mona: secure multi-owner data sharing for dynamic groups in the cloud

1

SFS: Secure File Sharing Scheme For Cloud Groups

Shruthi SureshM-tech CSE

2

OUTLINE

• Objective

• Introduction

• Literature Survey

• Performance Comparison

• Conclusion

• Future Work

• References

3

OBJECTIVE

To implement an effective mechanism for sharing of data in a

multi-owner manner in dynamic groups in an untrusted cloud

while preserving data and identity privacy.

4

INTRODUCTION

• Data storage is one of the primal services offered by cloud computing.

• Data storage and sharing in cloud possess substantial risk to confidentiality.

• Challenging issues in multi-owner data sharing in dynamic groups are :– Identity privacy– Implementation of multiple-owner manner– Effect of dynamic groups

• Basic solution for preservation of data is to encrypt it [2].

[2] S. Kamara and K. Lauter, “Cryptographic Cloud Storage,” Proc. Int’l Conf. Financial Cryptography and Data

Security (FC), pp. 136- 149, Jan. 2010.

IDENTITY PRIVACY

• One of the major issue in data sharing

• If privacy is not assured, users will be doubtful to join the

cloud

• Another issue is unconditional identity privacy

– If a member of the group deceives others, this leads to the

abuse of privacy

– Real user identity of betrayal should be traceable

5

MULTIPLE-OWNER MANNER

• Every member should be able to alter their own data part

• More flexible than single-owner manner.

• Single-owner manner allows only the group manager to alter

data [3]

–Members can only read data

[3] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud Computing,” Proc. IEEE INFOCOM, pp. 534-542, 2010.

6

DYNAMIC GROUPS

• The number of users keep changing

• Data security is very difficult

• Two major issues to be addressed are :

–Newly approved users must be able to get all the files

shared prior to their joining without contacting data owners

–After each revocation , keys of remaining members in the

group need not be updated

7

RELATED WORKS

1. Plutus: Scalable Secure File Sharing On Untrusted Storage

2. Sirius: Securing Remote Untrusted Storage

3. Improved Proxy Re-encryption Schemes With Applications To

Secure

4. Achieving Secure, Scalable, And Fine-grained Data Access

Control In Cloud Computing

5. Secure Provenance: The Essential Of Bread And Butter Of

Data Forensics In Cloud Computing

6. Mona: Secure Multi-owner Data Sharing For Dynamic Groups In The Cloud

8

9

PLUTUS: SCALABLE SECURE FILE SHARING ON UNTRUSTED STORAGE [4]

• Facilitates secure file sharing on untrusted servers.• Protects network integrity with file-sign/file-verify keys .• Files are divided into filegroups and each group is encrypted

with an exclusive fileblock key

Disadvantages

- Heavy key distribution

- After each user revocation the file-block key needs to be

updated and distributed again.

[4] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus: Scalable Secure File Sharing on Untrusted Storage,” Proc. USENIX Conf. File and Storage Technologies, pp. 29-42, 2003.

10

SIRIUS: SECURING REMOTE UNTRUSTED STORAGE [5]

• Handle multi-user file systems • All users maintain two keys :– MEK – MSK

Disadvantages

- File metadata needs to be updated after each revocation

[5] E. Goh, H. Shacham, N. Modadugu, and D. Boneh, “Sirius: Securing Remote Untrusted Storage,” Proc. Network and Distributed Systems Security Symp. (NDSS), pp. 131-145, 2003.

11

IMPROVED PROXY RE-ENCRYPTION SCHEMES WITH APPLICATIONS TO SECURE [6]

• Strengthens the distributed storage. • The data encryption is a two-step procedure. – encryption is done using exclusive and symmetric content

keys. – data is encrypted with a master public key.

• Proxy cryptography is used by the server to re-encrypt the particular content key(s) from the master public key

Disadvantages

- Collusion attack may occur

[6] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage,” Proc. Network and Distributed Systems Security Symp. (NDSS), pp. 29-43, 2005.

12

ACHIEVING SECURE, SCALABLE, AND FINE-GRAINED DATA ACCESS CONTROL IN CLOUD COMPUTING [3]

• Scalable and fine-grained data access control scheme

• KP-ABE technique is used [9]

• An access structure and the corresponding secret key are

assigned to authorized users by data manager

Disadvantages

- Single-owner manner makes it less flexible

- User keys needed to be updated after each revocation

[3] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud Computing,” Proc. IEEE INFOCOM, pp. 534-542, 2010.

13

SECURE PROVENANCE: THE ESSENTIAL OF BREAD AND BUTTER OF DATA FORENSICS IN CLOUD COMPUTING [7]

• Group signatures are used

• Encryption is done by ciphertext-policy attribute-based

encryption technique

• Each user will have 2 keys

– Group signature key

– Attribute key

Disadvantages

- User revocation is not supported

[7] R. Lu, X. Lin, X. Liang, and X. Shen, “Secure Provenance: The Essential of Bread and Butter of Data Forensics in Cloud Computing,” Proc. ACM Symp. Information, Computer and Comm. Security, pp. 282-292, 2010.

