The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.12 - Dec. (2013 vol.24)
pp: 2375-2385
Ayad Barsoum , University of Waterloo, Waterloo
Anwar Hasan , University of Waterloo, Waterloo
ABSTRACT
Storage-as-a-service offered by cloud service providers (CSPs) is a paid facility that enables organizations to outsource their sensitive data to be stored on remote servers. In this paper, we propose a cloud-based storage scheme that allows the data owner to benefit from the facilities offered by the CSP and enables indirect mutual trust between them. The proposed scheme has four important features: 1) it allows the owner to outsource sensitive data to a CSP, and perform full block-level dynamic operations on the outsourced data, i.e., block modification, insertion, deletion, and append, 2) it ensures that authorized users (i.e., those who have the right to access the owner's file) receive the latest version of the outsourced data, 3) it enables indirect mutual trust between the owner and the CSP, and 4) it allows the owner to grant or revoke access to the outsourced data. We discuss the security issues of the proposed scheme. Besides, we justify its performance through theoretical analysis and a prototype implementation on Amazon cloud platform to evaluate storage, communication, and computation overheads.
INDEX TERMS
Cloud computing, Access control, Storage automation, Outsourcing,access control, Outsourcing data storage, dynamic environment, mutual trust
CITATION
Ayad Barsoum, Anwar Hasan, "Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems", IEEE Transactions on Parallel & Distributed Systems, vol.24, no. 12, pp. 2375-2385, Dec. 2013, doi:10.1109/TPDS.2012.337
REFERENCES
[1] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, "Provable Data Possession at Untrusted Stores," Proc. 14th ACM Conf. Computer Comm. Security, pp. 598-609, 2007.
[2] F. Sebé, J. Domingo-Ferrer, A. Martinez-Balleste, Y. Deswarte, and J.-J. Quisquater, "Efficient Remote Data Possession Checking in Critical Information Infrastructures," IEEE Trans. Knowledge Data Eng., vol. 20, no. 8, pp. 1034-1038, Aug. 2008.
[3] G. Ateniese, R.D. Pietro, L.V. Mancini, and G. Tsudik, "Scalable and Efficient Provable Data Possession," Proc. Fourth Int'l Conf. Security Privacy Comm. Networks, pp. 1-10, 2008.
[4] C. Erway, A. Küpçü, C. Papamanthou, and R. Tamassia, "Dynamic Provable Data Possession," Proc. 16th ACM Conf. Computer Comm. Security, pp. 213-222, 2009.
[5] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, "Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing," Proc. 14th European Conf. Research Computer Security, pp. 355-370, 2009.
[6] A.F. Barsoum and M.A. Hasan, "Provable Possession and Replication of Data over Cloud Servers," Technical Report 2010/32, Centre for Applied Cryptographic Research, http://www.cacr.math.uwaterloo.ca/techreports/ 2010cacr2010-32.pdf. 2010.
[7] R. Curtmola, O. Khan, R. Burns, and G. Ateniese, "MR-PDP: Multiple-Replica Provable Data Possession," Proc. 28th Int'l Conf. Distributed Computing Systems, pp. 411-420, 2008.
[8] A.F. Barsoum and M.A. Hasan, "On Verifying Dynamic Multiple Data Copies over Cloud Servers," Technical Report 2011/447, Cryptology Eprint Archive, http:/eprint.iacr.org/, 2011.
[9] K.D. Bowers, A. Juels, and A. Oprea, "HAIL: A High-Availability and Integrity Layer for Cloud Storage," Proc. 16th ACM Conf. Computer Comm. Security, pp. 187-198, 2009.
[10] Y. Dodis, S. Vadhan, and D. Wichs, "Proofs of Retrievability via Hardness Amplification," Proc. Sixth Theory Cryptography Conf. Theory Cryptography, 2009.
[11] A. Juels and B.S. Kaliski, "PORs: Proofs of Retrievability for Large Files," Proc. 14th ACM Conf. Computer Comm. Security, pp. 584-597, 2007.
