Collaborative Research: SaTC: TTP: Medium: Intrusion-Tolerant Outsourced Storage for Cyber-Infrastructure

This project addresses the general problem of protecting a user's private, potentially sensitive data, such as confidential documents, images, files and folders, in the event of the compromise of an online outsourced storage service on which the data is stored. Today, users typically authenticate to such services using a password and the service stores a one-way hash of this password.

Given the weaknesses of passwords, storing password hashes allows for an offline password dictionary attack once the storage service is compromised, which exposes user's password and consequently also all her private data. To improve the secrecy of the outsourced private data, the project's main novelty lies in designing and developing an Intrusion-Tolerant Outsourced Storage (ITOS) system, which enables the user to distribute her data, and/or the cryptographic tokens which protect this data, among a set of trustees so that the password and private data remain protected even when a certain subset of the trustees have been compromised.

Building upon our previous foundational work, this project investigates: (1) the design of provably secure and highly efficient protocols for ITOS, and (2) implementation, pilot deployment, evaluation and technology transfer of an ITOS system which builds upon these protocols, in line with its “transitioning to practice” theme. The proposed system can be transparently integrated with different storage systems including popular services like Google Drive, OneDrive or Dropbox.

Moreover, ITOS can improve the authentication security for general web services. The resilient storage system architecture will offer an improved level of protection and accessibility to the data belonging to research scientists, students and staff at Universities as well as everyday computer users employing commercial storage services. The open-source library developed as part of the project will be of immense value in future research on building fault-tolerant systems.

Further, the project’s research activities will be integrated with educational activities in the form of advanced curriculum development and student mentoring in the broad domains of Trustworthy Storage Systems, Secure Data Architectures and Data Assurance. Proactive involvement of high school and K-12 students and minority populations will help broaden the reach of the project.

Regarding general application of strengthening web authentication security, the project team is also pursuing standardization activities by closely collaborating with Internet Research Task Force (IRTF) stakeholders with interest in these protocols.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.