Unbreakable distributed storage with quantum key distribution network and password-authenticated secret sharing

📝 Abstract

Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir’s (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area.

💡 Analysis

Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir’s (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area.

📄 Content

1

Unbreakable distributed storage with quantum key distribution network and password- authenticated secret sharing

M. Fujiwara1*, A. Waseda2, R. Nojima2, S. Moriai2, W. Ogata3 & M. Sasaki1

1Quantum ICT Laboratory, National Institute of Information and Communications Technology (NICT), 4-2-1 Nukui-kita, Koganei, Tokyo 184-8795, Japan 2Security Fundamentals Laboratory, National Institute of Information and Communications Technology (NICT), 4-2-1 Nukui-kita, Koganei, Tokyo 184-8795, Japan 3Tokyo Institute of Technology, 2-12-1 Ookayama, Meguro-ku, Tokyo 152-8552 Japan *fujwara@nict.go.jp

Abstract Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir’s (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area (≤90km).

Introduction Nowadays highly confidential data such as personal genetic information are stored in data centers and storage area networks. In these systems, information leakage to a system provider and attackers on the storage servers is the most likely risk, and when happened, it causes serious damage to data owners. Security of such data should be tightly protected not only in storage for a long period of time but also in data transmission between the storage servers, which should often be located in distant places for robust site diversity. Confidentiality of data in storage is usually guaranteed by encrypting them. Some 2

recent cryptographic schemes enable a data owner to search over encrypted data or process data without decryption 1,2. Especially, lattice-based cryptography 3-6 attracts attention due to its resistance against quantum algorithms7 and provable security under some worst case hardness assumptions. However, evaluation on the security of lattice-based cryptography is an ongoing task. For example, NTRU lattice cryptography which has been standardized at IEEE in 20098 is threatened by the newly developed efficient attack algorithm9 and needs to be re-evaluated on the security level. In contrast, Shamir’s secret sharing (SS) scheme10 can realize information theoretically secure storage systems, if data-transmission and authentication in the systems could be performed somehow in an information theoretically secure way. Some protocols based on SS further allow processing of shared data without reconstruction11. Practical implementations of data-transmission and user authentication with information theoretical security (ITS) are, however, not easy at all. The only the known way for data-transmission with ITS is to use one-time pad (OTP) with a truly random number key stream, which can be shared either by trusted couriers or quantum key distribution (QKD)12. As for message and user authentication, the Wegman-Carter scheme13 can be used to ensure ITS, but the data owner has to employ pre-shared keys for each storage server, and spend them in the OTP manner. It requires frequent key sharing and rigorous key management. So in practice, most data storage services adopt an easier way, i.e., password authentication for on-line individual identifications due to its high usability. If the data owner registers the same password to all storage servers, attackers who can access at least one storage server is able to easily know the password, and then access all the storage servers. Even if only hashed password is stored, a powerful malicious insider who can access a password file in a storage server may guess the password with an off-line dictionary attack. That is, by hashing all possible passwords and comparing with the registered hash value, the malicious insider can find out the correct password without making authentication transaction. To attain ITS against the malicious insider’s off-line dictionary attacks, different passwords should be used for different storage servers at each time. So the data owner has to remember many pass

This content is AI-processed based on ArXiv data.