Abstract

We introduce a model for provable data possession (PDP) that allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. The model generates probabilistic proofs of possession by sampling random sets of blocks from the server, which drastically reduces I/O costs. The client maintains a constant amount of metadata to verify the proof. The challenge/response protocol transmits a small, constant amount of data, which minimizes network communication. Thus, the PDP model for remote data checking supports large data sets in widely-distributed storage system.We present two provably-secure PDP schemes that are more efficient than previous solutions, even when compared with schemes that achieve weaker guarantees. In particular, the overhead at the server is low (or even constant), as opposed to linear in the size of the data. Experiments using our implementation verify the practicality of PDP and reveal that the performance of PDP is bounded by disk I/O and not by cryptographic computation.

Highlights

  • Verifying the authenticity of data has emerged as a critical issue in storing data on untrusted servers

  • The provable data possession (PDP) solutions that we present are the first schemes that securely prove the possession of data on an untrusted server and are computationally efficient, i.e., require a constant number of modular exponentiations and have constant I/O complexity

  • We introduce the concept of a homomorphic verifiable tag that will be used as a building block for our PDP schemes

Read more

Summary

Introduction

Verifying the authenticity of data has emerged as a critical issue in storing data on untrusted servers. Our PDP schemes provide data format independence, which is a relevant feature in practical deployments (more details on this in the remarks of Section 4.3), and put no restriction on the number of times the client can challenge the server to prove data possession. As a special case of our PDP scheme, the client may ask proof for all the file blocks, making the data possession guarantee deterministic. We emphasize that PDP schemes that offer an inherently deterministic guarantee by accessing all the blocks of the file ([20, 17, 19]) cannot offer both sampling across blocks and constant storage on the client; fundamental changes would be required in these schemes in order to avoid storing O(n) metadata on the client.

Related Work
Preliminaries
Definitions
Efficient and Secure PDP Schemes
Probabilistic Framework
Implementation and Experimental Results
Findings
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.