cryptographic cloud storage

Cryptographic Cloud Storage

Seny Kamara & Kristin Lautersenyk@microsoft .com [email protected]

Micorsoft ReaserchB99705013 廖以圻B99705025 陳育旋

Introduction of the cloud storage service The basic concept of cryptography Architecture of a cryptographic storage

service Benefit of a cryptographic storage service The core component of a cryptographic

storage service Summary

outline

Cloud infrastructure can be categorized as private or public Benefit of public storage service : availability reliability efficient retrieval data sharing

Introduction of the cloud storage service

Main concern for a public storage service : 1. confidentiality 2. integrity

Introduction of the cloud storage service

we argue for designing a virtual private storage service based on recently cryptographic techniques.




outline

symmetric & asymmetric encryption Symmetric encryption

cryptography

Asymmetric encryption

cryptography




outline

Architecture of a Cryptographic Storage

Service

Data processor (aka. DP): process data before it is sent to cloud.

Data verifier(aka. DV): checks whether the data in the cloud has been tempered with.

Token generator(aka. TG): generate tokens that enable the cloud storage to retrieve segments of customer data.

credential generator(CG): implements an access control policy by issuing credentials (憑據 ) to the various parties in the system

Basic Components

A CUMSTOMER ARCHITECTURE

AN ENTERPRISE ARCHITECTURE

2 kinds of architecture

A customer architecture

A story begin with three party: Alice, Bob and storage provider.

Alice wants to share data with Bob. HOW TO DO THAT??


First, Alice and Bob using the same DP, DV, TG.

Alice generate a cryptography key (master key), which is kept in local.


When Alice wants to upload files. Using DP: Attaches metadata and encrypt and encode. Using DV: Verifying the integrity of data. Using TG: Wants to retrieve data. Send token to the cloud storage to search

the appropriate encrypted file.


When Bob wants to retrieve some file. Alice uses TG to make a token to Bob, and

also uses a CG to make a credential to Bob. After Bob receive token and credential, he

uses the token to retrieve data, and decrypt it with credential.


A CUMSTOMER ARCHITECTURE

AN ENTERPRISE ARCHITECTURE

2 kinds of architecture

An Enterprise Architecture

MegaCorp wants to share data with PartnerCorp, MegaCorp store data in cloud storage provider.

Depending on the particular scenario, dedicated machines will run various core components.


each MegaCorp and PartnerCorp employee receives a credential from the credential generator.

所有人的 credential都不同，依職位劃分。 Whenever a MegaCorp employee generates

data that needs to be stored in the cloud, it sends the data together with an associated decryption policy to the dedicated machine for processing.


To retrieve data from the cloud, an employee requests an appropriate token from the dedicated machine.

Different TOKENS can access different information.

Usage of DV is the same as before.


A PartnerCorp employee needs access to MegaCorp's data, he authenticates itself to MegaCorp's dedicated machine and sends it a keyword.

The dedicated machine returns an appropriate token which the employee uses to recover the appropriate files.


In the case that MegaCorp is a very large organization, Data processor may have great loading.


v

Another case the dedicated machines only run data verifiers, token generators and credential generators while the data processing is distributed to each employee.





outline

Benefits of a Cryptographic Storage Service

Control of the data is maintained by the customer.

the security properties are derived from cryptography.

Core Properties

Regulatory compliance Geographic restrictions Subpoenas Security breaches Electronic discovery Data retention and destruction

Concerns

Regulatory compliance (保護資料 ) Laws for protecting data. Sol: Data processor and encryption may help.

Geographic restrictions It can be difficult to ascertain exactly where

one's data is being stored once it is sent to the cloud. some customers may be reluctant to use a public cloud for fear of increasing their legal exposure.

Sol: All data are stored in encrypted form.

Concerns

Subpoenas If the data is stored in a public cloud, the request

may be made to the cloud provider and the latter could even be prevented from notifying the customer.

Sol: data is stored in encrypted form and since the customer retains possession of all the keys.

Security breaches(漏洞 ) There is always the possibility of a security breach. Sol: data integrity can be verified at any time.

Concerns

Electronic discovery organizations are required to preserve and produce

records for litigation. Organizations with high levels of litigation may need to keep a copy of large amounts of data.

Sol: a customer can verify the integrity of its data at any point in time.

Data retention and destruction(資料保留或刪除 ) It can be difficult for a customer to ascertain the integrity

of the data or to verify whether it was properly discarded. Sol: Secure data erasure can be electively achieved by

just erasing the master key

Concerns

Anyway, it’s all about the point:

Encrypted data and Data Verifier.

Benefits of a Cryptographic Storage Service




outline

The drawback of the cryptographic storage service :

We have to download all the data , decrypt it and search locally.

The organization have to retrieve all the data to verify the integrity

The core component of a cryptographic storage service

Improvement : 1.DP index the data and encrypt it under a unique key 2.Encrypt the index using searchable encryption 3.encrypt the unique key with attribute- based encryption 4.data verifier can verify their integrity using

a proof of storage


A way to encrypt a search index Given a token for a keyword , one can

retrieve pointers to the encrypted files But sometimes the searching may leak

some information to service provider SSE /ASE /ESE /mSSE

Searchable encryption

Symmetric searchable encryption (SSE) Single writer /single reader (SWSR) based on symmetric primitives Without any token the server learn nothing

about the data except its length Given a token with keyword w , the provider

learn which document contain w without learn w

Searchable encryption (SSE)

Disadvantage : search time / update

Asymmetric searchable encryption (ASE) Many writer /single reader (MWSR) based on symmetric primitives Without any token the server learn nothing

about the data except its length Given a token with keyword w , the provider

learn which document contain w

Searchable encryption (ASE)

Disadvantage : the token w can be learned

Efficient ASE (ESE) Search time is more efficient than ASE

Searchable encryption (ESE)

Disadvantage : the token w can be learned

Multi-user SSE Single writer /many reader (SWMR) The owner can add and revoke users’

search privilege over his data

Searchable encryption (mSSE)


a proof of storage


Each user in the system is provided with a decryption key that has a set of attribute with it (credentials)

Decryption will only work if the attribute associated with the decryption key match the policy used to encrypt the massage

attribute-based encryption


a proof of storage


Which the server can prove to the client that it did not tamper with the data

The protocol can be executed an arbitray number of times

The amount of information exchanged is independent of the size of the data

Private /public verifiable

Proof of storage protocol

cryptographic cloud storage

Documents