Auditing for Distributed Storage Systems

Abstract

Distributed storage codes have recently received a lot of attention in the community. Independently, another body of work has proposed integrity-checking schemes for cloud storage, none of which, however, is customized for coding-based storage or can efficiently support repair. In this work, we bridge the gap between these two currently disconnected bodies of work. We propose $ {\ssr NC {\mathchar702D }Audit}$ , a novel cryptography-based remote data integrity-checking scheme, designed specifically for network-coding-based distributed storage systems. $ {\ssr NC {\mathchar702D }Audit}$ combines, for the first time, the following desired properties: 1) efficient checking of data integrity; 2) efficient support for repairing failed nodes; and 3) protection against information leakage when checking is performed by a third party. The key ingredient of the design of $ {\ssr NC {\mathchar702D }Audit}$ is a novel combination of $ {\ssr SpaceMac}$ , a homomorphic message authentication code (MAC) scheme for network coding, and $ {\ssr NCrypt}$ , a novel chosen-plaintext attack (CPA) secure encryption scheme that preserves the correctness of $ {\ssr SpaceMac}$ . Our evaluation of $ {\ssr NC {\mathchar702D }Audit}$ based on a real Java implementation shows that the proposed scheme has significantly lower overhead compared to the state-of-the-art schemes for both auditing and repairing of failed nodes.