Title: Secure Untrusted Data Repository (SUNDR) 


Authors: Jinyuan Li, Maxwell Krohn, David Mazières, and Dennis Shasha


We have implemented a secure network file system called SUNDR that
guarantees the integrity of data even when malicious parties control
the server.  SUNDR splits storage functionality between two untrusted
components, a block store and a consistency server.  The block store
holds all file data and most metadata.  Without interpreting metadata,
it presents a simple interface for clients to store variable-sized
data blocks and later retrieve them by cryptographic hash.
The consistency server implements a novel protocol that guarantees
close-to-open consistency whenever users see each other's updates.
The protocol roughly consists of users exchanging version-stamped
digital signatures of block server metadata, though a number of
subtleties arise in efficiently supporting concurrent clients and
group-writable files.  We have proven the protocol's security under
basic cryptographic assumptions.  Without somehow producing signed
messages valid under a user's (or the superuser's) public key, an
attacker cannot tamper with a user's files---even given control of the
servers and network.  Despite this guarantee, SUNDR performs within a
reasonable factor of existing insecure network file systems.