Replication, Security, and Integrity of Outsourced Data in Cloud Computing Systems

In the current era of digital world, the amount of sensitive data produced by many organizations is outpacing their storage ability. The management of such huge amount of data is quite expensive due to the requirements of high storage capacity and qualified personnel. Storage-as-a-Service (SaaS) offered by cloud service providers (CSPs) is a paid facility that enables organizations to outsource their data to be stored on remote servers. Thus, SaaS reduces the maintenance cost and mitigates the burden of large local data storage at the organization’s end. For an increased level of scalability, availability and durability, some customers may want their data to be replicated on multiple servers across multiple data centers. The more copies the CSP is asked to store, the more fees the customers are charged. Therefore, customers need to have a strong guarantee that the CSP is storing all data copies that are agreed upon in the service contract, and these copies remain intact. In this thesis we address the problem of creating multiple copies of a data file and verifying those copies stored on untrusted cloud servers. We propose a pairing-based provable multi-copy data possession (PB-PMDP) scheme, which provides an evidence that all outsourced copies are actually stored and remain intact. Moreover, it allows authorized users (i.e., those who have the right to access the owner’s file) to seamlessly access the file copies stored by the CSP, and supports public verifiability. We then direct our study to the dynamic behavior of outsourced data, where the data owner is capable of not only archiving and accessing the data copies stored by the CSP, but also updating and scaling (using block operations: modification, insertion, deletion, and append) these copies on the remote servers. We propose a new map-based provable multi-copy dynamic data possession (MB-PMDDP) scheme that verifies the intactness and consistency of outsourced dynamic multiple data copies. To the best of our knowledge, the proposed scheme is the first to verify the integrity of multiple copies of dynamic data over untrusted cloud servers. As a complementary line of research, we consider protecting the CSP from a dishonest owner, who attempts to get illegal compensations by falsely claiming data corruption over

[1]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[2]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[3]  Nenghai Yu,et al.  A Privacy-Preserving Remote Data Integrity Checking Protocol with Data Dynamics and Public Verifiability , 2011, IEEE Transactions on Knowledge and Data Engineering.

[4]  Helen J. Wang,et al.  Enabling Security in Cloud Storage SLAs with CloudProof , 2011, USENIX ATC.

[5]  M. Anwar Hasan,et al.  On Verifying Dynamic Multiple Data Copies over Cloud Servers , 2011, IACR Cryptol. ePrint Arch..

[6]  Mary Baker,et al.  Privacy-Preserving Audit and Extraction of Digital Contents , 2008, IACR Cryptol. ePrint Arch..

[7]  Feifei Li,et al.  Dynamic authenticated index structures for outsourced databases , 2006, SIGMOD Conference.

[8]  M. Phil,et al.  PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING , 2015 .

[9]  Victor Shoup On the Security of a Practical Identification Scheme , 1996, EUROCRYPT.

[10]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[11]  William Pugh,et al.  Skip Lists: A Probabilistic Alternative to Balanced Trees , 1989, WADS.

[12]  Erik Riedel,et al.  A Framework for Evaluating Storage System Security , 2002, FAST.

[13]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[14]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[15]  Ethan L. Miller,et al.  Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[16]  David Mazières,et al.  Separating key management from file system security , 2000, OPSR.

[17]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[18]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[19]  Jonathan Katz,et al.  Proofs of Storage from Homomorphic Identification Protocols , 2009, ASIACRYPT.

[20]  Yevgeniy Dodis,et al.  Proofs of Retrievability via Hardness Amplification , 2009, IACR Cryptol. ePrint Arch..

[21]  Reihaneh Safavi-Naini,et al.  Privacy preserving EHR system using attribute-based infrastructure , 2010, CCSW '10.

[22]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[23]  Michael Gertz,et al.  A General Model for Authenticated Data Structures , 2004, Algorithmica.

[24]  Reza Curtmola,et al.  MR-PDP: Multiple-Replica Provable Data Possession , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[25]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[26]  Reza Curtmola,et al.  Robust remote data checking , 2008, StorageSS '08.

[27]  Javier López,et al.  Secure Multi-Party Non-Repudiation Protocols and Applications , 2008, Advances in Information Security.

[28]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[29]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[30]  Giuseppe Cattaneo,et al.  Design and Implementation of a Transparent Cryptographic File System for Unix , 2007 .

