Data Security for Cloud Storage Systems
Xiaohua Jia
Shen Zhen Graduate School Harbin Institute of Technology
1

 Cloud Storage Systems  Auditing as a Service  Access Control as a Service Dept. of Computer Science City University of Hong Kong
2

Dept. of Computer Science City University of Hong Kong
3

data owners  A model of online storage
Cloud Service Providers
• Operate large data centers • Virtualize storage pools Dept. of Computer Science City University of Hong Kong
Data Owners
•Buy or rent storage in a pay-as-you-go model •Data stored in virtual storage
4

 Separation of data ownership and service provider Users can access data from anywhere and at anytime Owners Dept. of Computer Science City University of Hong Kong Users
5

Cloud Servers are not fully trustable:  Data Integrity Data could be corrupted or even deleted in the cloud.  Data Access control Data may be given access to unauthorized users.
Dept. of Computer Science City University of Hong Kong
6

Dept. of Computer Science City University of Hong Kong
7

Checking On Retrieval is not adequate:  Not sufficient: random sampling cannot cover large size of data  Not convenient: overhead is too high Auditing as a Service  A service to check the cloud data integrity  Conducted by a Third Party Auditor Dept. of Computer Science City University of Hong Kong
8

A third party auditor can  Provide unbiased auditing results  Benefit for both data owners and service providers   Data Owners – be ensured data integrity Service Providers – Build good reputation  Able to do a good job efficiently  Professional Expertise  Computing Capabilities Dept. of Computer Science City University of Hong Kong
9

 Privacy Preservation  Keep the data confidential against the auditor  Dynamic Auditing  Allow dynamic updates of data in the cloud  Batch Auditing  Combine multiple auditing tasks together to improve efficiency Dept. of Computer Science City University of Hong Kong
10

Architecture of 3 rd Party Auditing Initialization: Data owner sends 1) encrypted data & verification tags to server, and 2) data index to auditor  Challenge: Auditor sends Challenge to cloud server  Proof: Server responses with Proof  Verification: Auditor verifies correctness of the Proof Auditor Owners Dept. of Computer Science City University of Hong Kong Cloud Servers
11

 Initialization  Data Segmentation – Improve Efficiency  Homomorphic Tag – Batch Auditing m m 1 … m i … m n Divide m into n blocks m i m i1 … m
ij
… m
il
Split m i into l sectors System Parameters: G 1 , G 2 , G T : multiplicative groups with the same prime order p e: pairing operation maps a pair of points from G 1 and G 2 to a point in G T g 1 : generator of G 1 ; g 2 : generator of G 2 Dept. of Computer Science City University of Hong Kong
12

m m 1 … m i … m n m i m i1 … m ij … m
il
t i = (h(sk h, FID||i)Π j=1->l g 1 x j m ij ) sk t abstract information of m: FID, # of blocks, index table, etc. sk t : secret tag key kept by owner sk h : secret hash key shared with auditor g 2 skt : public tag key shared with auditor g 1 xj : random key shared with the cloud Dept. of Computer Science City University of Hong Kong Auditor Cloud Servers
13

 Challenge from auditor: C = ({i, v i } iQ , R = (g 2 sk t ) r )  Proof by Cloud: P = (DP, TP)  Data Proof: DP = Π j=1->l e(g 1 x j , R) MP j where MP j = Σ iQ v i m ij  Tag Proof: TP = Π iQ t i v i m 1 MP 1 m 11 … MP j m 1j … MP
l
m 1l m i m q m i1 m q1 … … m ij m qj … … m
il
m
ql
Dept. of Computer Science City University of Hong Kong
14

 Challenge from auditor : C = ({i, v i } iQ , R = (g 2 sk t ) r )  Proof by Cloud: P = (DP, TP)  Data Proof: DP = Π j=1->l e(g 1 x j , R) MP j where MP j = Σ iQ v i m ij  Tag Proof: TP = Π iQ t i v i  Verification by auditor: H chal = Σ iQ h(sk h, FID||i) rv i DP·e(H chal , g 2 sk t ) = e(TP, g 2 r ) Dept. of Computer Science City University of Hong Kong
15

 Kan Yang and Xiaohua Jia. “Security for Cloud Storage Systems”, Springer 2014, ISBN 978-1-4614-7872-0.
 Kan Yang and Xiaohua Jia. “An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing”. IEEE Trans. on Parallel and Distributed Systems (TPDS), Vol 24, Issue 9, September 2013.
 Kan Yang and Xiaohua Jia. “Data Storage Auditing Service in Cloud Computing: Challenges, Methods and Opportunities”. World Wide Web, Vol 15, Issue 4, July 2012.
Dept. of Computer Science City University of Hong Kong
16

Dept. of Computer Science City University of Hong Kong
17

Data stored in server is encrypted.
 Encryption-based Access Control   Each authorized user receives a secret key Users can decrypt ciphertext by their secret keys SK Owner Dept. of Computer Science City University of Hong Kong User
18

  Asymmetric Key Encryption (users pub-key for encryption)  Multi-copies of encrypted data for difference users Symmetric Key Encryption  Difficulties in key distribution Dept. of Computer Science City University of Hong Kong
19

A Wish-list for Encryption-based Access Control    Key management is scalable No need of online trusted server for access control Expressive access control polices Attribute-Based Encryption (ABE) is a promising direction to go!
Dept. of Computer Science City University of Hong Kong
20

Ciphertext-Policy Attribute-Based Encryption (CP-ABE)  Data are encrypted by the access policy OR Prof AND (CS AND PhD) OR Prof  CS PhD Secret keys are associated with attributes  Attributes are mathematically incorporated into the key Alice Bob SK
{EE, Prof} {CS, PhD}
Dept. of Computer Science City University of Hong Kong
21

Ciphertext-Policy Attribute-Based Encryption (CP-ABE)  Ciphertext can be decrypted iff key satisfy the access policy attributes in the {EE, Prof} Alice
Satisfies
(CS AND PhD) OR Prof • • No 3 rd party evaluates the policy and makes access decision (server is excluded) Policy checking is embedded in cryptography Dept. of Computer Science City University of Hong Kong
22

Attribute-Based Access Control (ABAC) MSK PK  SK Bob : “CS Dept.” “Professor”  OR  AND  CS Dept .
Dept. of Computer Science City University of Hong Kong SK Kevin “Master” : “CS Dept.”
23

 Access policy is defined by owners  Access policy is enforced by the cryptography  nobody explicitly evaluates the policies and makes an access decision  Only one copy of ciphertext is generated for each file Dept. of Computer Science City University of Hong Kong
24

 G: multiplicative group of prime order p.  Intuitive Hardness Discrete Log: Given: g, g a Hard to find: a  Bilinear map e: GG  G T Def: An admissible bilinear map e: GG  G T is: – Non-degenerate: g generates G  e(g, g) generates G T .
– Bilinear: e(g
a
, g
b
) = (e(g,g))
ab
a,bZ p , gG – Efficiently computable Dept. of Computer Science City University of Hong Kong
25

Setup( λ ) -> MSK, PK MSK PK KeyGen( MSK, Attrs.
) -> SK Encrypt( PK ,M, Access policy ) -> CT SK “ CS Dept.
” “ PhD ” OR Professor CS Dept.
AND PhD Decrypt( SK, CT ) -> M Dept. of Computer Science City University of Hong Kong SK “ CS Dept.
” “ PhD ” OR Professor CS Dept.
AND PhD
26

Authority
a, b

R
Z P
MSK
MSK = a
Public Key
PK = ( g, g b , e(g, g) a , H: {0,1} *  G ) Dept. of Computer Science City University of Hong Kong
27

Authority
Authority issues secret keys for users who have attributes
Alice Bob Charlie
“CS Dept.” “Professor” Dept. of Computer Science City University of Hong Kong “CS Dept.” “Master” “EE Dept.” “PhD”
28

