Abstract
In this paper we address the problem of consistency for cryptographic file systems. A cryptographic file system protects the users’ data from the file server, which is possibly untrusted and might exhibit Byzantine behavior, by encrypting the data before sending it to the server. The consistency of the encrypted file objects that implement a cryptographic file system relies on the consistency of the two components used to implement them: the file storage protocol and the key distribution protocol.
We first define two generic classes of consistency conditions that extend and generalize existing consistency conditions. We then formally define consistency for encrypted file objects in a generic way: for any consistency conditions for the key and file objects belonging to one of the two classes of consistency conditions considered, we define a corresponding consistency condition for encrypted file objects. We finally provide, in our main result, necessary and sufficient conditions for the consistency of the key distribution and file storage protocols under which the encrypted storage is consistent. Our framework allows the composition of existing key distribution and file storage protocols to build consistent encrypted file objects and simplifies complex proofs for showing the consistency of encrypted storage.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abd-El-Malek, M., Ganger, G.R., Goodson, G.R., Reiter, M.K., Wylie, J.J.: Fault-scalable byzantine fault-tolerant services. In: Proc. 20th ACM Symposium on Operating Systems (SOSP), pp. 59–74. ACM, New York (2005)
Adya, A., Bolosky, W.J., Castro, M., Cermak, G., Chaiken, R., Douceur, J.R., Howell, J., Lorch, J.R., Theimer, M., Wattenhofer, R.P.: FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In: Proc. 5th Symposium on Operating System Design and Implementation (OSDI), Usenix (2002)
Ahamad, M., Bazzi, R., John, R., Kohli, P., Neiger, G.: The power of processor consistency. Technical Report GIT-CC-92/34, Georgia Institute of Technology (1992)
Ahamad, M., Neiger, G., Burns, J., Kohli, P., Hutto, P.: Causal memory: Definitions, implementation and programming. Distributed Computing 1(9), 37–49 (1995)
Backes, M., Cachin, C., Oprea, A.: Secure key-updating for lazy revocation. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189. Springer, Heidelberg (2006)
Bernstein, P., Hadzilacos, V., Goodman, N.: Concurrency Control and Recovery in Database Systems. Addison-Wesley, Reading (1987)
Bershad, B., Zekauskas, M., Sawdon, W.: The Midway distributed shared-memory system. In: Proc. IEEE COMPCON Conference, pp. 528–537. IEEE, Los Alamitos (1993)
Cachin, C., Poritz, J.A.: Secure intrusion-tolerant replication on the internet. In: Proc. International Conference on Dependable Systems and Networks (DSN), pp. 167–176. IEEE, Los Alamitos (2002)
Castro, M., Liskov, B.: Practical Byzantine fault tolerance. In: Proc. 3rd Symposium on Operating System Design and Implementation (OSDI), pp. 173–186. Usenix (1999)
Dubois, M., Scheurich, C., Briggs, F.: Synchronization, coherence and event ordering in multiprocessors. IEEE Computer 21(2), 9–21 (1988)
Friedman, R., Vitenberg, R., Chockler, G.: On the composability of consistency conditions. Information Processing Letters 86, 169–176 (2002)
Fu, K.: Group sharing and random access in cryptographic storage file systems. Master’s thesis, Massachusetts Institute of Technology (1999)
Gharachorloo, K., Lenoski, D., Laudon, J., Gibbons, P., Gupta, A., Hennessy, J.: Memory consistency and event ordering in scalable shared-memory multiprocessors. In: Proc. 17th Annual International Symposium on Computer Architecture, pp. 15–26 (1990)
Goh, E., Shacham, H., Modadugu, N., Boneh, D.: SiRiUS: Securing remote untrusted storage. In: Proc. Network and Distributed Systems Security (NDSS) Symposium 2003, pp. 131–145. ISOC (2003)
Goodman, J.: Cache consistency and sequential consistency. Technical Report 61, SCI Committee (1989)
Herlihy, M., Wing, J.: Linearizability: A corretness condition for concurrent objects. ACM Transactions on Programming Languages and Systems 12(3), 463–492 (1990)
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: Proc. 2nd USENIX Conference on File and Storage Technologies (FAST) (2003)
Lakshmanan, S., Ahamad, M., Venkateswaran, H.: A secure and highly available distributed store for meeting diverse data storage needs. In: Proc. International Conference on Dependable Systems and Networks (DSN), pp. 251–260. IEEE, Los Alamitos (2001)
Lamport, L.: How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Transactions on Computers 28(9), 690–691 (1979)
Lenoski, D., Laudon, J., Gharachorloo, K., Weber, W.D., Gupta, A., Hennessy, J., Horowitz, M., Lam, M.S.: The Stanford Dash multiprocessor. IEEE Computer 25(3), 63–79 (1992)
Li, J., Krohn, M., Mazieres, D., Shasha, D.: Secure untrusted data repository. In: Proc. 6th Symposium on Operating System Design and Implementation (OSDI), pp. 121–136. Usenix (2004)
Lipton, R., Sandberg, J.: Pram: A scalable shared memory. Technical Report CS-TR-180-88, Princeton University, Department of Computer Science (1988)
Mazieres, D., Kaminsky, M., Kaashoek, M., Witchel, E.: Separating key management from file system security. In: Proc. 17th ACM Symposium on Operating Systems (SOSP), pp. 124–139. ACM, New York (1999)
Mazieres, D., Shasha, D.: Building secure file systems out of Byzantine storage. In: Proc. 21st ACM Symposium on Principles of Distributed Computing (PODC), pp. 108–117. ACM, New York (2002)
Miller, E., Long, D., Freeman, W., Reed, B.: Strong security for distributed file systems. In: Proc. First USENIX Conference on File and Storage Technologies (FAST), pp. 1–13 (2002)
Oprea, A., Reiter, M.K.: On consistency of encrypted files. Technical Report CMU-CS-06-113, Carnegie Mellon University (2006), Available from: http://reports-archive.adm.cs.cmu.edu/anon/2006/CMU-CS-06-113.pdf
Riedel, E., Kallahalla, M., Swaminathan, R.: A framework for evaluating storage system security. In: Proc. First USENIX Conference on File and Storage Technologies (FAST), pp. 15–30 (2002)
Torres-Rojas, F.J., Ahamad, M., Raynal, M.: Timed consistency for shared distributed objects. In: Proc. 18th ACM Symposium on Principles of Distributed Computing (PODC), pp. 163–172. ACM, New York (1999)
Vitenberg, R., Friedman, R.: On the locality of consistency conditions. In: Fich, F.E. (ed.) DISC 2003. LNCS, vol. 2848, pp. 92–105. Springer, Heidelberg (2003)
Yu, H., Vahdat, A.: Design and evaluation of a conit-based continuous consistency model for replicated services. ACM Transactions on Computer Systems 20(3), 239–282 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Oprea, A., Reiter, M.K. (2006). On Consistency of Encrypted Files. In: Dolev, S. (eds) Distributed Computing. DISC 2006. Lecture Notes in Computer Science, vol 4167. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11864219_18
Download citation
DOI: https://doi.org/10.1007/11864219_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44624-8
Online ISBN: 978-3-540-44627-9
eBook Packages: Computer ScienceComputer Science (R0)