Skip to main content
Springer Nature Link
Log in

Athos: Efficient Authentication of Outsourced File Systems

  • Conference paper
Information Security (ISC 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5222))

Included in the following conference series:

Abstract

We study the problem of authenticated storage, where we wish to construct protocols that allow to outsource any complex file system to an untrusted server and yet ensure the file-system’s integrity. We introduce Athos, a new, platform-independent and user-transparent architecture for authenticated outsourced storage. Using light-weight cryptographic primitives and efficient data-structuring techniques, we design authentication schemes that allow a client to efficiently verify that the file system is fully consistent with the exact history of updates and queries requested by the client. In Athos, file-system operations are verified in time that is logarithmic in the size of the file system using optimal storage complexity—constant storage overhead at the client and asymptotically no extra overhead at the server. We provide a prototype implementation of Athos validating its performance and its authentication capabilities.

Research supported in part by the U.S. National Science Foundation under grants IIS-0713403, IIS-0713046, CNS-0312760 and OCI-0724806, the I3P Institute under a U.S. DHS award, the Center for Algorithmic Game Theory at the University of Aarhus under an award from the Carlsberg Foundation, the Center for Geometric Computing and the Kanellakis Fellowship at Brown University, and IAM Technology, Inc. The views in this paper do not necessarily reflect the views of the sponsors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Anagnostopoulos, A., Goodrich, M.T., Tamassia, R.: Persistent authenticated dictionaries and their applications. In: Proc. Information Security Conference, pp. 379–393 (2001)

    Google Scholar 

  2. Blaze, M.: A cryptographic file system for Unix. In: Proc. Conference on Computer and Communications Security, pp. 9–16 (1993)

    Google Scholar 

  3. Blum, M., Evans, W., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: Proc. Foundations of Comp. Science, pp. 90–99 (1991)

    Google Scholar 

  4. Cachin, C., Shelat, A., Shraer, A.: Efficient fork-linearizable access to untrusted shared memory. In: Proc. Principles of Distr. Computing, pp. 129–138 (2007)

    Google Scholar 

  5. Cattaneo, G., Catuogno, L., Sorbo, A.D., Persiano, P.: The design and implementation of a transparent cryptographic file system for Unix. In: Proc. USENIX Annual Technical Conference, pp. 199–212 (2001)

    Google Scholar 

  6. Fu, K.: Group sharing and random access in cryptographic storage file systems. Master’s thesis, Massachusetts Institute of Technology (May 1999)

    Google Scholar 

  7. Fu, K., Kaashoek, M.F., Mazières, D.: Fast and secure distributed read-only file system. ACM Trans. Comput. Syst. 20(1), 1–24 (2002)

    Article  MATH  Google Scholar 

  8. Fujita, T., Ogawara, M.: Arbre: A file system for untrusted remote block-level storage. IPSJ Digital Courier 1, 381–393 (2005)

    Article  Google Scholar 

  9. Gobioff, H., Nagle, D., Gibson, G.A.: Integrity and performance in network attached storage. In: Proc. International Symposium on High Performance Computing, pp. 244–256 (1999)

    Google Scholar 

  10. Goh, E.-J., Shacham, H., Modadugu, N., Boneh, D.: SiRiUS: Securing Remote Untrusted Storage. In: Proc. Network and Distr. Sys. Security, pp. 131–145 (2003)

    Google Scholar 

  11. Goodrich, M.T., Tamassia, R., Schwerin, A.: Implementation of an authenticated dictionary with skip lists and commutative hashing. In: Proc. DARPA Information Survivability Conference and Exposition, pp. 68–82 (2001)

    Google Scholar 

  12. Goodrich, M.T., Tamassia, R., Triandopoulos, N., Cohen, R.: Authenticated data structures for graph and geometric searching. In: Proc. RSA Conference—Cryptographers’ Track, pp. 295–313 (2003)

    Google Scholar 

  13. Jammalamadaka, R.C., Gamboni, R., Mehrotra, S., Seamons, K.E., Venkatasubramanian, N.: gVault: A gmail based cryptographic network file system. In: Proc. Conf. on Data and Applications Security, pp. 161–176 (2007)

    Google Scholar 

  14. Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: Proc. USENIX Conference on File and Storage Technologies, pp. 29–42 (2003)

