Securing Cloud Data in the New Attacker Model

The world just witnessed the surge of a new and powerful attacker, which was able to coerce operators and acquire the necessary keys to break the privacy of users. Once the encryption key is exposed, the only viable measure to preserve data confidentiality is to limit the adversary’s access to the ciphertext. This may be achieved, for example, using multi-cloud storage systems. These systems spread data across multiple servers in different administrative domains, to cater for availability and fault tolerance. If the adversary can only compromise a subset of these domains, multi-cloud storage systems may prevent the adversary from accessing the entire ciphertext. However, if data is encrypted using existing encryption schemes, spreading the ciphertext on multiple servers does not entirely solve the problem since an adversary which has the encryption key, can still compromise single servers and decrypt the ciphertext stored therein. In this paper, we leverage multi-cloud storage systems to provide data confidentiality against an adversary which has access to the encryption key, and can compromise a large fraction of the storage servers. For this purpose, we first introduce a novel security definition that captures data confidentiality in the new adversarial model. We then propose Bastion, a primitive that is secure according to our definition and, therefore, guarantees data confidentiality even when the encryption key is exposed, as long as the adversary cannot compromise all storage servers. We analyze the security ofBastion, and we evaluate its performance by means of a prototype implementation. Our results show that Bastion incurs less than 5% overhead compared to existing semantically secure encryption modes. We also discuss practical insights with respect to the integration of Bastion in commercial multi-cloud storage systems.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Douglas R. Stinson,et al.  Something About All or Nothing (Transforms) , 2001, Des. Codes Cryptogr..

[3]  Miguel Correia,et al.  DepSky: Dependable and Secure Storage in a Cloud-of-Clouds , 2013, TOS.

[4]  Markus Dürmuth,et al.  Deniable Encryption with Negligible Detection Probability: An Interactive Construction , 2011, EUROCRYPT.

[5]  Rafail Ostrovsky,et al.  Deniable Encryption , 1997, IACR Cryptol. ePrint Arch..

[6]  Victor Boyko,et al.  On the Security Properties of OAEP as an All-or-Nothing Transform , 1999, CRYPTO.

[7]  Anand Desai,et al.  The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search , 2000, CRYPTO.

[8]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[9]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[10]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[11]  Ethan Katz-Bassett,et al.  SPANStore: cost-effective geo-replicated storage spanning multiple cloud services , 2013, SOSP.

[12]  Josef Pieprzyk,et al.  Conditionally secure secret sharing schemes with disenrollment capability , 1994, CCS '94.

[13]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[14]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[15]  Proof of Lemma 3 , 2022 .

[16]  Marek Klonowski,et al.  Practical Deniable Encryption , 2008, SOFSEM.

[17]  Yael Tauman Kalai,et al.  On cryptography with auxiliary input , 2009, STOC '09.

[18]  James S. Plank,et al.  AONT-RS: Blending Security and Performance in Dispersed Storage Systems , 2011, FAST.

[19]  Marko Vukolic,et al.  Robust data sharing with key-value stores , 2011, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[20]  Hugo Krawczyk,et al.  Secret Sharing Made Short , 1994, CRYPTO.

[21]  Daniel Castro How Much Will PRISM Cost the U.S. Cloud Computing Industry , 2013 .

[22]  Michal Kaczmarczyk,et al.  HYDRAstor: A Scalable Secondary Storage , 2009, FAST.

[23]  Leslie Lamport,et al.  Interprocess Communication , 2020, Practical System Programming with C.