Establishing Trust in Distributed Storage Providers

Corporate IT as well as individuals show increasing interest in reliable outsourcing of storage infrastructure. Decentralized solutions with their resilience against partial outages are among the most attractive approaches. Irrespective of the form of the relationship, be it based on a contract or on the more flexible cooperative model, the problem of verifying whether someone promising to store one's data actually does so remains to be solved, especially in the presence of multiple replicas. In this paper, we introduce a lightweight mechanism that allows the data originator or a dedicated verification agent to build up trust in the replica holder by means of protocols that do not require prior trust or key establishment. We show how naive versions of the protocol do not prevent cheating, and then strengthen it by adding means that make it economically attractive to be honest. This provides a foundation for further work in providing trustworthy distributed storage

Scalability and Self-Organization for Storage Systems

A common challenge in fully distributed storage systems is the management of access rights to stored files. PACISSO is an efficient and scalable solution for distributed access control, applicable to systems consisting entirely of untrusted nodes. We give both theoretical bounds on the cost of basic operations, and also include end-to-end measurements based on an implementation within a complete P2P object store named Celeste. All measurements revealed an efficient behavior which scales to very large numbers of users and objects. In more detail, our access control scheme requires only minimal trust in single peers. Write access control is carried out by a set of Gatekeeper nodes which act on behalf of the file owner, and assert authorization of write operations by a Byzantine-fault-tolerant protocol and a shared-signature scheme. While the same Gatekeepers assure read access to the latest written version through a new protocol, we adapt previous research on group key management to achieve scalable read access control. Our approach allows for re-constitution of the Gatekeepers at runtime, in effect making them self-organizing for changing object ownership, for establishing messaging services, and also for allowing users to determine the groups and objects to which they have access