Securing Data against Limited-Knowledge Adversaries in Distributed Storage Systems

TL;DR

This paper develops secure regenerating codes for distributed storage systems that protect data integrity against limited-knowledge adversaries, extending capacity-achieving solutions to more general repair scenarios.

Contribution

It introduces a capacity-achieving scheme using product-matrix codes with hashing for broader repair degrees in the limited-knowledge adversary model.

Findings

Extends secure capacity results to d ≤ n-1 in bandwidth-limited regime.

Uses hashing to identify and eliminate compromised nodes.

Maintains data integrity despite adversarial corruption.

Abstract

We study the problem of constructing secure regenerating codes that protect data integrity in distributed storage systems (DSS) in which some nodes may be compromised by a malicious adversary. The adversary can corrupt the data stored on and transmitted by the nodes under its control. The "damage" incurred by the actions of the adversary depends on how much information it knows about the data in the whole DSS. We focus on the limited-knowledge model in which the adversary knows only the data on the nodes under its control. The only secure capacity-achieving codes known in the literature for this model are for the bandwidth-limited regime and repair degree $d=n-1$, i.e., when a node fails in a DSS with $n$ nodes all the remaining $n-1$ nodes are contacted for repair. We extend these results to the more general case of $d\leq n-1$ in the bandwidth-limited regime. Our capacity-achieving scheme is based on the use of product-matrix codes with special hashing functions and allow the identification of the compromised nodes and their elimination from the DSS while preserving the data integrity.