    Google Scholar 

  15. Li, J., Krohn, M.N., Mazières, D., Shasha, D.: Secure untrusted data repository (SUNDR. In: Proc. Operating Systems Design and Impl., pp. 121–136 (2004)

    Google Scholar 

  16. Mazières, D., Shasha, D.: Building secure file systems out of byantine storage. In: Proc. Principles of Distributed Computing, pp. 108–117 (2002)

    Google Scholar 

  17. McGrew, D.: Efficient authentication of large, dynamic data sets using galois/counter mode. In: Proc. Security in Storage Workshop, pp. 89–94 (2005)

    Google Scholar 

  18. Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)

    Google Scholar 

  19. Miller, E.L., Long, D.D.E., Freeman, W.E., Reed, B.: Strong security for network-attached storage. In: Proc. File and Storage Tech., pp. 1–13 (2002)

    Google Scholar 

  20. Oprea, A., Reiter, M.K.: On consistency of encrypted files. In: Dolev, S. (ed.) Proc. International Symposium on Distributed Computing, pp. 254–268 (2006)

    Google Scholar 

  21. Oprea, A., Reiter, M.K.: Integrity checking in cryprographic file systems with constant trusted storage. In: Proc. USENIX Security, pp. 183–198 (2007)

    Google Scholar 

  22. Oprea, A., Reiter, M.K., Yang, K.: Space-efficient block storage integrity. In: Proc. Network and Distributed System Security Symposium, pp. 17–28 (2005)

    Google Scholar 

  23. Papamanthou, C., Tamassia, R.: Time and space efficient algorithms for two-party authenticated data structures. In: Proc. Information and Communications Security, pp. 1–15 (2007)

    Google Scholar 

  24. Pletka, R., Cachin, C.: Cryptographic security for a high-performance distributed file system. In: Proc. Mass Storage Systems Tech., pp. 227–232 (2007)

    Google Scholar 

  25. Sarmenta, L.F.G., van Dijk, M., O’Donnell, C.W., Rhodes, J., Devadas, S.: Virtual monotonic counters and count-limited objects using a TPM without a trusted OS. In: Proc. Workshop on Scalable Trusted Computing, pp. 27–41 (2006)

    Google Scholar 

  26. Sleator, D.D., Tarjan, R.E.: A data structure for dynamic trees. J. Comput. Syst. Sci. 26(3), 362–381 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  27. Smith, S.W.: Trusted Computing Platforms: Design and Applications. Springer, Heidelberg (2005)

    MATH  Google Scholar 

  28. Tamassia, R., Triandopoulos, N.: Efficient content authentication in P2P networks. In: Proc. Applied Cryptography and Network Security, pp. 354–372 (2007)

    Google Scholar 

  29. Tarjan, R., Werneck, R.: Dynamic trees in practice. In: Proc. Workshop on Experimental Algorithms, pp. 80–93 (2007)

    Google Scholar 

  30. van Dijk, M., Rhodes, J., Sarmenta, L.F.G., Devadas, S.: Offline untrusted storage with immediate detection of forking and replay attacks. In: Proc. Workshop on Scalable Trusted Computing, pp. 41–48 (2007)

    Google Scholar 

  31. Yumerefendi, A.Y., Chase, J.S.: Strong accountability for network storage. In: Proc. Conference on File and Storage Tech., pp. 77–92 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science, U. California, Irvine, USA

    Michael T. Goodrich

  2. Dept. of Computer Science, Brown University, USA

    Charalampos Papamanthou & Roberto Tamassia

  3. Dept. of Computer Science, University of Aarhus, Denmark

    Nikos Triandopoulos

Authors
  1. Michael T. Goodrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Charalampos Papamanthou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Roberto Tamassia
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nikos Triandopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Tzong-Chen Wu Chin-Laung Lei Vincent Rijmen Der-Tsai Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Goodrich, M.T., Papamanthou, C., Tamassia, R., Triandopoulos, N. (2008). Athos: Efficient Authentication of Outsourced File Systems. In: Wu, TC., Lei, CL., Rijmen, V., Lee, DT. (eds) Information Security. ISC 2008. Lecture Notes in Computer Science, vol 5222. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85886-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85886-7_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85884-3

  • Online ISBN: 978-3-540-85886-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics