Xiaohua JiaShen Zhen Graduate School
Harbin Institute of Technology
Data Security for Cloud Storage Systems
1
Outline
Dept. of Computer Science City University of Hong Kong
2
Cloud Storage Systems Auditing as a Service Access Control as a Service
Cloud Storage Systems
Dept. of Computer Science City University of Hong Kong
3
Cloud Storage Systems – data owners A model of online storage
Dept. of Computer Science City University of Hong Kong
4
Cloud Service Providers•Operate large data centers•Virtualize storage pools
Data Owners•Buy or rent storage in a pay-as-you-go model•Data stored in virtual storage
Cloud Storage Systems - users
Dept. of Computer Science City University of Hong Kong
5
OwnersUsers
Separation of data ownership and service provider
Users can access datafrom anywhere and at anytime
Security Challenges
Cloud Servers are not fully trustable:Data Integrity
Data could be corrupted or even deleted in the cloud.
Data Access controlData may be given access to unauthorized users.
Dept. of Computer Science City University of Hong Kong
6
Data Integrity
Auditing as a Service
Dept. of Computer Science City University of Hong Kong
7
Auditing as a Service
Checking On Retrieval is not adequate: Not sufficient: random sampling cannot cover large
size of data Not convenient: overhead is too high
Dept. of Computer Science City University of Hong Kong
8
Auditing as a Service A service to check the cloud data integrity Conducted by a Third Party Auditor
Why Third Party Auditing?
Dept. of Computer Science City University of Hong Kong
9
A third party auditor can Provide unbiased auditing results
Benefit for both data owners and service providers Data Owners – be ensured data integrity Service Providers – Build good reputation
Able to do a good job efficiently Professional Expertise Computing Capabilities
Research Issues Privacy Preservation
Keep the data confidential against the auditor
Dynamic Auditing Allow dynamic updates of data in the cloud
Batch Auditing Combine multiple auditing tasks together to
improve efficiency
Dept. of Computer Science City University of Hong Kong
10
Architecture of 3rd Party Auditing
Initialization: Data owner sends 1) encrypted data & verification tags to server, and 2) data index to auditorChallenge: Auditor sends Challenge to cloud serverProof: Server responses with ProofVerification: Auditor verifies correctness of the Proof
Dept. of Computer Science City University of Hong Kong
11
Auditor
Owners Cloud Servers
An Auditing Algorithm Initialization
Data Segmentation – Improve Efficiency Homomorphic Tag – Batch Auditing
Dept. of Computer Science City University of Hong Kong
12
m m1 mi mn
mi mi1 mij
……
mil……
Divide m into n blocks
Split mi into l sectors
System Parameters: G1, G2 , GT: multiplicative groups with the same prime order p
e: pairing operation maps a pair of points from G1 and G2 to a point in GT
g1: generator of G1; g2: generator of G2
Initialization (cont’d)
Dept. of Computer Science City University of Hong Kong
13
m m1 mi mn
mi mi1 mij
……
mil……
abstract information of m:FID, # of blocks, index table, etc.
Cloud Servers
Auditor
ti = (h(skh, FID||i)Πj=1->l g1xjmij)skt
skt: secret tag key kept by ownerskh: secret hash key shared with auditorg2
skt : public tag key shared with auditorg1
xj : random key shared with the cloud
Sampling Auditing Challenge from auditor: C = ({i, vi}iQ, R = (g2
skt) r)
Proof by Cloud: P = (DP, TP)Data Proof:
DP = Πj=1->l e(g1xj, R)MPj where MPj = ΣiQvimij
Tag Proof: TP = ΠiQ ti
vi
Dept. of Computer Science City University of Hong Kong
14
m1 m11 m1j m1l……
mi mi1 mij mil……
mq mq1 mqj mql……
MP1 MPj MPl
Sampling Auditing Challenge from auditor : C = ({i, vi}iQ , R = (g2
skt) r)
Proof by Cloud: P = (DP, TP)Data Proof:
DP = Πj=1->l e(g1xj, R)MPj where MPj = ΣiQvimij
Tag Proof: TP = ΠiQ ti
vi
Verification by auditor: Hchal = ΣiQh(skh, FID||i)rvi
DP·e(Hchal , g2skt) = e(TP, g2
r)Dept. of Computer Science
City University of Hong Kong15
?
