1 / 31

Toward Publicly Auditable Secure Cloud Data Storage Services

Toward Publicly Auditable Secure Cloud Data Storage Services. Cong Wang and Kui Ren ..etc IEEE Communications Society. Speaker: Meng-Ting Tsai Date:2010/11/16. Directory. Introduction Cloud Storage Architecture and Security Threats Ensuring Cloud Data Security Concluding Remarks.

totie
Télécharger la présentation

Toward Publicly Auditable Secure Cloud Data Storage Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Toward Publicly AuditableSecure Cloud Data Storage Services Cong Wang and Kui Ren ..etc IEEE Communications Society Speaker:Meng-Ting Tsai Date:2010/11/16

  2. Directory • Introduction • Cloud Storage Architecture and Security Threats • Ensuring Cloud Data Security • Concluding Remarks

  3. Introduction(1) • Cloud computing has been envisioned as the next-generation architecture of the IT: • 1. On-demand self-service. • 2. Ubiquitous network access. • 3. Location-independent resource pooling. • 4. Rapid resource elasticity. • 5. Usage-based pricing. • 6. Transference of risk.

  4. Introduction(2) • From the data owners’ perspective , a flexible on-demand manner brings appealing benefits: • 1. Relief of the burden of storage management. • 2. Universal data access with independent geographical locations. • 3. Avoidance of capital expenditure on hardware, software, personnel maintenance.

  5. Introduction(3) • Since cloud service providers (CSP) are separate administrative entities, data outsourcing actually relinquishes the owner’s ultimate control over the fate of their data.

  6. Introduction(4) • Outages and security breaches of noteworthy cloud services appear from time to time. • EX : Gmail’s mass email deletion incident. • There are various motivations for CSPs to behave unfaithfully toward cloud customers regarding the status of their outsourced data. • EX : Hiding data loss incidents to maintain a reputation.

  7. Introduction(5) • Traditional cryptographic primitives for the purpose of data security protection cannot be directly adopted. • It is often insufficient to detect data corruption only when accessing the data. • The tasks of auditing the data correctness in a cloud environment can be formidable and expensive for data owners.

  8. Introduction(6) • To fully ensure data security and save data owners’ computation resources, we propose to enable publicly auditable cloud storage services TPA( Third Party Auditor ). • TPA provides a transparent yet cost-effective method for establishing trust between data owner and cloud server.

  9. Introduction(7) • This article is intended as a call for action, aiming to motivate further research on dependable cloud storage services and enable public auditing services to become a reality. • We sketch a set of building blocks, including recently developed cryptographic primitives (e.g., homomorphic authenticator).

  10. Directory • Introduction • Cloud Storage Architecture and Security Threats • Ensuring Cloud Data Security • Concluding Remarks

  11. Cloud Storage Architecture and Security Threats(1) • Problem Statement: • We begin with a high-level architecture description of cloud data storage services illustrated in Fig. 1 .

  12. Cloud Storage Architecture and Security Threats(2)

  13. Cloud Storage Architecture and Security Threats(3) • Security Threats: • We consider both malicious outsiders and a semi-trusted CS (Cloud Server) as potential adversaries interrupting cloud data storage services. • For its own benefit the CS might neglect to keep or deliberately delete rarely accessed data files that belong to ordinary cloud owners.

  14. Cloud Storage Architecture and Security Threats(4) • Desirable Properties for Public Auditing: • (1)Minimize Auditing Overhead. • (2)Protect Data Privacy. • (3)Support Data Dynamics. • (4)Support Batch Auditing.

  15. Cloud Storage Architecture and Security Threats(5) • (1)Minimize Auditing Overhead: • Any extra online burden on a data owner should also be as low as possible. • (2)Protect Data Privacy: • TPA should be able to efficiently audit the cloud data storage without demanding a local copy of data or even learning the data content.

  16. Cloud Storage Architecture and Security Threats(6) • (3)Support Data Dynamics: • As a cloud storage service is not just a data warehouse, owners are subject to dynamically updating their data via various application purposes. • (4)Support Batch Auditing: • The prevalence of large-scale cloud storage service further demands auditing efficiency.

  17. Directory • Introduction • Cloud Storage Architecture and Security Threats • Ensuring Cloud Data Security • Concluding Remarks

  18. Ensuring Cloud Data Security(1)

  19. Ensuring Cloud Data Security(2) • Traditional Methods Revisited. • Utilizing Homomorphic Authenticators. • Protecting Data Privacy. • Supporting Data Dynamics. • Handling Multiple Concurrent Tasks. • Further Challenges.

  20. Ensuring Cloud Data Security(3) • Traditional Methods Revisited: • A straightforward approach to protect the data integrity would be using traditional cryptographic methods, MACs ( Message Authentication Codes ). • While this method allows data owners to verify the correctness of the received data from the cloud, it does not give any assurance about the correctness of other outsourced data.

  21. Ensuring Cloud Data Security(4) • A particular drawback is that the number of times a data file can be audited is limited by the number of secret keys that must be fixed a priori.

  22. Ensuring Cloud Data Security(5) • Utilizing Homomorphic Authenticators: • Homomorphic authenticators are unforgeable metadata generated from individual data blocks. • Using this technique requires additional information encoded along with the data before outsourcing.

  23. Ensuring Cloud Data Security(6)

  24. Ensuring Cloud Data Security(7) • Protecting Data Privacy: • If enough linear combinations of the same blocks are collected, the TPA can simply derive the sampled data content by solving a system of linear equations. • This drawback greatly affects the security of using homomorphic- authenticator-based.

  25. Ensuring Cloud Data Security(8) • To address this concern, a proper approach is to combine the homomorphic authenticator with random masking.

  26. Ensuring Cloud Data Security(9) • Supporting Data Dynamics: • Using homomorphic authenticators helps achieve a constant communication overhead for public auditability.

  27. Ensuring Cloud Data Security(10) • Handling Multiple Concurrent Tasks: • Such a technique supports the aggregation of multiple signatures by distinct signers on distinct messages into a single signature and thus allows efficient verification for the authenticity of all messages.

  28. Ensuring Cloud Data Security(11) • Further Challenges: • 1.Accountability • 2.Multi-Writer Model • 3.Performance

  29. Directory • Introduction • Cloud Storage Architecture and Security Threats • Ensuring Cloud Data Security • Concluding Remarks

  30. Concluding Remarks • Cloud computing has been envisioned as the next-generation architecture of enterprise IT. • We believe security in cloud computing, an area full of challenges.

  31. Thank you for your attention!!

More Related