WORM-SEAL: Trustworthy Data Retention and Verification for Regulatory Compliance

  • Tiancheng Li
  • Xiaonan Ma
  • Ninghui Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)


As the number and scope of government regulations and rules mandating trustworthy retention of data keep growing, businesses today are facing a higher degree of regulation and accountability than ever. Existing compliance storage solutions focus on providing WORM (Write-Once Read-Many) support and rely on software enforcement of the WORM property, due to performance and cost reasons. Such an approach, however, offers limited protection in the regulatory compliance setting where the threat of insider attacks is high and the data is indexed and dynamically updated (e.g., append-only access logs indexed by the creator). In this paper, we propose a solution that can greatly improve the trustworthiness of a compliance storage system, by reducing the scope of trust in the system to a tamper-resistant Trusted Computing Base (TCB). We show how trustworthy retention and verification of append-only data can be achieved through the TCB. Due to the resource constraints on the TCB, we develop a novel authentication data structure that we call Homomorphic Hash Tree (HHT). HHT drastically reduces the TCB workload. Our experimental results demonstrate the effectiveness of our approach.


Hash Function Leaf Node Main System Data Page Cryptographic Hash Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Baric, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 480–494. Springer, Heidelberg (1997)Google Scholar
  2. 2.
    Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography: The case of hashing and signing. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 216–233. Springer, Heidelberg (1994)Google Scholar
  3. 3.
    Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography and application to virus protection. In: STOC, pp. 45–56 (1995)Google Scholar
  4. 4.
    Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Yee, B.: Forward integrity for secure audit logs. Technical report, University of California at San Diego, Department of Computer Science and Engineering (1997)Google Scholar
  6. 6.
    Benaloh, J.C., de Mare, M.: One-way accumulators: A decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  7. 7.
    Camenisch, J.L., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Chaum, D., van Heijst, E., Pfitzmann, B.: Cryptographically strong undeniable signatures, unconditionally secure for the signer. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 470–484. Springer, Heidelberg (1992)Google Scholar
  9. 9.
    Clarke, D., Devadas, S., van Dijk, M., Gassend, B., Suh, G.E.: Incremental multiset hash functions and their application to memory integrity checking. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 188–207. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Cramer, R., Shoup, V.: Signature schemes based on the strong rsa assumption. In: CCS, pp. 161–185 (1999)Google Scholar
  11. 11.
    Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.G.: Authentic third-party data publication. In: DBSec, pp. 101–112 (2000)Google Scholar
  12. 12.
  13. 13.
    Gkantsidis, C., Rodriguez, P.: Cooperative security for network coding file distribution. In: INFOCOM, pp. 1–13 (2006)Google Scholar
  14. 14.
    Guillou, L.C., Quisquater, J.-J.: A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  15. 15.
    Haber, S., Stornetta, W.S.: How to time-stamp a digital document. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991)Google Scholar
  16. 16.
    Hasan, R., Sion, R., Winslett, M.: The case of the fake picasso: Preventing history forgery with secure provenance. In: FAST, pp. 1–14 (2009)Google Scholar
  17. 17.
    Hsu, W.W., Ong, S.: Worm storage is not enough. IBM Systems Journal special issue on Compliance Management (2007)Google Scholar
  18. 18.
    IBM Corp. IBM TotalStorage DR550,
  19. 19.
    Itkis, G., Reyzin, L.: Forward-secure signatures with optimal signing and verifying. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 332–354. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: FAST, pp. 29–42 (2003)Google Scholar
  21. 21.
    Krohn, M.N., Freedman, M.J., Mazières, D.: On-the-fly verification of rateless erasure codes for efficient content distribution. In: S&P, pp. 226–240 (2004)Google Scholar
  22. 22.
    Li, J., Krohn, M., Mazières, D., Shasha, D.: Secure untrusted data repository (sundr). In: OSDI, pp. 121–136 (2004)Google Scholar
  23. 23.
    Maheshwari, U., Vingralek, R., Shapiro, W.: How to build a trusted database system on untrusted storage. In: OSDI, p. 10 (2000)Google Scholar
  24. 24.
    Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)Google Scholar
  25. 25.
    Micali, S., Rabin, M.O., Kilian, J.: Zero-knowledge sets. In: FOCS, pp. 80–91 (2003)Google Scholar
  26. 26.
    Mitra, S., Winslett, M.: Secure deletion from inverted indexes on compliance storage. In: ACM Workshop on Storage Security and Survivability (StorageSS), pp. 67–72 (2006)Google Scholar
  27. 27.
    Network Appliance, Inc. SnapLock TM Compliance and SnapLock Enterprise Software,
  28. 28.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  29. 29.
    Peterson, Z.N.J., Burns, R., Ateniese, G., Bono, S.: Design and implementation of verifiable audit trails for a versioning file system. In: FAST, pp. 93–106 (2007)Google Scholar
  30. 30.
    Securities and Exchange Commission. Guidance to Broker-Dealers on the Use of Electronic Storage Media under the National Commerce Act of 2000 with Respect to Rule 17a-4(f) (2001),
  31. 31.
    Shamir, A.: On the generation of cryptographically strong pseudorandom sequences. TOCS 1(1), 38–44 (1983)CrossRefGoogle Scholar
  32. 32.
    Sion, R.: Strong worm. In: ICDCS, pp. 69–76 (2008)Google Scholar
  33. 33.
    Sion, R., Winslett, M.: Regulatory-compliant data management. In: VLDB, pp. 1433–1434 (2007)Google Scholar
  34. 34.
    Snodgrass, R.T., Yao, S.S., Collberg, C.S.: Tamper detection in audit logs. In: VLDB, pp. 504–515 (2004)Google Scholar
  35. 35.
    Storer, M.W., Greenan, K.M., Miller, E.L., Voruganti, K.: Potshards: Secure long-term storage without encryption. In: USENIX Annual Technical Conference, pp. 142–156 (2007)Google Scholar
  36. 36.
    United State Department of Health. The Health Insurance Portability and Accountability Act (1996),
  37. 37.
    United States Congress. Sarbanes-Oxley Act of (2002),

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Tiancheng Li
    • 1
  • Xiaonan Ma
    • 2
  • Ninghui Li
    • 1
  1. 1.Department of Computer SciencePurdue UniversityUSA
  2. 2.IBM Almaden Research CenterUSA

Personalised recommendations