Download - Research survey on Provable Data Possession
![Page 1: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/1.jpg)
Provable Data Possession Research paper survey
C. Y. Lee
![Page 2: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/2.jpg)
Benefits of Cloud Computing
2
Secure Storage & Management
![Page 3: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/3.jpg)
Traditional Data Possession Scheme
3
Files
Challenge Lists
{T’}
CheckProof(T, T’)
Success ? Failure ?
Set
upC
halle
nge
File F
File F
T’
T’T = Crypto-Hash(F)orT = MACkey(F)
T’ = Crypto-Hash(F)orT’ = MACkey(F)
File F
File F
![Page 4: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/4.jpg)
Provable Data Possession
• Provable Data Possession (PDP)– Clients need to be able to verify that an
untrusted server has retained file data.– Without retrieving the data from the server.– Without having the server access the entire
file (probabilistic proofs).– Also called Proof of Data Retrivability (POR).
4
![Page 5: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/5.jpg)
PROVABLE DATA POSSESSION AT UNTRUSTED STORES
Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring,Lea Kissner, Zachary Peterson,Dawn Song, CCS’07, October 29–November 2, 2007, pp. 598-610, Alexandria, Virginia, USA.
5
![Page 6: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/6.jpg)
Homomorphic Verifiable Tags (HVTs)
• HVT is a pair of values (Ti,m, Wi) stored at the server.– Given a message m, Tm is its HVT.
– Wi is a random value with index i.
• Properties:– Blockless verification– Homomorphic tags
• A value Tmi+mj corresponding to the sum of the
messages mi + mj.
6
![Page 7: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/7.jpg)
Provable Data Possession Scheme(PDP)
7
m1
m2
…
mt
…
mn
File FTags
𝑇 1 ,𝑚1
𝑇 2 ,𝑚2
𝑇 𝑡 , 𝑚𝑡
𝑇 𝑛 ,𝑚𝑛
……
KeyGen(1k) → (pk, sk)TagBlock(pk, sk, m) → Tm
pk. File, Tags
GenProof(pk, F, chal,) →
Challenge chal
CheckProof(pk, sk, chal, )
Success ? Failure ?
Set
upC
halle
nge
![Page 8: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/8.jpg)
Data Possession Game (Setup)
8
Client Server
(pk, sk) KeyGen(1k): Three primes: p = 2p’+1, q = 2q’+1, and e. pk = (N, g), N = pq is RSA modulus, g is a generator of QRN
sk = (e, d, v), ed 1 (mod p’q’),
1 i n, (Ti,mi, Wi) TagBlock(pk, (d, v), mi, i):
Wi = v || i, Ti, mi = (h(Wi)gmi)d mod N
pk, F, =(T1, m1, …, Tn,mn
)
* QRN is the set of quadratic residues modulo N.* H, h: a cryptographic hash function.* fkey: a pseudo-random function (PRF) index on key.* key: a pseudo-random permutation (PRP) index on key..* : security parameter.
![Page 9: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/9.jpg)
Provable Data Possession Scheme(PDP)
9
m1
m2
…
mt
…
mn
File FTags
𝑇 1 ,𝑚1
𝑇 2 ,𝑚2
𝑇 𝑡 , 𝑚𝑡
𝑇 𝑛 ,𝑚𝑛
……
KeyGen(1k) → (pk, sk)TagBlock(pk, sk, m) → Tm
pk. File, Tags
GenProof(pk, F, chal,) →
Challenge chal
CheckProof(pk, sk, chal, )
Success ? Failure ?
Set
upC
halle
nge
![Page 10: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/10.jpg)
CheckProof(pk, sk, chal’, ) sk = (e, d, v), chal’ = (c, k1, k2, s), , for 1 j c,
if , “success”, else “failure”.
Data Possession Game (Challenge)
10
Client Server
CHAL = (c, k1, k2, gs)
CHAL=(c, k1, k2, gs) , c: # of proofs of possessed blocks
GenProof(pk, F, chal, ) for 1 j c, , =
![Page 11: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/11.jpg)
SCALABLE AND EFFICIENT PROVABLE DATA POSSESSION
Giuseppe Ateniese, Roberto Di Pietro, Luigi V. Mancini, Gene Tsudik,SecureComm 2008 September 22 - 25, 2008, Istanbul, Turkey.
