More Web Proxy on the site http://driver.im/

Article

POTSHARDS: secure long-term storage without encryption

Authors:

Mark W. Storer,

Kevin M. Greenan,

Ethan L. Miller,

Kaladhar VorugantiAuthors Info & Claims

ATC'07: 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference

Article No.: 11, Pages 1 - 14

Published: 17 June 2007 Publication History

Abstract

Users are storing ever-increasing amounts of information digitally, driven by many factors including government regulations and the public's desire to digitally record their personal histories. Unfortunately, many of the security mechanisms that modern systems rely upon, such as encryption, are poorly suited for storing data for indefinitely long periods of time--it is very difficult to manage keys and update cryptosystems to provide secrecy through encryption over periods of decades. Worse, an adversary who can compromise an archive need only wait for cryptanalysis techniques to catch up to the encryption algorithm used at the time of the compromise in order to obtain "secure" data.

To address these concerns, we have developed POTSHARDS, an archival storage system that provides long-term security for data with very long lifetimes without using encryption. Secrecy is achieved by using provably secure secret splitting and spreading the resulting shares across separately-managed archives. Providing availability and data recovery in such a system can be difficult; thus, we use a new technique, approximate pointers, in conjunction with secure distributed RAID techniques to provide availability and reliability across independent archives. To validate our design, we developed a prototype POTSHARDS implementation, which has demonstrated "normal" storage and retrieval of user data using indexes, the recovery of user data using only the pieces a user has stored across the archives and the reconstruction of an entire failed archive.

References

[1]

{1} Health Information Portability and Accountability act, Oct. 1996.

[2]

{2} ADYA, A., BOLOSKY, W. J., CASTRO, M., CHAIKEN, R., CERMAK, G., DOUCEUR, J. R., HOWELL, J., LORCH, J. R., THEIMER, M., AND WATTENHOFER, R. FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI) (Boston, MA, Dec. 2002), USENIX.

Digital Library

[3]

{3} BAKER, M., SHAH, M., ROSENTHAL, D. S. H., ROUSSOPOULOS, M., MANIATIS, P., GIULI, T., AND BUNGALE, P. A fresh look at the reliability of long-term digital storage. In Proceedings of EuroSys 2006 (Apr. 2006), pp. 221-234.

Digital Library

[4]

{4} CHANG, F., JI, M., LEUNG, S.-T. A., MACCORMICK, J., PERL, S. E., AND ZHANG, L. Myriad: Cost-effective disaster tolerance. In Proceedings of the 2002 Conference on File and Storage Technologies (FAST) (San Francisco, CA, Jan. 2002).

Digital Library

[5]

{5} CHOI, S. J., YOUN, H. Y., AND LEE, B. K. An efficient dispersal and encryption scheme for secure distributed information storage. Lecture Notes in Computer Science 2660 (Jan. 2003), 958-967.

Digital Library

[6]

{6} CLARKE, I., SANDBERG, O., WILEY, B., AND HONG, T. W. Freenet: A distributed anonymous information storage and retrieval system. Lecture Notes in Computer Science 2009 (2001), 46+.

Digital Library

[7]

{7} CLEVERSAFE. Highly secure, highly reliable, open source storage solution. Available from http://www.cleversafe.org/, June 2006.

[8]

{8} COLARELLI, D., AND GRUNWALD, D. Massive arrays of idle disks for storage archives. In Proceedings of the 2002 ACM/IEEE Conference on Supercomputing (SC '02) (Nov. 2002).

Digital Library

[9]

{9} GLADNEY, H. M., AND LORIE, R. A. Trustworthy 100-year digital objects: Durable encoding for when it's too late to ask. ACM Transactions on Information Systems 23, 3 (July 2005), 299-324.

Digital Library

[10]

{10} GOLDBERG, A. V., AND YIANILOS, P. N. Towards an archival intermemory. In Advances in Digital Libraries ADL'98 (April 1998), pp. 1-9.

