Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
173 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

UPSS: a User-centric Private Storage System with its applications (2403.15884v1)

Published 23 Mar 2024 in cs.CR and cs.OS

Abstract: Strong confidentiality, integrity, user control, reliability and performance are critical requirements in privacy-sensitive applications. Such applications would benefit from a data storage and sharing infrastructure that provides these properties even in decentralized topologies with untrusted storage backends, but users today are forced to choose between systemic security properties and system reliability or performance. As an alternative to this status quo we present UPSS: the user-centric private sharing system, a cryptographic storage system that can be used as a conventional filesystem or as the foundation for security-sensitive applications such as redaction with integrity and private revision control. We demonstrate that both the security and performance properties of UPSS exceed that of existing cryptographic filesystems and that its performance is comparable to mature conventional filesystems - in some cases, even superior. Whether used directly via its Rust API or as a conventional filesystem, UPSS provides strong security and practical performance on untrusted storage.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (53)
  1. Filebench - A model based filesystem workload generator. https://github.com/filebench/filebench, July 2016.
  2. WebAssembly Specification. https://webassembly.org, 2017.
  3. FUSE (Filesystem in Userspace). https://github.com/libfuse/libfuse/releases/tag/fuse-3.9.0, Dec 2019.
  4. UtahFS. https://github.com/cloudflare/utahfs/releases/tag/v1.0, June 2020.
  5. UtahFS: Encrypted File Storage. https://blog.cloudflare.com/utahfs, June 2020.
  6. FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. ACM SIGOPS Operating Systems Review, 36(SI):1–14, 2002.
  7. DICE: A dual integrity convergent encryption protocol for client side secure data deduplication. In 2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pages 2176–2181. IEEE, 2017.
  8. File system on CRDT. arXiv preprint arXiv:1207.5990, 2012.
  9. Amazon Web Services, Inc. Amazon Simple Storage Service. "https://aws.amazon.com/s3”, (Accessed on February 28, 2020).
  10. The unified extensional versioning model. In System Configuration Management, pages 100–122, Berlin, Heidelberg, 1999. Springer Berlin Heidelberg.
  11. Measurements of a distributed file system. In Proceedings of the thirteenth ACM Symposium on Operating Systems Principles, pages 198–212, 1991.
  12. Juan Benet. IPFS: content addressed, versioned, P2P file system. arXiv preprint arXiv:1407.3561, 2014.
  13. DepSky: dependable and secure storage in a cloud-of-clouds. ACM Transactions on Storage (TOS), 9(4):1–33, 2013.
  14. The Zettabyte file system. In Proc. of the 2nd Usenix Conference on File and Storage Technologies, volume 215, 2003.
  15. Arastoo Bozorgi. From online social network analysis to a user-centric private sharing system. PhD thesis, Memorial University of Newfoundland, 2020.
  16. Upss: A global, least-privileged storage system with stronger security and better performance. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP, pages 660–671. INSTICC, SciTePress, 2024.
  17. Challenges in Designing a Distributed Cryptographic File System. In Cambridge International Workshop on Security Protocols, pages 177–192. Springer, 2019.
  18. Cagecoach: Sharing-oriented redaction-capable distributed cryptographic file system. arXiv preprint arXiv:2301.04214, 2023.
  19. Bram Cohen. Incentives build robustness in BitTorrent. In Workshop on Economics of Peer-to-Peer systems, volume 6, pages 68–72, 2003.
  20. Wide-area cooperative storage with CFS. In ACM SIGOPS Operating Systems Review, volume 35, pages 202–215. ACM, 2001.
  21. Programming semantics for multiprogrammed computations. Communications of the ACM, 9(3):143–155, 1966.
  22. Reclaiming space from duplicate files in a serverless distributed file system. In Proceedings of the 22nd International Conference on Distributed Computing Systems, pages 617–624. IEEE, 2002.