11
![Page 12: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/12.jpg)
Notations
• F: outsourced file data– d equal-sized blocks: F[1], …, F[d].
• H(): cryptographic hash function.• AEkey(): authenticated encryption scheme.
– Ex: OCB, XCBC, IAPM
• fkey (): pseudo-random function(PRF) index on key.
• key (): pseudo-random permutation(PRP) index on key.
12
![Page 13: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/13.jpg)
Basic Setup Phases
13
Client Server
Choose parameters t, k, L and functions f, ;Choose the number t of tokens;Choose the number r of indices per verification;Generate randomly master keys W, Z, K {0, 1}k.for (i 1 to t) dobegin Round i ki = fW(i) and ci = fZ(i) end (D, {[i, v’i] for 1 i t})
* Treat f and g as AES, L = 128.
![Page 14: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/14.jpg)
Basic Verification Phases
14
Client Server
Challenge iki = fW(i) and ci = fZ(i)
{ki, ci}
* Treat f and g as AES, L = 128.
𝑧=𝐻 ¿{z, v’i}
If decryption fails or then REJECT.
![Page 15: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/15.jpg)
Supporting Dynamic Outsourced Data
• Data block operations– Update– Delete– Append– Insert
15
![Page 16: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/16.jpg)
Update ith Data Block
16
Client Server
To modify F[i] F’[i]:
{n, F’[n],{i, v’i}|1 i t}}
* Treat f and as AES, L = 128.
{i, v’i}|1 i t
ctr = ctr + 1;for (i 1 to t) do ; ki = fW(i), ci = fZ(i); for (j 1 to r) do if () then vi = vi H(ci, j, F[n]) H(ci, j, F’[n]); v’i = AEK(ctr, i, vi);
![Page 17: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/17.jpg)
Block Deletion, Append, Insert
• Block deletion:– Large portion basic PDP scheme on the new
file.
– # of blocks modified data update procedure.
17
vi = vi H(ci, j, F[n]) H(ci, j, DBlock);
![Page 18: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/18.jpg)
Block Deletion, Append, Insert
• Single-block append:– Append a new block to one of the original
blocks D[1],…, D[d] in a round-robin fashion.
• Insert:– Apply to append operation.
18
H(ci, j, ])H(ci, d+j, ])…H(ci, d+j, ]) 𝐹 ′ [1] ¿ 𝐹 [1 ] , 𝐹 [𝑑+1]𝐹 ′ [2 ]⋯
¿ ¿¿¿
𝐹 [𝑘 ] , 𝐹 [𝑑+𝑘]¿
𝐹 [𝑑 ] ¿
![Page 19: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/19.jpg)
Discussion• Bandwidth-storage tradeoff
– Verification tags/tokens• Stored in client Storage + Computation cost• Retrieved from server Bandwidth cost
• Limited number of verifications– How often to query a proof of possession?
19
![Page 20: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/20.jpg)
Probabilistic Framework• Sampling ability greatly reduces the
workload on the server– Provide the probabilistic guarantees.
• Assume S deletes t blocks out of the n-block file F.– c: # of different blocks involved in a challenge.– X: # of blocks chosen by C that match the
blocks deleted by S.– PX: the probability that at least one of the
blocks picked by C matches one of the blocks deleted by S.
– Px < 0.6% if c > 512 , = 1%. 20
![Page 21: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/21.jpg)
Probabilistic Framework
21
![Page 22: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/22.jpg)
![Page 23: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/23.jpg)
Thanks for your listening&
Welcome to Mr. Kilo’s talk
![Page 24: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/24.jpg)
APPENDIX
24
![Page 25: Research survey on Provable Data Possession](https://reader033.vdocuments.site/reader033/viewer/2022061108/5450066cb1af9f05098b4947/html5/thumbnails/25.jpg)
Probabilistic Framework• Assume S deletes t blocks out of the n-block
file F.– c: # of different blocks for challenge.– X: # of blocks chosen by C that match the blocks
deleted by S.– PX: the probability that at least one of the blocks
picked by C matches one of the blocks deleted by S.
• Px = P{X 1} = 1 - P{X = 0}– . – Since ,
25Provable Data Possession at Untrusted Stores, CCS 07.