Issue No.09 - September (2003 vol.14)
<p><b>Abstract</b>—We present the design of a distributed store that offers various levels of security guarantees while tolerating a limited number of nodes that are compromised by an adversary. The store uses secret sharing schemes to offer security guarantees, namely, availability, confidentiality, and integrity. However, a pure secret sharing scheme could suffer from performance problems and high access costs. We integrate secret sharing with replication for better performance and to keep access costs low. The trade offs involved between availability and access cost on one hand and confidentiality and integrity on the other are analyzed. Our system differs from traditional approaches such as state machine or quorum-based replication that have been developed to tolerate Byzantine failures. Unlike such systems, we augment replication with secret sharing and offer weaker consistency guarantees. We demonstrate that such a hybrid scheme offers additional flexibility that is not possible with replication alone.</p>
Security, Byzantine fault tolerance, replication, secret sharing, availability, confidentiality, data integrity, distributed storage service.
Subramanian Lakshmanan, Mustaque Ahamad, H. Venkateswaran, "Responsive Security for Stored Data", IEEE Transactions on Parallel & Distributed Systems, vol.14, no. 9, pp. 818-828, September 2003, doi:10.1109/TPDS.2003.1233705