mona: secure multi-owner data sharing for dynamic groups in the cloud
TRANSCRIPT
1
SFS: Secure File Sharing Scheme For Cloud Groups
Shruthi SureshM-tech CSE
2
OUTLINE
• Objective
• Introduction
• Literature Survey
• Performance Comparison
• Conclusion
• Future Work
• References
3
OBJECTIVE
To implement an effective mechanism for sharing of data in a
multi-owner manner in dynamic groups in an untrusted cloud
while preserving data and identity privacy.
4
INTRODUCTION
• Data storage is one of the primal services offered by cloud computing.
• Data storage and sharing in cloud possess substantial risk to confidentiality.
• Challenging issues in multi-owner data sharing in dynamic groups are :– Identity privacy– Implementation of multiple-owner manner– Effect of dynamic groups
• Basic solution for preservation of data is to encrypt it [2].
[2] S. Kamara and K. Lauter, “Cryptographic Cloud Storage,” Proc. Int’l Conf. Financial Cryptography and Data
Security (FC), pp. 136- 149, Jan. 2010.
IDENTITY PRIVACY
• One of the major issue in data sharing
• If privacy is not assured, users will be doubtful to join the
cloud
• Another issue is unconditional identity privacy
– If a member of the group deceives others, this leads to the
abuse of privacy
– Real user identity of betrayal should be traceable
5
MULTIPLE-OWNER MANNER
• Every member should be able to alter their own data part
• More flexible than single-owner manner.
• Single-owner manner allows only the group manager to alter
data [3]
–Members can only read data
[3] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud Computing,” Proc. IEEE INFOCOM, pp. 534-542, 2010.
6
DYNAMIC GROUPS
• The number of users keep changing
• Data security is very difficult
• Two major issues to be addressed are :
–Newly approved users must be able to get all the files
shared prior to their joining without contacting data owners
–After each revocation , keys of remaining members in the
group need not be updated
7
RELATED WORKS
1. Plutus: Scalable Secure File Sharing On Untrusted Storage
2. Sirius: Securing Remote Untrusted Storage
3. Improved Proxy Re-encryption Schemes With Applications To
Secure
4. Achieving Secure, Scalable, And Fine-grained Data Access
Control In Cloud Computing
5. Secure Provenance: The Essential Of Bread And Butter Of
Data Forensics In Cloud Computing
6. Mona: Secure Multi-owner Data Sharing For Dynamic Groups In The Cloud
8
9
PLUTUS: SCALABLE SECURE FILE SHARING ON UNTRUSTED STORAGE [4]
• Facilitates secure file sharing on untrusted servers.• Protects network integrity with file-sign/file-verify keys .• Files are divided into filegroups and each group is encrypted
with an exclusive fileblock key
Disadvantages
- Heavy key distribution
- After each user revocation the file-block key needs to be
updated and distributed again.
[4] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus: Scalable Secure File Sharing on Untrusted Storage,” Proc. USENIX Conf. File and Storage Technologies, pp. 29-42, 2003.
10
SIRIUS: SECURING REMOTE UNTRUSTED STORAGE [5]
• Handle multi-user file systems • All users maintain two keys :– MEK – MSK
Disadvantages
- File metadata needs to be updated after each revocation
[5] E. Goh, H. Shacham, N. Modadugu, and D. Boneh, “Sirius: Securing Remote Untrusted Storage,” Proc. Network and Distributed Systems Security Symp. (NDSS), pp. 131-145, 2003.
11
IMPROVED PROXY RE-ENCRYPTION SCHEMES WITH APPLICATIONS TO SECURE [6]
• Strengthens the distributed storage. • The data encryption is a two-step procedure. – encryption is done using exclusive and symmetric content
keys. – data is encrypted with a master public key.
• Proxy cryptography is used by the server to re-encrypt the particular content key(s) from the master public key
Disadvantages
- Collusion attack may occur
[6] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage,” Proc. Network and Distributed Systems Security Symp. (NDSS), pp. 29-43, 2005.
12
ACHIEVING SECURE, SCALABLE, AND FINE-GRAINED DATA ACCESS CONTROL IN CLOUD COMPUTING [3]
• Scalable and fine-grained data access control scheme
• KP-ABE technique is used [9]
• An access structure and the corresponding secret key are
assigned to authorized users by data manager
Disadvantages
- Single-owner manner makes it less flexible
- User keys needed to be updated after each revocation
[3] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud Computing,” Proc. IEEE INFOCOM, pp. 534-542, 2010.
13
SECURE PROVENANCE: THE ESSENTIAL OF BREAD AND BUTTER OF DATA FORENSICS IN CLOUD COMPUTING [7]
• Group signatures are used
• Encryption is done by ciphertext-policy attribute-based
encryption technique
• Each user will have 2 keys
– Group signature key
– Attribute key
Disadvantages
- User revocation is not supported
[7] R. Lu, X. Lin, X. Liang, and X. Shen, “Secure Provenance: The Essential of Bread and Butter of Data Forensics in Cloud Computing,” Proc. ACM Symp. Information, Computer and Comm. Security, pp. 282-292, 2010.
MONA: SECURE MULTI-OWNER DATA SHARING FOR DYNAMIC GROUPS IN THE CLOUD [1]
• A secure data sharing model for dynamic groups in a remote
storage
• Dynamic broadcast encryption is used
• Authentication is done by Group signatures
• Supports effective user repudiation and new user registration
• Revocation can be attained without updating the private keys of
other users
[1] Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan, “Mona: Secure Multi- Owner Data Sharing For Dynamic Groups In The Cloud”, Ieee transactions on parallel and distributed systems, vol. 24, no. 6, june 2013. 14
15
MONA: SECURE MULTI-OWNER DATA SHARING FOR DYNAMIC GROUPS IN THE CLOUD [1]
Design Goals
Access control
Data confidentiality
Anonymity and traceability
Efficiency
[1] Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan, “Mona: Secure Multi- Owner Data Sharing For Dynamic Groups In The Cloud”, Ieee transactions on parallel and distributed systems, vol. 24, no. 6, june 2013.
MONA: SECURE MULTI-OWNER DATA SHARING FOR DYNAMIC GROUPS IN THE CLOUD [1]
16
System model
[1] Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan, “Mona: Secure Multi- Owner Data Sharing For Dynamic Groups In The Cloud”, Ieee transactions on parallel and distributed systems, vol. 24, no. 6, june 2013.
17
MONA: SECURE MULTI-OWNER DATA SHARING FOR DYNAMIC GROUPS IN THE CLOUD [1]
Cloud
Operated by CSPs
Not fully trusted
Assume cloud to be honest but curious
Group manager
Parameters generation
User registration
User revocation
Tracing real identity of a dispute data owner
MONA: SECURE MULTI-OWNER DATA SHARING FOR DYNAMIC GROUPS IN THE CLOUD [1]
Group members
A set of registered users
Group memberships keeps on changing
Disadvantage
• Lacks reliability and scalability
18
[1] Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo Yan, “Mona: Secure Multi- Owner Data Sharing For Dynamic Groups In The Cloud”, Ieee transactions on parallel and distributed systems, vol. 24, no. 6, june 2013.
19
PERFORMANCE COMPARISON
Parameters PLUTUS SIRIUS IMPROVED PROXY ENCRYPTION
SECURE SCALABLE DATA ACCESS SCHEME
MONA
Encryption technique
File -block key & lockbox-key
Public key cryptography
Proxy cryptography
KP-ABE technique
Broadcast encryption
Identity privacy
Satisfactory Satisfactory Less Less High
Revocation mechanism
Inefficient Inefficient Inefficient Inefficient Efficient
Key Distribution
Heavy Heavy Medium Independent of number of revoked users
Independent of number of revoked users
20
CONCLUSION
• Several techniques have been proposed to address multi-owner data
sharing in dynamic clouds
• Identity privacy and user revocation mechanisms are to be efficiently
addressed
• An efficient method is Mona which includes solution for the above
mentioned issues
21
FUTURE WORK
• Aims at achieving reliable and scalable framework of MONA
• Problems to be handled are
– Failure of group manager
– Hanging of group manager
22
REFERENCES[1] Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and Jingbo
Yan Xuefeng Liu, Yuqing Zhang, Member, IEEE, Boyang Wang, and
Jingbo Yan, “Mona: Secure Multi- Owner Data Sharing For Dynamic
Groups In The Cloud”, Ieee transactions on parallel and distributed
systems, vol. 24, no. 6, june 2013.
[2] S. Kamara and K. Lauter, “Cryptographic Cloud Storage,” Proc. Int’l Conf.
Financial Cryptography and Data Security (FC), pp. 136- 149, Jan. 2010.
[3] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure, Scalable, and
Fine-Grained Data Access Control in Cloud Computing”, Proc. IEEE
INFOCOM, pp. 534-542, 2010.
[4] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus:
Scalable Secure File Sharing on Untrusted Storage,” Proc.USENIX Conf.
File and Storage Technologies, pp. 29-42, 2003.
23
REFERENCES[5] E. Goh, H. Shacham, N. Modadugu, and D. Boneh, “Sirius: Securing Remote
Untrusted Storage,” Proc. Network and Distributed Systems Security Symp.
(NDSS), pp. 131-145, 2003.
[6] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy Re-
Encryption Schemes with Applications to Secure Distributed Storage,” Proc.
Network and Distributed Systems Security Symp. (NDSS), pp. 29-43, 2005.
[7] R. Lu, X. Lin, X. Liang, and X. Shen, “Secure Provenance: The Essential of
Bread and Butter of Data Forensics in Cloud Computing,” Proc. ACM Symp.
Information, Computer and Comm. Security, pp. 282-292, 2010.
[8] B. Waters, “Ciphertext-Policy Attribute-Based Encryption: An Expressive,
Efficient, and Provably Secure Realization,” Proc. Int’l Conf. Practice and
Theory in Public Key Cryptography Conf. Public Key Cryptography,
http://eprint.iacr.org/2008/290.pdf, 2008.
24
REFERENCES
[9] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-Based Encryption
for Fine- Grained Access Control of Encrypted Data,” Proc. ACM Conf.
Computer and Comm. Security (CCS), pp. 89-98, 2006.
[10] D. Naor, M. Naor, and J.B. Lotspiech, “Revocation and Tracing Schemes
for Stateless Receivers,” Proc. Ann. Int’l Cryptology Conf. Advances in
Cryptology (CRYPTO), pp. 41-62, 2001.
25