TY - JOUR
T1 - Remote data checking using provable data possession
AU - Ateniese, Giuseppe
AU - Burns, Randal
AU - Curtmola, Reza
AU - Herring, Joseph
AU - Khan, Osama
AU - Kissner, Lea
AU - Peterson, Zachary
AU - Song, Dawn
PY - 2011/5
Y1 - 2011/5
N2 - We introduce a model for provable data possession (PDP) that can be used for remote data checking: A client that has stored data at an untrusted server can verify that the server possesses the original data without retrieving it. The model generates probabilistic proofs of possession by sampling random sets of blocks from the server, which drastically reduces I/O costs. The client maintains a constant amount of metadata to verify the proof. The challenge/response protocol transmits a small, constant amount of data, which minimizes network communication. Thus, the PDP model for remote data checking is lightweight and supports large data sets in distributed storage systems. The model is also robust in that it incorporates mechanisms for mitigating arbitrary amounts of data corruption. We present two provably-secure PDP schemes that aremore efficient than previous solutions. In particular, the overhead at the server is low (or even constant), as opposed to linear in the size of the data. We then propose a generic transformation that adds robustness to any remote data checking scheme based on spot checking. Experiments using our implementation verify the practicality of PDP and reveal that the performance of PDP is bounded by disk I/O and not by cryptographic computation. Finally, we conduct an in-depth experimental evaluation to study the tradeoffs in performance, security, and space overheads when adding robustness to a remote data checking scheme.
AB - We introduce a model for provable data possession (PDP) that can be used for remote data checking: A client that has stored data at an untrusted server can verify that the server possesses the original data without retrieving it. The model generates probabilistic proofs of possession by sampling random sets of blocks from the server, which drastically reduces I/O costs. The client maintains a constant amount of metadata to verify the proof. The challenge/response protocol transmits a small, constant amount of data, which minimizes network communication. Thus, the PDP model for remote data checking is lightweight and supports large data sets in distributed storage systems. The model is also robust in that it incorporates mechanisms for mitigating arbitrary amounts of data corruption. We present two provably-secure PDP schemes that aremore efficient than previous solutions. In particular, the overhead at the server is low (or even constant), as opposed to linear in the size of the data. We then propose a generic transformation that adds robustness to any remote data checking scheme based on spot checking. Experiments using our implementation verify the practicality of PDP and reveal that the performance of PDP is bounded by disk I/O and not by cryptographic computation. Finally, we conduct an in-depth experimental evaluation to study the tradeoffs in performance, security, and space overheads when adding robustness to a remote data checking scheme.
KW - Archival storage
KW - Cloud storage security
KW - Erasure coding
KW - Homomorphic verifiable tags
KW - PDP
KW - Provable data possession
KW - Remote data checking
KW - Robust auditing
UR - http://www.scopus.com/inward/record.url?scp=79959823910&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79959823910&partnerID=8YFLogxK
U2 - 10.1145/1952982.1952994
DO - 10.1145/1952982.1952994
M3 - Article
AN - SCOPUS:79959823910
SN - 1094-9224
VL - 14
JO - ACM Transactions on Information and System Security
JF - ACM Transactions on Information and System Security
IS - 1
M1 - 12
ER -