Digital Library

[11]

{11} GOODSON, G. R., WYLIE, J. J., GANGER, G. R., AND REITER, M. K. Efficient Byzantine-tolerant erasure-coded storage. In Proceedings of the 2004 Int'l Conference on Dependable Systems and Networking (DSN 2004) (June 2004).

Digital Library

[12]

{12} GUNAWI, H. S., AGRAWAL, N., ARPACI-DUSSEAU, A. C., ARPACI-DUSSEAU, R. H., AND SCHINDLER, J. Deconstructing commodity storage clusters. In Proceedings of the 32nd Int'l Symposium on Computer Architecture (June 2005), pp. 60-71.

Digital Library

[13]

{13} HAEBERLEN, A., MISLOVE, A., AND DRUSCHEL, P. Glacier: Highly durable, decentralized storage despite massive correlated failures. In Proceedings of the 2nd Symposium on Networked Systems Design and Implementation (NSDI) (May 2005).

Digital Library

[14]

{14} HAND, S., AND ROSCOE, T. Mnemosyne: Peer-to-peer steganographic storage. Lecture Notes in Computer Science 2429 (2002), 130-140.

Digital Library

[15]

{15} IYENGAR, A., CAHN, R., GARAY, J. A., AND JUTLA, C. Design and implementation of a secure distributed data repository. In Proceedings of the 14th IFIP International Information Security Conference (SEC '98) (Sept. 1998), pp. 123-135.

[16]

{16} KALLAHALLA, M., RIEDEL, E., SWAMINATHAN, R., WANG, Q., AND FU, K. Plutus: scalable secure file sharing on untrusted storage. In Proceedings of the Second USENIX Conference on File and Storage Technologies (FAST) (San Francisco, CA, Mar. 2003), USENIX, pp. 29-42.

Digital Library

[17]

{17} KEETON, K., SANTOS, C., BEYER, D., CHASE, J., AND WILKES, J. Designing for disasters. In Proceedings of the Third USENIX Conference on File and Storage Technologies (FAST) (San Francisco, CA, Apr. 2004).

Digital Library

[18]

{18} MANIATIS, P., ROUSSOPOULOS, M., GIULI, T. J., ROSENTHAL, D. S. H., AND BAKER, M. The LOCKSS peer-to-peer digital preservation system. ACM Transactions on Computer Systems 23, 1 (2005), 2-50.

Digital Library

[19]

{19} MILLER, E. L., LONG, D. D. E., FREEMAN, W. E., AND REED, B. C. Strong security for network-attached storage. In Proeedings of the 2002 Conference on File and Storage Technologies (FAST) (Monterey, CA, Jan. 2002), pp. 1-13.

Digital Library

[20]

{20} OXLEY, M. G. (H.R.3763) Sarbanes-Oxley Act of 2002, Feb. 2002.

[21]

{21} PETERSON, L., MUIR, S., ROSCOE, T., AND KLINGAMAN, A. PlanetLab Architecture: An Overview. Tech. Rep. PDN-06-031, PlanetLab Consortium, May 2006.

[22]

{22} PLANK, J. S. A tutorial on Reed-Solomon coding for fault-tolerance in RAID-like systems. Software--Practice and Experience (SPE) 27, 9 (Sept. 1997), 995-1012. Correction in James S. Plank and Ying Ding, Technical Report UT-CS-03-504, U Tennessee, 2003.

Digital Library

[23]

{23} QUINLAN, S., AND DORWARD, S. Venti: A new approach to archival storage. In Proceedings of the 2002 Conference on File and Storage Technologies (FAST) (Monterey, California, USA, 2002), USENIX, pp. 89-101.

Digital Library

[24]

{24} RABIN, M. O. Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of the ACM 36 (1989), 335-348.

Digital Library

[25]

{25} RHEA, S., EATON, P., GEELS, D., WEATHERSPOON, H., ZHAO, B., AND KUBIATOWICZ, J. Pond: the OceanStore prototype. In Proceedings of the Second USENIX Conference on File and Storage Technologies (FAST) (Mar. 2003), pp. 1-14.

