Article

Toward securing untrusted storage without public-key operations

Authors:

Avishai WoolAuthors Info & Claims

StorageSS '05: Proceedings of the 2005 ACM workshop on Storage security and survivability

Pages 51 - 56

https://doi.org/10.1145/1103780.1103788

Published: 11 November 2005 Publication History

Abstract

Adding security capabilities to shared, remote and untrusted storage file systems leads to performance degradation that limits their use. Public-key cryptographic primitives, widely used in such file systems, are known to have worse performance than their symmetric key counterparts. In this paper we examine design alternatives that avoid public-key cryptography operations to achieve better performance. We present the trade-offs and limitations that are introduced by these substitutions.

References

[1]

M. Blaze. A cryptographic file system for UNIX. In ACM Conference on Computer and Communications Security, pages 9--16, 1993.

Digital Library

[2]

R. Blom. An optimal class of symmetric key generation systems. In EUROCRYPT, pages 335--338, 1984.

Digital Library

[3]

C. Blundo, A. D. Santis, A. Herzberg, S. Kutten, U. Vaccaro, and M. Yung. Perfectly-secure key distribution for dynamic conferences. In CRYPTO, pages 471--486, 1992.

Digital Library

[4]

R. Canetti, J. A. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas. Multicast security: A taxonomy and some efficient constructions. In INFOCOM, pages 708--716, 1999.

[5]

E.-J. Goh, H. Shacham, N. Modadugu, and D. Boneh. SiRiUS: Securing remote untrusted storage. In NDSS. The Internet Society, 2003.

[6]

M. Jakobsson. Fractal hash sequence representation and traversal. In IEEE International Symposium on Information Theory, 2002.

[7]

M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus: Scalable secure file sharing on untrusted storage. In Proceedings of the FAST '03 Conference on File and Storage Technologies, 2003.

Digital Library

[8]

L. Lamport. Password authentification with insecure communication. Commun. ACM, 24(11):770--772, 1981.

Digital Library

[9]

F. T. Leighton and S. Micali. Secret-key agreement without public-key cryptography. In D. R. Stinson, editor, CRYPTO, volume 773 of Lecture Notes in Computer Science, pages 456--479. Springer, 1993.

Digital Library

[10]

J. Li, M. N. Krohn, D. Mazières, and D. Shasha. Secure untrusted data repository (SUNDR). In OSDI, pages 121--136, 2004.

Digital Library

[11]

D. Mazières, M. Kaminsky, M. F. Kaashoek, and E. Witchel. Separating key management from file system security. In Proceedings of the 17th ACM Symposium on Operating System Principles, pages 124--139, 1999.

Digital Library

[12]

D. Mazières and D. Shasha. Don't trust your file server. In HotOS, pages 113--118. IEEE Computer Society, 2001.

Digital Library

[13]

A. J. Menezes, P. C. van Oorschot, and S. A. Vanston, editors. Handbook of Applied Cryptography. CRC Press, 1996.

Digital Library

[14]

R. C. Merkle. A digital signature based on a conventional encryption function. In C. Pomerance, editor, CRYPTO, volume 293 of Lecture Notes in Computer Science, pages 369--378. Springer, 1987.

Digital Library

[15]

E. L. Miller, D. D. E. Long, W. E. Freeman, and B. Reed. Strong security for network-attached storage In Proceedings of the FAST '02 Conference on File and Storage Technologies, pages 1--13, 2002.

Digital Library

[16]

D. Naor, A. Shenhav, and A. Wool. One-time signatures revisited: Have they become practical? Manuscript, 2005.

[17]

A. Perrig. The BiBa one-time signature and broadcast authentication protocol. In P. Samarati, editor, Proceedings of the 8th ACM Conference on Computer and Communications Security, pages 28--37, Philadelphia, PA, USA, Nov. 2001. ACM Press.

Digital Library

[18]

E. Riedel, M. Kallahalla, and R. Swaminathan. A framework for evaluating storage system security. In Proceedings of the FAST '02 Conference on File and Storage Technologies, pages 15--30, 2002.

Digital Library

[19]

A. D. Rubin. Kerberos versus the Leighton-Micali protocol. Dr. Dobb's Journal of Software Tools, 25(11):21--22, 24, 26, Nov. 2000.

[20]

P. Stanton. Securing data in storage: A review of current research. CoRR, cs.OS/0409034, 2004.

[21]

D. Tygar, G. Gibson, and H. Gobioff. Security for network attached storage devices. Technical Report CMU-CS-97-185, Carnegie Mellon University, October 1997.

