The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - Nov.-Dec. (2012 vol.9)
pp: 903-916
Yang Tang , The Chinese University of Hong Kong, Hong Kong
Patrick P.C. Lee , The Chinese University of Hong Kong, Hong Kong
John C.S. Lui , The Chinese University of Hong Kong, Hong Kong
Radia Perlman , Intel Labs, Santa Clara
ABSTRACT
We can now outsource data backups off-site to third-party cloud storage services so as to reduce data management costs. However, we must provide security guarantees for the outsourced data, which is now maintained by third parties. We design and implement FADE, a secure overlay cloud storage system that achieves fine-grained, policy-based access control and file assured deletion. It associates outsourced files with file access policies, and assuredly deletes files to make them unrecoverable to anyone upon revocations of file access policies. To achieve such security goals, FADE is built upon a set of cryptographic key operations that are self-maintained by a quorum of key managers that are independent of third-party clouds. In particular, FADE acts as an overlay system that works seamlessly atop today's cloud storage services. We implement a proof-of-concept prototype of FADE atop Amazon S3, one of today's cloud storage services. We conduct extensive empirical studies, and demonstrate that FADE provides security protection for outsourced data, while introducing only minimal performance and monetary cost overhead. Our work provides insights of how to incorporate value-added security features into today's cloud storage services.
INDEX TERMS
Cloud computing, Access control, Encryption, Secure storage, Peer to peer computing, cloud storage, Access control, assured deletion, backup/recovery
CITATION
Yang Tang, Patrick P.C. Lee, John C.S. Lui, Radia Perlman, "Secure Overlay Cloud Storage with Access Control and Assured Deletion", IEEE Transactions on Dependable and Secure Computing, vol.9, no. 6, pp. 903-916, Nov.-Dec. 2012, doi:10.1109/TDSC.2012.49
REFERENCES
[1] H. Abu-Libdeh, L. Princehouse, and H. Weatherspoon, "RACS: A Case for Cloud Storage Diversity," Proc. ACM First ACM Symp. Cloud Computing (SoCC), 2010.
[2] Amazon, "Case Studies," http://aws.amazon.com/solutions/case-studies #backup, 2012.
[3] Amazon, "SmugMug Case Study: Amazon Web Services," http://aws.amazon.com/solutions/case-studies smugmug/, 2006.
[4] Amazon S3, http://aws.amazon.coms3, 2010.
[5] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, "A View of Cloud Computing." Comm. ACM, vol. 53, no. 4, pp. 50-58, Apr. 2010.
[6] G. Ateniese, R.D. Pietro, L.V. Mancini, and G. Tsudik, "Scalable and Efficient Provable Data Possession," Proc. Fourth Int'l Conf. Security and Privacy in Comm. (SecureComm), 2008.
[7] J. Bethencourt, A. Sahai, and B. Waters, "Ciphertext-Policy Attribute-Based Encryption," Proc. IEEE Symp. Security and Privacy, May 2006.
[8] A. Boldyreva, V. Goyal, and V. Kumar, "Identity-Based Encryption with Efficient Revocation," Proc. 15th ACM Conf. Computer and Comm. Security (CCS), 2008.
[9] T. Dierks and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2," RFC 5246, Aug. 2008.
[10] Dropbox, http:/www.dropbox.com, 2010.
[11] R. Geambasu, J.P. John, S.D. Gribble, T. Kohno, and H.M. Levy, "Keypad: Auditing File System for Mobile Devices," Proc. Sixth Conf. Computer Systems (EuroSys), Apr. 2011.
[12] R. Geambasu, T. Kohno, A. Levy, and H.M. Levy, "Vanish: Increasing Data Privacy with Self-Destructing Data," Proc. 18th Conf. USENIX Security Symp, Aug. 2009.
[13] V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data," Proc. 13th ACM Conf. Computer and Comm. Security (CCS), 2006.
[14] P. Gutmann, "Secure Deletion of Data from Magnetic and Solid-State Memory," Proc. Sixth USENIX Security Symp. Focusing on Applications of Cryptography, 1996.
[15] JungleDisk, http:/www.jungledisk.com/, 2010.
[16] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, "Plutus: Scalable Secure File Sharing on Untrusted Storage," Proc. Second USENIX Conf. File and Storage Technologies, 2003.
