Post on 02-Jan-2016
description
Ragib HasanUniversity of Alabama at BirminghamCS 491/691/791 Fall 2011 Lecture 10
09/15/2011
Security and Privacy in Cloud Computing
2
Securing Data Integrity
09/15/2011 Fall 2011 Lecture 10 | UAB | Ragib Hasan
Goal: Learn about PoR based techniques for protecting data integrity in clouds
Review Assignment #4
Kevin D. Bowers, Ari Juels, and Alina Oprea. HAIL: A high-availability and integrity layer for cloud storage. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09), 2009
Fall 2011 Lecture 10 | UAB | Ragib Hasan 3
PoR: Proof of Retrievability
• Definition:– A compact proof that • the stored file is intact• It can be retrieved
• Difference with PDP?– PDP proves the file is present in the server– PDP doesn’t prove the file is retrievable in entirety
09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 4
Overview of PoR
09/15/2011
Client Server
Challenge c
Response r
File F
Key Generator
File EncoderKey k
Fall 2011 Lecture 10 | UAB | Ragib Hasan 5
HAIL: High Availability and Integrity Layer (RSA Labs)
• RAID for clouds!!
• Uses PoR and distributed file storage to ensure retrievability, integrity, and availability
• Allows recovering from malicious cloud providers
09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 6
Why we need HAIL?
• PoR allows checking data retrievability, but if data is deleted by malicious provider, nothing can be done.
• Even single bit errors can render file useless
• Idea: – Use error-correcting codes to ignore small errors– Use PoR to detect larger errors– Use RAID like redundancy using multiple cloud providers
(to ensure reconstruction)09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 7
Advantages of HAIL
• Strong file-intactness assurance• Low overhead• Strong adversarial model• Direct client-server communication
09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 8
RAID (Redundant Array of Inexpensive Disks)
File block File block File block Parity block
F F1 F1 F2 F3F3F2
09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 9
F F1 F1 F2 F3F3F2
The Cloud isn’t necessarily so nice
• What if service providers lose data but… don’t tell you until file is lost?
X XX
Provider A Provider B Provider C Provider D
09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 10
Mobile adversary
• A mobile adversary moves from device to device, corrupting as it goes—potentially silently
• Mobile adversary models, e.g., system failures / corruptions over time, virus propagation
• RAID isn’t designed for this kind of adversary– Designed for limited, readily detectable failures in devices
you own—the benign case09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 11
Mobile adversary
• In cryptography, usual approach to mobile adversary is proactive
09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 12
Mobile adversary
• In cryptography, usual approach to mobile adversary is proactive
• Another, cheaper possibility is reactive: We detect and remediate– Like whack-a-mole!
• PORs can provide detection here…09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 13
HAIL design principle
TAR: Test and Redistribute– Divide time into epochs– At each epoch, test for any corruption/missing
blocks– Rebuild corrupted blocks by getting data from
other cloud providers, and distributing to damaged copy
09/15/2011
Multiple providers: Naïve approach
09/15/2011 Fall 2011 Lecture 10 | UAB | Ragib Hasan 14
Amazon S3 Google EMC Atmos
Client
F
Sample and check consistency across providers
F F F
Naïve approach
Fall 2011 Lecture 10 | UAB | Ragib Hasan 15
Creeping attack
09/15/2011 15
Amazon S3 Google EMC Atmos
Client
F F F
The probability that client samples the corrupted block is low
File can not be recovered after
[n/b] epochs
F F F
Fall 2011 Lecture 10 | UAB | Ragib Hasan 16
Local PoR checks are costly
09/15/2011 16
Amazon S3 Google EMC Atmos
Client
F
F F F
ECC
POR POR POR
Cons: requires integrity checks for each replica
Fall 2011 Lecture 10 | UAB | Ragib Hasan 19
Dispersal code
Client
F
dispersal (n,m)
P1 P2 P3 P4 P5
F Dispersal code parity blocks
09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 20
Dispersal code
Client
P1 P2 P3 P4 P5
Stripe
Check that stripe is a codeword in dispersal code
POR encoding to correct small corruption
Dispersal code parity
POR encoding
F Dispersal code parity blocks
How to increase file lifetime?
09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 21
Increasing file lifetime with MACs
Client
P1 P2 P3 P4 P5
MAC MAC MAC MAC MAC
Can we reduce storage overhead?
09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 22
Integrity-protected dispersal code
Client
P1 P2 P3 P4 P5
Reed-Solomon dispersal code
m hk1(m) UHF hk2(m)
PRF+
09/15/2011
Fall 2011 Lecture 10 | UAB | Ragib Hasan 23
Integrity-protected dispersal code
Client
P1 P2 P3 P4 P5
MACs embedded into parity symbols
m PRF+
09/15/2011