19-01-2013, 10:09 AM
Privacy-Preserving Audit and Extraction of Digital
ABSTRACT
A growing number of online services, such as Google, Yahoo!, and Amazon, are starting to charge users for their storage. Customers often use these services to store valuable data such as email, family photos and videos, and disk backups. Today, a customer must entirely trust such external services to maintain the integrity of hosted data and return it intact. Unfortunately, no service is infallible. To make storage services accountable for data loss, we present protocols that allow a thirdparty auditor to periodically verify the data stored by a service and assist in returning the data intact to the customer. Most importantly, our protocols are privacy-preserving, in that they never reveal the data contents to the auditor. Our solution removes the burden of verification from the customer, alleviates both the customer’s and storage service’s fear of data leakage, and provides a method for independent arbitration of data retention contracts.Auditing to Keep Online Storage Services Honest Mehul A. Shah, Mary Baker, Jeffrey C. Mogul, Ram Swaminathan A growing number of online service providers offer to store customers' photos, email, le system backups, and other digital assets. Currently, customers cannot make informed decisions about the risk of losing data stored with any particular service provider, reducing their in- centive to rely on these services. We argue that third- party auditing is important in creating an online service- oriented economy, because it allows customers to eval- uate risks, and it increases the ef ciency of insurance- based risk mitigation. We describe approaches and sys- tem hooks that support both internal and external audit- ing of online storage services, describe motivations for service providers and auditors to adopt these approaches, and list challenges that need to be resolved for such au- diting to become a reality.