Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Survey on Secure Cloud Data Storage ZENG, Xi 1010105140 CAI, Peng 1010121750.

Published byGodfrey Green Modified over 9 years ago

Similar presentations

Presentation on theme: "A Survey on Secure Cloud Data Storage ZENG, Xi 1010105140 CAI, Peng 1010121750."— Presentation transcript:

1 A Survey on Secure Cloud Data Storage ZENG, Xi 1010105140 CAI, Peng 1010121750

2 Outsource your data to the cloud Cloud data storage is a rising business model. 2 Mobile devices Individual users Enterprises

3 Cloud Data Storage A cost-saving business solution: Save cost for unused storage Save technical support for data backups Save electric power and maintenance costs for data centers As a cloud client, how do we provide security guarantees for our outsourced data? Privacy Data Availability Data Integrity Consistency Access Control Assured Deletion

4 Security Challenges Can we protect outsourced data from improperly accessed? Unauthorized users must not access our data We don’t want cloud providers to mine our data for their marketing purposes We need access control: Only authorized parties can access outsourced data

5 Security Challenges Can we reliably remove data from cloud? We don’t want backups to exist after pre-defined time e.g., to avoid future exposure due to data breach or error management of operators If an employee quits, we want to remove his/her data e.g., to avoid legal liability Cloud makes backup copies. We don’t know if all backup copies are reliably removed. We need assured deletion: Data becomes inaccessible upon requests of deletion

6 Secure and E ffi cient Access to Outsourced Data W. Wang, Z. Li, R. Owens, and B. Bhargava W. Wang, Z. Li, R. Owens, and B. Bhargava

7 Wang’s Approach Aims for designing an approach to achieve flexible access control and large-scale dynamic data management in a high secure and efficient way.

8 Wang’s Approach Data Access Procedure Owner-write-user-read Scenario Data can be updated only by the original owner Users read the information according to access rights

9 Wang’s Approach Key generation

10 Wang’s Approach Dynamics Handling User Access Right Eavesdropping Over-encryption Lazy revocation Outsourced Data Deletion Insertion and appending Updating Control block One-to-one mapping hierarchy Overhead Analysis Limited storage overhead

11 Wang’s Approach Advantages Low clients’ responsibilities Low storage overhead Block insertion, update, deletion and appending Disadvantages Requires support from the cloud side No multiple policies combination

12 FADE: a secure overlay cloud storage system with File Assured Deletion Yang Tang, Patrick P. C. Lee, John C. S. Lui, and Radia Perlman Yang Tang, Patrick P. C. Lee, John C. S. Lui, and Radia Perlman

13 FADE A new policy-based file assured deletion scheme that reliably deletes files of revoked file access policies Implement a working prototype of FADE atop Amazon S3 Evaluate the performance overhead of FADE atop Amazon S3

14 Policy-based File Assured Deletion Each file is associated with a data key and a file access policy Each policy is associated with a control key All control keys are maintained by a key manager When a policy is revoked, its respective control key will be removed from the key manager

15 15 Main idea: File protected with data key Data key protected with control key File data key control key is maintained by the key manager Policy-based File Assured Deletion

16 16 When a policy is revoked, the control key is removed. The encrypted data key and hence the encrypted file cannot be recovered The file is deleted, i.e., even a copy exists, it is encrypted and inaccessible by everyone File data key Cannot be recovered without Policy-based File Assured Deletion

17 17 Multiple Policies Conjunctive policies Satisfy all policies to recover file File P1P1 P2P2 P3P3  Disjunctive policies Satisfy only one policy to recover fileSatisfy only one policy to recover file File P1P1 P2P2 P3P3 {F} K {{K} S1 } S2 … } Sm S 1 e1, S 2 e2, …, S m em {F} K {K} S1,{K} S2,{K} Sm,S 1 e1, S 2 e2, …, S m em

18 18 System Entities Data owner: the entity that originates data to be stored on cloud Key manager: maintains policy-based control keys for encrypting data keys Cloud: third-party cloud provider (e.g., Amazon S3) that stores data

19 19 Architecture of FADE FADE decouples key management and data management Key manager can be flexibly deployed in another trusted third party, or deployed within data owner No implementation changes on cloud key manager … Data owner Cloud file (encrypted) metadata file FADE