[31]  Wei-Shinn Ku,et al.  Analysis of Integrity Vulnerabilities and a Non-repudiation Protocol for Cloud Data Storage Platforms , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[32]  Mary Baker,et al.  The LOCKSS peer-to-peer digital preservation system , 2005, TOCS.

[33]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[34]  Jean-Jacques Quisquater,et al.  Remote Integrity Checking - How to Trust Files Stored on Untrusted Servers , 2003, IICIS.

[35]  Dan Boneh,et al.  Breaking RSA May Not Be Equivalent to Factoring , 1998, EUROCRYPT.

[36]  A. Menezes An Introduction to Pairing-Based Cryptography , 2005 .

[37]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[38]  Ari Juels,et al.  Proofs of retrievability: theory and implementation , 2009, CCSW '09.

[39]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[40]  Cong Wang,et al.  Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , 2009, ESORICS.

[41]  Antonio F. Gómez-Skarmeta,et al.  A new fair non-repudiation protocol for secure negotiation and contract signing , 2006, J. Univers. Comput. Sci..

[42]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[43]  Ayad F. Barsoum,et al.  Provable Possession and Replication of Data over Cloud Servers , 2011 .

[44]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[45]  Andreas Haeberlen,et al.  Efficient Replica Maintenance for Distributed Storage Systems , 2006, NSDI.

[46]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[47]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[48]  Stephen S. Yau,et al.  Efficient provable data possession for hybrid clouds , 2010, CCS '10.

[49]  M. Anwar Hasan,et al.  Integrity Verification of Multiple Data Copies over Untrusted Cloud Servers , 2012, 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012).

[50]  Marcos K. Aguilera,et al.  Using erasure codes efficiently for storage in a distributed system , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[51]  Josep Domingo-Ferrer,et al.  Efficient Remote Data Possession Checking in Critical Information Infrastructures , 2008, IEEE Transactions on Knowledge and Data Engineering.

[52]  Xiaofeng Meng,et al.  Integrity Auditing of Outsourced Data , 2007, VLDB.

[53]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[54]  Michael Backes,et al.  Secure Key-Updating for Lazy Revocation , 2006, ESORICS.

[55]  Stanislaw Jarecki,et al.  Cryptographic Primitives Enforcing Communication and Storage Complexity , 2002, Financial Cryptography.

[56]  Bharat K. Bhargava,et al.  Secure and efficient access to outsourced data , 2009, CCSW '09.

[57]  Ling Liu,et al.  Sharoes: A Data Sharing Platform for Outsourced Enterprise Storage Environments , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[58]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[59]  Yu Chen,et al.  A fair multi-party non-repudiation scheme for storage clouds , 2011, 2011 International Conference on Collaboration Technologies and Systems (CTS).

[60]  Mary Baker,et al.  Auditing to Keep Online Storage Services Honest , 2007, HotOS.

[61]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[62]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[63]  Ari Juels,et al.  HAIL: a high-availability and integrity layer for cloud storage , 2009, CCS.

[64]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[65]  Kevin Fu,et al.  Group Sharing and Random Access in Cryptographic Storage File Systems , 1999 .

[66]  M. Anwar Hasan,et al.  Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems , 2013, IEEE Transactions on Parallel and Distributed Systems.

[67]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[68]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[69]  Mukesh Singhal,et al.  Password-Based Authentication: Preventing Dictionary Attacks , 2007, Computer.

[70]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[71]  Paulo S. L. M. Barreto,et al.  Demonstrating data possession and uncheatable data transfer , 2006, IACR Cryptol. ePrint Arch..

[72]  Ke Zeng,et al.  Publicly Verifiable Remote Data Integrity , 2008, ICICS.

[73]  Cong Wang,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2011, IEEE Transactions on Parallel and Distributed Systems.

[74]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[75]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[76]  Štefan Porubský,et al.  Fermat–Euler Theorem in Algebraic Number Fields , 1996 .

[77]  M. Anwar Hasan,et al.  Provable Multicopy Dynamic Data Possession in Cloud Computing Systems , 2015, IEEE Transactions on Information Forensics and Security.

[78]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[79]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[80]  Matthew Green,et al.  Practical Short Signature Batch Verification , 2009, CT-RSA.