Presentation is loading. Please wait.

Presentation is loading. Please wait.

Speaker : YUN–KUAN,CHANG Date : 2010/08/05 Scalable and Efficient Provable Data Possession.

Published byPeregrine Norman Modified over 8 years ago

Similar presentations

Presentation on theme: "Speaker : YUN–KUAN,CHANG Date : 2010/08/05 Scalable and Efficient Provable Data Possession."— Presentation transcript:

1 Speaker : YUN–KUAN,CHANG Date : 2010/08/05 Scalable and Efficient Provable Data Possession

2 Outline 1/2 2 Motivation Contributions Proposed PDP scheme Notation Setup phase Verification Phase Supporting dynamic outsourced data Block Update Block Deletion Batching Updates and Deletions Single-Block Append

3 Outline 2/2 Insert 比較兩 PDP 3

4 Motivation 1/2 Data generation is currently outpacing storage availability. In contrast, a well-designed PDP scheme would be, at the same time, secure and scalable/efficient. Alice wants to outsource her life-long collection of digital content to a third party, giving read access to her friends and family. Alice wants to make sure that her data is faithfully stored and readily available. 4

5 Motivation 2/2 To verify data possession, Alice could use a resource-constrained personal device. In this realistic setting, our two design requirements are very important. (1) outsourcing data in clear-text (2) bandwidth and computation efficiency 5

6 Contributions This paper’s contribution is two-fold: 1. Efficiency and Security:  the proposed PDP scheme, relies only on efficient symmetric-key operations in both setup (performed once) and verification phases.  our scheme is more efficient than POR as it requires no bulk encryption of outsourced data and no data expansion due to additional sentinel blocks 2. Dynamic Data Support:  the new scheme supports secure and efficient dynamic operations on outsourced data blocks, including: modification, deletion and append. 6

7 Proposed PDP scheme 1/2 It consists of two phases: setup and verification. Before outsourcing, OWN pre-computes a certain number of short possession verification tokens. The actual data is then handed over to SRV. Subsequently, when OWN wants to obtain a proof of data possession, it challenges SRV with a set of random-looking block indices. 7

8 Proposed PDP scheme 2/2 In turn, SRV must compute a short integrity check over the specified blocks (corresponding to the indices) and return it to OWN. OWN’s storage overhead is constant regardless of the size of the outsourced data. Our scheme is also very efficient in terms of computation and bandwidth. 8

9 Notation 9 Doutsourced dataD[1],...,D[d] OWNthe owner of the data SRVserver H(·)cryptographic hash functionSHA-1, SHA-2 AE key (·)an authenticated encryption schemethat provides both privacy and authenticity AE −1 key (·)decryption operation for the scheme f key (·)PRF indexed on some (usually secret) key. g key (·)PRP indexed under key.

10 Setup phase 1/2 We use the PRF with two master secret keys and, both of bits. The key is used to generate session permutation keys while is used to generate challenge nonces. During the Setup phase, the owner OWN generates in advance possible random challenges and the corresponding answers. To produce the token, the owner generates a set of indices. 10

11 Setup phase 2/2 11 Choose  parameters  functions  the number of tokens  the number of indices per verification  generate randomly master keys For ( to ) do begin end for Store

12 Verification Phase 1/2 12 begin check end

13 Verification Phase 2/2 We point out that there is almost no cost for OWN to perform a verification. It only needs to re-generate the appropriate pair (two PRF-s invocations) and perform one decryption in order to check the reply from SRV. The computation cost for SRV, though slightly higher ( PRP-s on short inputs, and one hash), is still very reasonable. 13

14 Supporting dynamic outsourced data This leads us to consider various data block operations (e.g., update, delete, append and insert) and the implications upon our scheme which stem from supporting each operation. One obvious and trivial solution to all dynamic operations, is (for each operation) for OWN to download from SRV the entire outsourced data D and to re-run the setup phase. 14

