Secure Untrusted Data Repository (SUNDR)

We have implemented a secure network file system called SUNDR that guarantees the integrity of data even when malicious parties control the server. SUNDR splits storage functionality between two untrusted components, a block store and a consistency server. The block store holds all file data and most metadata. Without interpreting metadata, it presents a simple interface for clients to store variable-sized data blocks and later retrieve them by cryptographic hash. The consistency server implements a novel protocol that guarantees close-to-open consistency whenever users see each other’s updates. The protocol roughly consists of users exchanging version-stamped digital signatures of block server metadata, though a number of subtleties arise in efficiently supporting concurrent clients and groupwritable files. We have proven the protocol’s security under basic cryptographic assumptions. Without somehow producing signed messages valid under a user’s (or the superuser’s) public key, an attacker cannot tamper with a user’s files—even given control of the servers and network. Despite this guarantee, SUNDR performs within a reasonable factor of existing insecure network file systems.