MONA: SECURE MULTI-OWNER DATA SHARING FOR DYNAMIC GROUPS IN THE CLOUD [1]

• A secure data sharing model for dynamic groups in a remote

storage

• Dynamic broadcast encryption is used

• Authentication is done by Group signatures

• Supports effective user repudiation and new user registration

• Revocation can be attained without updating the private keys of

other users

[1] Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan, “Mona: Secure Multi- Owner Data Sharing For Dynamic Groups In The Cloud”, Ieee transactions on parallel and distributed systems, vol. 24, no. 6, june 2013. 14

15


Design Goals

Access control

Data confidentiality

Anonymity and traceability

Efficiency

[1] Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan, “Mona: Secure Multi- Owner Data Sharing For Dynamic Groups In The Cloud”, Ieee transactions on parallel and distributed systems, vol. 24, no. 6, june 2013.


16

System model


17


Cloud

Operated by CSPs

Not fully trusted

Assume cloud to be honest but curious

Group manager

Parameters generation

User registration

User revocation

Tracing real identity of a dispute data owner


Group members

A set of registered users

Group memberships keeps on changing

Disadvantage

• Lacks reliability and scalability

18


19

PERFORMANCE COMPARISON

Parameters PLUTUS SIRIUS IMPROVED PROXY ENCRYPTION

SECURE SCALABLE DATA ACCESS SCHEME

MONA

Encryption technique

File -block key & lockbox-key

Public key cryptography

Proxy cryptography

KP-ABE technique

Broadcast encryption

Identity privacy

Satisfactory Satisfactory Less Less High

Revocation mechanism

Inefficient Inefficient Inefficient Inefficient Efficient

Key Distribution

Heavy Heavy Medium Independent of number of revoked users

Independent of number of revoked users

20

CONCLUSION

• Several techniques have been proposed to address multi-owner data

sharing in dynamic clouds

• Identity privacy and user revocation mechanisms are to be efficiently

addressed

• An efficient method is Mona which includes solution for the above

mentioned issues

21

FUTURE WORK

• Aims at achieving reliable and scalable framework of MONA

• Problems to be handled are

– Failure of group manager

– Hanging of group manager

22

REFERENCES[1] Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo

Yan Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and

Jingbo Yan, “Mona: Secure Multi- Owner Data Sharing For Dynamic

Groups In The Cloud”, Ieee transactions on parallel and distributed

systems, vol. 24, no. 6, june 2013.

[2] S. Kamara and K. Lauter, “Cryptographic Cloud Storage,” Proc. Int’l Conf.

Financial Cryptography and Data Security (FC), pp. 136- 149, Jan. 2010.

[3] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure, Scalable, and

Fine-Grained Data Access Control in Cloud Computing”, Proc. IEEE

INFOCOM, pp. 534-542, 2010.

[4] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus:

Scalable Secure File Sharing on Untrusted Storage,” Proc.USENIX Conf.

File and Storage Technologies, pp. 29-42, 2003.

23

REFERENCES[5] E. Goh, H. Shacham, N. Modadugu, and D. Boneh, “Sirius: Securing Remote

Untrusted Storage,” Proc. Network and Distributed Systems Security Symp.

(NDSS), pp. 131-145, 2003.

[6] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy Re-

Encryption Schemes with Applications to Secure Distributed Storage,” Proc.

Network and Distributed Systems Security Symp. (NDSS), pp. 29-43, 2005.

[7] R. Lu, X. Lin, X. Liang, and X. Shen, “Secure Provenance: The Essential of

Bread and Butter of Data Forensics in Cloud Computing,” Proc. ACM Symp.

Information, Computer and Comm. Security, pp. 282-292, 2010.

[8] B. Waters, “Ciphertext-Policy Attribute-Based Encryption: An Expressive,

Efficient, and Provably Secure Realization,” Proc. Int’l Conf. Practice and

Theory in Public Key Cryptography Conf. Public Key Cryptography,

http://eprint.iacr.org/2008/290.pdf, 2008.

24

REFERENCES

[9] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-Based Encryption

for Fine- Grained Access Control of Encrypted Data,” Proc. ACM Conf.

Computer and Comm. Security (CCS), pp. 89-98, 2006.

[10] D. Naor, M. Naor, and J.B. Lotspiech, “Revocation and Tracing Schemes

for Stateless Receivers,” Proc. Ann. Int’l Cryptology Conf. Advances in

Cryptology (CRYPTO), pp. 41-62, 2001.

mona: secure multi-owner data sharing for dynamic groups in the cloud

Engineering

data encryption

secure data sharing

preservation of data

data owners

introduction data storage

scalable secure file

cloud computing

untrusted cloud