Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng...
-
Upload
tatyana-rout -
Category
Documents
-
view
217 -
download
1
Transcript of Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng...
![Page 1: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/1.jpg)
Trusted Data Sharing over Untrusted Cloud Storage Provider
Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang
Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on
![Page 2: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/2.jpg)
2
Outline
IntroductionSecurity requirements
Progressive elliptic curve encryption scheme
Trusted sharing on untrusted cloud servers
Security analysis
Related work
Conclusions
![Page 3: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/3.jpg)
Introduction
With cloud computing, data owners have only limited control over the IT infrastructure.
Cloud service providers have excessive privileges.
3
![Page 4: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/4.jpg)
Introduction
The general idea of the proposal mechanism is to encrypt the data before storing on the cloud. On sharing the data, the encrypted data will be re-encrypted without being decrypted first. The re-encrypted data will then be cryptographically accessible to the authorize user only.
4
![Page 5: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/5.jpg)
Security requirements
1. Data stored on the cloud should be confidential.
2. Sharing of the data can be achieved by the authorization by the data owner.
3. Permissions given by data owner cannot be transferred to others by the permission bearer.
5
Alice
Bob
Cloud Storage Provider
Trudy
![Page 6: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/6.jpg)
Security requirements
The challenge of meeting the requirements is that secure data sharing needs to be achieved via an untrusted cloud storage provider.
6
![Page 7: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/7.jpg)
Progressive elliptic curve encryption
The PECE scheme allows a piece of data to be encrypted multiple times using different keys such that the final cipertext can be decrypted in a single run with a single key.
The encryption and decryption are both based on Elliptic Curve Cryptography.
7
![Page 8: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/8.jpg)
Notation
Let m be a piece of data, U be a set of N users. For each , has the secret key k i.
Let q be a random number agreed by all
The encryption is performed in the order of
For , it computes
Where
8
Uui
Gqkmm iii 1
Uui
Uui iu
Ni uu
mm 0
![Page 9: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/9.jpg)
Encrypt
When all has participated in the encryption process, the final encrypted data is as follows.
9
Uui
N
ii
N
ii
N
tNiitN
NN
Ne
Gqkm
Gqkm
Gqkm
Gqkm
mm
1
10
1
1
)(
)(
)(
)(
![Page 10: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/10.jpg)
Decrypt
Let , then me can be decrypted by a single operation as follows.
10
m
Gqkm
Gkqm
Gqkmm
N
iie
N
iie
cep
1
1
)(
)(
N
i ic kk1
![Page 11: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/11.jpg)
Trusted sharing on untrusted cloud servers
11
![Page 12: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/12.jpg)
Notation
ka : Alice private key (Alice’s key is not used)
kaG : Alice public key
kb : Bob private key
kbG : Bob public key
kc : Cloud Storage Provider private key
kcG: Colud Storage Provider public key
Assuming kc shared with Alice(the key kc can be a key that is dynamically generated by Alice and the Cloud Provider mutually)
12
![Page 13: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/13.jpg)
Trusted sharing on untrusted cloud servers
13
tGGrkmm ce )1(
Gkb)2(
tGGrkGkrGkrGt cccbbc )3(),)(4( GtGr cc
Grb)5(
GtGkrmm cccec )6(
Gkrmm bbcb )7(
Alice BobCloud Storage Provider
Random number r, t
Random number rc, rb
![Page 14: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/14.jpg)
Algorithm Proof
14
m
Gkr
tGGrkGkrGkrGkrtGGrkm
GkrGtGkrm
Gkrmm
bb
cccbbccc
bbccce
bbcb
))()((
)(
![Page 15: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/15.jpg)
Security Analysis
Unauthorized Access to Data:
1. The attacker acquires a credential that can decrypt the data without the help of the Cloud Storage Provider.
To acquire such a credential, the attacker will need the knowledge of rkcG + tG, or the knowledge of the three secrets of r, kc and t. As m, r, kc, and t are all kept in secret, the knowledge of rkcG+tG, or the knowledge of the three secrets of r, kc and t, are not possible.
15
![Page 16: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/16.jpg)
Security Analysis
2. The attacker acquires a credential that can decrypt the data with the help of the Cloud Storage Provider.
To acquire such a credential, the attacker must have the knowledge of rb, kb, or the knowledge of rbkbG. As rb is delivered to Bob in the form of rbG, it is not possible for the attacker to calculate rb from rbG. kb is a secret that is kept in private by Bob, hence the attacker could not acquire kb.
16
![Page 17: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/17.jpg)
Security Analysis
Information Disclosure During SharingTo acquire the clear data during the sharing, an attacker must either have the decryption key for me, mc or mb. The above discussion proves that the attacker cannot decrypt me or mb. To decrypt mc, the attacker needs the knowledge of rckcG. As kc is the private secret kept by the Cloud Storage Provider, the attacker could be able to calculate rckcG from rcG.
17
mc=me + rckcG + tcG
![Page 18: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/18.jpg)
Attacker Use Case
18
![Page 19: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/19.jpg)
Conclusions
Limitations:
This work assumes that the private key of the cloud provider is known to the data owner. This is a very strong assumption as no system administrators would want to share their systems’ keys with users, making it impractical to be deployed.
The proposed algorithm and the protocol are less efficient than those protocols that requires only a single ECC encryption operation
19
![Page 20: Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.](https://reader036.fdocuments.us/reader036/viewer/2022062404/55163846550346a2308b6302/html5/thumbnails/20.jpg)
Conclusions
Contributions:1. Identify the need for implementing trusted data
sharing over untrusted cloud storage providers.
2. Propose a progressive encryption scheme based on elliptic curve encryption.
3. Devise a scheme for secure sharing on the cloud.
4. Perform a comprehensive security analysis of the proposed scheme and show that the scheme achieves trusted sharing over untrusted cloud servers.
20