[17] S. Kamara and K. Lauter, "Cryptographic Cloud Storage," Proc. 14th Int'l Conf. Financial Cryptography and Data Security, 2010.
[18] LibAWS++, http:/aws.28msec.com/, 2010.
[19] A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography. CRC Press, Oct. 1996.
[20] S. Nair, M.T. Dashti, B. Crispo, and A.S. Tanenbaum, "A Hybrid PKI-IBC Based Ephemerizer System," Int'l Federation for Information Processing, vol. 232, pp. 241-252, 2007.
[21] Nasuni, "Nasuni Announces New Snapshot Retention Functionality in Nasuni Filer; Enables Fail-Safe File Deletion in the Cloud," http://www.nasuni.com/news/press-releases nasuni-announces-new-snapshot-retention-functionality-in-nasuni-filer-enables-fail-safe-file-deletion-in-the-clo ud /, Mar. 2011.
[22] OpenSSL, http:/www.openssl.org/, 2010.
[23] R. Perlman, "File System Design with Assured Delete," Proc. Network and Distributed System Security Symp. ISOC (NDSS), 2007.
[24] R. Perlman, C. Kaufman, and R. Perlner, "Privacy-Preserving DRM," Proc. Ninth Symp. Identity and Trust on the Internet (IDTRUST), 2010.
[25] M. Pirretti, P. Traynor, P. McDaniel, and B. Waters, "Secure Attribute-Based Systems," Proc. 13th ACM Conf. Computer and Comm. Security (CCS), 2006.
[26] A. Rahumed, H.C.H. Chen, Y. Tang, P.P.C. Lee, and J.C.S. Lui, "A Secure Cloud Backup System with Assured Deletion and Version Control," Proc. Third Int'l Workshop Security in Cloud Computing, 2011.
[27] A. Sahai and B. Waters, "Fuzzy Identity-Based Encryption," Proc. EUROCRYPT, 2005.
[28] B. Schneier, "File Deletion," http://www.schneier.com/blog/archives/2009/ 09file_deletion.html, Sept. 2009.
[29] A. Shamir, "How to Share a Secret," Comm. ACM, vol. 22, no. 11, pp. 612-613, Nov. 1979.
[30] SmugMug, http:/www.smugmug.com/, 2010.
[31] ssss, http://point-at-infinity.orgssss/, 2006.
[32] W. Stallings, Cryptography and Network Security. Prentice Hall, 2006.
[33] Y. Tang, P.P.C. Lee, J.C.S. Lui, and R. Perlman, "FADE: Secure Overlay Cloud Storage with File Assured Deletion," Proc. Sixth Int'l ICST Conf.Security and Privacy in Comm. Networks (SecureComm), 2010.
[34] The CPABE Toolkit, http://acsc.cs.utexas.educpabe/, 2010.
[35] M. Vrable, S. Savage, and G.M. Voelker, "Cumulus: Filesystem Backup to the Cloud," ACM Trans. Storage, vol. 5, no. 4, article 14, Dec. 2009.
[36] C. Wang, Q. Wang, K. Ren, and W. Lou, "Privacy-Preserving Public Auditing for Storage Security in Cloud Computing," Proc. IEEE INFOCOM, Mar. 2010.
[37] W. Wang, Z. Li, R. Owens, and B. Bhargava, "Secure and Efficient Access to Outsourced Data," Proc. ACM Workshop Cloud Computing Security (CCSW), Nov. 2009.
[38] S. Wolchok, O.S. Hofmann, N. Heninger, E.W. Felten, J.A. Halderman, C.J. Rossbach, B. Waters, and E. Witchel, "Defeating Vanish with Low-Cost Sybil Attacks against Large DHTs," Proc. 17th Network and Distributed System Security Symp. (NDSS), 2010.
[39] S. Yu, C. Wang, K. Ren, and W. Lou, "Attribute Based Data Sharing with Attribute Revocation," Proc. Fifth ACM Symp. Information, Computer and Comm. Security (ASIACCS), Apr. 2010.
[40] A. Yun, C. Shi, and Y. Kim, "On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage," Proc. ACM Workshop Cloud Computing Security (CCSW), Nov. 2009.
48 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool