ARCHISTAR: Towards Secure and Robust Cloud Based Data Sharing

Cloud based collaboration gives rise to many new applications and business opportunities in both the private and the business domain. However, building such systems in a secure and robust manner is a challenging task. In this paper, we present a new architecture for secure cloud based data sharing called ARCHISTAR. It builds upon a distributed storage system and thus avoids any single point of trust or failure. Besides providing confidentiality of data, our focus is on availability and in particular on robustness against active attacks or failures. Our system provides full multi-user support and enables advanced sharing scenarios without complex key management and revocation mechanisms. We also present a prototype implementation of the ARCHISTAR system and discuss open issues.

[1]  Josef Spillner,et al.  Information Dispersion over Redundant Arrays of Optimal Cloud Storage for Desktop Users , 2011, 2011 Fourth IEEE International Conference on Utility and Cloud Computing.

[2]  Michael Dahlin,et al.  Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults , 2009, NSDI.

[3]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[4]  Thomas E. Anderson,et al.  Machine fault tolerance for reliable datacenter systems , 2014, APSys.

[5]  Christian Hanser,et al.  On cloud storage and the cloud of clouds approach , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[6]  Brent Waters,et al.  Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption , 2012, IACR Cryptol. ePrint Arch..

[7]  Miguel Correia,et al.  Spin One's Wheels? Byzantine Fault Tolerance with a Spinning Primary , 2009, 2009 28th IEEE International Symposium on Reliable Distributed Systems.

[8]  Ramakrishna Kotla,et al.  Zyzzyva: speculative byzantine fault tolerance , 2007, TOCS.

[9]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[10]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[11]  Felix Freitag,et al.  Tahoe-LAFS Distributed Storage Service in Community Network Clouds , 2014, 2014 IEEE Fourth International Conference on Big Data and Cloud Computing.

[12]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[13]  Atul Singh,et al.  BFT Protocols Under Fire , 2008, NSDI.

[14]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[15]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[16]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[17]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[18]  Rafail Ostrovsky,et al.  Unconditionally-Secure Robust Secret Sharing with Compact Shares , 2012, EUROCRYPT.

[19]  Michael K. Reiter,et al.  Cross-Tenant Side-Channel Attacks in PaaS Clouds , 2014, CCS.

[20]  Reihaneh Safavi-Naini,et al.  Unconditionally-Secure Robust Secret Sharing with Minimum Share Size , 2013, Financial Cryptography.

[21]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[22]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[23]  Johannes Braun,et al.  Long term confidentiality: a survey , 2014, Des. Codes Cryptogr..

[24]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[25]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[26]  Hakim Weatherspoon,et al.  RACS: a case for cloud storage diversity , 2010, SoCC '10.

[27]  Helen J. Wang,et al.  Enabling Security in Cloud Storage SLAs with CloudProof , 2011, USENIX ATC.

[28]  Miguel Correia,et al.  DepSky: Dependable and Secure Storage in a Cloud-of-Clouds , 2013, TOS.

[29]  Hugo Krawczyk,et al.  Secret Sharing Made Short , 1994, CRYPTO.

[30]  Marko Vukolic,et al.  The Next 700 BFT Protocols , 2015, ACM Trans. Comput. Syst..

[31]  Miguel Correia,et al.  BFT-TO: Intrusion Tolerance with Less Replicas , 2013, Comput. J..

[32]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[33]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.