1 Convergent Dispersal: Toward Storage-Efficient Security in a Cloud-of-Clouds Mingqiang Li 1, Chuan Qin 1, Patrick P. C. Lee 1, Jin Li 2 1 The Chinese.

Slides:

Advertisements

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Advertisements

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Cloud Computing Security Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧ nen, Pasquale Puzio December 18, 2013 – Sophia-Antipolis, France.

A Survey of Key Management for Secure Group Communications Celia Li.

Analysis and Construction of Functional Regenerating Codes with Uncoded Repair for Distributed Storage Systems Yuchong Hu, Patrick P. C. Lee, Kenneth.

Henry C. H. Chen and Patrick P. C. Lee

1 NCFS: On the Practicality and Extensibility of a Network-Coding-Based Distributed File System Yuchong Hu 1, Chiu-Man Yu 2, Yan-Kit Li 2 Patrick P. C.

Yuchong Hu1, Henry C. H. Chen1, Patrick P. C. Lee1, Yang Tang2

White-Box Cryptography

1 STAIR Codes: A General Family of Erasure Codes for Tolerating Device and Sector Failures in Practical Storage Systems Mingqiang Li and Patrick P. C.

Cryptography and Data Security: Long-Term Challenges Burt Kaliski, RSA Security Northeastern University CCIS Mini Symposium on Information Security November.

1 Toward I/O-Efficient Protection Against Silent Data Corruptions in RAID Arrays Mingqiang Li and Patrick P. C. Lee The Chinese University of Hong Kong.

Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York

Beyond the MDS Bound in Distributed Cloud Storage

1 Live Deduplication Storage of Virtual Machine Images in an Open-Source Cloud Chun-Ho Ng, Mingcao Ma, Tsz-Yeung Wong, Patrick P. C. Lee, John C. S. Lui.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Efficient Proactive Security for Sensitive Data Storage Arun Subbiah Douglas M. Blough School of ECE, Georgia Tech {arun,

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

Network Coding Distributed Storage Patrick P. C. Lee Department of Computer Science and Engineering The Chinese University of Hong Kong 1.

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Min Xu1, Yunfeng Zhu2, Patrick P. C. Lee1, Yinlong Xu2

A Survey on Secure Cloud Data Storage ZENG, Xi CAI, Peng

Low-Overhead Byzantine Fault-Tolerant Storage James Hendricks, Gregory R. Ganger Carnegie Mellon University Michael K. Reiter University of North Carolina.

Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

Hashing Algorithms: Basic Concepts and SHA-2 CSCI 5857: Encoding and Encryption.

Chapter 21 Public-Key Cryptography and Message Authentication.

Applying White-Box Cryptography SoBeNet user group meeting October 8, 2004 Brecht Wyseur.

WEP Protocol Weaknesses and Vulnerabilities

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

Yu-Li Lin and Chien-Lung Hsu Department of Information Management, Chang-Gung University Information Science(SCI) Reporter: Tzer-Long Chen.

1 CloudVS: Enabling Version Control for Virtual Machines in an Open- Source Cloud under Commodity Settings Chung-Pan Tang, Tsz-Yeung Wong, Patrick P. C.

1 Making MapReduce Scheduling Effective in Erasure-Coded Storage Clusters Runhui Li and Patrick P. C. Lee The Chinese University of Hong Kong LANMAN’15.

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

Lecture 2: Introduction to Cryptography

RevDedup: A Reverse Deduplication Storage System Optimized for Reads to Latest Backups Chun-Ho Ng, Patrick P. C. Lee The Chinese University of Hong Kong.

DPA Countermeasures by Improving the Window Method Kouichi Itoh, Jun Yajima, Masahiko Takenaka and Naoya Torii Workshop on Cryptographic Hardware and Embedded.

1 Enabling Efficient and Reliable Transitions from Replication to Erasure Coding for Clustered File Systems Runhui Li, Yuchong Hu, Patrick P. C. Lee The.

Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

CRYPTOGRAPHY PRESENTED BY : NILAY JAYSWAL BRANCH : COMPUTER SCIENCE & ENGINEERING ENTRY NO. : 14BCS033 1.

Presented By Amarjit Datta

Network Security. Three tools Hash Function Block Cipher Public Key / Private Key.

Database Laboratory Regular Seminar TaeHoon Kim Article.

Privacy Preserving Cloud Data Access With Multi-Authorities Taeho Jung 1, Xiang-Yang Li 1, Zhiguo Wan 2, Meng Wan 3 Illinois Institute of Technology, Chicago.

Using Deduplicating Storage for Efficient Disk Image Deployment Xing Lin, Mike Hibler, Eric Eide, Robert Ricci University of Utah.

Pouya Ostovari and Jie Wu Computer & Information Sciences

Searchable Encryption in Cloud

Rekeying for Encrypted Deduplication Storage

Information Leakage in Encrypted Deduplication via Frequency Analysis

Efficient Multi-User Indexing for Secure Keyword Search

A Simulation Analysis of Reliability in Primary Storage Deduplication

Repair Pipelining for Erasure-Coded Storage

Security and Deduplication in the Cloud

Intrusion Tolerance for NEST

Sindhusha Doddapaneni

HashKV: Enabling Efficient Updates in KV Storage via Hashing

Xiaoyang Zhang1, Yuchong Hu1, Patrick P. C. Lee2, Pan Zhou1

Public Key Infrastructure

Jingwei Li*, Patrick P. C. Lee #, Yanjing Ren*, and Xiaosong Zhang*

Presentation transcript:

1 Convergent Dispersal: Toward Storage-Efficient Security in a Cloud-of-Clouds Mingqiang Li 1, Chuan Qin 1, Patrick P. C. Lee 1, Jin Li 2 1 The Chinese University of Hong Kong, 2 Guangzhou University HotStorage ’14

Single Cloud Problems 2  Single point of failure:  Vendor lock-in: Costly Migration

Cloud-of-Clouds  Exploits diversity of multiple cloud storage vendors: Provides fault tolerance Avoids vendor lock-in Improves security 3

Diversity  Security  Threat model: provides data confidentiality  Traditional encryption: Encrypts data with a key and protects the key Key management is challenging  Leveraging diversity: Disperses data across multiple clouds Data remains confidential even if a subset of clouds is compromised Assumption: infeasible for attackers to compromise all clouds Security is achieved without keys  keyless security 4

Keyless Security  Major building block: dispersal algorithm Given a secret, outputs multiple shares Secret remains inaccessible without enough shares 5

Dispersal Algorithm  (n, k, r) dispersal algorithm: Secret is dispersed into n shares Secret can be reconstructed from any k shares (k < n) Secret cannot be inferred (even partially) from any r shares (r < k) Example: (4, 3, 2) 6 Nothing!

State of the Art  Ramp secret sharing scheme (RSSS) [Blakley and Meadows, CRYPTO’84] Combines Rabin’s information dispersal ( r = 0 ) and Shamir’s secret sharing scheme ( r = k-1 ) Makes tradeoff between storage space and security  AONT-RS [Resch et al., FAST’11] Combines all-or-nothing-transform and Reed- Solomon encoding  Main idea: embeds random information into dispersed data 7

Deduplication  Cloud storage uses deduplication to save cost  Deduplication avoids storing multiple data copies with identical content Saves storage space Saves write bandwidth  However, state-of-the-art dispersal algorithms break deduplication Root cause: security builds on embedded randomness 8

Deduplication 9 Identical content Different shares! Random information Q: Can we preserve both deduplication and keyless security in dispersal algorithms?

Our Contributions  Convergent Dispersal: a data dispersal design that preserves both dedup and keyless security Can be generalized for any distributed storage systems  Two implementations: CRSSS: builds on RSSS [Blakley and Meadows, CRYPTO’84] CAONT-RS: builds on AONT-RS [Resch et al., FAST’11]  Evaluation on computational performance CRSSS and CAONT-RS are complementary in performance for different parameters Best of CRSSS and CAONT-RS achieves ≥ 200MB/s 10

Key Idea  Inspired by convergent encryption [Douceur et al., ICDCS’02] Key is derived from cryptographic hash of the content Key is deterministic: same content  same ciphertext  Convergent dispersal: 11 Replace random information with secret’s hashes Same secret  same shares

Deployment Scenario 12 Avoids cross-user dedup due to side-channel attacks [Harnik et al., IEEE S&P’10] Owned by organization Single-user dedup before uploads Organization Cross-user dedup by VMs

CRSSS  Example: n = 6, k = 5, r = 2 13 Replace r random words with r hashes

CRSSS  Generate r hashes from k-r secret words: D = data block of the k-r secret words i = index H = cryptographic hash function (e.g., SHA-256) 14

CAONT-RS  Example: n =4, k=3, r = k -1 = 2 : 15 Replace the random key with a hash

CAONT-RS  Transform s secret words d 0, d 1, …, d s-1 into s+1 CAONT words c 0, c 1, …, c s : ⊕ = XOR operator h key = hash key generated from the secret via a cryptographic hash function (e.g., SHA-256) i = index E = encryption function (e.g., AES-256) 16

Evaluation Setup  Evaluate the computational throughput of CRSSS and CAONT-RS  Setup: OpenSSL for encryption (AES-256) and hash (SHA-256) Jerasure [Plank, 2014] & GF-Complete [Plank, 2013] for encoding Implementation in C  Compare: RSSS vs. CRSSS AONT-RS vs. CAONT-RS CRSSS vs. CAONT-RS 17

Evaluation 18 m = n - k

Evaluation 19  CRSSS has much higher overhead (~30%) than RSSS due to more hash computations; yet, CAONT-RS has limited overhead (~8%) over AONT-RS m = n - k

Evaluation 20  CRSSS and CAONT-RS are complementary in performance: CRSSS decreases in throughput due to more hashes, while CAONT-RS increases in throughput due to RS encoding m = n - k

Evaluation 21  For smaller r, CRSSS achieves much higher throughput (>400MB/s), but with higher storage overhead  tradeoff between throughput and storage m = n - k

Conclusions  Defines a framework of convergent dispersal that enables keyless security and deduplication  Two implementations based on state-of-the-art: CRSSS and CAONT-RS Both are complementary in performance  Future work: Complete cloud storage prototype Cost-performance analysis Security analysis Evaluation in real-world deployment 22