2,656 research outputs found
Cloud Data Auditing Using Proofs of Retrievability
Cloud servers offer data outsourcing facility to their clients. A client
outsources her data without having any copy at her end. Therefore, she needs a
guarantee that her data are not modified by the server which may be malicious.
Data auditing is performed on the outsourced data to resolve this issue.
Moreover, the client may want all her data to be stored untampered. In this
chapter, we describe proofs of retrievability (POR) that convince the client
about the integrity of all her data.Comment: A version has been published as a book chapter in Guide to Security
Assurance for Cloud Computing (Springer International Publishing Switzerland
2015
Secure Code Update for Embedded Devices via Proofs of Secure Erasure
Abstract. Remote attestation is the process of verifying internal state of a remote embedded device. It is an important component of many security protocols and applications. Although previously proposed re-mote attestation techniques assisted by specialized secure hardware are effective, they not yet viable for low-cost embedded devices. One no-table alternative is software-based attestation, that is both less costly and more efficient. However, recent results identified weaknesses in some proposed software-based methods, thus showing that security of remote software attestation remains a challenge. Inspired by these developments, this paper explores an approach that relies neither on secure hardware nor on tight timing constraints typi-cal of software-based technqiques. By taking advantage of the bounded memory/storage model of low-cost embedded devices and assuming a small amount of read-only memory (ROM), our approach involves a new primitive – Proofs of Secure Erasure (PoSE-s). We also show that, even though it is effective and provably secure, PoSE-based attestation is not cheap. However, it is particularly well-suited and practical for two other related tasks: secure code update and secure memory/storage erasure. We consider several flavors of PoSE-based protocols and demonstrate their feasibility in the context of existing commodity embedded devices.
Keyword-Based Delegable Proofs of Storage
Cloud users (clients) with limited storage capacity at their end can
outsource bulk data to the cloud storage server. A client can later access her
data by downloading the required data files. However, a large fraction of the
data files the client outsources to the server is often archival in nature that
the client uses for backup purposes and accesses less frequently. An untrusted
server can thus delete some of these archival data files in order to save some
space (and allocate the same to other clients) without being detected by the
client (data owner). Proofs of storage enable the client to audit her data
files uploaded to the server in order to ensure the integrity of those files.
In this work, we introduce one type of (selective) proofs of storage that we
call keyword-based delegable proofs of storage, where the client wants to audit
all her data files containing a specific keyword (e.g., "important"). Moreover,
it satisfies the notion of public verifiability where the client can delegate
the auditing task to a third-party auditor who audits the set of files
corresponding to the keyword on behalf of the client. We formally define the
security of a keyword-based delegable proof-of-storage protocol. We construct
such a protocol based on an existing proof-of-storage scheme and analyze the
security of our protocol. We argue that the techniques we use can be applied
atop any existing publicly verifiable proof-of-storage scheme for static data.
Finally, we discuss the efficiency of our construction.Comment: A preliminary version of this work has been published in
International Conference on Information Security Practice and Experience
(ISPEC 2018
Secret Communication over Broadcast Erasure Channels with State-feedback
We consider a 1-to- communication scenario, where a source transmits
private messages to receivers through a broadcast erasure channel, and the
receivers feed back strictly causally and publicly their channel states after
each transmission. We explore the achievable rate region when we require that
the message to each receiver remains secret - in the information theoretical
sense - from all the other receivers. We characterize the capacity of secure
communication in all the cases where the capacity of the 1-to- communication
scenario without the requirement of security is known. As a special case, we
characterize the secret-message capacity of a single receiver point-to-point
erasure channel with public state-feedback in the presence of a passive
eavesdropper.
We find that in all cases where we have an exact characterization, we can
achieve the capacity by using linear complexity two-phase schemes: in the first
phase we create appropriate secret keys, and in the second phase we use them to
encrypt each message. We find that the amount of key we need is smaller than
the size of the message, and equal to the amount of encrypted message the
potential eavesdroppers jointly collect. Moreover, we prove that a dishonest
receiver that provides deceptive feedback cannot diminish the rate experienced
by the honest receivers.
We also develop a converse proof which reflects the two-phase structure of
our achievability scheme. As a side result, our technique leads to a new outer
bound proof for the non-secure communication problem
Approximate Quantum Error-Correcting Codes and Secret Sharing Schemes
It is a standard result in the theory of quantum error-correcting codes that
no code of length n can fix more than n/4 arbitrary errors, regardless of the
dimension of the coding and encoded Hilbert spaces. However, this bound only
applies to codes which recover the message exactly. Naively, one might expect
that correcting errors to very high fidelity would only allow small violations
of this bound. This intuition is incorrect: in this paper we describe quantum
error-correcting codes capable of correcting up to (n-1)/2 arbitrary errors
with fidelity exponentially close to 1, at the price of increasing the size of
the registers (i.e., the coding alphabet). This demonstrates a sharp
distinction between exact and approximate quantum error correction. The codes
have the property that any components reveal no information about the
message, and so they can also be viewed as error-tolerant secret sharing
schemes.
The construction has several interesting implications for cryptography and
quantum information theory. First, it suggests that secret sharing is a better
classical analogue to quantum error correction than is classical error
correction. Second, it highlights an error in a purported proof that verifiable
quantum secret sharing (VQSS) is impossible when the number of cheaters t is
n/4. More generally, the construction illustrates a difference between exact
and approximate requirements in quantum cryptography and (yet again) the
delicacy of security proofs and impossibility results in the quantum model.Comment: 14 pages, no figure
- …