Enhancing Data Integrity Protection in Cloud Storage Using Regenerating Codes

Slide Note
Embed
Share

This paper explores the importance of data integrity protection in cloud storage and presents a solution using regenerating codes to detect corrupted data chunks, provide fault tolerance, and enable efficient recovery. It compares regenerating codes with Reed-Solomon codes and discusses their implications for faster data recovery. The use of network coding in NCCloud for implementing regenerating codes is also highlighted.

hisl_ber
hisl_ber Follow

Uploaded on Sep 18, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Enabling Data Integrity Protection in Regenerating-Coding-Based Cloud Storage Henry C. H. Chen and Patrick P. C. Lee Department of Computer Science and Engineering The Chinese University of Hong Kong SRDS 12 1

  2. Cloud Storage Cloud storage is an emerging service model for remote backup and data synchronization Is cloud storage fully reliable? 2

  3. Problems in Cloud Storage 3

  4. Cloud Storage Requirements Data integrity protection Detect any corrupted data chunks stored on cloud servers Fault tolerance Tolerate any cloud server failures Efficient recovery Recover any lost/corrupted data chunks with minimal overhead 4

  5. Related Work Single server Provable Data Possession (PDP) [Ateniese et al. 07] and Proof of Retrievability (POR) [Juels et al. 07] Verify data integrity by spot-checking a fraction of large files via cryptographic means Multiple servers MR-PDP [Curtmola et al. 08] Target replication HAIL [Bowers et al. 09] Use erasure codes (e.g., Reed-Solomon codes) to provide less storage overhead than replication 5

  6. Regenerating Codes Regenerating codes [Dimakis et al., 10]minimize repair traffic while maintaining same fault tolerance as erasure codes Implication: recover faster than erasure codes Idea: Do not reconstruct the whole file as in erasure codes Instead, read only the chunks (smaller than whole file) that are needed to recover the lost chunks Build on network coding NCCloud[Hu et al., 12] provides an implementable design of regenerating codes Functional minimum storage regenerating (FMSR) codes Designed for long-term archival storage 6

  7. Reed-Solomon Codes Reed Solomon codes Repair traffic = M File of size M A A Server 1 B Proxy B Server 2 B A+B Server 3 A A A+B A+2B Server 4 n = 4, k = 2 (n,k) MDS property: any k out of n servers can rebuild original file. Conventional repair: Reconstruct whole file and generate data in new server 7

  8. [Hu et al., FAST12] FMSR in NCCloud File of size M A B C D P1 P2 P3 P4 P5 P6 P7 P8 FMSR codes Repair traffic = 0.75M Server 1 Proxy Server 2 P3 P5 P7 Server 3 P1 P2 P1 P2 Server 4 n = 4, k = 2 Code chunk Pi = linear combination of original native chunks Repair in FMSR: Download one code chunk from each surviving server Reconstruct new code chunks via random linear combination 8

  9. FMSR Property Servers (clouds) n(n-k) chunks Proxy P1 P2 P3 P4 P5 P6 P7 P8 P1 P2 P3 P4 P5 P6 P7 P8 k(n-k) chunks A B C D File partition encode distribute n=4, k=2 c1,1 c1,2 c1,3 c1,4 P1 P2 P3 P4 P5 P6 P7 P8 A . . . B C D c8,1 c8,2 c8,3 c8,4 Encoding matrix rank = k(n-k) Native chunks Code chunks 9

  10. FMSR Codes FMSR codes Can achieve up to 50% repair traffic saving for general k = n-2 (i.e., RAID-6 tolerance) It is functional, i.e., fault tolerance is preserved It is suitable to long-term archival storage whose read frequency is rare Can we enable integrity protection atop regenerating codes, while preserving repair traffic saving? 10

  11. Our Contributions Build a FMSR-DIP code, which enables data integrity protection, fault tolerance, and efficient recovery Export tunable parameters from FMSR-DIP to trade performance and security Implement and evaluate FMSR-DIP atop a real cloud storage testbed 11

