论文信息 - CLOUD SHREDDER: Removing the Laptop On-road Data Disclosure Threat in the Cloud Computing Era

CLOUD SHREDDER: Removing the Laptop On-road Data Disclosure Threat in the Cloud Computing Era

Data Disclosure due to laptop loss, especially in travel, is a top threat to businesses, governments, and non-profit organizations. An effective protection against this threat should guarantee the data confidentiality, even if the adversary has physically possessed the laptop. Current technology does not satisfy this requirement. This paper proposes a novel approach to remove the threat under the emerging condition of ubiquitous internet access and cloud computing. We name this approach ``Cloud Shredder'', implying that the confidential files are shredded and hidden in the semi-trusted cloud storage service. Cloud Shredder is a generic and transparent security service that allows legitimate user access the files in exactly the same way as with commodity file systems, whereas the attackers only get meaningless junk even if they have obtained every byte on the hard drive. Rather than the traditional encryption-based protection, Cloud Shredder limits the attacker's opportunity in a short time window. We implemented a prototype that is compatible with the typical cloud storage service, Amazon S3, and supports two popular document applications, Acrobat Reader and Open Office. Our experiments show that the influence on file access performance is reasonable and should not ruin the user experience. Cloud Shredder is also applicable to smart phone, net book and other computing devices with internet connection.

[1] F. Frances Yao,et al. Design and Analysis of Password-Based Key Derivation Functions , 2005, IEEE Trans. Inf. Theory.

[2] Yuji Suga. A Low-Cost Key Derivation Scheme for Hierarchy-Based Access , 2010, 2010 13th International Conference on Network-Based Information Systems.

[3] Michael K. Reiter,et al. Delegation of cryptographic servers for capture-resilient devices , 2001, CCS '01.

[4] Hugo Krawczyk,et al. Secret Sharing Made Short , 1994, CRYPTO.

[5] Kristian Gjøsteen. Security Notions for Disk Encryption , 2005, ESORICS.

[6] Kaoru Kurosawa,et al. Nonperfect Secret Sharing Schemes and Matroids , 1994, EUROCRYPT.

[7] Martin P. Loeb,et al. CSI/FBI Computer Crime and Security Survey , 2004 .

[8] Bruce Schneier,et al. Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[9] Claude E. Shannon,et al. Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[10] Paul Crowley,et al. Mercy: A Fast Large Block Cipher for Disk Sector Encryption , 2000, FSE.