A Survey on Secure Cloud Data Storage ZENG, Xi 1010105140 CAI, Peng 1010121750.

Slides:



Advertisements
Similar presentations
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Advertisements

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
Cloud Computing Security Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧ nen, Pasquale Puzio December 18, 2013 – Sophia-Antipolis, France.
Henry C. H. Chen and Patrick P. C. Lee
SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
A Folder Tree Structure for Cryptographic File Systems Dominik Grolimund, Luzius Meisser, Stefan Schmid, Roger Wattenhofer Computer Engineering and Networks.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Seny Kamara & Kristin Lauter Micorsoft Reaserch B 廖以圻 B 陳育旋.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
FADE: Secure Overlay Cloud Storage with File Assured Deletion
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Group Management, Permissions, and Revocation in OceanStore Barbara Engelhardt George Porter Naveen Sastry UC Berkeley January 2002.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Key learnings from our customers Data privacy is important and is often mandated Regulatory requirements are on the rise IT must ‘reason over data’
PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
Secure File Storage Nathanael Paul CRyptography Applications Bistro March 25, 2004.
Key Management in Cryptography
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Sinaia, Romania August, TH Workshop “Software Engineering Education and Reverse Engineering” Dhuratë Hyseni, Betim Çiço South East European University.
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
1 Convergent Dispersal: Toward Storage-Efficient Security in a Cloud-of-Clouds Mingqiang Li 1, Chuan Qin 1, Patrick P. C. Lee 1, Jin Li 2 1 The Chinese.
Privacy Preserving Query Processing in Cloud Computing Wen Jie
MobeSys Technologies MobeSys – helping you overcome mobile technology challenges.
Fine-Grained Access Control (FGAC) in the Cloud Robert Barton.
15 Maintaining a Web Site Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section.
Zhen Feng, Mingwei Xu, Yu Wang and Qing Li Tsinghua University, Beijing, China, Globalcom2013 – NGN Symposium Katto Lab Hiroto Kisara AN ARCHITECTURE FOR.
DATA DYNAMICS AND PUBLIC VERIFIABILITY CHECKING WITHOUT THIRD PARTY AUDITOR GUIDED BY PROJECT MEMBERS: Ms. V.JAYANTHI M.E Assistant Professor V.KARTHIKEYAN.
General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Additional Security Tools Lesson 15. Skills Matrix.
Phosphor A Cloud based DRM Scheme with Sim Card th International Asia-Pacific Web Conference Author : Peng Zou, Chaokun Wang, Zhang Liu, Dalei.
Identity-Based Secure Distributed Data Storage Schemes.
Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Speaker: Meng-Ting Tsai Date:2010/11/16 Toward Publicly Auditable Secure Cloud Data Storage Services Cong Wang and Kui Ren..etc IEEE Communications Society.
(c) Mitsubishi Electric Corp. 1 User Scenarios & Security Considerations in APPAGG part 2/ Nobuhiro Electric.
Serverless Network File Systems Overview by Joseph Thompson.
Company small business cloud solution Client UNIVERSITY OF BEDFORDSHIRE.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
When DRM Meets Restricted Multicast A Content Encryption Key Scheme for Restricted Multicast and DRM Min FENG and Bin ZHU Microsoft Research Asia.
Secure Messenger Protocol using AES (Rijndael) Sang won, Lee
Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud.
Cloud Archive By: Kimberly Nolan. What it is?  The goal of a cloud archiving service is to provide a data storage (ex. Google drive and SkyDrive) as.
Fall 2006CS 395: Computer Security1 Key Management.
SDSM IN MOBILE CLOUD COMPUTING By- ID NO-1069 K.C. SHARMILAADEVI Sethu Institute Of Tech IV year-ECE Department CEC Batch: AUG 2012.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Shucheng Yu, Cong Wang, Kui Ren,
Key management issues in PGP
Rekeying for Encrypted Deduplication Storage
Lan Zhou, Vijay Varadharajan, and Michael Hitchens
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
e-Health Platform End 2 End encryption
pVault Sharing Architecture
Marco Casassa Mont Keith Harrison Martin Sadler
Presentation transcript:

A Survey on Secure Cloud Data Storage ZENG, Xi CAI, Peng

Outsource your data to the cloud Cloud data storage is a rising business model. 2 Mobile devices Individual users Enterprises

Cloud Data Storage A cost-saving business solution: Save cost for unused storage Save technical support for data backups Save electric power and maintenance costs for data centers As a cloud client, how do we provide security guarantees for our outsourced data? Privacy Data Availability Data Integrity Consistency Access Control Assured Deletion

Security Challenges Can we protect outsourced data from improperly accessed? Unauthorized users must not access our data We don’t want cloud providers to mine our data for their marketing purposes We need access control: Only authorized parties can access outsourced data

Security Challenges Can we reliably remove data from cloud? We don’t want backups to exist after pre-defined time e.g., to avoid future exposure due to data breach or error management of operators If an employee quits, we want to remove his/her data e.g., to avoid legal liability Cloud makes backup copies. We don’t know if all backup copies are reliably removed. We need assured deletion: Data becomes inaccessible upon requests of deletion

Secure and E ffi cient Access to Outsourced Data W. Wang, Z. Li, R. Owens, and B. Bhargava W. Wang, Z. Li, R. Owens, and B. Bhargava

Wang’s Approach Aims for designing an approach to achieve flexible access control and large-scale dynamic data management in a high secure and efficient way.