References
Kan Yang and Xiaohua Jia. “Security for Cloud Storage Systems”, Springer 2014, ISBN 978-1-4614-7872-0.
Kan Yang and Xiaohua Jia. “An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing”. IEEE Trans. on Parallel and Distributed Systems (TPDS), Vol 24, Issue 9, September 2013.
Kan Yang and Xiaohua Jia. “Data Storage Auditing Service in Cloud Computing: Challenges, Methods and Opportunities”. World Wide Web, Vol 15, Issue 4, July 2012.
Dept. of Computer Science City University of Hong Kong
16
Data Access Control
Access Control as a Service
Dept. of Computer Science City University of Hong Kong
17
Dept. of Computer Science City University of Hong Kong
18
Access Control as a ServiceData stored in server is encrypted.Encryption-based Access Control
Each authorized user receives a secret key Users can decrypt ciphertext by their secret keys
SK
UserOwner
Dept. of Computer Science City University of Hong Kong
19
Difficulties in Key Distribution
Asymmetric Key Encryption (users pub-key for encryption) Multi-copies of encrypted data for difference users
Symmetric Key Encryption Difficulties in key distribution
A Wish-list for Encryption-based Access Control
Key management is scalable No need of online trusted server for access control Expressive access control polices
Dept. of Computer Science City University of Hong Kong
20
Attribute-Based Encryption (ABE) is a promising direction to go!
Ciphertext-Policy Attribute-Based Encryption (CP-ABE) Data are encrypted by the access policy
Secret keys are associated with attributes Attributes are mathematically incorporated into the key
Dept. of Computer Science City University of Hong Kong
21
(CS AND PhD) OR Prof
OR
AND
CS PhD
Prof
{EE, Prof}
AliceSK
Bob
{CS, PhD}
Ciphertext can be decrypted iff attributes in the key satisfy the access policy
Dept. of Computer Science City University of Hong Kong
22
Ciphertext-Policy Attribute-Based Encryption (CP-ABE)
• No 3rd party evaluates the policy and makes access decision (server is excluded)
• Policy checking is embedded in cryptography
{EE, Prof}
(CS AND PhD) OR Prof
Satisfies
Alice
Attribute-Based Access Control (ABAC)
Dept. of Computer Science City University of Hong Kong
23
PK
MSK
SKBob:“CS Dept.”“Professor”
SKKevin:“CS Dept.”“Master”
OR
Professor AND
CS Dept. PhD
AuthorityOwner
Advantages of ABAC
Access policy is defined by owners
Access policy is enforced by the cryptography nobody explicitly evaluates the policies and makes an
access decision
Only one copy of ciphertext is generated for each file
Dept. of Computer Science City University of Hong Kong
24
Basic Construction G: multiplicative group of prime order p.
Intuitive Hardness Discrete Log:
Given: g, ga Hard to find: a
Bilinear map e: GG GT Def: An admissible bilinear map e: GG GT is:
–Non-degenerate: g generates G e(g, g) generates GT.
