Principal Investigator:
Roberto Tamassia, PhD, Professor
Department of Computer Science
Brown University
Providence, RI
Brief Description:
Verifying authenticity of stored content is a fundamental problem in peer-to-peer (p2p) networks. There is a continual need and desire for increased security to protect electronic data in many forms, as applications and networks grow in scale and complexity. Peer-to-peer networks share and disperse data originating from a trusted source over remote, untrusted network nodes, and this data is queried and retrieved by end-users through the exported network’s API. An authenticated data structure is a client-server model [computing paradigm] for data authentication where data is queried not from the trusted data source, but rather from a different, untrusted entity. A popular class of authentication techniques for p2p distributed storage systems is that of distributed hash tables (DHTs), which are static, inefficient, centralized and often insecure. With advances in distributed object searching and the development of DHTs, several practical distributed storage systems over p2p networks have been designed and implemented. Current authenticated storage schemas include ‘sign-all’ DHTs, authenticated distributed hash table (ADHT), and ADHT with caching. An ADHT extends existing (non-authenticated) DHT models in various ways.
The invention is an improved new efficient ADHT model/method ameliorate problems of data authentication and data integrity in p2p distributed storage/content networks – it is both decentralized and replay safe. The model of authenticated data structures is extended to capture the security needs of these types of systems with respect to data authentication. An efficient implementation of a distributed Merkle tree (DMT) is designed for p2p systems that can be used over different types of networks. The Merkle tree is a widely used scheme in security applications and cryptographic constructions. Inefficiencies and security problems are identified, and it is shown how the DMT can be used in combination with a DHT to implement an efficient ADHT. Using an ADHT, an efficient distributed authenticated dictionary is presented. This technology can have several different advantageous embodiments and be implemented in/by different mediums such as software, hardware, logic, special purpose circuits, or any combination of such.
Further improvements over other current state-of-the-art methods are: signature amortization with only one digital signature used for a large collection of data items (large files/entire file systems) critical in terms of data freshness and security against replay attacks; achievement of load balance with respect to data distribution; improved query and update costs; increased scalability with caching; and ability to authenticate many types of data elements, including high-volume data, collections of files or relatively small pieces of information, and be fully dynamic.
Relevant markets are computer software, hardware, and applications, and scientific R&D. Applications are in cyber-security, electronic data/content/record protection, maintenance of data integrity, and for creation of an efficient distributed authenticated dictionary, to authenticate data, and in scientific R&D to advance the field of computer science.
Information:
US patent 7,974,221 is issued (07/05/2011)