• Corpus ID: 109544319

Historic integrity in distributed systems

  title={Historic integrity in distributed systems},
  author={Mary Baker and Petros Maniatis},
In an all-digital, all-online setting, long-term secure record keeping is a difficult task. The record-keeping problem comes up with increasing frequency, as we migrate to exclusively digital ways of transacting business. Accountability requires information about the content and the timing of business transactions. In the digital world, ideally, we should be able to tell with conviction when a “digital event” occurred with respect to other events—such as storing a purchase receipt on a hard… 

Research Statement

This thesis tackles the problem of maintaining the history of a distributed system — or of a social network operating over a digital medium — whose components are mutually distrustful, and designs a novel data structure that can be used to efficiently maintain and search through very large, dynamic tamper-evident logs, with provable security guarantees.

    - 

A logical language for applications to express concisely the constraints that apply to their logs and the evidence that can be extracted from them is proposed and several algorithms for efficiently and incrementally evaluating these rules are offered.

CATS : Certified Authenticated Tamper-evident State Store for Network Services

Novel aspects of the CATS design include the use of probabilistic audits to address the problem of replayed writes common to previous approaches and the design alternatives for the state storage layer are explored.

A distributed Integrity Catalog for digital repositories

The introduces IntegrityCatalog, a system that collects all integrity related metadata in a single component, and treats them as first class objects, managing both their integrity and their preservation, and introduces a treap-based persistent authenticated dictionary managing arbitrary length key/value pairs, which is used to store all integrity metadata.

Enabling secure and resource-efficient blockchain networks with VOLT

This paper describes VOLT, a permissioned blockchain network for a group of autonomous organizations to automate cross-organizational business processes. Specifically, VOLT ensures that a correct

Strong accountability for network storage

The results show that strong accountability is practical for network storage systems in settings with strong identity and modest degrees of write-sharing and how the accountability concepts and techniques used in CATS generalize to other classes of network services.

Securing Shared Untrusted Storage by using TPM 1 . 2 Without Requiring a Trusted OS

It is shown how the currently available TPM 1.2 technology can be used to implement tamper-evident storage, where clients are guaranteed to at least detect illegitimate modifications to their data whenever they wish to perform a critical operation that relies on the freshness and validity of the data.

Trust but verify: accountability for network services

The foundation of the approach is to preserve digitally signed records of actions and/or internal state snapshots of each service, and use them to detect tampering, verify the consistency of actions, and prove responsibility for unexpected states or actions.

Depot : Cloud storage with minimal trust ( extended version ) ∗

The paper describes the design, implementation, and evaluation of Depot, a cloud storage system that minimizes trust assumptions and provides safety and liveness guarantees to correct clients using a two-layer architecture.

12 Depot : Cloud Storage with Minimal Trust

Depot provides safety and liveness guarantees to correct clients using a two-layer architecture and can tolerate faults and maintain good availability, latency, overhead, and staleness even when significant faults occur.



Authentic Data Publication Over the Internet

This work gives techniques based on Merkle hash trees that publishers can use to provide authenticity and nonrepudiation of the answer to database queries posed by a client without requiring a key to be held in an on-line system.

Dealing with server corruption in weakly consistent, replicated data systems

It is shown that high availability through data replication on portable computers need not be mutually exclusive with various levels of data security one might want, and how to solve the trust problem for Bayou, a weakly consistent replicated data system built at Xerox PARC.

Secure History Preservation Through Timeline Entanglement

The design and implementation of Timeweave is presented, the authors' service development framework for timeline entanglement based on two novel disk-based authenticated data structures, and it is shown that it can be deployed in a loosely-coupled distributed system of several hundred nodes with overhead of roughly 2-8% of the processing resources of a PC-grade system.

Some Timestamping Protocol Failures

Protocol failures are presented for two timestamping schemes and it is shown that although an indication of time can be included during the computation of the timestamp, the veri ation of theestamp does not allow for the recovery of this temporal measure.

Enabling the Archival Storage of Signed Documents

KASTS combines time stamping of signed documents with storage of past signature verification keys and is argued that such an extended archival storage system is feasible and one possible design for it is described.

Improving the Availability of Time-Stamping Services

Fault-tolerant linking as a new concept to neutralize fault-sensitivity as the main weakness of linkage-based time-stamping is introduced.

Cryptographic Support for Secure Logs on Untrusted Machines

A computationally cheap method is described for making all log entries generated prior to the logging machine's compromise impossible for the attacker to read, and also impossible to undetectably modify or destroy.

Eliminating Counterevidence with Applications to Accountable Certificate Management

A new primitive, undeniable attester, that allows someone to commit to some set S of bitstrings by publishing a short digest and to give attestations for any x that it is or is not a member of S, is presented.

Organization and maintenance of large ordered indexes

The index organization described allows retrieval, insertion, and deletion of keys in time proportional to logkI where I is the size of the index and k is a device dependent natural number such that the performance of the scheme becomes near optimal.

Accountable certificate management using undeniable attestations

A model for accountable certificate management, where clients receive attestations confirming inclusion/removal of their certificates from the database of valid certificates, and introduces authenticated search trees and builds an efficient undeniable attester upon them.