Cited By

Naylor DSchomp KVarvello MLeontiadis IBlackburn JLópez DPapagiannaki KRodriguez Rodriguez PSteenkiste P(2015)Multi-Context TLS (mcTLS)ACM SIGCOMM Computer Communication Review10.1145/2829988.278748245:4(199-212)Online publication date: 17-Aug-2015
https://dl.acm.org/doi/10.1145/2829988.2787482
Naylor DSchomp KVarvello MLeontiadis IBlackburn JLópez DPapagiannaki KRodriguez Rodriguez PSteenkiste PUhlig SMaennel OKarp BPadhye J(2015)Multi-Context TLS (mcTLS)Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication10.1145/2785956.2787482(199-212)Online publication date: 17-Aug-2015
https://dl.acm.org/doi/10.1145/2785956.2787482
Noor MBiswas S(2015)A secure data security infrastructure for small organization in cloud computing2015 International Conference on Electrical Engineering and Information Communication Technology (ICEEICT)10.1109/ICEEICT.2015.7307482(1-6)Online publication date: May-2015
https://doi.org/10.1109/ICEEICT.2015.7307482
Show More Cited By

Index Terms

Toward securing untrusted storage without public-key operations
1. Security and privacy

Recommendations

Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Secure public-key encryption scheme without random oracles

Since the first practical and secure public-key encryption scheme without random oracles proposed by Cramer and Shoup in 1998, Cramer-Shoup's scheme and its variants remained the only practical and secure public-key encryption scheme without random ...
Securely combining public-key cryptosystems
CCS '01: Proceedings of the 8th ACM conference on Computer and Communications Security

It is a maxim of sound computer-security practice that a cryptographic key should have only a single use. For example, an RSA key pair should be used only for public-key encryption or only for digital signatures, and not for both.In this paper we show ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

StorageSS '05: Proceedings of the 2005 ACM workshop on Storage security and survivability

November 2005

150 pages

ISBN:159593233X

DOI:10.1145/1103780

General Chair:
Vijay Atluri
Rutgers University
,
Program Chairs:
Pierangela Samarati
Universita' degli Studi di Milano, Italy
,
William Yurcik
NCSA
,
Larry Brumbaugh
NCSA
,
Yuanyuan Zhou
University of Illinois

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS05

Sponsor:

CCS05: 12th ACM Conference on Computer and Communications Security 2005

November 11, 2005

VA, Fairfax, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
550
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Naylor DSchomp KVarvello MLeontiadis IBlackburn JLópez DPapagiannaki KRodriguez Rodriguez PSteenkiste P(2015)Multi-Context TLS (mcTLS)ACM SIGCOMM Computer Communication Review10.1145/2829988.278748245:4(199-212)Online publication date: 17-Aug-2015
https://dl.acm.org/doi/10.1145/2829988.2787482
Naylor DSchomp KVarvello MLeontiadis IBlackburn JLópez DPapagiannaki KRodriguez Rodriguez PSteenkiste PUhlig SMaennel OKarp BPadhye J(2015)Multi-Context TLS (mcTLS)Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication10.1145/2785956.2787482(199-212)Online publication date: 17-Aug-2015
https://dl.acm.org/doi/10.1145/2785956.2787482
Noor MBiswas S(2015)A secure data security infrastructure for small organization in cloud computing2015 International Conference on Electrical Engineering and Information Communication Technology (ICEEICT)10.1109/ICEEICT.2015.7307482(1-6)Online publication date: May-2015
https://doi.org/10.1109/ICEEICT.2015.7307482
Catuogno LLöhr HWinandy MSadeghi A(2014)A trusted versioning file system for passive mobile storage devicesJournal of Network and Computer Applications10.1016/j.jnca.2013.05.00638(65-75)Online publication date: 1-Feb-2014
https://dl.acm.org/doi/10.1016/j.jnca.2013.05.006
Yoo SPark KKim J(2012)Confidential information protection system for mobile devicesSecurity and Communication Networks10.1002/sec.5165:12(1452-1461)Online publication date: 1-Dec-2012
https://dl.acm.org/doi/10.1002/sec.516
Braghin SIovino VPersiano GTrombetta A(2011)Secure and Policy-Private Resource Sharing in an Online Social Network2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing10.1109/PASSAT/SocialCom.2011.82(872-875)Online publication date: Oct-2011
https://doi.org/10.1109/PASSAT/SocialCom.2011.82
Lanxiang Chen Shuming Zhou (2010)The comparisons between public key and symmetric key cryptography in protecting storage systems2010 International Conference on Computer Application and System Modeling (ICCASM 2010)10.1109/ICCASM.2010.5620632(V4-494-V4-502)Online publication date: Oct-2010
https://doi.org/10.1109/ICCASM.2010.5620632
Catuogno LLöhr HManulis MSadeghi AWinandy M(2009)Transparent mobile storage protection in trusted virtual domainsProceedings of the 23rd conference on Large installation system administration10.5555/1855698.1855710(12-12)Online publication date: 1-Nov-2009
https://dl.acm.org/doi/10.5555/1855698.1855710
Geron EWool A(2009)CRUST: cryptographic remote untrusted storage without public keysInternational Journal of Information Security10.1007/s10207-009-0081-68:5(357-377)Online publication date: 21-Sep-2009
https://dl.acm.org/doi/10.1007/s10207-009-0081-6
Seifert RYang T(2008)Integrated file-level cryptographical access controlJournal of Computing Sciences in Colleges10.5555/1352079.135209823:4(108-115)Online publication date: 1-Apr-2008
https://dl.acm.org/doi/10.5555/1352079.1352098
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten