Secure Overlay Cloud Storage with Access Control and Assured Deletion

We can now outsource data backups off-site to third-party cloud storage services so as to reduce data management costs. However, we must provide security guarantees for the outsourced data, which is now maintained by third parties. We design and implement FADE, a secure overlay cloud storage system that achieves fine-grained, policy-based access control and file assured deletion. It associates outsourced files with file access policies, and assuredly deletes files to make them unrecoverable to anyone upon revocations of file access policies. To achieve such security goals, FADE is built upon a set of cryptographic key operations that are self-maintained by a quorum of key managers that are independent of third-party clouds. In particular, FADE acts as an overlay system that works seamlessly atop today's cloud storage services. We implement a proof-of-concept prototype of FADE atop Amazon S3, one of today's cloud storage services. We conduct extensive empirical studies, and demonstrate that FADE provides security protection for outsourced data, while introducing only minimal performance and monetary cost overhead. Our work provides insights of how to incorporate value-added security features into today's cloud storage services.

[1]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[2]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[3]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[4]  Radia J. Perlman,et al.  Privacy-preserving DRM , 2010, IDTRUST '10.

[5]  D. Pratiba,et al.  PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING , 2013 .

[6]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[7]  Michael Vrable,et al.  Cumulus: Filesystem backup to the cloud , 2009, TOS.

[8]  Roxana Geambasu,et al.  Keypad: an auditing file system for theft-prone devices , 2011, EuroSys '11.

[9]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[10]  Muhammad Torabi Dashti,et al.  A Hybrid PKI-IBC Based Ephemerizer System , 2007, SEC.

[11]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[12]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[13]  Radia J. Perlman,et al.  File system design with assured delete , 2005, Third IEEE International Security in Storage Workshop (SISW'05).

[14]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[15]  Yang Tang,et al.  A Secure Cloud Backup System with Assured Deletion and Version Control , 2011, 2011 40th International Conference on Parallel Processing Workshops.

[16]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[17]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[18]  Peter Gutmann,et al.  Secure deletion of data from magnetic and solid-state memory , 1996 .

[19]  Yang Tang,et al.  FADE: Secure Overlay Cloud Storage with File Assured Deletion , 2010, SecureComm.

[20]  Sudhir Gupta,et al.  Case Studies , 2013, Journal of Clinical Immunology.

[21]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[22]  Brent Waters,et al.  Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs , 2010, NDSS.

[23]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[24]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[25]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[26]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[27]  Bharat K. Bhargava,et al.  Secure and efficient access to outsourced data , 2009, CCSW '09.

[28]  Hakim Weatherspoon,et al.  RACS: a case for cloud storage diversity , 2010, SoCC '10.

[29]  Yongdae Kim,et al.  On protecting integrity and confidentiality of cryptographic file system for outsourced storage , 2009, CCSW '09.

[30]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[31]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.