Storekeeper: A Security-Enhanced Cloud Storage Aggregation Service

Cloud storage services are currently a commodity that allows users to store data persistently, access the data from everywhere, and share it with friends or co-workers. However, due to the proliferation of cloud storage accounts and lack of interoperability between cloud services, managing and sharing cloud-hosted files is a nightmare for many users. To address this problem, specialized cloud aggregator systems emerged that provide users a global view of all files in their accounts and enable file sharing between users from different clouds. Such systems, however, have limited security: not only they fail to provide end-to-end privacy from cloud providers, but they require users to grant full access privileges to individual cloud storage accounts. In this paper, we present Storekeeper, a privacy-preserving cloud aggregation service that enables file sharing on multi-user multi-cloud storage platforms while preserving data confidentiality from cloud providers and from the cloud aggregator service. To provide this property, Storekeeper decentralizes most of the cloud aggregation logic to the client side enabling security sensitive functions to be performed only on the trusted client endpoints. This decentralization brings new challenges related with file update propagation, access control, user authentication, and key management that are addressed by Storekeeper. This is provided at a low cost (7% on average) when compared with the underlining cloud providers.

[1]  George Coulouris,et al.  Distributed systems - concepts and design , 1988 .

[2]  Bin Sun,et al.  A scheme of data confidentiality and fault-tolerance in cloud storage , 2012, 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems.

[3]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[4]  Miguel Correia,et al.  SCFS: A Shared Cloud-backed File System , 2014, USENIX Annual Technical Conference.

[5]  Michael Vrable,et al.  BlueSky: a cloud-backed file system for the enterprise , 2012, FAST.

[6]  Srinath T. V. Setty,et al.  Depot: Cloud Storage with Minimal Trust , 2010, TOCS.

[7]  Jin Li,et al.  Defending against Key Abuse Attacks in KP-ABE Enabled Broadcast Systems , 2009, SecureComm.

[8]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[9]  Vinod Ganapathy,et al.  K2C: Cryptographic Cloud Storage with Lazy Revocation and Anonymous Access , 2011, SecureComm.

[10]  Miguel Correia,et al.  DepSky: Dependable and Secure Storage in a Cloud-of-Clouds , 2013, TOS.

[11]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[12]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[13]  Moni Naor,et al.  Efficient trace and revoke schemes , 2000, International Journal of Information Security.

[14]  M. Bellare,et al.  HMAC: Keyed-Hashing for Message Authentication, RFC 2104 , 2000 .

[15]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[16]  Yonggang Wen,et al.  Towards end-to-end secure content storage and delivery with public cloud , 2012, CODASPY '12.

[17]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[18]  Kevin Fu,et al.  Group Sharing and Random Access in Cryptographic Storage File Systems , 1999 .

[19]  Yong Tang,et al.  Trusted Data Sharing over Untrusted Cloud Storage Providers , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[20]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[21]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[22]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[23]  Ariel J. Feldman,et al.  SPORC: Group Collaboration using Untrusted Cloud Resources , 2010, OSDI.