TU Darmstadt / ULB / TUprints

ELSA: efficient long-term secure storage of large datasets (full version)

Muth, Philipp ; Geihs, Matthias ; Arul, Tolga ; Buchmann, Johannes ; Katzenbeisser, Stefan (2021):
ELSA: efficient long-term secure storage of large datasets (full version). (Publisher's Version)
In: EURASIP Journal on Information Security, 2020 (9), pp. 1-20. Springer, ISSN 2510-523X,
DOI: 10.26083/tuprints-00017511,

Copyright Information: CC BY 4.0 International - Creative Commons, Attribution.

Download (1MB) | Preview
Item Type: Article
Origin: Secondary publication via sponsored Golden Open Access
Status: Publisher's Version
Title: ELSA: efficient long-term secure storage of large datasets (full version)
Language: English

An increasing amount of information today is generated, exchanged, and stored digitally. This also includes long-lived and highly sensitive information (e.g., electronic health records, governmental documents) whose integrity and confidentiality must be protected over decades or even centuries. While there is a vast amount of cryptography-based data protection schemes, only few are designed for long-term protection. Recently, Braun et al. (AsiaCCS’17) proposed the first long-term protection scheme that provides renewable integrity protection and information-theoretic confidentiality protection. However, computation and storage costs of their scheme increase significantly with the number of stored data items. As a result, their scheme appears suitable only for protecting databases with a small number of relatively large data items, but unsuitable for databases that hold a large number of relatively small data items (e.g., medical record databases). In this work, we present a solution for efficient long-term integrity and confidentiality protection of large datasets consisting of relatively small data items. First, we construct a renewable vector commitment scheme that is information-theoretically hiding under selective decommitment. We then combine this scheme with renewable timestamps and information-theoretically secure secret sharing. The resulting solution requires only a single timestamp for protecting a dataset while the state of the art requires a number of timestamps linear in the number of data items. Furthermore, we extend the scheme, that supports a single client, to a multi-client setting. Subsequently, we characterize the arising challenges with respect to integrity and confidentiality and discuss how our multi-client scheme tackles them. We implemented our solution and measured its performance in a scenario where 9600 data items are aggregated, stored, protected, and verified over a time span of 80 years. Our measurements show that our new solution completes this evaluation scenario an order of magnitude faster than the state of the art.

Journal or Publication Title: EURASIP Journal on Information Security
Volume of the journal: 2020
Issue Number: 9
Publisher: Springer
Classification DDC: 000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik
Divisions: 20 Department of Computer Science > Security Engineering
Date Deposited: 09 Feb 2021 09:34
Last Modified: 09 Feb 2021 09:34
DOI: 10.26083/tuprints-00017511
Corresponding Links:
URN: urn:nbn:de:tuda-tuprints-175111
URI: https://tuprints.ulb.tu-darmstadt.de/id/eprint/17511
Actions (login required)
View Item View Item