[12] H. Shacham and B. Waters, "Compact Proofs of Retrievability," Proc. 14th Int'l Conf. Theory Appl. Cryptology Information Security, pp. 90-107, 2008.
[13] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, "Plutus: Scalable Secure File Sharing on Untrusted Storage," Proc. Second USENIX Conf. File Storage Technologies, 2003.
[14] E.-J. Goh, H. Shacham, N. Modadugu, and D. Boneh, "SiRiUS: Securing Remote entrusted Storage," Proc. Network Distributed System Security Symp., 2003.
[15] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, "Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage," Proc. Network Distributed System Security Symp., 2005.
[16] S.D.C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, "Over-Encryption: Management of Access Control Evolution on Outsourced Data," Proc. 33rd Int'l Conf. Very Large Data Bases, pp. 123-134, 2007.
[17] V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data," Proc. 13th ACM Conf. Computer Comm. Security (CCS '06), pp. 89-98, 2006.
[18] S. Yu, C. Wang, K. Ren, and W. Lou, "Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud Computing," Proc. IEEE INFOCOM '10, pp. 534-542, 2010.
[19] R.A. Popa, J.R. Lorch, D. Molnar, H.J. Wang, and L. Zhuang, "Enabling Security in Cloud Storage SLAs with CloudProof," Proc. USENIX Conf., 2011.
[20] K.E. Fu, "Group Sharing and Random Access in Cryptographic Storage File Systems," master's thesis, Massachusetts Inst. of Tech nology, 1999.
[21] W. Wang, Z. Li, R. Owens, and B. Bhargava, "Secure and Efficient Access to Outsourced Data," Proc. ACM Workshop Cloud Computing Security, pp. 55-66, 2009.
[22] M. Backes, C. Cachin, and A. Oprea, "Secure Key-Updating for Lazy Revocation," Proc. 11th European Symp. Research Computer Security, pp. 327-346, 2006.
[23] D. Boneh, C. Gentry, and B. Waters, "Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys," Proc. Advances Cryptology, pp. 258-275, 2005.
[24] D. Boneh, B. Lynn, and H. Shacham, "Short Signatures from the Weil Pairing," Proc. Seventh Int'l Conf. Theory Application Cryptology Information Security, pp. 514-532, 2001.
[25] P.S.L.M. Barreto and M. Naehrig, "IEEE P1363.3 Submission: Pairing-Friendly Elliptic Curves of Prime order with Embedding Degree 12," New Jersey: IEEE Standards Assoc., 2006.
[26] Amazon Web Service, http:/aws.amazon.com/, 2013.
[27] P.S.L.M. Barreto and M. Naehrig, "Pairing-Friendly Elliptic Curves of Prime Order," Proc. Selected Areas Cryptography, pp. 319-331, 2005.
[28] D.L.G. Filho and P.S.L.M. Barreto, "Demonstrating Data Possession and Uncheatable Data Transfer," Technical Report 2006/150, Cryptology ePrint Archive, 2006.
[29] D. Naor, M. Naor, and J.B. Lotspiech, "Revocation and Tracing Schemes for Stateless Receivers," Proc. 21st Annu. Int'l Cryptology Conf. Advances Cryptology, pp. 41-62, 2001.
[30] M. Blaze, G. Bleumer, and M. Strauss, "Divertible Protocols and Atomic Proxy Cryptography," Proc. Eurocrypt, pp. 127-144, 1998.
[31] M.J. Atallah, K.B. Frikken, and M. Blanton, "Dynamic and Efficient Key Management for Access Hierarchies," Proc. 12th ACM Conf. Computer Comm. Security, pp. 190-202, 2005.
[32] J. Feng, Y. Chen, W.-S. Ku, and P. Liu, "Analysis of Integrity Vulnerabilities and a Non-Repudiation Protocol for Cloud Data Storage Platforms," Proc. 39th Int'l Conf. Parallel Processing, pp. 251-258, 2010.
[33] J. Feng, Y. Chen, and D.H. Summerville, "A Fair Multi-Party Non-Repudiation Scheme for Storage Clouds," Proc. Int'l Conf. Collaboration Technologies Systems, pp. 457-465, 2011.
7 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool