Outsourced proofs of retrievability

Frederik Armknecht, Jens Matthias Bohli, Ghassan O. Karame, Zongren Liu, Christian A. Reuter

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    Abstract

    Proofs of Retrievability (POR) are cryptographic proofs that enable a cloud provider to prove that a user can retrieve his file in its entirety. POR need to be frequently executed by the user to ensure that their files stored on the cloud can be fully retrieved at any point in time. To conduct and verify POR, users need to be equipped with devices that have network access, and that can tolerate the (non-negligible) computational overhead incurred by the verification process. This clearly hinders the large-scale adoption of POR by cloud users, since many users increasingly rely on portable devices that have limited computational capacity, or might not always have network access. In this paper, we introduce the notion of outsourced proofs of retrievability (OPOR), in which users can task an external auditor to perform and verify POR with the cloud provider. We argue that the OPOR setting is subject to security risks that have not been covered by existing POR security models. To remedy that, we propose a formal framework and a security model for OPOR. We then propose an instantiation of OPOR which builds upon the provably-secure private POR scheme due to Shacham and Waters (Asiacrypt'08) and we show its security in our proposed security model. We implement a prototype based on our solution, and evaluate its performance in a realistic cloud setting. Our evaluation results show that our proposal minimizes user effort, incurs negligible overhead on the auditor (compared to the SW scheme), and considerably improves over existing publicly verifiable POR.

    Original languageEnglish
    Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
    PublisherAssociation for Computing Machinery
    Pages831-843
    Number of pages13
    ISBN (Electronic)9781450329576, 9781450329576, 9781450331470, 9781450331500, 9781450331517, 9781450331524, 9781450331531, 9781450331548, 9781450331555, 9781450332392
    DOIs
    Publication statusPublished - 3 Nov 2014
    Event21st ACM Conference on Computer and Communications Security, CCS 2014 - Scottsdale, United States
    Duration: 3 Nov 20147 Nov 2014

    Other

    Other21st ACM Conference on Computer and Communications Security, CCS 2014
    Country/TerritoryUnited States
    CityScottsdale
    Period3/11/147/11/14

    Keywords

    • Auditor-based model
    • Cloud security
    • Proofs of retrievability

    Fingerprint

    Dive into the research topics of 'Outsourced proofs of retrievability'. Together they form a unique fingerprint.

    Cite this