Auditing for Distributed Storage Systems

TL;DR

This paper introduces NC-Audit, a cryptography-based scheme tailored for network coding-based distributed storage, enabling efficient data integrity verification, repair support, and security against third-party checks.

Contribution

It presents NC-Audit, combining SpaceMac and NCrypt, to provide an efficient, secure, and repair-friendly integrity checking scheme for coding-based distributed storage systems.

Findings

NC-Audit achieves low computational overhead.

It supports efficient node repair operations.

The scheme provides security against information leakage.

Abstract

Distributed storage codes have recently received a lot of attention in the community. Independently, another body of work has proposed integrity checking schemes for cloud storage, none of which, however, is customized for coding-based storage or can efficiently support repair. In this work, we bridge the gap between these two currently disconnected bodies of work. We propose NC-Audit, a novel cryptography-based remote data integrity checking scheme, designed specifically for network coding-based distributed storage systems. NC-Audit combines, for the first time, the following desired properties: (i) efficient checking of data integrity, (ii) efficient support for repairing failed nodes, and (iii) protection against information leakage when checking is performed by a third party. The key ingredient of the design of NC-Audit is a novel combination of SpaceMac, a homomorphic message authentication code (MAC) scheme for network coding, and NCrypt, a novel chosen-plaintext attack (CPA) secure encryption scheme that is compatible with SpaceMac. Our evaluation of a Java implementation of NC-Audit shows that an audit costs the storage node and the auditor a modest amount computation time and lower bandwidth than prior work.