VeriStream – A Framework for Verifiable Data Streaming
In a Verifiable Data Streaming (VDS) protocol a computationally weak client outsources his storage to an untrusted storage provider. Later, the client can efficiently append and update data elements in the already outsourced and authenticated data set. Other users can stream arbitrary subsets of the authenticated data and verify their integrity on-the-fly, using the data owner’s public verification key. In this work, we present VeriStream, a fully-fledged framework for verifiable data streaming with integration into Dropbox. At its core, our framework is based upon a novel construction of an authenticated data structure, which is the first one that allows verifiable data streams of unbounded length and at the same time outperforms the best known constructions in terms of bandwidth and computational overhead. We provide a detailed performance evaluation, showing that VeriStreamonly incurs a small bandwidth overhead, while providing various security guarantees, such as freshness, integrity, authenticity, and public verifiability, at the same time.
KeywordsCloud Storage Data Owner Chunk Size Data Chunk Pseudorandom Function
Dominique Schröder and Mark Simkin were supported by the German Federal Ministry of Education and Research (BMBF) through funding for the Center for IT-Security, Privacy, and Accountability (CISPA; see www.cispa-security.org). Dominique Schröder is also supported by an Intel Early Career Faculty Honor Program Award.
- 1.Bouncy Castle Crypto APIsGoogle Scholar
- 9.Erway, C.C., Küpçü, A., Papamanthou, C., Tamassia, R.: Dynamic provable data possession. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds.), 16th Conference on Computer and Communications Security, ACM CCS 2009, pp. 213–222. ACM Press, Chicago, Illinois, USA, 9–13 November 2009Google Scholar
- 10.Gazzoni Filho, D.L., Barreto, P.S.L.M.: Demonstrating data possession and uncheatable data transfer. Cryptology ePrint Archive, Report 2006/150 (2006). http://eprint.iacr.org/
- 12.Krawczyk, H., Rabin, T.: Chameleon signatures. In: ISOC Network and Distributed System Security Symposium - NDSS 2000. The Internet Society, San Diego, California, USA, 2–4 February 2000Google Scholar
- 17.National Institute of Standards and Technology. Recommendation for key management. Special Publication 800–57 Part 1 Rev. 3, NIST (2012). http://www.keylength.com/
- 20.Perrig, A., Canetti, R., Song, D.X., Tygar, J.D.: Efficient and secure source authentication for multicast. In: ISOC Network and Distributed System Security Symposium - NDSS 2001, pp. 35–46. The Internet Society, San Diego, California, USA, 7–9 February 2001Google Scholar
- 21.Perrig, A., Canetti, R., Tygar, J.D., Song, D.X.: Efficient authentication and signing of multicast streams over lossy channels. In: 2000 IEEE Symposium on Security and Privacy, pp. 56–73. IEEE Computer Society Press, Oakland, California, USA (2000)Google Scholar
- 22.Schröder, D., Schröder, H.: Verifiable data streaming. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) 19th Conference on Computer and Communications Security, ACM CCS 2012, pp. 953–964. ACM Press, Raleigh, NC, USA, 16–18 October 2012Google Scholar
- 23.Schwarz, T., Miller, E.L.: Store, forget, and check: using algebraic signatures to check remotely administered storage. In: Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS 2006), July 2006Google Scholar
- 26.Roberto Tamassia and Nikos Triandopoulos. Certification and authentication of data structures. In: AMW (2010)Google Scholar