TY - GEN
T1 - Provable data possession at untrusted stores
AU - Ateniese, Giuseppe
AU - Burns, Randal
AU - Curtmola, Reza
AU - Herring, Joseph
AU - Kissner, Lea
AU - Peterson, Zachary
AU - Song, Dawn
PY - 2007
Y1 - 2007
N2 - We introduce a model for provable data possession (PDP) that allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. The model generates probabilistic proofs of possession by sampling random sets of blocks from the server, which drastically reduces I/O costs. The client maintains a constant amount of metadata to verify the proof. The challenge/response protocol transmits a small, constant amount of data, which minimizes network communication. Thus, the PDP model for remote data checking supports large data sets in widely-distributed storage system. We present two provably-secure PDP schemes that are more efficient than previous solutions, even when compared with schemes that achieve weaker guarantees. In particular, the overhead at the server is low (or even constant), as opposed to linear in the size of the data. Experiments using our implementation verify the practicality of PDP and reveal that the performance of PDP is bounded by disk I/O and not by cryptographic computation.
AB - We introduce a model for provable data possession (PDP) that allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. The model generates probabilistic proofs of possession by sampling random sets of blocks from the server, which drastically reduces I/O costs. The client maintains a constant amount of metadata to verify the proof. The challenge/response protocol transmits a small, constant amount of data, which minimizes network communication. Thus, the PDP model for remote data checking supports large data sets in widely-distributed storage system. We present two provably-secure PDP schemes that are more efficient than previous solutions, even when compared with schemes that achieve weaker guarantees. In particular, the overhead at the server is low (or even constant), as opposed to linear in the size of the data. Experiments using our implementation verify the practicality of PDP and reveal that the performance of PDP is bounded by disk I/O and not by cryptographic computation.
KW - Archival storage
KW - Homomorphic verifiable tags
KW - PDP
KW - Provable data possession
KW - Storage security
UR - http://www.scopus.com/inward/record.url?scp=74049102823&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=74049102823&partnerID=8YFLogxK
U2 - 10.1145/1315245.1315318
DO - 10.1145/1315245.1315318
M3 - Conference contribution
AN - SCOPUS:74049102823
SN - 9781595937032
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 598
EP - 610
BT - CCS'07 - Proceedings of the 14th ACM Conference on Computer and Communications Security
T2 - 14th ACM Conference on Computer and Communications Security, CCS'07
Y2 - 29 October 2007 through 2 November 2007
ER -