Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
One-way accumulators: a decentralized alternative to digital signatures
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Incremental cryptography and application to virus protection
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
On the generation of cryptographically strong pseudorandom sequences
ACM Transactions on Computer Systems (TOCS)
Signature schemes based on the strong RSA assumption
ACM Transactions on Information and System Security (TISSEC)
Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Digital Signature Based on a Conventional Encryption Function
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
How to Time-Stamp a Digital Document
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Incremental Cryptography: The Case of Hashing and Signing
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Authentic Third-party Data Publication
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
Plutus: Scalable Secure File Sharing on Untrusted Storage
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Secure deletion from inverted indexes on compliance storage
Proceedings of the second ACM workshop on Storage security and survivability
How to build a trusted database system on untrusted storage
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Secure untrusted data repository (SUNDR)
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Design and implementation of verifiable audit trails for a versioning file system
FAST '07 Proceedings of the 5th USENIX conference on File and Storage Technologies
Tamper detection in audit logs
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Technical forum: worm storage is not enough
IBM Systems Journal
Regulatory-compliant data management
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
POTSHARDS: secure long-term storage without encryption
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
ICDCS '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems
The case of the fake Picasso: preventing history forgery with secure provenance
FAST '09 Proccedings of the 7th conference on File and storage technologies
Collision-free accumulators and fail-stop signature schemes without trees
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
As the number and scope of government regulations and rules mandating trustworthy retention of data keep growing, businesses today are facing a higher degree of regulation and accountability than ever. Existing compliance storage solutions focus on providing WORM (Write-Once Read-Many) support and rely on software enforcement of the WORM property, due to performance and cost reasons. Such an approach, however, offers limited protection in the regulatory compliance setting where the threat of insider attacks is high and the data is indexed and dynamically updated (e.g., append-only access logs indexed by the creator). In this paper, we propose a solution that can greatly improve the trustworthiness of a compliance storage system, by reducing the scope of trust in the system to a tamper-resistant Trusted Computing Base (TCB). We show how trustworthy retention and verification of append-only data can be achieved through the TCB. Due to the resource constraints on the TCB, we develop a novel authentication data structure that we call Homomorphic Hash Tree (HHT). HHT drastically reduces the TCB workload. Our experimental results demonstrate the effectiveness of our approach.