–Bilinear: e(ga, gb) = (e(g,g))ab a,bZp, gG
–Efficiently computable
Dept. of Computer Science City University of Hong Kong
25
CP-ABE Algorithms
Dept. of Computer Science City University of Hong Kong
26
Setup(λ) -> MSK, PK PK
MSK
Encrypt(PK ,M, Access policy) -> CT
KeyGen(MSK, Attrs.) -> SK “CS Dept.”“PhD”
SK
Decrypt(SK, CT) -> M“CS Dept.”“PhD”
SK
OR
ProfessorAND
CS Dept. PhD
OR
ProfessorAND
CS Dept. PhD
System Setup
Dept. of Computer Science City University of Hong Kong
27
PK = ( g, gb, e(g, g)a , H: {0,1}* G )
MSK = aMSK
Public Key
Authority
a, b R ZP
Secret Key Generation
Dept. of Computer Science City University of Hong Kong
28
Authority
Authority issues secret keys for users who have attributes
BobAlice Charlie
“CS Dept.”“Professor”
“CS Dept.”“Master”
“EE Dept.”“PhD”
Collusion Attack
Dept. of Computer Science City University of Hong Kong
29
Users may collude to decrypt data by combining their attributes
“EE Dept.”“PhD”
CharlieBob
“CS Dept.”“Master”
OR
AND
CS Dept. PhD
Prof
Prevent Collusion Attack
Dept. of Computer Science City University of Hong Kong
30
SK = ( ga+bt, gt, H(“Master”)t, H(“CS Dept.”)t, H(“TA”)t )
t: random number in Zp. It ties components in SK together
Authority
MSK = aBob has attributes: {“Master”, “CS Dept.”, “TA”}
Personalization!Collusion Resistance
Key Personalization
Dept. of Computer Science City University of Hong Kong
31
Bob:“CS Dept.”…
Charlie:“PhD”…
Random t
Random t’
Components are incompatible
ga+bt, gt, H(“CS Dept.”)t,
ga+bt’, gt’, H(“PhD”)t’
SK
SK
Data Encryption
Dept. of Computer Science City University of Hong Kong
32
M
Given M and policy, owner generates a random secret s
OR
AND
CS Dept. PhD
Prof
s
s
s3=r s2=s-r
s1=s
Data Owner
OR
ProfessorAND
CS Dept. PhD
Ciphertext:
CT = ( M e(g,g)as, gs,
C1 = (gbs1H(“Prof”)r1, gr1), C2 = (gbs2H(“PhD”)r2,
C3 = (gbs3H(“CS Dept.”)r3, gr3) )
.
PK = ( g, gb, e(g, g)a , H: {0,1}* G )
Data Decryption
Dept. of Computer Science City University of Hong Kong
33
Ciphertext CT
Secret Key SK
CT = ( Me(g,g)as, gs, C1= (gbs1H(“Prof”)r1, gr1),
C2 = (gbs2H(“PhD”)r2, gr2), C3 = (gbs3H(“CS Dept.”)r3, gr3) )
SK = ( ga+bt, gt, H(“Prof”)t, H(“PhD”)t, H(“CS Dept.”)t )
e(g,g)bts =e(gbs1H(“Prof”)r1, gt)
e(gr1, H(“Prof”)t)
e(ga+bt, gs) = e(g,g)as e(g,g)bts
“Prof” “PhD” AND “CS Dept.”OR
= e(g,g)bts2 e(g,g)bts3
= e(g,g)bts
e(gbs2H(“PhD”)r2, gt)
e(gr2, H(“PhD”)t)
e(gbs3H(“CS Dept.”)r3, gt)
e(gr3, H(“CS Dept.”)t) .
Research Challenges
Dept. of Computer Science City University of Hong Kong
34
Multiple Authorities
Bob:“CS dept.”
Kevin:“manager”
AND
CS dept. OR
manager marketing
Authorityin CityU
Authorityin Google
Research Challenges
Dept. of Computer Science City University of Hong Kong
35
Attribution RevocationPrevent revoked users from decrypting new ciphertextsGuarantee new users to decrypt previous ciphertexts
Decryption EfficiencyMobile Devices
Policy Hidden
K Yang, X Jia, K Ren, R Xie and L Huang. “Enabling Efficient Access Control with Dynamic Policy Updating for Big Data in the Cloud”, INFOCOM’14.
K Yang, X Jia, K Ren and B Zhang. “DAC-MACS: Effective Data Access Control for Multi-Authority Cloud Storage Systems”, INFOCOM’13, extended version in IEEE Trans on Information Forensics and Security 8(11), 2013.
K Yang and X Jia. “Attributed-based Access Control for Multi-authority Systems in Cloud Storage,” ICDCS’12.
Summary
Cloud server is not fully trusted by data owners
Data Integrity Auditing as a Service
Data Access Control Access Control as a Service
Dept. of Computer Science City University of Hong Kong
36
Q&A
Thank You!
Dept. of Computer ScienceCity University of Hong Kong
37
Top Related