Cryptology ePrint Archive: Report 2016/1063

Log-Structure Authenticated Data Storage with Minimal Trust

Yuzhe Tang and Ju Chen

Abstract: Today, data outsourcing to the clouds is a popular computing paradigm, and enabling efficient and trustworthy outsourcing becomes critically important as many emerging cloud applications are increasingly security-sensitive, such as healthcare, finance, etc. One of the promising techniques is authentication data structure (ADS). Most existing ADSs are not log-structured, yet cloud storage systems that work beneath the ADSs are log-structured this structural mismatch leads to significant performance overhead.

We propose log-structured ADSs for lightweight verification in cloud outsourcing. Our approach is leveraging recently available commercial TEE (trusted execution environment, such as Intel SGX). For security, only two functionalities are placed inside a TEE, that is, frontend consistency checking and backend maintenance computations, yielding a small TCB (trusted codebase). For performance efficiency, the ADS layer follows the log-structured design, resulting in small overhead. We implemented a working log-structured ADS system on LevelDB, and demonstrated a small TCB and small performance overhead (6 ∼ 12% in IO- intensive workloads) through extensive performance studies.

Category / Keywords: hash functions, authentication codes

Date: received 13 Nov 2016, last revised 10 Jan 2017

Contact author: ytang100 at syr edu

Available format(s): PDF | BibTeX Citation

Version: 20170110:232212 (All versions of this report)

Short URL: ia.cr/2016/1063

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]