Abstract
As the number and scope of government regulations and rules mandating trustworthy retention of data keep growing, businesses today are facing a higher degree of regulation and accountability than ever. Existing compliance storage solutions focus on providing WORM (Write-Once Read-Many) support and rely on software enforcement of the WORM property, due to performance and cost reasons. Such an approach, however, offers limited protection in the regulatory compliance setting where the threat of insider attacks is high and the data is indexed and dynamically updated (e.g., append-only access logs indexed by the creator). In this paper, we propose a solution that can greatly improve the trustworthiness of a compliance storage system, by reducing the scope of trust in the system to a tamper-resistant Trusted Computing Base (TCB). We show how trustworthy retention and verification of append-only data can be achieved through the TCB. Due to the resource constraints on the TCB, we develop a novel authentication data structure that we call Homomorphic Hash Tree (HHT). HHT drastically reduces the TCB workload. Our experimental results demonstrate the effectiveness of our approach.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Baric, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 480–494. Springer, Heidelberg (1997)
Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography: The case of hashing and signing. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 216–233. Springer, Heidelberg (1994)
Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography and application to virus protection. In: STOC, pp. 45–56 (1995)
Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)
Bellare, M., Yee, B.: Forward integrity for secure audit logs. Technical report, University of California at San Diego, Department of Computer Science and Engineering (1997)
Benaloh, J.C., de Mare, M.: One-way accumulators: A decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994)
Camenisch, J.L., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)
Chaum, D., van Heijst, E., Pfitzmann, B.: Cryptographically strong undeniable signatures, unconditionally secure for the signer. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 470–484. Springer, Heidelberg (1992)
Clarke, D., Devadas, S., van Dijk, M., Gassend, B., Suh, G.E.: Incremental multiset hash functions and their application to memory integrity checking. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 188–207. Springer, Heidelberg (2003)
Cramer, R., Shoup, V.: Signature schemes based on the strong rsa assumption. In: CCS, pp. 161–185 (1999)
Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.G.: Authentic third-party data publication. In: DBSec, pp. 101–112 (2000)
EMC Corp. EMC Centera, http://www.emc.com/products/family/emc-centera-family.htm
Gkantsidis, C., Rodriguez, P.: Cooperative security for network coding file distribution. In: INFOCOM, pp. 1–13 (2006)
Guillou, L.C., Quisquater, J.-J.: A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1988)
Haber, S., Stornetta, W.S.: How to time-stamp a digital document. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991)
Hasan, R., Sion, R., Winslett, M.: The case of the fake picasso: Preventing history forgery with secure provenance. In: FAST, pp. 1–14 (2009)
Hsu, W.W., Ong, S.: Worm storage is not enough. IBM Systems Journal special issue on Compliance Management (2007)
IBM Corp. IBM TotalStorage DR550, http://www.ibm.com/servers/storage/disk/dr
Itkis, G., Reyzin, L.: Forward-secure signatures with optimal signing and verifying. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 332–354. Springer, Heidelberg (2001)
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: FAST, pp. 29–42 (2003)
Krohn, M.N., Freedman, M.J., Mazières, D.: On-the-fly verification of rateless erasure codes for efficient content distribution. In: S&P, pp. 226–240 (2004)
Li, J., Krohn, M., Mazières, D., Shasha, D.: Secure untrusted data repository (sundr). In: OSDI, pp. 121–136 (2004)
Maheshwari, U., Vingralek, R., Shapiro, W.: How to build a trusted database system on untrusted storage. In: OSDI, p. 10 (2000)
Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)
Micali, S., Rabin, M.O., Kilian, J.: Zero-knowledge sets. In: FOCS, pp. 80–91 (2003)
Mitra, S., Winslett, M.: Secure deletion from inverted indexes on compliance storage. In: ACM Workshop on Storage Security and Survivability (StorageSS), pp. 67–72 (2006)
Network Appliance, Inc. SnapLock TM Compliance and SnapLock Enterprise Software, http://www.netapp.com/products/ler/snaplock.html
Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)
Peterson, Z.N.J., Burns, R., Ateniese, G., Bono, S.: Design and implementation of verifiable audit trails for a versioning file system. In: FAST, pp. 93–106 (2007)
Securities and Exchange Commission. Guidance to Broker-Dealers on the Use of Electronic Storage Media under the National Commerce Act of 2000 with Respect to Rule 17a-4(f) (2001), http://www.sec.gov/rules/interp/34-44238.htm
Shamir, A.: On the generation of cryptographically strong pseudorandom sequences. TOCS 1(1), 38–44 (1983)
Sion, R.: Strong worm. In: ICDCS, pp. 69–76 (2008)
Sion, R., Winslett, M.: Regulatory-compliant data management. In: VLDB, pp. 1433–1434 (2007)
Snodgrass, R.T., Yao, S.S., Collberg, C.S.: Tamper detection in audit logs. In: VLDB, pp. 504–515 (2004)
Storer, M.W., Greenan, K.M., Miller, E.L., Voruganti, K.: Potshards: Secure long-term storage without encryption. In: USENIX Annual Technical Conference, pp. 142–156 (2007)
United State Department of Health. The Health Insurance Portability and Accountability Act (1996), http://www.cms.gov/hipaa
United States Congress. Sarbanes-Oxley Act of (2002), http://thomas.loc.gov
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, T., Ma, X., Li, N. (2009). WORM-SEAL: Trustworthy Data Retention and Verification for Regulatory Compliance. In: Backes, M., Ning, P. (eds) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, vol 5789. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04444-1_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-04444-1_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04443-4
Online ISBN: 978-3-642-04444-1
eBook Packages: Computer ScienceComputer Science (R0)