information Flow TrackingFuture Internet10.3390/fi1604011016:4(110)Online publication date: 25-Mar-2024
https://doi.org/10.3390/fi16040110
Ahmed SNahiduzzaman MIslam TBappy FZaman THasan R(2024)FASTEN: Towards a FAult-Tolerant and STorage EfficieNt Cloud: Balancing Between Replication and Deduplication2024 IEEE 21st Consumer Communications & Networking Conference (CCNC)10.1109/CCNC51664.2024.10454894(44-50)Online publication date: 6-Jan-2024
https://doi.org/10.1109/CCNC51664.2024.10454894
Solouki MAngizi SViolante M(2024)Dependability in Embedded Systems: A Survey of Fault Tolerance Methods and Software-Based Mitigation TechniquesIEEE Access10.1109/ACCESS.2024.350963312(180939-180967)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3509633
Salih BJasim Mohammad O(2024)Cloud Data Leakage, Security, Privacy Issues and Challenges: ReviewProcedia Computer Science10.1016/j.procs.2024.08.113242(592-601)Online publication date: 2024
https://doi.org/10.1016/j.procs.2024.08.113
Gautam DPrajapat SKumar PDas ACengiz KSusilo W(2024)Blockchain-assisted post-quantum privacy-preserving public auditing scheme to secure multimedia data in cloud storageCluster Computing10.1007/s10586-024-04412-827:6(8159-8172)Online publication date: 7-Apr-2024
https://doi.org/10.1007/s10586-024-04412-8
Jamil HAli AAmmi MKirichek RMuthanna MJamil F(2024)Machine Learning–Based Identity and Access Management for Cloud SecuritySecure Edge and Fog Computing Enabled AI for IoT and Smart Cities10.1007/978-3-031-51097-7_15(195-207)Online publication date: 20-Mar-2024
https://doi.org/10.1007/978-3-031-51097-7_15
Sagar MSahgal D(2023)Artificial Intelligence With Cloud Resource AllocationFuturistic e-Governance Security With Deep Learning Applications10.4018/978-1-6684-9596-4.ch011(199-222)Online publication date: 29-Dec-2023
https://doi.org/10.4018/978-1-6684-9596-4.ch011
P. B. Niranjane (2023)Load Balancing Using Oblivious RAM for Privacy-Preserving Access to Big Data in CloudInternational Journal of Scientific Research in Science and Technology10.32628/IJSRST523102140(885-889)Online publication date: 10-Apr-2023
https://doi.org/10.32628/IJSRST523102140
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents