ここから本文です
研究室
情報セキュリティ研究室

情報セキュリティ研究室

インド統計研究所 Sengupta氏 講演会:2015年6月10日

■講演タイトル:”Recent Progress on Proofs of Retrievability
■日時:2015年6月10日15:30-17:30

■場所:ISIT百道オフィス会議室(福岡市早良区百道浜2丁目1番22号 福岡SRPセンタービル7階)

■講演者:

    • Mr. Binanda Sengupta, Junior Research Fellow, Applied Statistics Unit, Indian Statistical Institute, Kolkata

■概要:

In the advent of cloud computing, users having large data may want to outsource the storage to the cloud. However, they need a guarantee that their data are not deleted or modified after they are stored on the cloud server. On the other hand, cloud data storage providers (CSP) store users’ data in lieu of monetary benefits.

One naive approach to ensure data integrity is that a user downloads the whole data from the server and verifies them individually segment by segment. Every time a user checks the integrity, she has to get all her data from the server which incurs a high communication bandwidth.

To overcome the issue, researchers have come up with proofs of storage. The user computes an authenticator (for example, MAC) for each segment of her data (or file), and uploads the file along with the authenticators. During an audit protocol, the user samples a predefined number of segment-indices and sends them to the server (challenge). The server does some computations over the challenge, stored data and authenticators, and sends a response to the user who verifies the integrity of her data based on this response. This is an example of provable data possession (PDP) introduced by Ateniese et al. However, PDP does not guarantee that the whole file is stored intact.

The first paper introducing the proofs of retrievability (POR) for static data is by Juels and Kaliski. They introduce the erasure coding into the proofs of storage. The underlying idea is to encode the original file with a maximum distance separable (MDS)  erasure code, authenticate the segments of the encoded file, and then upload them on the data server. With this technique, the server has to delete or modify a considerable number of segments to actually delete or modify a data segment. Thus, the probability that the server passes an audit given some data segments are actually deleted or modified becomes negligible in the security parameter. This ensures that all the segments of the file are correctly stored on the server’s end.

This notion is formalized by defining an extractor algorithm which can extract, with high probability, the original file after interacting with a server which passes an audit with some non-negligible probability. Ateniese et al. reduce the size of the response of the server using homomorphic authenticators. This scheme also introduces the notion of public verifiability, that is, verifiers are stateless and the number of audits carried out is unbounded. In publicly verifiable settings, anyone can execute the audit protocol. Following the work by Juels and Kaliski, several POR schemes have been proposed. Some of these schemes are designed for static data, and the rest allow the user to change her data after the initial outsourcing.

■謝辞

本講演及び研究討議の参加者である穴田啓晃は,下記の研究助成金に支援を受けております.

  • 日本学術振興会(JSPS),科研費研究課題番号:40727202,
    • 研究課題名:対話型証明と秘密分散に基づく認証方式・署名方式の設計及び安全性評価
    • 注)上記研究課題の下,秘密分散法の最新技術の設計について講演頂き,研究討議する.

本講演及び研究討議の参加者である Binanda Sengupta 氏は,下記の研究プロジェクトのメンバーです.

(以上)