Digital Library

[26]

{26} SANTRY, D. S., FEELEY, M. J., HUTCHINSON, N. C., VEITCH, A. C., CARTON, R. W., AND OFIR, J. Deciding when to forget in the Elephant file system. In Proceedings of the 17th ACM Symposium on Operating Systems Principles (SOSP '99) (Dec. 1999), pp. 110-123.

Digital Library

[27]

{27} SCHWARZ, S. J., T., AND MILLER, E. L. Store, forget, and check: Using algebraic signatures to check remotely administered storage. In Proceedings of the 26th International Conference on Distributed Computing Systems (ICDCS '06) (Lisboa, Portugal, July 2006), IEEE.

Digital Library

[28]

{28} SHAMIR, A. How to share a secret. Communications of the ACM 22, 11 (Nov. 1979), 612-613.

Digital Library

[29]

{29} STINSON, D. R. Cryptography Theory and Practice, 2nd ed. Chapman & Hall/CRC, Boca Raton, FL, 2002.

Digital Library

[30]

{30} STONEBRAKER, M., AND SCHLOSS, G. A. Distributed RAID-- a new multiple copy algorithm. In Proceedings of the 6th International Conference on Data Engineering (ICDE '90) (Feb. 1990), pp. 430-437.

Digital Library

[31]

{31} STORER, M., GREENAN, K., MILLER, E. L., AND MALTZAHN, C. POTSHARDS: Storing data for the long-term without encryption. In Proceedings of the 3rd International IEEE Security in Storage Workshop (Dec. 2005).

Digital Library

[32]

{32} STORER, M. W., GREENAN, K.M., AND MILLER, E. L. Long-term threats to secure archives. In Proceedings of the 2006 ACM Workshop on Storage Security and Survivability (Oct. 2006).

Digital Library

[33]

{33} SUBBIAH, A., AND BLOUGH, D. M. An approach for fault tolerant and secure data storage in collaborative work environements. In Proceedings of the 2005 ACM Workshop on Storage Security and Survivability (Fairfax, VA, Nov. 2005), pp. 84-93.

Digital Library

[34]

{34} WALDMAN, M., RUBIN, A. D., AND CRANOR, L. F. Publius: A robust, tamper-evident, censorship-resistant web publishing system. In Proceedings of the 9th USENIX Security Symposium (Aug. 2000).

Digital Library

[35]

{35} WONG, T. M., WANG, C., AND WING, J. M. Verifiable secret redistribution for threshold sharing schemes. Tech. Rep. CMU-CS-02-114-R, Carnegie Mellon University, Oct. 2002.

[36]

{36} WYLIE, J. J., BIGRIGG, M. W., STRUNK, J. D., GANGER, G. R., KILIÇÇÖTE, H., AND KHOSLA, P. K. Survivable storage systems. IEEE Computer (Aug. 2000), 61-68.

Digital Library

[37]

{37} YOU, L. L., POLLACK, K. T., AND LONG, D. D. E. Deep Store: An archival storage system architecture. In Proceedings of the 21st International Conference on Data Engineering (ICDE '05) (Tokyo, Japan, Apr. 2005), IEEE.

Digital Library

Cited By

Vargas LHazarika GCulpepper RButler KShrimpton TSzajda DTraynor PLie DMannan MBackes MWang X(2018)Mitigating Risk while Complying with Data Retention LawsProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243800(2011-2027)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243800
Amudhavel JSathian DRaghav RRao DDhavachelvan PKumar KKhadar ST. R(2015)Big Data Scalability, Methods and its ImplicationsProceedings of the 2015 International Conference on Advanced Research in Computer Science Engineering & Technology (ICARCSET 2015)10.1145/2743065.2743121(1-5)Online publication date: 6-Mar-2015
https://dl.acm.org/doi/10.1145/2743065.2743121
Bessani ACorreia MQuaresma BAndré FSousa P(2013)DepSkyACM Transactions on Storage10.1145/25359299:4(1-33)Online publication date: 1-Nov-2013
https://dl.acm.org/doi/10.1145/2535929
Show More Cited By

