Toward Publicly Auditable Secure Cloud Data Storage Services IEEE Communications Society

advertisement
Toward Publicly Auditable Secure
Cloud Data Storage Services
Cong Wang and Kui Ren ..etc
IEEE Communications Society
Speaker: Meng-Ting Tsai
Date:2010/11/16
Directory
Introduction
Cloud Storage Architecture and Security Threats
Ensuring Cloud Data Security
Concluding Remarks
2016/7/13
2
Introduction(1)
Cloud computing has been envisioned as the nextgeneration architecture of the IT:
1. On-demand self-service.
2. Ubiquitous network access.
3. Location-independent resource pooling.
4. Rapid resource elasticity.
5. Usage-based pricing.
6. Transference of risk.
2016/7/13
3
Introduction(2)
From the data owners’ perspective , a flexible on-demand
manner brings appealing benefits:
1. Relief of the burden of storage management.
2. Universal data access with independent geographical
locations.
3. Avoidance of capital expenditure on hardware, software,
personnel maintenance.
2016/7/13
4
Introduction(3)
Since cloud service providers (CSP) are separate
administrative entities, data outsourcing actually
relinquishes the owner’s ultimate control over the fate of
their data.
2016/7/13
5
Introduction(4)
Outages and security breaches of noteworthy cloud services
appear from time to time.
EX : Gmail’s mass email deletion incident.
There are various motivations for CSPs to behave
unfaithfully toward cloud customers regarding the status of
their outsourced data.
EX : Hiding data loss incidents to maintain a reputation.
2016/7/13
6
Introduction(5)
Traditional cryptographic primitives for the purpose of data
security protection cannot be directly adopted.
It is often insufficient to detect data corruption only when
accessing the data.
The tasks of auditing the data correctness in a cloud
environment can be formidable and expensive for data
owners.
2016/7/13
7
Introduction(6)
To fully ensure data security and save data owners’
computation resources, we propose to enable publicly
auditable cloud storage services TPA( Third Party Auditor ).
TPA provides a transparent yet cost-effective method for
establishing trust between data owner and cloud server.
2016/7/13
8
Introduction(7)
This article is intended as a call for action, aiming to
motivate further research on dependable cloud storage
services and enable public auditing services to become a
reality.
We sketch a set of building blocks, including recently
developed cryptographic primitives (e.g., homomorphic
authenticator).
2016/7/13
9
Directory
Introduction
Cloud Storage Architecture and Security Threats
Ensuring Cloud Data Security
Concluding Remarks
2016/7/13
10
Cloud Storage Architecture and Security
Threats(1)
Problem Statement:
We begin with a high-level architecture description of cloud
data storage services illustrated in Fig. 1 .
2016/7/13
11
Cloud Storage Architecture and Security
Threats(2)
2016/7/13
12
Cloud Storage Architecture and Security
Threats(3)
Security Threats:
We consider both malicious outsiders and a semi-trusted CS
(Cloud Server) as potential adversaries interrupting cloud data
storage services.
For its own benefit the CS might neglect to keep or
deliberately delete rarely accessed data files that belong to
ordinary cloud owners.
2016/7/13
13
Cloud Storage Architecture and Security
Threats(4)
Desirable Properties for Public Auditing:
(1)Minimize Auditing Overhead.
(2)Protect Data Privacy.
(3)Support Data Dynamics.
(4)Support Batch Auditing.
2016/7/13
14
Cloud Storage Architecture and Security
Threats(5)
(1)Minimize Auditing Overhead:
Any extra online burden on a data owner should also be as
low as possible.
(2)Protect Data Privacy:
TPA should be able to efficiently audit the cloud data
storage without demanding a local copy of data or even
learning the data content.
2016/7/13
15
Cloud Storage Architecture and Security
Threats(6)
(3)Support Data Dynamics:
As a cloud storage service is not just a data warehouse,
owners are subject to dynamically updating their data via
various application purposes.
(4)Support Batch Auditing:
The prevalence of large-scale cloud storage service further
demands auditing efficiency.
2016/7/13
16
Directory
Introduction
Cloud Storage Architecture and Security Threats
Ensuring Cloud Data Security
Concluding Remarks
2016/7/13
17
Ensuring Cloud Data Security(1)
2016/7/13
18
Ensuring Cloud Data Security(2)
Traditional Methods Revisited.
Utilizing Homomorphic Authenticators.
Protecting Data Privacy.
Supporting Data Dynamics.
Handling Multiple Concurrent Tasks.
Further Challenges.
2016/7/13
19
Ensuring Cloud Data Security(3)
Traditional Methods Revisited:
A straightforward approach to protect the data integrity
would be using traditional cryptographic methods,
MACs ( Message Authentication Codes ).
While this method allows data owners to verify the
correctness of the received data from the cloud, it does not
give any assurance about the correctness of other
outsourced data.
2016/7/13
20
Ensuring Cloud Data Security(4)
A particular drawback is that the number of times a data file
can be audited is limited by the number of secret keys that
must be fixed a priori.
2016/7/13
21
Ensuring Cloud Data Security(5)
Utilizing Homomorphic Authenticators :
Homomorphic authenticators are unforgeable metadata
generated from individual data blocks.
Using this technique requires additional information
encoded along with the data before outsourcing.
2016/7/13
22
Ensuring Cloud Data Security(6)
2016/7/13
23
Ensuring Cloud Data Security(7)
Protecting Data Privacy:
If enough linear combinations of the same blocks are
collected, the TPA can simply derive the sampled data
content by solving a system of linear equations.
This drawback greatly affects the security of using
homomorphic- authenticator-based.
2016/7/13
24
Ensuring Cloud Data Security(8)
To address this concern, a proper approach is to combine
the homomorphic authenticator with random masking.
2016/7/13
25
Ensuring Cloud Data Security(9)
Supporting Data Dynamics:
Using homomorphic authenticators helps achieve a constant
communication overhead for public auditability.
2016/7/13
26
Ensuring Cloud Data Security(10)
Handling Multiple Concurrent Tasks:
Such a technique supports the aggregation of multiple
signatures by distinct signers on distinct messages into a
single signature and thus allows efficient verification for the
authenticity of all messages.
Ensuring Cloud Data Security(11)
Further Challenges:
1.Accountability
2.Multi-Writer Model
3.Performance
Directory
Introduction
Cloud Storage Architecture and Security Threats
Ensuring Cloud Data Security
Concluding Remarks
2016/7/13
29
Concluding Remarks
Cloud computing has been envisioned as the nextgeneration architecture of enterprise IT.
We believe security in cloud computing, an area full of
challenges.
Thank you for your attention!!
Download