Secure Untrusted Data Repository (SUNDR)
Abstract
We have implemented a secure network file system called SUNDR that guarantees the integrity of data even when malicious parties control the server. SUNDR splits storage functionality between two untrusted components, a block store and a consistency server. The block store holds all file data and most metadata. Without interpreting metadata, it presents a simple interface for clients to store variable-sized data blocks and later retrieve them by cryptographic hash. The consistency server implements a novel protocol that guarantees close-to-open consistency whenever users see each other s updates. The protocol roughly consists of users exchanging version-stamped digital signatures of block server metadata, though a number of subtleties arise in efficiently supporting concurrent clients and groupwritable files. We have proven the protocol s security under basic cryptographic assumptions. Without somehow producing signed messages valid under a user s (or the superuser s) public key, an attacker cannot tamper with a user s files even given control of the servers and network. Despite this guarantee, SUNDR performs within a reasonable factor of existing insecure network file systems.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2003
- Accession Number
- ADA445862
Entities
People
- David Mazières
- Dennis Shasha
- Jinyuan Li
- Maxwell Krohn
Organizations
- New York University