A Cloud Provider-Agnostic Secure Storage Protocol

Over the last years Cloud Computing has been seen as an emerging technology, which has changed the way computing services are delivered. Cloud computing is not a new technology paradigm, but rather introduces a new way of delivering computing services and resources. On top of its potential value and the several advantages it offers, we can foresee a number of drawbacks of cloud computing, in terms of security and privacy issues. In specific, cloud computing raises the level of expertise needed to protect security and privacy of its stakeholders (i.e. organizations and end-users), mainly due to the fact that the massive concentration of computer resources and data could be a more attractive target to malicious users. In this paper, we present a cloud provider-agnostic model for outsourcing both static and dynamic data to third parties, while preserving their confidentiality and integrity. In addition to a detailed presentation of our model, we also depict an evaluation of it, in terms of its capabilities and weaknesses.

[1]  Bruce Schneier,et al.  Performance Comparison of the AES Submissions , 1999 .

[2]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[3]  Yongdae Kim,et al.  On protecting integrity and confidentiality of cryptographic file system for outsourced storage , 2009, CCSW '09.

[4]  Stanislaw Jarecki,et al.  Cryptographic Primitives Enforcing Communication and Storage Complexity , 2002, Financial Cryptography.

[5]  Bharat K. Bhargava,et al.  Secure and efficient access to outsourced data , 2009, CCSW '09.

[6]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[7]  Ari Juels,et al.  Proofs of retrievability: theory and implementation , 2009, CCSW '09.

[8]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[9]  Cong Wang,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[10]  Cong Wang,et al.  Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , 2009, ESORICS.

[11]  Ethan L. Miller,et al.  POTSHARDS: Secure Long-Term Storage Without Encryption , 2007, USENIX Annual Technical Conference.

[12]  Peng Ning,et al.  Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings , 2009, ESORICS.

[13]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[14]  Giuseppe Cattaneo,et al.  Design and Implementation of a Transparent Cryptographic File System for Unix , 2007 .

[15]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[16]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.