Wang’s Approach Data Access Procedure Owner-write-user-read Scenario Data can be updated only by the original owner Users read the information according to access rights

Wang’s Approach Key generation

Wang’s Approach Dynamics Handling User Access Right Eavesdropping Over-encryption Lazy revocation Outsourced Data Deletion Insertion and appending Updating Control block One-to-one mapping hierarchy Overhead Analysis Limited storage overhead

Wang’s Approach Advantages Low clients’ responsibilities Low storage overhead Block insertion, update, deletion and appending Disadvantages Requires support from the cloud side No multiple policies combination

FADE: a secure overlay cloud storage system with File Assured Deletion Yang Tang, Patrick P. C. Lee, John C. S. Lui, and Radia Perlman Yang Tang, Patrick P. C. Lee, John C. S. Lui, and Radia Perlman

FADE A new policy-based file assured deletion scheme that reliably deletes files of revoked file access policies Implement a working prototype of FADE atop Amazon S3 Evaluate the performance overhead of FADE atop Amazon S3

Policy-based File Assured Deletion Each file is associated with a data key and a file access policy Each policy is associated with a control key All control keys are maintained by a key manager When a policy is revoked, its respective control key will be removed from the key manager

15 Main idea: File protected with data key Data key protected with control key File data key control key is maintained by the key manager Policy-based File Assured Deletion

16 When a policy is revoked, the control key is removed. The encrypted data key and hence the encrypted file cannot be recovered The file is deleted, i.e., even a copy exists, it is encrypted and inaccessible by everyone File data key Cannot be recovered without Policy-based File Assured Deletion

17 Multiple Policies Conjunctive policies Satisfy all policies to recover file File P1P1 P2P2 P3P3  Disjunctive policies Satisfy only one policy to recover fileSatisfy only one policy to recover file File P1P1 P2P2 P3P3 {F} K {{K} S1 } S2 … } Sm S 1 e1, S 2 e2, …, S m em {F} K {K} S1,{K} S2,{K} Sm,S 1 e1, S 2 e2, …, S m em

18 System Entities Data owner: the entity that originates data to be stored on cloud Key manager: maintains policy-based control keys for encrypting data keys Cloud: third-party cloud provider (e.g., Amazon S3) that stores data

19 Architecture of FADE FADE decouples key management and data management Key manager can be flexibly deployed in another trusted third party, or deployed within data owner No implementation changes on cloud key manager … Data owner Cloud file (encrypted) metadata file FADE

20 File Upload PiPi (n i, e i ) P i, {K} Si, S i ei, {F} K CloudData ownerKey manager Send policy P i Return RSA public key for P i Send metadata & encrypted file to cloud Data owner randomly chooses (i) K for file F and (ii) S i for policy P i. Things sent to cloud P i = policy P i {K} Si = data key K encrypted with S i using symmetric key crypto S i ej = secret key S i encrypted with e i using public key crypto S i is used for policy renewal {F} K = file encrypted with data key K using symmetric key crypto Cache (n i, e i ) for future use

21 File Download P i, S i ei R ei SiRSiR P i, {K} Si, S i ei, {F} K CloudData ownerKey manager Send all back to data owner Decrypt with d i, and return Send blinded S i ei Data owner randomly picks a number R, and blinds S i ei with R ei It unblinds S i R, and recovers K and F Unblind S i R

22 Policy Renewal Main idea: S i re-encrypted into S i em {K} Si and {F} K remain unchanged on cloud P i, S i ei R ei, P m S i R, (n m, e m ) P i, S i ei CloudData ownerKey manager Send only P i and S i ei Decrypt with d i, and return Send blinded S i ei and new policy P m P m, S i em Unblind S i Reencrypt with e m

23 Experiments What is the performance overhead of FADE? e.g., metadata, cryptographic operations Performance overhead: Time File transmission time Metadata transmission time Time for cryptographic operations (e.g., AES, HMAC, key exchanges) Space Metadata

24 File Upload/Download Overhead of metadata is less if file size is large Time for cryptographic operations is small File uploadFile download

25 Conclusions FADE, an overlay cloud storage system with access control and assured deletion Cryptographic operations for policy-based file assured deletion Implement a FADE prototype atop Amazon S3 FADE is feasible in practice

Comparison Wang’s approachFADE Supported by existing cloud infrastructureNo, required new protocol supportYes Access control policiesYes Multiple policies combinationNoYes Assured deletionYes ImplementationYes OverheadLow Block updateYesNo Block insertion and appendingYesNo Clients’ responsibilitiesLowHigh

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.