A Cooperative InternetBackup Scheme [1]

Leonid Bilevich

Advanced Topics in Storage Systems

[1] M. Lillibridge, S. Elnikety, A. Birrell, M. Burrows, and M. Isard, A cooperative Internet backup scheme, Proc. USENIX Annual Technical Conference, San Antonio, TX, June 2003.

Outline

• Problem• Main findings• Technical description of the results• Possible extension• Conclusion

Problem AddressedNeed: BackupConstraint: Small budget

Solution:Peer-to-peer network

Main Findings

The suggested system is:– Cheap– Reliable– Secure

Main Features of the System

• Pros:– Cheapness (the hardware is available)– Diversification (different sites and different operation systems)

• Cons: – Unreliability of one computer– Non-cooperative environment

----------------------------------------------------• Solution:

– Redundancy Reliability– Security mechanisms

The simplified scheme(cooperation)

• Each computer runs a backup program• Partner computers agree on amount of storage and uptime

Main Steps• Backing up data• Restoring data

Reed-SolomonErasure-Correcting Codes

Backing up data

Restoring data

Reliability and OverheadExample• Reliability of computer=• Reliability of the system:

Security

• Confidentiality• Integrity• Free-rider attacks

Confidentiality• Encrypt the data before sending

Integrity• Authenticate the partner with secret key• Use a keyed cryptographic hash as checksum

Free-rider attacksAgreement violations• Problem: Using backup service without contributing backing service• Solution: “challenge” – testing if the data is stored

Exploiting the grace period• Problem: The grace period when the computer can be down is exploited• Solution: Read prohibition (using low-utility blocks)

Bandwidth theft• Problem: Computers are used to broadcast information• Solution: Quota on number of reads and writes per day

Performance

• The network + remote disk step consumes the largest portion of backup time.

Cost

• For existing Internet backup system: minimal cost$/GB/month• For the new system: minimal cost US cents/GB/month-------------------------------------------------------------------------------------------------------• Saving: times

Limitations

• Limited grace period• Restoration is impossible during the grace period• Long restoration time• Vulnerability to catastrophic viruses-------------------------------------------------------------------------• Solution: hybrid system with central server

Other systems

Old systems• Eternity Service• Archival Intermemory• Free Net• Free Haven

New systems• PAST• OceanStore• Pastiche

Possible extension

Present work – occasional testing• We merely verify that computers don’t drop data.

Another work – rigorous testing• The disk scrubbing technique [2] verifies the integrity of data.--------------------------------------------------------------------------------------------------------------Combined approach• We can incorporate the opportunistic disk scrubbing into the present work,

verifying the validity of data and improving the reliability of the backup system.

Conclusion

Cooperative Internet backup system• Cheapness• Reliability• Security• Possible extension

References• M. Lillibridge, S. Elnikety, A. Birrell, M. Burrows, and M. Isard, A cooperative

Internet backup scheme, Proc. USENIX Annual Technical Conference, San Antonio, TX, June 2003.

• J. S. Plank, A tutorial on Reed-Solomon coding for fault-tolerance in RAID-like systems, Software: Practice and Experience, 27(9):995–1012, Sep. 1997. Correction in: J. S. Plank and Y. Ding, Technical Report UT-CS-03-504, Univ. Tennessee, 2003.

• T. J. E. Schwarz, Q. Xin, E. L. Miller, D. D. E. Long, A. Hospodor, and S. Ng, Disk scrubbing in large archival storage systems, Proc. MASCOTS, Volendam, Netherlands, October 2004.