Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.Includes bibliographical references (p. 71-72).This work addresses the problem of verifying that untrusted storage behaves like valid storage. The problem is important in a system such as a network file system or database where a client accesses data stored remotely on an untrusted server. Past systems have used a hash tree-based checker to check the integrity of data stored on untrusted storage. This method has high overhead as the tree must be traversed on each load or store operation. In the offline approach, developed by Clarke et al. in [6], multiset hashes are used to verify a sequence of load and store operations. The overhead of this scheme is very low if checks are infrequent, but can be quite high if checks are performed frequently. The hybrid scheme combines the advantages of the two schemes and is efficient in most real world situations. The various schemes were implemented on top of Berkeley DB, an embedded database. Real world performance measurements were taken using OpenLDAP, a lightweight directory service, which relies heavily on Berkeley DB. All read and writes to the database were replaced with secure read and secure write operations. Using the DirectoryMark LDAP test suite, the online scheme had an overhead of 113% when compared to the an unmodified server, while the offline scheme with infrequent checks (T=50000) resulted in 39% fewer DOPS. The offline scheme, however, outperformed the online scheme by 31%, while the hybrid scheme outperformed the online scheme by only 19%. In the worst case, when checks were frequent (T=500), the hybrid scheme was 185% slower (65% fewer DOPS) than the online scheme. With frequent checks, the offline scheme was 101% slower (50% fewer DOPS) than the online scheme.by Ajay Sudan.M.Eng
