Toward Publicly Auditable Secure Cloud Data Storage Services

Speaker: Meng-Ting TsaiDate:2010/11/16

Toward Publicly Auditable Secure Cloud Data Storage ServicesCong Wang and Kui Ren ..etcIEEE Communications Society

Directory

Introduction

Cloud Storage Architecture and Security Threats

Ensuring Cloud Data Security

Concluding Remarks**

Introduction(1)Cloud computing has been envisioned as the next-generation architecture of the IT:

1. On-demand self-service.2. Ubiquitous network access.3. Location-independent resource pooling.4. Rapid resource elasticity.5. Usage-based pricing.6. Transference of risk.**

Introduction(2)From the data owners perspective , a flexible on-demand manner brings appealing benefits:

1. Relief of the burden of storage management.2. Universal data access with independent geographical locations.3. Avoidance of capital expenditure on hardware, software, personnel maintenance.**

Introduction(3)

Since cloud service providers (CSP) are separate administrative entities, data outsourcing actually relinquishes the owners ultimate control over the fate of their data.

**

Introduction(4)Outages and security breaches of noteworthy cloud services appear from time to time.EX : Gmails mass email deletion incident.

There are various motivations for CSPs to behave unfaithfully toward cloud customers regarding the status of their outsourced data.EX : Hiding data loss incidents to maintain a reputation.

**

Introduction(5)Traditional cryptographic primitives for the purpose of data security protection cannot be directly adopted.

It is often insufficient to detect data corruption only when accessing the data.

The tasks of auditing the data correctness in a cloud environment can be formidable and expensive for data owners. **

Introduction(6)To fully ensure data security and save data owners computation resources, we propose to enable publicly auditable cloud storage services TPA( Third Party Auditor ).

TPA provides a transparent yet cost-effective method for establishing trust between data owner and cloud server. **

Introduction(7)This article is intended as a call for action, aiming to motivate further research on dependable cloud storage services and enable public auditing services to become a reality.

We sketch a set of building blocks, including recently developed cryptographic primitives (e.g., homomorphic authenticator).**

Directory

Introduction




Cloud Storage Architecture and Security Threats(1)Problem Statement:

We begin with a high-level architecture description of cloud data storage services illustrated in Fig. 1 .**

Cloud Storage Architecture and Security Threats(2)**

Cloud Storage Architecture and Security Threats(3)Security Threats

We consider both malicious outsiders and a semi-trusted CS (Cloud Server) as potential adversaries interrupting cloud data storage services.

For its own benefit the CS might neglect to keep or deliberately delete rarely accessed data files that belong to ordinary cloud owners. **

Cloud Storage Architecture and Security Threats(4)Desirable Properties for Public Auditing

(1)Minimize Auditing Overhead.

(2)Protect Data Privacy.

(3)Support Data Dynamics.

(4)Support Batch Auditing.**

Cloud Storage Architecture and Security Threats(5)(1)Minimize Auditing Overhead

Any extra online burden on a data owner should also be as low as possible.

(2)Protect Data Privacy

TPA should be able to efficiently audit the cloud data storage without demanding a local copy of data or even learning the data content. **

Cloud Storage Architecture and Security Threats(6)(3)Support Data Dynamics

As a cloud storage service is not just a data warehouse, owners are subject to dynamically updating their data via various application purposes.

(4)Support Batch Auditing

The prevalence of large-scale cloud storage service further demands auditing efficiency.

**

Directory

Introduction




Ensuring Cloud Data Security(1)**

Ensuring Cloud Data Security(2)

Traditional Methods Revisited.Utilizing Homomorphic Authenticators.Protecting Data Privacy. Supporting Data Dynamics.Handling Multiple Concurrent Tasks. Further Challenges.

**

Ensuring Cloud Data Security(3)Traditional Methods Revisited

A straightforward approach to protect the data integrity would be using traditional cryptographic methods, MACs ( Message Authentication Codes ).

While this method allows data owners to verify the correctness of the received data from the cloud, it does not give any assurance about the correctness of other outsourced data. **


A particular drawback is that the number of times a data file can be audited is limited by the number of secret keys that must be fixed a priori. **

Ensuring Cloud Data Security(5)Utilizing Homomorphic Authenticators

Homomorphic authenticators are unforgeable metadata generated from individual data blocks.

Using this technique requires additional information encoded along with the data before outsourcing. **

Ensuring Cloud Data Security(6)**

Ensuring Cloud Data Security(7)Protecting Data Privacy

If enough linear combinations of the same blocks are collected, the TPA can simply derive the sampled data content by solving a system of linear equations.

This drawback greatly affects the security of using homomorphic- authenticator-based.**


To address this concern, a proper approach is to combine the homomorphic authenticator with random masking. **

Ensuring Cloud Data Security(9)Supporting Data DynamicsUsing homomorphic authenticators helps achieve a constant communication overhead for public auditability.

**

Ensuring Cloud Data Security(10)Handling Multiple Concurrent Tasks

Such a technique supports the aggregation of multiple signatures by distinct signers on distinct messages into a single signature and thus allows efficient verification for the authenticity of all messages.

Ensuring Cloud Data Security(11)Further Challenges

1.Accountability2.Multi-Writer Model3.Performance

Directory

Introduction




Concluding Remarks

Cloud computing has been envisioned as the next-generation architecture of enterprise IT.

We believe security in cloud computing, an area full of challenges.

Thank you for your attention!!

*

Toward Publicly Auditable Secure Cloud Data Storage Services

Documents

Transcript of Toward Publicly Auditable Secure Cloud Data Storage Services