  12. FMSR-DIP Goals Threat model: Byzantine, mobile adversary [Bowers et al. 09] exhibits arbitrary behavior corrupts different subsets of servers over time Design goals: Preserve advantages of FMSR codes Work on thin clouds (i.e., only basic PUT/GET operations need to be supported) Support byte sampling to minimize cost 12

  13. FMSR-DIP: Overview Servers / clouds FMSR FMSR-DIP code chunks code chunks file upload FMSR- DIP Storage interface NCCloud Users file download Four operations: Upload, Check, Download and Repair 13

  14. FMSR-DIP: Upload 8 FMSR code chunks, 3 bytes each 14

  15. FMSR-DIP: Upload Apply error-correcting code (ECC) to each chunk individually 15

  16. FMSR-DIP: Upload XOR each byte with a pseudorandom value 16

  17. FMSR-DIP: Upload For each chunk, calculate the MAC of the first 3 bytes 17

  18. FMSR-DIP: Upload Upload the chunks to clouds Encrypt the metadata from NCCloud (which contains the encoding matrix) Append all MACs to metadata Replicate metadata on all servers 18

  19. FMSR-DIP: Check Pick a row to check 19

  20. FMSR-DIP: Check XOR with the previous pseudorandom values, and check their consistency20

  21. FMSR-DIP: Check Recall that from FMSR encoding: Ax = P A = encoding matrix with rank = k(n-k) x = row of native chunks P = row of code chunks P is a linear combination of x Rank checking: Check if rank(A | P) = rank(A) = k(n-k) 21

  22. FMSR-DIP: Download Download chunks from any 2 servers and verify with their MACs 22

  23. FMSR-DIP: Download Remove pseudorandom values and pass to NCCloud for decoding23

  24. FMSR-DIP: Repair 24

  25. FMSR-DIP: Repair Download 1 chunk from all other servers and verify with their MACs 25

  26. FMSR-DIP: Repair Remove pseudorandom values and pass to NCCloud 26

  27. FMSR-DIP: Repair NCCloud generates new chunks 27

  28. FMSR-DIP: Repair Process the newly generated chunks as before 28

  29. FMSR-DIP: Repair Upload chunks and update metadata on all servers 29

  30. FMSR-DIP Optimizations By default, FMSR-DIP operates in units of bytes FMSR-DIP can also operate in blocks A block is a sequence of bytes Better checking performance, but less security We export different trade-off parameters that tune between performance and security We conduct preliminary security analysis on FMSR-DIP See details in paper and technical report 30

  31. FMSR-DIP: Experiments Testbed environment Openstack Swift 1.4.2 1 proxy connected to storage servers over LAN NCCloud and FMSR-DIP deployed on proxy NCCloud uses RAMDisk as storage Storage scheme (4,2)-FMSR Goal: evaluate FMSR-DIP overhead over FMSR codes 31

  32. Running Time vs. File Size 25 Time taken (s) 20 Transfer-Up DIP-Encode FMSR UPLOAD 15 10 5 0 FMSR-DIP overhead comparable to network transfer time in a LAN environment 100MB 50MB 20MB 10MB 5MB 1MB File size 8 Time taken(s) 6 DOWNLOAD Transfer-Down DIP-Decode FMSR 4 2 0 100MB 50MB 20MB 10MB 5MB 1MB File size 20 Time taken(s) Transfer-Up Transfer-Down DIP-Encode DIP-Decode FMSR 15 REPAIR 10 5 0 32 100MB 50MB 20MB 10MB 5MB 1MB File size

  33. The Check Operation 80 1% check 70 60 Time taken (s) Misc. Transfer-Down Rank Checking PRF 50 40 30 20 Bottleneck in network transfer 10 0 Download block size 256B 1KB 4KB 7KB 25KB 256KB 30 256KB download block size 25 Time taken (s) 20 Misc. Transfer-Down Rank Checking PRF 15 10 5 0 100% 75% 50% 25% 10% 5% 1% Checking percentage 33

  34. Conclusions Propose a design for efficient data integrity protection using FMSR on thin clouds Implement and evaluate the efficiency of the design Source code: http://ansrlab.cse.cuhk.edu.hk/software/fmsrdip/ 34

