Security in Outsourced Storage: Efficiently Checking Integrity and Service Level Agreement Compliance

The storage as a service paradigma has recently raised interest in the security community, where a few works have been proposed to check whether an outsourcer has tampered with the integrity of the outsourced data. In this paper, we assume that storage is outsourced in accordance to some integrity enforcing protocol. Under this assumption, we focus on a specific issue; that is, when the outsourcer is requested to provide access to the outsourced data within a given time-bound—for instance, set in a Service Level Agreement (SLA). This paper provides several contributions: first, we identify and motivate the above requirement in the outsourced storage context; second, we show that current integrity enforcing protocols fail in detecting the violation of the time-bound limit against a rationale malicious outsourcer; third, we show how the outsourcer can actively perform such an attack. Results are supported by thorough analysis and extensive simulations.