Index Terms

POTSHARDS: secure long-term storage without encryption

Recommendations

POTSHARDS: Storing Data for the Long-term Without Encryption
SISW '05: Proceedings of the Third IEEE International Security in Storage Workshop

Many archival storage systems rely on keyed encryption to ensure privacy. A data object in such a system is exposed once the key used to encrypt the data is compromised. When storing data for as long as a few decades or centuries, the use of keyed ...
POTSHARDS—a secure, recoverable, long-term archival storage system

Users are storing ever-increasing amounts of information digitally, driven by many factors including government regulations and the public's desire to digitally record their personal histories. Unfortunately, many of the security mechanisms that modern ...
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

ATC'07: 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference

June 2007

31 pages

ISBN:9998888776

Editors:
Jeff Chase
Duke University
,
Srinivasan Seshan
Carnegie Mellon University

Publisher

USENIX Association

United States

Publication History

Published: 17 June 2007

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
8
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Vargas LHazarika GCulpepper RButler KShrimpton TSzajda DTraynor PLie DMannan MBackes MWang X(2018)Mitigating Risk while Complying with Data Retention LawsProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243800(2011-2027)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243800
Amudhavel JSathian DRaghav RRao DDhavachelvan PKumar KKhadar ST. R(2015)Big Data Scalability, Methods and its ImplicationsProceedings of the 2015 International Conference on Advanced Research in Computer Science Engineering & Technology (ICARCSET 2015)10.1145/2743065.2743121(1-5)Online publication date: 6-Mar-2015
https://dl.acm.org/doi/10.1145/2743065.2743121
Bessani ACorreia MQuaresma BAndré FSousa P(2013)DepSkyACM Transactions on Storage10.1145/25359299:4(1-33)Online publication date: 1-Nov-2013
https://dl.acm.org/doi/10.1145/2535929
Tran NChiang FLi J(2012)Efficient cooperative backup with decentralized trust managementACM Transactions on Storage10.1145/2339118.23391198:3(1-25)Online publication date: 20-Sep-2012
https://dl.acm.org/doi/10.1145/2339118.2339119
Adams IStorer MMiller E(2012)Analysis of Workload Behavior in Scientific and Historical Long-Term Data RepositoriesACM Transactions on Storage10.1145/2180905.21809078:2(1-27)Online publication date: 1-May-2012
https://dl.acm.org/doi/10.1145/2180905.2180907
Virvilis NDritsas SGritzalis D(2011)Secure cloud storageProceedings of the 8th international conference on Trust, privacy and security in digital business10.5555/2035420.2035430(74-85)Online publication date: 29-Aug-2011
https://dl.acm.org/doi/10.5555/2035420.2035430
Bessani ACorreia MQuaresma BAndré FSousa PKirsch CHeiser G(2011)DepSkyProceedings of the sixth conference on Computer systems10.1145/1966445.1966449(31-46)Online publication date: 10-Apr-2011
https://dl.acm.org/doi/10.1145/1966445.1966449
Chaitanya SVijayakumar DUrgaonkar BSivasubramaniam ABanavar G(2010)Middleware for a re-configurable distributed archival store based on secret sharingProceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware10.5555/2023718.2023726(107-127)Online publication date: 29-Nov-2010
https://dl.acm.org/doi/10.5555/2023718.2023726
Müller ARönnau SBorghoff UAntonacopoulos AGormish MIngold R(2010)A file-type sensitive, auto-versioning file systemProceedings of the 10th ACM symposium on Document engineering10.1145/1860559.1860621(271-274)Online publication date: 21-Sep-2010
https://dl.acm.org/doi/10.1145/1860559.1860621
Virvilis NDritsas SGritzalis D(2010)A cloud provider-agnostic secure storage protocolProceedings of the 5th international conference on Critical Information Infrastructures Security10.1007/978-3-642-21694-7_9(104-115)Online publication date: 23-Sep-2010
https://dl.acm.org/doi/10.1007/978-3-642-21694-7_9
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents