ghostor: toward a secure data-storage system from ... · alice’s client doctor’s client chmod...
TRANSCRIPT
![Page 1: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/1.jpg)
Ghostor: Toward a Secure Data-Sharing System from Decentralized Trust
*Yuncong Hu, *Sam Kumar, and Raluca Ada Popa
University of California, Berkeley
*Co-primary authors
1
![Page 2: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/2.jpg)
Motivating Example: Medical Record System
Alice
Oncologist
2
Storage Server
![Page 3: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/3.jpg)
Threat Model
Alice
OncologistStorage Server
3
![Page 4: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/4.jpg)
Existing Systems rely on Centralized Trust
Alice
Oncologist
Central Point of Trust!
Adversary can:• See files and who
accesses them• Serve old or
modified data
4
Storage Server
![Page 5: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/5.jpg)
End-to-End Encryption [CFS, SiRiUS, Plutus, etc.]
Storage Server
File A:
File B:
ACL:
ACL:
Content:
Content:
Bob, Oncologist
Alice, Oncologist
Alice
Oncologist
5
![Page 6: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/6.jpg)
Privacy Leakage in E2EE Data Sharing
Storage Server
File B:
ACL:
Content:
Alice, Oncologist
Alice
Oncologist
Alice has access to File BOncologist has access to File BAlice accesses File BOncologist accesses File B
6
![Page 7: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/7.jpg)
Ghostor: Cryptographic Data-Sharing System
• Anonymity
• Verifiable Linearizability
7
![Page 8: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/8.jpg)
Ghostor: Cryptographic Data-Sharing System
• Anonymity
• Verifiable Linearizability
8
![Page 9: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/9.jpg)
Privacy Leakage in E2EE Data Sharing
Storage Server
File B:
ACL:
Content:
Alice, Oncologist
Alice
Oncologist
Alice has access to File BOncologist has access to File BAlice accesses File BOncologist accesses File B
9
![Page 10: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/10.jpg)
E2EE Data Sharing vs. Ghostor’s Anonymity
Storage Server
Alice
Oncologist
Alice has access to File BOncologist has access to File BAlice accesses File BOncologist accesses File B
E2EE Data Sharing
10
![Page 11: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/11.jpg)
E2EE Data Sharing vs. Ghostor’s Anonymity
Storage Server
Alice
Oncologist
Alice has access to File BOncologist has access to File BAlice accesses File BOncologist accesses File B
E2EE Data Sharing
Storage Server
Alice
Oncologist
UNKNOWN has access to File BUNKNOWN accesses File BUNKNOWN accesses File B
What files did Alice access?Is she part of the system?
Ghostor’s Anonymity
11
![Page 12: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/12.jpg)
E2EE Data Sharing vs. Ghostor’s Anonymity
Storage Server
Alice
Oncologist
Alice has access to File BOncologist has access to File BAlice accesses File BOncologist accesses File B
E2EE Data Sharing
Storage Server
UNKNOWN has access to File BUNKNOWN accesses File BUNKNOWN accesses File B
What files did Alice access?Is she part of the system?
Ghostor’s Anonymity
12
![Page 13: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/13.jpg)
E2EE Data Sharing vs. Ghostor’s Anonymity
Storage Server
Alice
Oncologist
Alice has access to File BOncologist has access to File BAlice accesses File BOncologist accesses File B
E2EE Data Sharing
Storage Server
UNKNOWN has access to File BUNKNOWN accesses File BUNKNOWN accesses File B
What files did Alice access?Is she part of the system?
Ghostor’s Anonymity
13
Ghostor-MH is a theoretical scheme that also hides
access patterns (see paper)
![Page 14: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/14.jpg)
Ghostor: Cryptographic Data-Sharing System
• Anonymity
• Verifiable Linearizability
14
![Page 15: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/15.jpg)
Verifiable Linearizability
Storage Server
File A:
File B:
ACL:
ACL:
Content:
Content:
Bob, Oncologist
Alice, Oncologist
No allergy
Alice
Oncologist
Allergic to X
15
![Page 16: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/16.jpg)
Verifiable Linearizability
Storage Server
File A:
File B:
ACL:
ACL:
Content:
Content:
Bob, Oncologist
Alice, OncologistNo allergy
Alice
Oncologist Allergic to XUser can detect if he receives anything other than the latest write
16
![Page 17: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/17.jpg)
Comparison to Existing Work
17
Rely on Central Trust• Split server into two
parts and assume one is honest, or
• Assume semi-honest adversary
Ghostor
Anonymity andVerifiable Linearizability
Verena [KFPC16]: Verifiable Linearizability
AnonymousCloud [KH12]: Anonymity
Based on Decentralized Trust• Avoids placing trust in a
few central machines
![Page 18: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/18.jpg)
Bootstrapping Decentralized Trust
Storage System based on
Decentralized Trust
Blockchain
Transparency Logs Peer-to-Peer Bootstrap
18
![Page 19: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/19.jpg)
Strawman: Use a Blockchain
User’s Machine
GhostorClient
Blockchain
read, write, create files
Expensive!
19
![Page 20: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/20.jpg)
Ghostor’s System Architecture
GhostorStorage Server
User’s Machine
GhostorClient
Blockchain
checkpoint
checkpoint
20
One checkpoint for the entire system once per epoch
summary of operations
checkpoint
![Page 21: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/21.jpg)
• History for each object is recorded as a hash chain of digests
• History is committed to blockchain at the end of each epoch
Server Storage
Blockchain
Alice’s Client Doctor’s Client
Chmod
Hash(Object)[first operation]
Signed by Alice
Signed by Server
Read
Hash(Object)Hash(Previous Digest)
Signed by Doctor
Signed by Server
Write
Hash(Object)Hash(Previous Digest)
Signed by Alice
Signed by Server
Read
Hash(Object)Hash(Previous Digest)
Signed by Doctor
Signed by Server
End of Epoch 1
Checkpoint: Epoch 1Hash(Latest Digest)
Chmod
Signed by Alice
Signed by Server
Write
Signed by Alice
Signed by Server
Read
Signed by Doctor
Signed by Server
Read
Signed by Doctor
Signed by Server
Verifiable History (Strawman)
21
![Page 22: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/22.jpg)
How to make Verifiable History Anonymous?
• Signing keys are like capabilities
• Idea: have different users share capabilities for each object
22
![Page 23: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/23.jpg)
Shared Capabilities
23
Header:
Content:
Object Data
PKAlice PKDoctor
WSK
Key-Private Encryption
WSK Padding
PSK
Stored by the object’s owner
RSK
RSK
RSK
Might reveal users’ public keys!
Permission Signing Key
Reader Signing Key
Writer Signing Key
Anonymously Distributed Shared Capabilities
![Page 24: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/24.jpg)
• History for each object is recorded as a hash chain of digests
• History is committed to blockchain at the end of each epoch
Server Storage
Blockchain
Alice’s Client Doctor’s Client
Chmod
Hash(Object)[first operation]
Signed by Alice
Signed by Server
Read
Hash(Object)Hash(Previous Digest)
Signed by Doctor
Signed by Server
Write
Hash(Object)Hash(Previous Digest)
Signed by Alice
Signed by Server
Read
Hash(Object)Hash(Previous Digest)
Signed by Doctor
Signed by Server
End of Epoch 1
Checkpoint: Epoch 1Hash(Latest Digest)
Chmod
Signed by Alice
Signed by Server
Write
Signed by Alice
Signed by Server
Read
Signed by Doctor
Signed by Server
Read
Signed by Doctor
Signed by Server
Verifiable History (Strawman)
24
![Page 25: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/25.jpg)
• History for each object is recorded as a hash chain of digests
• History is committed to blockchain at the end of each epoch
Server Storage
Blockchain
Alice’s Client Doctor’s Client
Chmod
Hash(Object)[first operation]
Signed byPSK
Signed by Server
Read
Hash(Object)Hash(Previous Digest)
Signed byRSK
Signed by Server
Write
Hash(Object)Hash(Previous Digest)
Signed byWSK
Signed by Server
Read
Hash(Object)Hash(Previous Digest)
Signed byRSK
Signed by Server
End of Epoch 1
Checkpoint: Epoch 1Hash(Latest Digest)
Chmod
Signed by PSK
Signed by Server
Write
Signed by WSK
Signed by Server
Read
Signed by RSK
Signed by Server
Read
Signed by RSK
Signed by Server
Verifiable Anonymous History
25
![Page 26: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/26.jpg)
Additional Challenge: Concurrent Operations
26
Server Storage
Alice’s Client Doctor’s Client
Chmod
Hash(Object)[first operation]
Signed by PSK
Signed by Server
ReadHash(Previous)
Signed by RSK
ReadHash(Previous)
Signed by RSK
• Suppose Alice and Doctor read the object concurrently
• Both see the same latest digest
![Page 27: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/27.jpg)
Additional Challenge: Concurrent Operations
27
Server Storage
Alice’s Client Doctor’s Client
Chmod
Hash(Object)[first operation]
Signed by PSK
Signed by Server
• Suppose Alice and Doctor read the object concurrently
• Both see the same latest digest
ReadHash(Previous)
Signed by RSK
ReadHash(Previous)
Signed by RSK
![Page 28: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/28.jpg)
Additional Challenge: Concurrent Operations
28
Server Storage
Alice’s Client Doctor’s Client
Chmod
Hash(Object)[first operation]
Signed by PSK
Signed by Server
• Suppose Alice and Doctor read the object concurrently
• Both see the same latest digest
Read
Hash(Object)Hash(Previous Digest)
Signed by RSK
Signed by Server
ReadHash(Previous)
Signed by RSK
Wrong Hash(Previous)!
![Page 29: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/29.jpg)
Insight: Client Signs over only Some Fields
29
Hash(Object)Hash(Previous)
Server
ReadNonce
RSK
Read
Hash(Object)Hash(Previous Digest)
Signed by RSK
Signed by Server
becomes
![Page 30: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/30.jpg)
Concurrent Reads in Ghostor
30
Server Storage
Alice’s Client Doctor’s Client
Chmod
Hash(Object)[first operation]
Server
• Suppose Alice and Doctor read the object concurrently
• Both see the same latest digest
ReadNonce
RSK
ReadNonce
RSK
PSK
![Page 31: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/31.jpg)
Concurrent Reads in Ghostor
31
Server Storage
Alice’s Client Doctor’s Client• Suppose Alice and Doctor read the object concurrently
• Both see the same latest digest
Hash(Object)Hash(Previous)
Server
Hash(Object)Hash(Previous)
Server
ReadNonce
RSK
ReadNonce
Read
RSKServer
Read
RSKServer
RSK
Chmod
Hash(Object)[first operation]
ServerPSK
![Page 32: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/32.jpg)
This Technique Does Not Work for Writes
32
Server Storage
Alice’s Client Doctor’s Client• Suppose Alice writes the file
WriteNonceHash(Object) WSK
Chmod
Hash(Object)[first operation]
ServerPSK
![Page 33: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/33.jpg)
This Technique Does Not Work for Writes
33
Server Storage
Alice’s Client Doctor’s Client• Suppose Alice writes the file
Hash(Previous)
Server
Hash(Previous)
Server
WriteNonceHash(Object) WSK
WriteNonceHash(Object)
Write
WSKServer
Hash(Previous)
Server
WriteNonceHash(Object) WSKWSK
WriteNonceHash(Object) WSK
Time-Stretch Attack
Chmod
Hash(Object)[first operation]
ServerPSK
Write
WSKServer
![Page 34: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/34.jpg)
Concurrent Writes in Ghostor
34
Server Storage
Alice’s Client Doctor’s Client• Suppose Alice writes the file
Hash(Previous)
Server
Hash(Previous)
Server
PrepareHash(Object)
WSK
CommitHash(Object)Hash(Prepare)
Prepare
WSKServer
WSK
Commit
WSKServer
Hash(Object)Hash(Previous)
Server
ReadNonce
RSK
Read
RSKServer
Chmod
Hash(Object)[first operation]
ServerPSK
![Page 35: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/35.jpg)
Ghostor Stack
Anonymously Distributed Shared Capabilities
Verifiable Anonymous History
Concurrent Operations
Preventing Resource Abuse
Hiding Network Information
Ghostor-MH
35
![Page 36: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/36.jpg)
Ghostor Stack
Anonymously Distributed Shared Capabilities
Verifiable Anonymous History
Concurrent Operations
Preventing Resource Abuse
Hiding Network Information
Ghostor-MH
36
Described in our paper
![Page 37: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/37.jpg)
Implementation
• Implemented Ghostor prototype in Go
• Built on top of Ceph RADOS• Linearizable, distributed, fault-tolerant object store
• Benchmarked on Amazon EC2 in multi-node, multi-SSD setup
37
![Page 38: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/38.jpg)
Server-Side Latency to PUT a 1 MiB Object
0
10
20
30
40
50
Insecure End-to-EndEncryption
Anonymity ForkConsistency
VerifiableLinearizability
Ghostor
Late
ncy
(m
s)
38
Small Overhead
Small Overhead
![Page 39: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/39.jpg)
Server-Side Latency to PUT a 1 MiB Object
0
10
20
30
40
50
Insecure End-to-EndEncryption
Anonymity ForkConsistency
VerifiableLinearizability
Ghostor
Late
ncy
(m
s)
39
25 ms
![Page 40: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/40.jpg)
Total Latency
• To hide network information, Ghostor clients use the Tor anonymity network to contact the server
• With Tor, overall latency is several seconds
40
![Page 41: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/41.jpg)
Conclusion
Ghostor is a cryptographic data sharing system based on decentralized trust
It achieves:
• Anonymity: server cannot tell which user makes an access
• Verifiable Linearizability: users detect if they don’t receive the latest data
Ghostor’s techniques could significantly boost the security guarantees of:
41Keybase
![Page 42: Ghostor: Toward a Secure Data-Storage System from ... · Alice’s Client Doctor’s Client Chmod Hash(Object) [first operation] Signed by PSK Signed by Server •Suppose Alice and](https://reader034.vdocuments.net/reader034/viewer/2022050508/5f994d4892dc8e55c811f656/html5/thumbnails/42.jpg)
Conclusion
Ghostor is a cryptographic data sharing system based on decentralized trust.
It achieves:
• Anonymity: server cannot tell which user makes an access
• Verifiable Linearizability: users detect if they don’t receive the latest data
This material is based on work supported by the National Science Foundation Graduate Research Fellowship Program under Grant No. DGE-1752814. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.
Thank you!
42