On cloud storage and the cloud of clouds approach

Many recently proposed cloud storage architectures build a single virtual cloud storage system by using a combination of diverse commercial cloud storage services - the so called cloud of clouds approach. Thereby, the data to be stored is dispersed among different (independent) cloud storage providers in a redundant way. This is commonly accomplished either by naively replicating the data to several providers (storing an entire copy of a file at each provider) or by dispersing suitably encoded data, i.e., only a certain threshold of file fragments is required for reconstruction of a file. Furthermore, since many vendors of commercial cloud storage services do not provide adequate means to securing the cloud from within the cloud infrastructure, many recently proposed cloud storage architectures (transparently) add relevant security and privacy features from the outside. In doing so, they are mainly trying not to affect the cloud provider's interfaces and inner workings. In this paper we take a closer look at distributed cloud storage systems. We provide an overview of information dispersal strategies to realise reliable distributed cloud storage systems and provide an overview of state-of-the-art cloud storage approaches. Then, we analyse them with respect to security properties. Furthermore, we discuss the lack of privacy features and in particular features to provide access privacy in existing distributed cloud storage systems, which is an important direction for future research on distributed cloud storage.

[1]  Hugo Krawczyk,et al.  Secret Sharing Made Short , 1994, CRYPTO.

[2]  Ari Juels,et al.  HAIL: a high-availability and integrity layer for cloud storage , 2009, CCS.

[3]  Matthew Green,et al.  Access controls for oblivious and anonymous systems , 2011, TSEC.

[4]  Daniel Slamanig Dynamic Accumulator Based Discretionary Access Control for Outsourced Storage with Unlinkable Access - (Short Paper) , 2012, Financial Cryptography.

[5]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[6]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[7]  Daniel Slamanig Efficient Schemes for Anonymous Yet Authorized and Bounded Use of Cloud Resources , 2011, Selected Areas in Cryptography.

[8]  Roger Dingledine,et al.  The Free Haven Project: Distributed Anonymous Storage Service , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[9]  Jan Camenisch,et al.  Oblivious transfer with access control , 2009, IACR Cryptol. ePrint Arch..

[10]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[11]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[12]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[13]  Mihir Bellare,et al.  Robust computational secret sharing and a unified account of classical secret-sharing goals , 2007, CCS '07.

[14]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[15]  Stefan Katzenbeisser,et al.  Oblivious Outsourced Storage with Delegation , 2011, Financial Cryptography.

[16]  Jan Camenisch,et al.  Oblivious Transfer with Hidden Access Control Policies , 2011, Public Key Cryptography.

[17]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[18]  Brian Warner,et al.  Tahoe: the least-authority filesystem , 2008, StorageSS '08.

[19]  Marten van Dijk,et al.  Iris: a scalable cloud file system with efficient integrity checks , 2012, ACSAC '12.

[20]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[21]  Josef Spillner,et al.  Information Dispersion over Redundant Arrays of Optimal Cloud Storage for Desktop Users , 2011, 2011 Fourth IEEE International Conference on Utility and Cloud Computing.

[22]  Hakim Weatherspoon,et al.  RACS: a case for cloud storage diversity , 2010, SoCC '10.

[23]  Tobias Pulls (More) Side Channels in Cloud Storage - Linking Data to Users , 2011, PrimeLife.

[24]  Tobias Pulls Privacy-Friendly Cloud Storage for the Data Track - An Educational Transparency Tool , 2012, NordSec.

[25]  Charalampos Papamanthou,et al.  CS2: A Searchable Cryptographic Cloud Storage System , 2011 .

[26]  Steven M. Bellovin,et al.  Privacy Enhanced Access Control for Outsourced Data Sharing , 2012, Financial Cryptography.

[27]  Radu Sion,et al.  Oblivious remote data access made practical , 2012 .

[28]  Helen J. Wang,et al.  Enabling Security in Cloud Storage SLAs with CloudProof , 2011, USENIX Annual Technical Conference.

[29]  Idit Keidar,et al.  Venus: verification for untrusted cloud storage , 2010, CCSW '10.

[30]  Miguel Correia,et al.  DepSky: Dependable and Secure Storage in a Cloud-of-Clouds , 2013, TOS.

[31]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[32]  James S. Plank,et al.  AONT-RS: Blending Security and Performance in Dispersed Storage Systems , 2011, FAST.

[33]  Femi G. Olumofin Practical Private Information Retrieval , 2011 .

[34]  Marko Vukolic,et al.  Robust data sharing with key-value stores , 2011, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[35]  Aviel D. Rubin,et al.  Publius: a robust, tamper-evident, censorship-resistant web publishing system , 2000 .

[36]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.