  35. Backup 35

  36. Recall: FMSR Encoding P1 c1,1 c1,2 c1,3 c1,4 P2 c2,1 c2,2 c2,3 c2,4 A P3 c3,1 c3,2 c3,3 c3,4 c4,1 c4,2 c4,3 c4,4 B P4 c5,1 c5,2 c5,3 c5,4 C P5 c6,1 c6,2 c6,3 c6,4 D P6 c7,1 c7,2 c7,3 c7,4 P7 c8,1 c8,2 c8,3 c8,4 P8 Encoding matrix rank = k(n-k) Native chunks Code chunks 36

Related


Online Procurement Auctions for Resource Pooling in Client-Assisted Cloud Storage Systems

Online Procurement Auctions for Resource Pooling in Client-Assisted Cloud Storage Systems

addingt
Understanding Durability and Integrity in Data Storage Systems

Understanding Durability and Integrity in Data Storage Systems

franzese_l
Simplify Label Design with Label.Cloud

Simplify Label Design with Label.Cloud

urso_rz
Quantum Error-Correcting Codes and Subsystem Codes

Quantum Error-Correcting Codes and Subsystem Codes

kard670
Research Insights on IHEP Disk Storage Systems and Cloud Computing Integration

Research Insights on IHEP Disk Storage Systems and Cloud Computing Integration

fshel
Cloud-Optimized HDF5 Files Overview

Cloud-Optimized HDF5 Files Overview

gianni
State-of-the-art Analysis of VM-based Cloud Management Platforms

State-of-the-art Analysis of VM-based Cloud Management Platforms

kolb_926
Understanding Activity, Pay, and Special Codes in API Terminology

Understanding Activity, Pay, and Special Codes in API Terminology

humaira
Understanding Binary Codes and Self-Complementing Codes

Understanding Binary Codes and Self-Complementing Codes

boaz
Understanding Computer Data Storage with Ceph

Understanding Computer Data Storage with Ceph

avr_g
PELICAN: A Building Block for Exascale Cold Data Storage

PELICAN: A Building Block for Exascale Cold Data Storage

bielecki_b
Understanding Tilde Codes for Custom Result Pictures

Understanding Tilde Codes for Custom Result Pictures

scen815
Understanding Integrity Constraints in Relational Database Systems

Understanding Integrity Constraints in Relational Database Systems

romy
Efficient Live Deduplication Storage for VM Images in Open-Source Cloud

Efficient Live Deduplication Storage for VM Images in Open-Source Cloud

hove_lv
Benefits of Linux Open Networking & Software Defined Storage (SDS) for Cloud Environments

Benefits of Linux Open Networking & Software Defined Storage (SDS) for Cloud Environments

christ
Enhancing Spectrum Efficiency with Low Complexity Erasure Codes in IEEE 802.11 Document

Enhancing Spectrum Efficiency with Low Complexity Erasure Codes in IEEE 802.11 Document

telo646
Understanding Geographic Distribution Using 3-Digit ZIP Codes

Understanding Geographic Distribution Using 3-Digit ZIP Codes

ssnif
Enhancing Cloud Data Transactions with Deuteronomy

Enhancing Cloud Data Transactions with Deuteronomy

edie_m
Enhancing Data Integrity in IEEE 802.11 Networks

Enhancing Data Integrity in IEEE 802.11 Networks

mbusa
Cloud_cci: Comprehensive Overview of Available Data and Evaluation

Cloud_cci: Comprehensive Overview of Available Data and Evaluation

ksned
Understanding Tape Storage: LTO and LTFS Overview

Understanding Tape Storage: LTO and LTFS Overview

felicia
Understanding the General Data Protection Regulation (GDPR) and Data Protection Bill

Understanding the General Data Protection Regulation (GDPR) and Data Protection Bill

helena
Emerging Trends in Cloud Databases: Challenges and Opportunities

Emerging Trends in Cloud Databases: Challenges and Opportunities

phuong_o
Understanding Cloud Federation and Identity Management

Understanding Cloud Federation and Identity Management

islarose

More Related Content