DaSCE: Data Security for Cloud Environment with Semi-Trusted Third Party

Off-site data storage is an application of cloud that relieves the customers from focusing on data storage system. However, outsourcing data to a third-party administrative control entails serious security concerns. Data leakage may occur due to attacks by other users and machines in the cloud. Wholesale of data by cloud service provider is yet another problem that is faced in the cloud environment. Consequently, high-level of security measures is required. In this paper, we propose data security for cloud environment with semi-trusted third party (DaSCE), a data security system that provides (a) key management (b) access control, and (c) file assured deletion. The DaSCE utilizes Shamir's (k, n) threshold scheme to manage the keys, where k out of n shares are required to generate the key. We use multiple key managers, each hosting one share of key. Multiple key managers avoid single point of failure for the cryptographic keys. We (a) implement a working prototype of DaSCE and evaluate its performance based on the time consumed during various operations, (b) formally model and analyze the working of DaSCE using high level petri nets (HLPN), and (c) verify the working of DaSCE using satisfiability modulo theories library (SMT-Lib) and Z3 solver. The results reveal that DaSCE can be effectively used for security of outsourced data by employing key management, access control, and file assured deletion.

[1]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[2]  Nikolaj Bjørner,et al.  Satisfiability Modulo Theories: An Appetizer , 2009, SBMF.

[3]  C. Cachin,et al.  A cloud you can trust , 2011, IEEE Spectrum.

[4]  Nāgārjuna,et al.  A Secure Erasure Code-Based Cloud Storage System with Secure Data Forwarding , 2014 .

[5]  Xiao-yan Shen Chinese Academy of Sciences , 2014, Nature.

[6]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[7]  Albert Y. Zomaya,et al.  DROPS: Division and Replication of Data in Cloud for Optimal Performance and Security , 2018, IEEE Transactions on Cloud Computing.

[8]  Mazliza Othman,et al.  A Survey of Mobile Cloud Computing Application Models , 2014, IEEE Communications Surveys & Tutorials.

[9]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[10]  Yang Tang,et al.  Secure Overlay Cloud Storage with Access Control and Assured Deletion , 2012, IEEE Transactions on Dependable and Secure Computing.

[11]  Bart Selman,et al.  Satisfiability Solvers , 2008, Handbook of Knowledge Representation.

[12]  Wen-Guey Tzeng,et al.  A Secure Decentralized Erasure Code for Distributed Networked Storage , 2010, IEEE Transactions on Parallel and Distributed Systems.

[13]  Yongdae Kim,et al.  On protecting integrity and confidentiality of cryptographic file system for outsourced storage , 2009, CCSW '09.

[14]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[15]  M KaufmanLori Data Security in the World of Cloud Computing , 2009, S&P 2009.

[16]  Marjory S. Blumenthal Is Security Lost in the Clouds? , 2011 .

[17]  Ari Juels,et al.  New approaches to security and availability for cloud data , 2013, CACM.

[18]  Athanasios V. Vasilakos,et al.  SeDaSC: Secure Data Sharing in Clouds , 2017, IEEE Systems Journal.

[19]  Lori M. Kaufman,et al.  Data Security in the World of Cloud Computing , 2009, IEEE Security & Privacy.

[20]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[21]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[22]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[23]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[24]  Athanasios V. Vasilakos,et al.  Security in cloud computing: Opportunities and challenges , 2015, Inf. Sci..