Segment II 11:10 am – 12:30 pm
Writing on Wind and Water: Enforcing File Robustness in the Cloud
Ari Juels, RSA Laboratories
The Cloud abstracts away infrastructural complexity for the benefit of tenants. But to tenants’ detriment, it can also abstract away vital security information. In this talk, I discuss several protocols for remote testing of cloud storage integrity and robustness. Executing these protocols without detailed infrastructural knowledge or trust in cloud providers, clients or auditors can: (1) Verify the integrity of full files without downloading them; (2) Distribute files across cloud providers and ensure strong robustness with periodic, inexpensive checks (in a cloud analog to RAID); and (3) Test whether files are resilient to drive crashes. Joint work with Kevin Bowers, Marten van Dijk, Burt Kaliski, Alina Oprea, and Ron Rivest.
Efficient Verification of Outsourced Data and Computations
Charalampos Papamanthou, Brown University
With the prevalence of the Internet in every aspect of our life, there has been an increasing interest in remote storage of data and structured information (e.g., emails, photos). This trend has given rise to a new discipline, termed under the name “cloud computing,” widely adopted by many companies (and individuals) in order to save operating and maintenance costs. However, as remote repositories (i.e., the cloud) may lose or modify data due to errors or malicious attacks, it is important to develop methods that provide strong assurance to the users of the integrity of the outsourced data.
In order to address the above problems, one has to take into consideration that the produced solutions are efficient. In other words, if the security added to a cloud service leads to slow performance, the user might reject the service, since, although secure and trusted, the experienced overhead (time, bandwidth) by the service might be unacceptable.
This talk explores integrity checking solutions that go beyond traditional hash-based methods, towards improving efficiency and achieving better asymptotic bounds. The systematic application of multiple cryptographic primitives, such as accumulators and lattices, leads to the proposal of new authenticated data structures schemes that compare favorably with existing solutions. We conclude by also reporting on some practical work we have done to address the aforementioned problems.
This is joint work with Roberto Tamassia and Nikos Triandopoulos.