hail high availability and integrity layer for cloud storage l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
HAIL (High-Availability and Integrity Layer) for Cloud Storage PowerPoint Presentation
Download Presentation
HAIL (High-Availability and Integrity Layer) for Cloud Storage

Loading in 2 Seconds...

play fullscreen
1 / 20

HAIL (High-Availability and Integrity Layer) for Cloud Storage - PowerPoint PPT Presentation


  • 176 Views
  • Uploaded on

HAIL (High-Availability and Integrity Layer) for Cloud Storage. Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories. Cloud storage. Mostly static data: Back-up Archival . Cloud Storage Provider. Storage server. Web server. Is my data available ?. Client.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

HAIL (High-Availability and Integrity Layer) for Cloud Storage


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
hail high availability and integrity layer for cloud storage

HAIL (High-Availability and Integrity Layer) for Cloud Storage

Alina Oprea

Joint with Kevin Bowers and Ari Juels

RSA Laboratories

cloud storage
Cloud storage

Mostly static data:

  • Back-up
  • Archival

Cloud Storage Provider

Storage server

Web server

Is my data available ?

Client

proofs of retrievability pors
Proofs of Retrievability (PORs)

Cloud Storage Provider

Corrects small corruption

F

Encoding

k

Client

proofs of retrievability pors4
Proofs of Retrievability (PORs)

Cloud Storage Provider

F

F

Challenge

Response

Requires integrity checks on server or client

Detects large corruption

k

Client

when pors fail
When PORs fail

Cloud Storage Provider

F

F

decoder

Challenge

Response

Unrecoverable

k

Client

hail goals
HAIL Goals
  • Resilience against cloud provider failure or temporary unavailability
    • Amazon S3 went down several times, once for 8 hours
    • Linkup lost 45% of its customer data
  • Use multiple cloud providers to construct a reliable cloud storage service out of unreliable components
    • RAID (Reliable Array of Inexpensive Disks) for cloud storage
  • Provide clients verification capabilities
    • Efficient proofs of file availability by interacting with cloud providers
replicate across multiple providers
Replicate across multiple providers

Google

EMC Atmos

Amazon S3

F

F

F

Naïve approach

F

Sample and check consistency across providers

Client

roadmap
Roadmap
  • Adversarial model for HAIL
  • Small-corruption attack on replication scheme
  • Encoding layer for each replica individually
  • Reduce storage overhead by dispersal
  • Increasing file lifetime with secret keys
adversarial model
Adversarial model
  • Static: corrupts a fixed number b of the n total providers over time
    • Create enough redundancy in the file to handle this (b+1 replicas)
    • Is this realistic?
  • Mobile (proactive): corrupts b out of n providers in each epoch
    • Separate each server into code base and storage base
    • At the beginning of an epoch code base of all servers is cleaned (through reboot, for instance)
    • All servers might have residual data corruption
    • Reactive design: check integrity and redistribute
attack on replication scheme
Attack on replication scheme

Google

EMC Atmos

Amazon S3

F

F

F

F

F

F

File can not be recovered after [n/b] epochs

The probability that client samples the corrupted block is low

Client

replication with por
Replication with POR

Google

EMC Atmos

Amazon S3

F

F

F

POR

POR

POR

F

ECC

Cons: requires integrity checks for each replica

Client

replication with por12
Replication with POR

Google

EMC Atmos

Amazon S3

F

F

F

F

Sample and check consistency across providers

Client

replication with por13
Replication with POR

Google

EMC Atmos

Amazon S3

>єc

>єc

>єc

F

F

F

F

єd

єd

єd

  • Large storage overhead due to replication
  • File lifetime still limited by [n/b] (єc/ єd)
    • єc correction threshold of POR encoding
    • єd detection threshold of POR

Sample and check consistency across providers

Client

reduce storage overhead
Reduce storage overhead

F

decode

m fragments

n fragments

dispersal

(n,m)

F

Client

dispersal code
Dispersal code

P1

P2

P3

P4

P5

dispersal

(n,m)

F

F

Dispersal code parity blocks

Client

dispersal code16
Dispersal code

P1

P2

P3

P4

P5

Dispersal code parity

Stripe

POR encoding

F

Dispersal code parity blocks

How to increase file lifetime?

Check that stripe is a codeword in dispersal code

POR encoding to correct small corruption

Client

increasing file lifetime with macs
Increasing file lifetime with MACs

P1

P2

P3

P4

P5

MAC

MAC

MAC

MAC

MAC

Can we reduce storage overhead?

Client

integrity protected dispersal code
Integrity-protected dispersal code

P1

P2

P3

P4

P5

hk1(m)

hk2(m)

m

UHF

+

PRF

Reed-Solomon dispersal code

Client

integrity protected dispersal code19
Integrity-protected dispersal code

P1

P2

P3

P4

P5

+

PRF

m

MACs embedded into parity symbols

Client

current work and open problems
Current work and open problems
  • Proofs of Retrievability
    • Lower bounds akin to Naor and Rothblum’s lower bounds for memory checking
    • What is the cost of file updates?
  • HAIL
    • K. Bowers, A. Juels and A. Oprea – “HAIL (High-Availability and Integrity Layer) for Cloud Storage”, CCS 2009
    • Different adversarial models
    • Investigate alternative constructions
    • Supporting file updates