Two-Party Fine-Grained Assured Deletion of Outsourced Data in Cloud Systems

With clients losing direct control of their data, this paper investigates an important problem of cloud systems: When clients delete data, how can they be sure that the deleted data will never resurface in the future if the clients do not perform the actual data removal themselves? How to guarantee inaccessibility of deleted data when the data is not in their possession? Using a novel key modulation function, we design a solution for two-party fine-grained assured deletion. The solution does not rely on any third-party server. Each client only keeps one or a small number of keys, regardless of how big its file system is. The client is able to delete any individual data item in any file without causing significant overhead, and the deletion is permanent - no one can recover already-deleted data, not even after gaining control of both the client device and the cloud server. We validate our design through experimental evaluation.

[1]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[2]  Qiang Tang From Ephemerizer to Timed-Ephemerizer: Achieve Assured Lifecycle Enforcement for Sensitive Data , 2015, Comput. J..

[3]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[4]  Cong Wang,et al.  Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , 2009, ESORICS.

[5]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[6]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[7]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[8]  Brent Waters,et al.  Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs , 2010, NDSS.

[9]  Emiliano De Cristofaro,et al.  EphPub: Toward robust Ephemeral Publishing , 2010, 2011 19th IEEE International Conference on Network Protocols.

[10]  Radia J. Perlman,et al.  File system design with assured delete , 2005, Third IEEE International Security in Storage Workshop (SISW'05).

[11]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[12]  Radia Perlman,et al.  The ephemerizer: making data disappear , 2005 .

[13]  Muhammad Torabi Dashti,et al.  A Hybrid PKI-IBC Based Ephemerizer System , 2007, SEC.

[14]  Dalit Naor,et al.  Broadcast Encryption , 1993, Encyclopedia of Multimedia.

[15]  Yang Tang,et al.  A Secure Cloud Backup System with Assured Deletion and Version Control , 2011, 2011 40th International Conference on Parallel Processing Workshops.

[16]  Yang Tang,et al.  FADE: Secure Overlay Cloud Storage with File Assured Deletion , 2010, SecureComm.

[17]  Dan Feng,et al.  SafeVanish: An Improved Data Self-Destruction for Protecting Data Privacy , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[18]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[19]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[20]  Srdjan Capkun,et al.  Data Node Encrypted File System: Efficient Secure Deletion for Flash Memory , 2012, USENIX Security Symposium.

[21]  Charu Arora,et al.  Adding Integrity to the Ephemerizer's Protocol , 2006 .

[22]  Charu Arora,et al.  Validating Integrity for the Ephemerizer's Protocol with CL-Atse , 2009, Formal to Practical Security.