20 20 File Upload PiPi (n i, e i ) P i, {K} Si, S i ei, {F} K CloudData ownerKey manager Send policy P i Return RSA public key for P i Send metadata & encrypted file to cloud Data owner randomly chooses (i) K for file F and (ii) S i for policy P i. Things sent to cloud P i = policy P i {K} Si = data key K encrypted with S i using symmetric key crypto S i ej = secret key S i encrypted with e i using public key crypto S i is used for policy renewal {F} K = file encrypted with data key K using symmetric key crypto Cache (n i, e i ) for future use

21 21 File Download P i, S i ei R ei SiRSiR P i, {K} Si, S i ei, {F} K CloudData ownerKey manager Send all back to data owner Decrypt with d i, and return Send blinded S i ei Data owner randomly picks a number R, and blinds S i ei with R ei It unblinds S i R, and recovers K and F Unblind S i R

22 22 Policy Renewal Main idea: S i re-encrypted into S i em {K} Si and {F} K remain unchanged on cloud P i, S i ei R ei, P m S i R, (n m, e m ) P i, S i ei CloudData ownerKey manager Send only P i and S i ei Decrypt with d i, and return Send blinded S i ei and new policy P m P m, S i em Unblind S i Reencrypt with e m

23 23 Experiments What is the performance overhead of FADE? e.g., metadata, cryptographic operations Performance overhead: Time File transmission time Metadata transmission time Time for cryptographic operations (e.g., AES, HMAC, key exchanges) Space Metadata

24 24 File Upload/Download Overhead of metadata is less if file size is large Time for cryptographic operations is small File uploadFile download

25 25 Conclusions FADE, an overlay cloud storage system with access control and assured deletion Cryptographic operations for policy-based file assured deletion Implement a FADE prototype atop Amazon S3 FADE is feasible in practice

26 Comparison Wang’s approachFADE Supported by existing cloud infrastructureNo, required new protocol supportYes Access control policiesYes Multiple policies combinationNoYes Assured deletionYes ImplementationYes OverheadLow Block updateYesNo Block insertion and appendingYesNo Clients’ responsibilitiesLowHigh

27 Thank you

Download ppt "A Survey on Secure Cloud Data Storage ZENG, Xi 1010105140 CAI, Peng 1010121750."

Similar presentations

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar(96608205043) C.Karthik(96608205022) H.Sheik mohideen(96608205046) S.Lakshmi rajan(96608205023)

Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
Cloud Computing Security Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧ nen, Pasquale Puzio December 18, 2013 – Sophia-Antipolis, France.

Cloud Computing Security Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧ nen, Pasquale Puzio December 18, 2013 – Sophia-Antipolis, France.
Henry C. H. Chen and Patrick P. C. Lee

Henry C. H. Chen and Patrick P. C. Lee
SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.

SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
A Folder Tree Structure for Cryptographic File Systems Dominik Grolimund, Luzius Meisser, Stefan Schmid, Roger Wattenhofer Computer Engineering and Networks.

A Folder Tree Structure for Cryptographic File Systems Dominik Grolimund, Luzius Meisser, Stefan Schmid, Roger Wattenhofer Computer Engineering and Networks.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Seny Kamara & Kristin Lauter Micorsoft Reaserch B99705013 廖以圻 B99705025 陳育旋.

Seny Kamara & Kristin Lauter Micorsoft Reaserch B 廖以圻 B 陳育旋.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
FADE: Secure Overlay Cloud Storage with File Assured Deletion

FADE: Secure Overlay Cloud Storage with File Assured Deletion
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Group Management, Permissions, and Revocation in OceanStore Barbara Engelhardt George Porter Naveen Sastry UC Berkeley January 2002.

Group Management, Permissions, and Revocation in OceanStore Barbara Engelhardt George Porter Naveen Sastry UC Berkeley January 2002.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Key learnings from our customers Data privacy is important and is often mandated Regulatory requirements are on the rise IT must ‘reason over data’

Key learnings from our customers Data privacy is important and is often mandated Regulatory requirements are on the rise IT must ‘reason over data’

Similar presentations

Ads by Google