分野別セミナー

In the advent of cloud computing, users having large data may want to outsource the storage to the cloud. However, they need a guarantee that their data are not deleted or modified after they are stored on the cloud server. On the other hand, cloud data storage providers (CSP) store users' data in lieu of monetary benefits. One naive approach to ensure data integrity is that a user downloads the whole data from the server and verifies them individually segment by segment. Every time a user checks the integrity, she has to get all her data from the server which incurs a high communication bandwidth. To overcome the issue, researchers have come up with proofs of storage. The user computes an authenticator (for example, MAC) for each segment of her data (or file), and uploads the file along with the authenticators. During an audit protocol, the user samples a predefined number of segment-indices and sends them to the server (challenge). The server does some computations over the challenge, stored data and authenticators, and sends a response to the user who verifies the integrity of her data based on this response. This is an example of provable data possession (PDP) introduced by Ateniese et al. However, PDP does not guarantee that the whole file is stored intact. The first paper introducing the proofs of retrievability (POR) for static data is by Juels and Kaliski. They introduce the erasure coding into the proofs of storage. The underlying idea is to encode the original file with a maximum distance separable (MDS) erasure code, authenticate the segments of the encoded file, and then upload them on the data server. With this technique, the server has to delete or modify a considerable number of segments to actually delete or modify a data segment. Thus, the probability that the server passes an audit given some data segments are actually deleted or modified becomes negligible in the security parameter. This ensures that all the segments of the file are correctly stored on the server's end. This notion is formalized by defining an extractor algorithm which can extract, with high probability, the original file after interacting with a server which passes an audit with some non-negligible probability. Ateniese et al. reduce the size of the response of the server using homomorphic authenticators. This scheme also introduces the notion of public verifiability, that is, verifiers are stateless and the number of audits carried out is unbounded. In publicly verifiable settings, anyone can execute the audit protocol. Following the work by Juels and Kaliski, several POR schemes have been proposed. Some of these schemes are designed for static data, and the rest allow the user to change her data after the initial outsourcing.


This talk is organized in collaboration with Institute of Systems, Information Technologies and Nanotechnologies (ISIT). Mr. Binanda's visit to Fukuoka/Japan is supported by JSPS-DST Japan-India Joint research program.