Percival: A searchable secret-split datastore

机译：Percival：一个可搜索的秘密拆分数据存储

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Maintaining information privacy is challenging when sharing data across a distributed long-term datastore. In such applications, secret splitting the data across independent sites has been shown to be a superior alternative to fixed-key encryption; it improves reliability, reduces the risk of insider threat, and removes the issues surrounding key management. However, the inherent security of such a datastore normally precludes it from being directly searched without reassembling the data; this, however, is neither computationally feasible nor without risk since reassembly introduces a single point of compromise. As a result, the secret-split data must be pre-indexed in some way in order to facilitate searching. Previously, fixed-key encryption has also been used to securely pre-index the data, but in addition to key management issues, it is not well suited for long term applications. To meet these needs, we have developed Percival: a novel system that enables searching a secret-split datastore while maintaining information privacy. We leverage salted hashing, performed within hardware security modules, to access prerecorded queries that have been secret split and stored in a distributed environment; this keeps the bulk of the work on each client, and the data custodians blinded to both the contents of a query as well as its results. Furthermore, Percival does not rely on the datastore's exact implementation. The result is a flexible design that can be applied to both new and existing secret-split datastores. When testing Percival on a corpus of approximately one million files, it was found that the average search operation completed in less than one second.

机译：维护信息隐私是在一个分布式的长期数据存储共享数据时挑战。在这种应用中，秘密分割跨独立站点数据已被证明是固定密钥加密一个更好的选择;它提高了可靠性，减少了内部威胁的风险，并消除周围的密钥管理问题。然而，这样的数据存储区的固有安全性，通常被直接搜索的没有重新组装数据排除它;然而，这既不是计算上可行，也没有风险，因为重组引入折衷的一个单点。其结果是，秘密分割数据必须预先建立索引以某种方式，以便于搜索。此前，固定密钥加密也被用于安全地预索引的数据，但除了主要的管理问题，它并不完全适合长期应用。为了满足这些需求，我们开发了珀西瓦尔：一个新的系统，使搜索秘密分割数据存储，同时保持信息的私密性。我们利用盐渍哈希内的硬件安全模块来执行对已秘密分割并存储在分布式环境中获得预先录制的查询;这保持散装每个客户端上的工作，并蒙蔽查询的两个内容以及其结果的数据托管。此外，珀西瓦尔不依赖于数据存储的具体实现。其结果是一个灵活的设计，可以适用于新的和现有的秘密分割数据存储。当约一百万个文件语料测试波斯富街，发现平均搜索操作在不到一秒钟完成。

著录项

来源
《Symposium on Mass Storage Systems and Technologies》|2015年||共12页
会议地点
作者
Frank Joel C.; Frank Shayna M.; Thurlow Lincoln A.; Kroeger Thomas M.; Miller Ethan L.; Long Darrell D. E.;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类存贮器;
关键词

相似文献

外文文献
中文文献
专利

1. Logless one-phase commit made possible for highly-available datastores [J] . Zhu Yuqing, Yu Philip S., Yi Guolei, Distributed and Parallel Databases . 2020,第1期

机译：无日志记录的一阶段提交使高可用性数据存储成为可能
2. Logless one-phase commit made possible for highly-available datastores [J] . Zhu Yuqing, Yu Philip S., Yi Guolei, Ecological restoration . 2020,第1期

机译：无效的单阶段提交可以为高可用数据存储提供
3. Load Balancing of Distributed Datastore in OpenDaylight Controller Cluster [J] . Kim Taehong, Myung Jungho, Yoo Seong-eun IEEE transactions on network and service management . 2019,第1期

机译：OpenDaylight Controller群集中分布式数据存储的负载平衡
4. Percival: A searchable secret-split datastore [C] . Frank Joel C., Frank Shayna M., Thurlow Lincoln A., Symposium on Mass Storage Systems and Technologies . 2015

机译：Percival：可搜索的秘密分割数据存储
5. Wounded Brown Masculinities in Recent Novels by Percival Everett, Colson Whitehead, Michael Thomas, and John Edgar Wideman [D] . Campbell, Tarrell Rodney. 2018

机译：珀西瓦尔·埃弗里特（Percival Everett），科尔森·怀特海德（Colson Whitehead），迈克尔·托马斯（Michael Thomas）和约翰·埃德加·怀德曼（John Edgar Wideman）最近的小说中受伤的布朗男子气概
6. Jan Percival L. Percival and J. Taylor The Complete Guide to Total Fitness [O] . David P. Chapman 1983

机译：Jan PercivalL。Percival和J. Taylor全面健身的完整指南
7. Percival: A searchable secret-split datastore [O] . Joel C. Frank, Shayna M. Frank, Lincoln A. Thurlow, 2015

机译：Percival：一个可搜索的秘密拆分数据存储

Percival: A searchable secret-split datastore

摘要

著录项

相似文献

相关主题

期刊订阅