  23. Morris Dworkin. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology, 2015.
  24. Advanced Encryption Standard (AES). Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology, 2001.
  25. S3FS: FUSE-based file system backed by Amazon S3). https://github.com/s3fs-fuse/s3fs-fuse/releases, Feb 2020.
  26. MetaSync: File synchronization across multiple untrusted storage services. In 2015 USENIX Annual Technical Conference (USENIX ATC 15), pages 83–95, 2015.
  27. Burt Kaliski. PKCS #5: Password-Based Cryptography Specification Version 2.0. RFC 2898, 2000.
  28. Osama Ahmed Khashan. Secure outsourcing and sharing of cloud data using a user-side encrypted file system. IEEE Access, 8:210855–210867, 2020.
  29. A conflict-free replicated JSON datatype. IEEE Transactions on Parallel and Distributed Systems, 28(10):2733–2746, 2017.
  30. File access performance of diskless workstations. ACM Transactions on Computer Systems (TOCS), 4(3):238–268, 1986.
  31. EncFS goes multi-user: Adding access control to an encrypted file system. In 2016 IEEE Conference on Communications and Network Security (CNS), pages 525–533. IEEE, 2016.
  32. Secure deduplication with efficient and reliable convergent key management. IEEE Transactions on Parallel and Distributed Systems, 25(6):1615–1625, 2013.
  33. Perkeep (née Camlistore): your personal storage system for life. https://github.com/perkeep/perkeep/releases, May 2018.
  34. Version Control with Git: Powerful tools and techniques for collaborative software development. O’Reilly Media, Inc., 2012.
  35. Replication, history, and grafting in the Ori file system. In Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles, pages 151–166. ACM, 2013.
  36. Escaping the evils of centralized control with self-certifying pathnames. In Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications, pages 118–125. ACM, 1998.
  37. R. Merkle. Secrecy, authentication, and public key systems. PhD thesis, 1979.
  38. A novel cryptographic framework for cloud file systems and CryFS, a provably-secure construction. In IFIP Annual Conference on Data and Applications Security and Privacy, pages 409–429. Springer, 2017.
  39. Microsoft, Inc. Azure Blob Storage. "https://azure.microsoft.com/en-us/products/storage/blobs/ ”, (Accessed on January, 2023).
  40. Ivy: A read/write peer-to-peer file system. ACM SIGOPS Operating Systems Review, 36(SI):31–44, 2002.
  41. Luigi Rizzo. On the feasibility of software FEC. Univ. di Pisa, Italy, pages 1–16, 1997.
  42. The design and implementation of a log-structured file system. ACM Transactions on Computer Systems (TOCS), 10(1):26–52, 1992.
  43. Coda: A highly available file system for a distributed workstation environment. IEEE Transactions on Computers, 39(4):447–459, 1990.
  44. A comprehensive study of convergent and commutative replicated data types. PhD thesis, Inria–Centre Paris-Rocquencourt; INRIA, 2011.
  45. Conflict-free replicated data types. In Symposium on Self-Stabilizing Systems, pages 386–400. Springer, 2011.
  46. RFC3530: Network File System (NFS) Version 4 Protocol, 2003.
  47. Path ORAM: an extremely simple oblivious RAM protocol. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 299–310, 2013.
  48. Chord: A scalable peer-to-peer lookup service for internet applications. ACM SIGCOMM Computer Communication Review, 31(4):149–160, 2001.
  49. EncFS Team. EncFS: an Encrypted Filesystem for FUSE. https://github.com/vgough/encfs/releases/tag/v1.9.5, 2018.
  50. Rust Team. Rust programming language. https://www.rust-lang.org, 2020.
  51. SSHFS Team. SSHFS (a network filesystem client to connect to ssh servers). https://github.com/libfuse/sshfs/releases, Jan 2020.
  52. Tahoe: the least-authority filesystem. In Proceedings of the 4th ACM International Workshop on Storage Security and Survivability, pages 21–26, 2008.
  53. NCryptfs: A Secure and Convenient Cryptographic File System. In USENIX Annual Technical Conference, General Track, pages 197–210, 2003.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now