 Users may collude to decrypt data by combining their attributes OR CS Dept.
AND  PhD Prof
Charlie Bob
“ CS Dept.
” “Master” Dept. of Computer Science City University of Hong Kong “EE Dept.” “ PhD ”
29

Authority
MSK = a Bob has attributes: {“ Master ”, “ CS Dept .”, “ TA ”} SK = ( g a+b t , g t , H(“ Master ”) t , H(“ CS Dept.
”) t , H(“ TA ”) t ) t : random number in Z p . It ties components in SK together Personalization!
Collusion Resistance Dept. of Computer Science City University of Hong Kong
30

Bob: “CS Dept.” … SK Random t g a+b t , g t , H(“ CS Dept.
”) t , SK Charlie: “PhD” … Random t’ Dept. of Computer Science City University of Hong Kong g a+b t’ , g t’ , H(“ PhD ”) t’ Components are incompatible
31

Data Owner
PK = ( g, g b , e(g, g) a , H: {0,1} * M
s
AND  G ) Given M and policy, owner generates a random secret
s s
OR
s 1 =s
Prof Ciphertext: CT = ( M .
e(g,g) a s , g s , OR Professor CS Dept.
AND PhD
s 3 =r s
CS Dept.
2 =s-r
PhD C 1 = (g b s 1 H(“ Prof ”) r1 , g r1 ), C 2 = (g b s2 H(“ PhD ”) r2 , C 3 = (g b s3 H(“ CS Dept.
”) r3 , g r3 ) ) Dept. of Computer Science City University of Hong Kong
32

Ciphertext CT
CT = ( M  e(g,g) a s , g s , C 1 = (g b s 1 H(“ Prof ”) r1 , g r1 ), C 2 = (g b s2 H(“ PhD ”) r2 , g r2 ), C 3 = (g b s3 H(“ CS Dept.
”) r3 , g r3 ) )
Secret Key SK
SK = ( g a+b t , g t , H(“ Prof ”) t , H(“ PhD ”) t , H(“ CS Dept.
”) t ) e(g a+b t , g s ) = e(g,g) a s e(g,g) b t s “ Prof ” e(g,g) b t s = e(g b s1 H(“ Prof ”) r1 , g t ) e(g r1 , H(“ Prof ”) t ) Dept. of Computer Science City University of Hong Kong OR “ PhD ” AND “ CS Dept.
” e(g b s2 H(“ PhD ”) r2 , g t ) e(g r2 , H(“ PhD ”) t ) .
e(g b s3 H(“ CS Dept.
”) r3 , g t ) e(g r3 , H(“ CS Dept.
”) t ) = e(g,g) b t s 2 e(g,g) b t s 3 = e(g,g) b t s
33

Research Challenges  Multiple Authorities AND Authority in CityU CS dept .
OR manager marketing Bob: “CS dept.” Kevin: “manager” Authority in Google Dept. of Computer Science City University of Hong Kong
34

Research Challenges    Attribution Revocation  Prevent revoked users from decrypting new ciphertexts  Guarantee new users to decrypt previous ciphertexts Decryption Efficiency  Mobile Devices Policy Hidden K Yang, X Jia, K Ren, R Xie and L Huang. “Enabling Efficient Access Control with Dynamic Policy Updating for Big Data in the Cloud”, INFOCOM’14. K Yang, X Jia, K Ren and B Zhang. “DAC-MACS: Effective Data Access Control for Multi Authority Cloud Storage Systems”, INFOCOM’13, extended version in IEEE Trans on Information Forensics and Security 8(11), 2013.
K Yang and X Jia. “Attributed-based Access Control for Multi-authority Systems in Cloud Storage,” ICDCS’12.
Dept. of Computer Science City University of Hong Kong
35

 Cloud server is not fully trusted by data owners  Data Integrity  Auditing as a Service  Data Access Control  Access Control as a Service Dept. of Computer Science City University of Hong Kong
36

Dept. of Computer Science City University of Hong Kong
Q&A
37