Data Secrecy in Distributed Storage Systems under Exact Repair

The problem of securing data against eavesdropping in distributed storage systems is studied. The focus is on systems that use linear codes and implement exact repair to recover from node failures.The maximum file size that can be stored securely is determined for systems in which all the available nodes help in repair (i.e., repair degree $d=n-1$, where $n$ is the total number of nodes) and for any number of compromised nodes. Similar results in the literature are restricted to the case of at most two compromised nodes. Moreover, new explicit upper bounds are given on the maximum secure file size for systems with $d<n-1$. The key ingredients for the contribution of this paper are new results on subspace intersection for the data downloaded during repair. The new bounds imply the interesting fact that the maximum data that can be stored securely decreases exponentially with the number of compromised nodes.Comment: Submitted to Netcod 201

Fundamental Limits of Exact-Repair Regenerating Codes

Understanding the fundamental limits of communication systems involves both constructing efficient coding schemes as well as proving mathematically that certain performance is impossible to achieve; the latter is known as the converse problem in information theory. This thesis focused on the converse problems for complex information systems such as self-repair distributed storage and coded caching systems, and our goal was to establish tight converse results for such systems by exploiting problem-specific combinatorial structures. The main part of this thesis dealt with exact-repair regenerating codes, which were first proposed by Dimakis et al. in 2010. In particular, we considered two extensions of the original setting of Dimakis et al., namely 1) multilevel diversity coding with regeneration and 2) secure exact-repair regenerating codes. For the problem of multilevel diversity coding with regeneration, we showed, via the proposed combinatorial approach, that the natural separate encoding strategy can achieve the optimal tradeoff between the normalized storage capacity and repair bandwidth at the minimum-bandwidth rate (MBR) point. This settled a conjecture by Tian and Liu in 2015. For the problem of secure exact-repair regenerating codes, all known results from the literature showed that the achievable tradeoff regions between the normalized storage capacity and repair bandwidth have a single corner point, achieved by a scheme proposed by Shah, Rashmi and Kumar (the SRK point). Since the achievable tradeoff regions of the exact-repair regenerating code problem without any secrecy constraints were known to have multiple corner points in general, these existing results suggested a phase-change-like behavior, i.e., enforcing a secrecy constraint immediately reduces the tradeoff region to one with a single corner point. In our work, we first showed that when the secrecy parameter is sufficiently large, the SRK point is indeed the only corner point of the tradeoff region. However, when the secrecy parameter is small, we showed that the tradeoff region can, in fact, have multiple corner points. In particular, we established a precise characterization of the tradeoff region for a particular problem instance, which has exactly two corner points. Thus, a smooth transition, instead of a phase-change-type of transition, should be expected as the secrecy constraint is gradually strengthened

Improving the Secrecy of Distributed Storage Systems using Interference Alignment

Regenerating codes based on the approach of interference alignment for wireless interference channel achieve the cut-set bound for distributed storage systems. These codes provide data reliability, and perform efficient exact node repair when some node fails. Interference alignment as a concept is especially important to improve the repair efficiency of a failed node in a minimum storage regenerating (MSR) code. In addition it can improve the stored data security in presence of passive intruders. In this paper we construct a new code resilient against a threat model where a passive eavesdropper can access the data stored on a subset of nodes and the downloaded data during the repair process of a subset of failed nodes. We achieve an optimal secrecy capacity for the new explicit construction of MSR interference alignment code. Hence, we show that the eavesdropper obtains zero information from the original message stored across the distributed storage, and that we achieve a perfect secrecy.Comment: 20 pages, 3 figure

Secure Partial Repair in Wireless Caching Networks with Broadcast Channels

We study security in partial repair in wireless caching networks where parts of the stored packets in the caching nodes are susceptible to be erased. Let us denote a caching node that has lost parts of its stored packets as a sick caching node and a caching node that has not lost any packet as a healthy caching node. In partial repair, a set of caching nodes (among sick and healthy caching nodes) broadcast information to other sick caching nodes to recover the erased packets. The broadcast information from a caching node is assumed to be received without any error by all other caching nodes. All the sick caching nodes then are able to recover their erased packets, while using the broadcast information and the nonerased packets in their storage as side information. In this setting, if an eavesdropper overhears the broadcast channels, it might obtain some information about the stored file. We thus study secure partial repair in the senses of information-theoretically strong and weak security. In both senses, we investigate the secrecy caching capacity, namely, the maximum amount of information which can be stored in the caching network such that there is no leakage of information during a partial repair process. We then deduce the strong and weak secrecy caching capacities, and also derive the sufficient finite field sizes for achieving the capacities. Finally, we propose optimal secure codes for exact partial repair, in which the recovered packets are exactly the same as erased packets.Comment: To Appear in IEEE Conference on Communication and Network Security (CNS

Secure Cooperative Regenerating Codes for Distributed Storage Systems

Regenerating codes enable trading off repair bandwidth for storage in distributed storage systems (DSS). Due to their distributed nature, these systems are intrinsically susceptible to attacks, and they may also be subject to multiple simultaneous node failures. Cooperative regenerating codes allow bandwidth efficient repair of multiple simultaneous node failures. This paper analyzes storage systems that employ cooperative regenerating codes that are robust to (passive) eavesdroppers. The analysis is divided into two parts, studying both minimum bandwidth and minimum storage cooperative regenerating scenarios. First, the secrecy capacity for minimum bandwidth cooperative regenerating codes is characterized. Second, for minimum storage cooperative regenerating codes, a secure file size upper bound and achievability results are provided. These results establish the secrecy capacity for the minimum storage scenario for certain special cases. In all scenarios, the achievability results correspond to exact repair, and secure file size upper bounds are obtained using min-cut analyses over a suitable secrecy graph representation of DSS. The main achievability argument is based on an appropriate pre-coding of the data to eliminate the information leakage to the eavesdropper

Optimal Locally Repairable and Secure Codes for Distributed Storage Systems

This paper aims to go beyond resilience into the study of security and local-repairability for distributed storage systems (DSS). Security and local-repairability are both important as features of an efficient storage system, and this paper aims to understand the trade-offs between resilience, security, and local-repairability in these systems. In particular, this paper first investigates security in the presence of colluding eavesdroppers, where eavesdroppers are assumed to work together in decoding stored information. Second, the paper focuses on coding schemes that enable optimal local repairs. It further brings these two concepts together, to develop locally repairable coding schemes for DSS that are secure against eavesdroppers. The main results of this paper include: a. An improved bound on the secrecy capacity for minimum storage regenerating codes, b. secure coding schemes that achieve the bound for some special cases, c. a new bound on minimum distance for locally repairable codes, d. code construction for locally repairable codes that attain the minimum distance bound, and e. repair-bandwidth-efficient locally repairable codes with and without security constraints.Comment: Submitted to IEEE Transactions on Information Theor