![Page 1: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/1.jpg)
HAIL (High-Availability HAIL (High-Availability and Integrity Layer) for and Integrity Layer) for
Cloud StorageCloud Storage
Alina OpreaAlina Oprea
Joint with Kevin Bowers and Ari JuelsJoint with Kevin Bowers and Ari JuelsRSA LaboratoriesRSA Laboratories
![Page 2: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/2.jpg)
2
Cloud Storage Provider
Client
Mostly static data:
• Back-up
• Archival Is my data available ?
Storage server
Web server
Cloud storageCloud storage
![Page 3: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/3.jpg)
3
Proofs of Retrievability (PORs)Proofs of Retrievability (PORs)
Cloud Storage Provider
Client
F
Encoding
k
Corrects small corruption
![Page 4: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/4.jpg)
4
Proofs of Retrievability (PORs)Proofs of Retrievability (PORs)
Cloud Storage Provider
Client
F
Challenge
F
k
Response
Requires integrity checks on server or client
Detects large corruption
![Page 5: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/5.jpg)
5
When PORs failWhen PORs fail
Cloud Storage Provider
Client
FF
k
Challenge Responsedecoder
Unrecoverable
![Page 6: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/6.jpg)
6
HAIL GoalsHAIL Goals
• Resilience against cloud provider failure or temporary unavailability– Amazon S3 went down several times, once for 8 hours– Linkup lost 45% of its customer data
• Use multiple cloud providers to construct a reliable cloud storage service out of unreliable components– RAID (Reliable Array of Inexpensive Disks) for cloud storage
• Provide clients verification capabilities– Efficient proofs of file availability by interacting with cloud
providers
![Page 7: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/7.jpg)
7
Replicate across multiple providersReplicate across multiple providersAmazon S3 Google EMC Atmos
Client
F
Sample and check consistency across providers
F F F
Naïve approach
![Page 8: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/8.jpg)
8
RoadmapRoadmap
• Adversarial model for HAIL
• Small-corruption attack on replication scheme
• Encoding layer for each replica individually
• Reduce storage overhead by dispersal
• Increasing file lifetime with secret keys
![Page 9: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/9.jpg)
9
Adversarial modelAdversarial model
• Static: corrupts a fixed number b of the n total providers over time– Create enough redundancy in the file to handle this (b+1
replicas)– Is this realistic?
• Mobile (proactive): corrupts b out of n providers in each epoch– Separate each server into code base and storage base– At the beginning of an epoch code base of all servers is cleaned
(through reboot, for instance)– All servers might have residual data corruption– Reactive design: check integrity and redistribute
![Page 10: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/10.jpg)
10
Attack on replication schemeAttack on replication schemeAmazon S3 Google EMC Atmos
Client
F F F
The probability that client samples the corrupted block is low
File can not be recovered after
[n/b] epochs
F F F
![Page 11: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/11.jpg)
11
Replication with PORReplication with PORAmazon S3 Google EMC Atmos
Client
F
F F F
ECC
POR POR POR
Cons: requires integrity checks for each replica
![Page 12: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/12.jpg)
12
Replication with PORReplication with PORAmazon S3 Google EMC Atmos
Client
Sample and check consistency across providers
F F FF
![Page 13: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/13.jpg)
13
Replication with PORReplication with PORAmazon S3 Google EMC Atmos
Client
F F FF
• Large storage overhead due to replication
• File lifetime still limited by [n/b] (єc/ єd)
- єc correction threshold of POR encoding
- єd detection threshold of POR
єd єd
>єc >єc
Sample and check consistency across providers
єd
>єc
![Page 14: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/14.jpg)
14
Reduce storage overheadReduce storage overhead
Client
F
dispersal
F
(n,m)
decode
n fragments
m fragments
![Page 15: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/15.jpg)
15
Dispersal code Dispersal code
Client
F
dispersal (n,m)
P1 P2 P3 P4 P5
F Dispersal code parity blocks
![Page 16: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/16.jpg)
16
Dispersal code Dispersal code
Client
P1 P2 P3 P4 P5
Stripe
Check that stripe is a codeword in dispersal code
POR encoding to correct small corruption
Dispersal code parity
POR encoding
F Dispersal code parity blocks
How to increase file lifetime?
![Page 17: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/17.jpg)
17
Increasing file lifetime with MACsIncreasing file lifetime with MACs
Client
P1 P2 P3 P4 P5
MAC MAC MAC MAC MAC
Can we reduce storage overhead?
![Page 18: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/18.jpg)
18
Integrity-protected dispersal codeIntegrity-protected dispersal code
Client
P1 P2 P3 P4 P5
Reed-Solomon dispersal code
m hk1(m) UHF hk2(m)
PRF+
![Page 19: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/19.jpg)
19
Integrity-protected dispersal codeIntegrity-protected dispersal code
Client
P1 P2 P3 P4 P5
MACs embedded into parity symbols
m PRF+
![Page 20: HAIL (High-Availability and Integrity Layer) for Cloud Storage Alina Oprea Joint with Kevin Bowers and Ari Juels RSA Laboratories](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649c7d5503460f94931c22/html5/thumbnails/20.jpg)
20
Current work and open problemsCurrent work and open problems
• Proofs of Retrievability– Lower bounds akin to Naor and Rothblum’s lower bounds for
memory checking– What is the cost of file updates?
• HAIL– K. Bowers, A. Juels and A. Oprea – “HAIL (High-Availability and
Integrity Layer) for Cloud Storage”, CCS 2009– Different adversarial models– Investigate alternative constructions– Supporting file updates