A Secure Erasure Code-Based Cloud Storage System with Secure Data Forwarding

A cloud storage system, consisting of a collection of storage servers, provides long-term storage services over the Internet. Storing data in a third party's cloud system causes serious concern over data confidentiality. General encryption schemes protect data confidentiality, but also limit the functionality of the storage system because a few operations are supported over encrypted data. Constructing a secure storage system that supports multiple functions is challenging when the storage system is distributed and has no central authority. We propose a threshold proxy re-encryption scheme and integrate it with a decentralized erasure code such that a secure distributed storage system is formulated. The distributed storage system not only supports secure and robust data storage and retrieval, but also lets a user forward his data in the storage servers to another user without retrieving the data back. The main technical contribution is that the proxy re-encryption scheme supports encoding operations over encrypted messages as well as forwarding operations over encoded and encrypted messages. Our method fully integrates encrypting, encoding, and forwarding. We analyze and suggest suitable parameters for the number of copies of a message dispatched to storage servers and the number of storage servers queried by a key server. These parameters allow more flexible adjustment between the number of storage servers and robustness.

[1]  Vinod M. Prabhakaran,et al.  Ubiquitous access to distributed data in large-scale sensor networks through decentralized erasure codes , 2005, IPSN 2005. Fourth International Symposium on Information Processing in Sensor Networks, 2005..

[2]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[3]  BurnsRandal,et al.  Remote data checking using provable data possession , 2011 .

[4]  Zhifang Zhang,et al.  Repair locality from a combinatorial perspective , 2014, 2014 IEEE International Symposium on Information Theory.

[5]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[6]  Cezary Dubnicki,et al.  HydraFS: A High-Throughput File System for the HYDRAstor Content-Addressable Storage System , 2010, FAST.

[7]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[8]  Ari Juels,et al.  Proofs of retrievability: theory and implementation , 2009, CCSW '09.

[9]  M. Mambo,et al.  Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts (Special Section on Cryptography and Information Security) , 1997 .

[10]  Reza Curtmola,et al.  Robust remote data checking , 2008, StorageSS '08.

[11]  Wen-Guey Tzeng,et al.  A Secure Decentralized Erasure Code for Distributed Networked Storage , 2010, IEEE Transactions on Parallel and Distributed Systems.

[12]  Reza Curtmola,et al.  Robust Dynamic Provable Data Possession , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[13]  Frédérique E. Oggier,et al.  Data Insertion and Archiving in Erasure-Coding Based Large-Scale Storage Systems , 2013, ICDCIT.

[14]  Stefan Savage,et al.  Total Recall: System Support for Automated Availability Management , 2004, NSDI.

[15]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[16]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[17]  Andreas Haeberlen,et al.  Glacier: highly durable, decentralized storage despite massive correlated failures , 2005, NSDI.

[18]  Reza Curtmola,et al.  Remote data checking for network coding-based distributed storage systems , 2010, CCSW '10.

[19]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[20]  Brian Warner,et al.  Tahoe: the least-authority filesystem , 2008, StorageSS '08.

[21]  Vinod M. Prabhakaran,et al.  Decentralized erasure codes for distributed networked storage , 2006, IEEE Transactions on Information Theory.

[22]  Zhenfu Cao,et al.  CCA-Secure Proxy Re-Encryption without Pairings , 2009, IACR Cryptol. ePrint Arch..

[23]  Qiang Tang,et al.  Type-Based Proxy Re-encryption and Its Construction , 2008, INDOCRYPT.

[24]  Susan Hohenberger,et al.  Key-Private Proxy Re-encryption , 2009, CT-RSA.

[25]  Brian Randell,et al.  The newcastle connection or UNIXes of the world unite! , 1982, Softw. Pract. Exp..

[26]  Peter Sobe Parallel Reed/Solomon Coding on Multicore Processors , 2010, 2010 International Workshop on Storage Network Architecture and Parallel I/Os.

[27]  Jonathan Katz,et al.  Proofs of Storage from Homomorphic Identification Protocols , 2009, ASIACRYPT.

[28]  Kai Li,et al.  Tradeoffs in Scalable Data Routing for Deduplication Clusters , 2011, FAST.

[29]  Cong Wang,et al.  Toward Secure and Dependable Storage Services in Cloud Computing , 2012, IEEE Transactions on Services Computing.

[30]  Michal Kaczmarczyk,et al.  HYDRAstor: A Scalable Secondary Storage , 2009, FAST.

[31]  Miguel Castro,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OPSR.

[32]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[33]  Dan Walsh,et al.  Design and implementation of the Sun network filesystem , 1985, USENIX Conference Proceedings.

[34]  Ben Y. Zhao,et al.  Pond: The OceanStore Prototype , 2003, FAST.

[35]  Ari Juels,et al.  HAIL: a high-availability and integrity layer for cloud storage , 2009, CCS.

[36]  Yongjun Ren,et al.  Designated-Verifier Provable Data Possession in Public Cloud Storage , 2013 .

[37]  Antony I. T. Rowstron,et al.  PAST: a large-scale, persistent peer-to-peer storage utility , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[38]  Stephen S. Yau,et al.  Dynamic Audit Services for Outsourced Storages in Clouds , 2013, IEEE Transactions on Services Computing.

[39]  Sawan Kumar,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[40]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[41]  Brian Randell,et al.  The newcastle connection or unixes of the world unite , 2001 .

[42]  Reza Curtmola,et al.  Robust dynamic remote data checking for public clouds , 2012, CCS.

[43]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[44]  Stephen S. Yau,et al.  Efficient provable data possession for hybrid clouds , 2010, CCS '10.