On Block Security of Regenerating Codes at the MBR Point for Distributed Storage Systems

TL;DR

This paper introduces block security in distributed storage systems and analyzes MBR codes that protect data groups against eavesdroppers without reducing storage capacity.

Contribution

It proposes a new security concept called block security for DSS and analyzes MBR codes based on Cauchy matrices for their security properties.

Findings

Cauchy matrix-based codes provide block security.

Vandermonde matrix-based codes do not offer block security.

Secure groups size depends on eavesdropping strength.

Abstract

A passive adversary can eavesdrop stored content or downloaded content of some storage nodes, in order to learn illegally about the file stored across a distributed storage system (DSS). Previous work in the literature focuses on code constructions that trade storage capacity for perfect security. In other words, by decreasing the amount of original data that it can store, the system can guarantee that the adversary, which eavesdrops up to a certain number of storage nodes, obtains no information (in Shannon's sense) about the original data. In this work we introduce the concept of block security for DSS and investigate minimum bandwidth regenerating (MBR) codes that are block secure against adversaries of varied eavesdropping strengths. Such MBR codes guarantee that no information about any group of original data units up to a certain size is revealed, without sacrificing the storage capacity of the system. The size of such secure groups varies according to the number of nodes that the adversary can eavesdrop. We show that code constructions based on Cauchy matrices provide block security. The opposite conclusion is drawn for codes based on Vandermonde matrices.