Information-theoretically Secure Erasure Codes for Distributed Storage
This addresses security vulnerabilities in distributed storage for data-intensive applications, with foundational implications for secure data management.
The paper tackles the problem of securing data in distributed storage systems against passive eavesdroppers and active adversaries during repair operations, presenting erasure codes and algorithms that meet lower bounds on storage, bandwidth, and reliability, establishing system capacity and offering on-demand security.
Repair operations in distributed storage systems potentially expose the data to malicious acts of passive eavesdroppers or active adversaries, which can be detrimental to the security of the system. This paper presents erasure codes and repair algorithms that ensure security of the data in the presence of passive eavesdroppers and active adversaries, while maintaining high availability, reliability and efficiency in the system. Our codes are optimal in that they meet previously proposed lower bounds on the storage, network-bandwidth, and reliability requirements for a wide range of system parameters. Our results thus establish the capacity of such systems. Our codes for security from active adversaries provide an additional appealing feature of `on-demand security' where the desired level of security can be chosen separately for each instance of repair, and our algorithms remain optimal simultaneously for all possible levels. The paper also provides necessary and sufficient conditions governing the transformation of any (non-secure) code into one providing on-demand security.