15 Block Update 1/3 We assume that OWN needs to modify the -th data block which is currently stored on SRV, from its current value to a new version, denoted. The remaining verification tokens, OWN needs to factor out every occurrence of D[n] and replace it with D ' [n]. One subtle aspect is that OWN cannot disclose to SRV which (if any) verification tokens include the -------th block. 15

16 Block Update 2/3 we require OWN to modify all remaining verification tokens. We also need to amend the token structure as follows. from: to: 16

17 Block Update 3/3 17  assume that block is being modified to begin ctr=ctr+1 for do for do if then end

18 Block Deletion 1/2 After being outsourced, certain data blocks might need to be deleted. Deleted blocks can be replaced by a predetermined special block in their respective positions via the update procedure. from: to: 18

19 Block Deletion 2/2 19  assume that block is being modified to begin ctr=ctr+1 for do for do if then end

20 Batching Updates and Deletions It is clear that the cost of updating all remaining verification tokens for a single block update or deletion is not negligible for OWN. Any number of block updates and deletes can be performed at the cost of a single update or delete. To do this, we need to modify the for-loop to take care of both deletions and updates at the same time. 20

21 Single-Block Append 1/4 The owner might want to increase the size of the outsourced database. we could consider a logical bi-dimensional structure of the outsourced data, and append a new block to one of the original blocks in a round-robin fashion. 21

22 Single-Block Append 2/4 Assume that OWN has the outsourced data, and that it wants to append the blocks. 22

23 Single-Block Append 3/4 For the index in the -th challenge, the server will have to include in the computation of the XOR-ed hashes v i any blocks linked to, i.e., the entire row in the logical matrix above. In particular, SRV will include: is the length of the row of the logical matrix. 23

24 Single-Block Append 4/4 The advantage of this solution is that we can just run the Update operation to append blocks so we can even batch several appends. The drawback is that the storage server will have to access more blocks per query and this may become increasingly expensive for SRV as the number of blocks appended to the database increases. 24

25 Insert A logical insert operation corresponds to an append coupled with maintaining a data structure containing a logical-to-physical block number mapping for each “inserted” block. Inserting a block corresponds to shifting by one slot all blocks starting with index. This affects many rows in the logical matrix described above and requires a substantial number of computations. 25

26 比較 – Setup 上一篇的 PDP 本篇的 PDP Owner 計算 Data 裡每一個區塊的標籤計算 Data 裡每回合 r 個標籤 傳送 pk,F, Σ ( 標籤的連結 ) 給 Server 傳送 D,[i,v ' ] 給 Server 刪除 F, Σ 儲存 W,Z,K,i ( 每回和相同 ) 回合數 t 如果沒太大,可以儲存 v ' 26

27 比較 – Challenge 上一篇的 PDP 本篇的 PDP Owner 選擇 Data 裡第 c 個區塊來挑戰選擇第 i 回合來挑戰 計算方式不同 Server 計算方式不同 27

Download ppt "Speaker : YUN–KUAN,CHANG Date : 2010/08/05 Scalable and Efficient Provable Data Possession."

Similar presentations

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Hashing.

Hashing.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.

Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.
Chapter 11 Indexing and Hashing (2) Yonsei University 2 nd Semester, 2013 Sanghyun Park.

Chapter 11 Indexing and Hashing (2) Yonsei University 2 nd Semester, 2013 Sanghyun Park.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.

Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lock-free Cuckoo Hashing Nhan Nguyen & Philippas Tsigas ICDCS 2014 Distributed Computing and Systems Chalmers University of Technology Gothenburg, Sweden.

Lock-free Cuckoo Hashing Nhan Nguyen & Philippas Tsigas ICDCS 2014 Distributed Computing and Systems Chalmers University of Technology Gothenburg, Sweden.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Modern Information Retrieval 第三組 87070300 陳國富 87068800 王俊傑 87070600 夏希璿.

Modern Information Retrieval 第三組 陳國富 王俊傑 夏希璿.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

Similar presentations

Ads by Google