Toward Publicly Auditable Secure Cloud Data Storage Services Cong Wang and Kui Ren ..etc IEEE Communications Society Speaker: Meng-Ting Tsai Date:2010/11/16 Directory Introduction Cloud Storage Architecture and Security Threats Ensuring Cloud Data Security Concluding Remarks 2016/7/13 2 Introduction(1) Cloud computing has been envisioned as the nextgeneration architecture of the IT: 1. On-demand self-service. 2. Ubiquitous network access. 3. Location-independent resource pooling. 4. Rapid resource elasticity. 5. Usage-based pricing. 6. Transference of risk. 2016/7/13 3 Introduction(2) From the data owners’ perspective , a flexible on-demand manner brings appealing benefits: 1. Relief of the burden of storage management. 2. Universal data access with independent geographical locations. 3. Avoidance of capital expenditure on hardware, software, personnel maintenance. 2016/7/13 4 Introduction(3) Since cloud service providers (CSP) are separate administrative entities, data outsourcing actually relinquishes the owner’s ultimate control over the fate of their data. 2016/7/13 5 Introduction(4) Outages and security breaches of noteworthy cloud services appear from time to time. EX : Gmail’s mass email deletion incident. There are various motivations for CSPs to behave unfaithfully toward cloud customers regarding the status of their outsourced data. EX : Hiding data loss incidents to maintain a reputation. 2016/7/13 6 Introduction(5) Traditional cryptographic primitives for the purpose of data security protection cannot be directly adopted. It is often insufficient to detect data corruption only when accessing the data. The tasks of auditing the data correctness in a cloud environment can be formidable and expensive for data owners. 2016/7/13 7 Introduction(6) To fully ensure data security and save data owners’ computation resources, we propose to enable publicly auditable cloud storage services TPA( Third Party Auditor ). TPA provides a transparent yet cost-effective method for establishing trust between data owner and cloud server. 2016/7/13 8 Introduction(7) This article is intended as a call for action, aiming to motivate further research on dependable cloud storage services and enable public auditing services to become a reality. We sketch a set of building blocks, including recently developed cryptographic primitives (e.g., homomorphic authenticator). 2016/7/13 9 Directory Introduction Cloud Storage Architecture and Security Threats Ensuring Cloud Data Security Concluding Remarks 2016/7/13 10 Cloud Storage Architecture and Security Threats(1) Problem Statement: We begin with a high-level architecture description of cloud data storage services illustrated in Fig. 1 . 2016/7/13 11 Cloud Storage Architecture and Security Threats(2) 2016/7/13 12 Cloud Storage Architecture and Security Threats(3) Security Threats: We consider both malicious outsiders and a semi-trusted CS (Cloud Server) as potential adversaries interrupting cloud data storage services. For its own benefit the CS might neglect to keep or deliberately delete rarely accessed data files that belong to ordinary cloud owners. 2016/7/13 13 Cloud Storage Architecture and Security Threats(4) Desirable Properties for Public Auditing: (1)Minimize Auditing Overhead. (2)Protect Data Privacy. (3)Support Data Dynamics. (4)Support Batch Auditing. 2016/7/13 14 Cloud Storage Architecture and Security Threats(5) (1)Minimize Auditing Overhead: Any extra online burden on a data owner should also be as low as possible. (2)Protect Data Privacy: TPA should be able to efficiently audit the cloud data storage without demanding a local copy of data or even learning the data content. 2016/7/13 15 Cloud Storage Architecture and Security Threats(6) (3)Support Data Dynamics: As a cloud storage service is not just a data warehouse, owners are subject to dynamically updating their data via various application purposes. (4)Support Batch Auditing: The prevalence of large-scale cloud storage service further demands auditing efficiency. 2016/7/13 16 Directory Introduction Cloud Storage Architecture and Security Threats Ensuring Cloud Data Security Concluding Remarks 2016/7/13 17 Ensuring Cloud Data Security(1) 2016/7/13 18 Ensuring Cloud Data Security(2) Traditional Methods Revisited. Utilizing Homomorphic Authenticators. Protecting Data Privacy. Supporting Data Dynamics. Handling Multiple Concurrent Tasks. Further Challenges. 2016/7/13 19 Ensuring Cloud Data Security(3) Traditional Methods Revisited: A straightforward approach to protect the data integrity would be using traditional cryptographic methods, MACs ( Message Authentication Codes ). While this method allows data owners to verify the correctness of the received data from the cloud, it does not give any assurance about the correctness of other outsourced data. 2016/7/13 20 Ensuring Cloud Data Security(4) A particular drawback is that the number of times a data file can be audited is limited by the number of secret keys that must be fixed a priori. 2016/7/13 21 Ensuring Cloud Data Security(5) Utilizing Homomorphic Authenticators : Homomorphic authenticators are unforgeable metadata generated from individual data blocks. Using this technique requires additional information encoded along with the data before outsourcing. 2016/7/13 22 Ensuring Cloud Data Security(6) 2016/7/13 23 Ensuring Cloud Data Security(7) Protecting Data Privacy: If enough linear combinations of the same blocks are collected, the TPA can simply derive the sampled data content by solving a system of linear equations. This drawback greatly affects the security of using homomorphic- authenticator-based. 2016/7/13 24 Ensuring Cloud Data Security(8) To address this concern, a proper approach is to combine the homomorphic authenticator with random masking. 2016/7/13 25 Ensuring Cloud Data Security(9) Supporting Data Dynamics: Using homomorphic authenticators helps achieve a constant communication overhead for public auditability. 2016/7/13 26 Ensuring Cloud Data Security(10) Handling Multiple Concurrent Tasks: Such a technique supports the aggregation of multiple signatures by distinct signers on distinct messages into a single signature and thus allows efficient verification for the authenticity of all messages. Ensuring Cloud Data Security(11) Further Challenges: 1.Accountability 2.Multi-Writer Model 3.Performance Directory Introduction Cloud Storage Architecture and Security Threats Ensuring Cloud Data Security Concluding Remarks 2016/7/13 29 Concluding Remarks Cloud computing has been envisioned as the nextgeneration architecture of enterprise IT. We believe security in cloud computing, an area full of challenges. Thank you for your attention!!