Proofs of ownership in remote storage systems

Shai Halevi, Danny Harnik, Benny Pinkas, Alexandra Shulman-Peleg

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

422 Scopus citations

Abstract

Cloud storage systems are becoming increasingly popular. A promising technology that keeps their cost down is deduplication, which stores only a single copy of repeating data. Client-side deduplication attempts to identify deduplication opportunities already at the client and save the bandwidth of uploading copies of existing files to the server. In this work we identify attacks that exploit client-side deduplication, allowing an attacker to gain access to arbitrary size files of other users based on a very small hash signatures of these files. More specifically, an attacker who knows the hash signature of a file can convince the storage service that it owns that file, hence the server lets the attacker download the entire file. (In parallel to our work, a subset of these attacks were recently introduced in the wild with respect to the Dropbox file synchronization service.) To overcome such attacks, we introduce the notion of proofs-of-ownership (PoWs), which lets a client efficiently prove to a server that that the client holds a file, rather than just some short information about it. We formalize the concept of proof-of-ownership, under rigorous security definitions, and rigorous efficiency requirements of Petabyte scale storage systems. We then present solutions based on Merkle trees and specific encodings, and analyze their security. We implemented one variant of the scheme. Our performance measurements indicate that the scheme incurs only a small overhead compared to naive client-side deduplication.

Original languageEnglish
Title of host publicationCCS'11 - Proceedings of the 18th ACM Conference on Computer and Communications Security
Pages491-500
Number of pages10
DOIs
StatePublished - 2011
Event18th ACM Conference on Computer and Communications Security, CCS'11 - Chicago, IL, United States
Duration: 17 Oct 201121 Oct 2011

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference18th ACM Conference on Computer and Communications Security, CCS'11
Country/TerritoryUnited States
CityChicago, IL
Period17/10/1121/10/11

Bibliographical note

Funding Information:
This study was supported by grant 6603-1351-AIDS from the National Health Research and Development Program (Stage I) and contract # H 4078-3-C210/01-SS (Stage II), Health Canada. Presented in part at the 4th Annual Conference on HIV/AIDS of the Canadian Association for HIV Research, Toronto, June 1–3, 1994.

Funding

This study was supported by grant 6603-1351-AIDS from the National Health Research and Development Program (Stage I) and contract # H 4078-3-C210/01-SS (Stage II), Health Canada. Presented in part at the 4th Annual Conference on HIV/AIDS of the Canadian Association for HIV Research, Toronto, June 1–3, 1994.

FundersFunder number
Seventh Framework Programme257019, 208173

    Keywords

    • Cloud storage
    • Deduplication
    • Merkle trees
    • Proofs of ownership

    Fingerprint

    Dive into the research topics of 'Proofs of ownership in remote storage systems'. Together they form a unique fingerprint.

    Cite this