Ensuring Data Storage Security in Cloud ComputingCong Wang1, Qian Wang1, Kui Ren1, and Wenjing Lou21ECE Department, Illinois Institute of Technology 2ECE Department, Worcester Polytechnic InstituteOutlineCloud Computing and Its Security ChallengesData Storage Security in Cloud ComputingOur ApproachEvaluationConcluding RemarksCloud Computing BackgroundCloud computing has been envisioned as the next-generation architecture of IT enterprise.on-demand self-service, ubiquitous network access, location independent resource pooling, rapid resource elasticity, usage-based pricing and transference of riskPrediction from Market-research firm IDC, cloud-computing revenue will increase from US $16.2 billion to 42.3 billion during the next few years.Image from: Neal Leavitt, "Is Cloud Computing Really Ready for Prime Time?," Computer, vol. 42, no. 1, pp. 15-20, January, 2009.Cloud Computing BackgroundAlong with the coming of Cloud Computing is its untested deployment, correlated adversarial models and vulnerabilities:Secure resource virtualizationPractical integrity mechanisms for data outsourcingSecure computation outsourcingBusiness and security risk models and cloudsSecure data management outsourcingand many……It is imperative that our community gets involved at this early stage and do it right for the first time!OutlineCloud Computing BackgroundData Storage Security in Cloud ComputingOur ApproachEvaluationConcluding RemarksOverview for Data Storage in Cloud From user’s perspective, data outsourcing brings: Relief of the burden for storage management universal access to data, independent of location lower capital expenditure (CapEx) on hardware, software and services Data outsourcing also eliminates users’ ultimate control over the fate of their data.Shall We Trust the Cloud for data integrity?Broad range of threats for data integrity still exist:Internal: Byzantine failure, management errors, software bugs etc. External: malicious malware, economically motivated attacks etc.Motivation for the Cloud service providers to cheat:Discard rarely accessed data for monetary reasonHide data loss incident for reputation. While cloud data storage is economically attractive for the costs and complexity of long-term large-scale data storage, it doesn’t offer guarantees on data integrity and availability.Problem Description Users should be equipped with security means so that they can make continuous correctness assurance of their stored data. Data integrity auditing tasks, if necessary, can be delegated to an optional Third Party Auditor (TPA).Challenges for ensuring data integrity in Cloud Traditional crypto primitives can not be directly adopted. No local copy of data at user side. Retrieving large amount data for checking is unpractical. I/O burden on both servers and user, Huge network traffic, Expensive services charge, by byte of I/O and byte transferred Data dynamics should be considered Cloud is not just a data warehouse: data may be frequently updated. Most previous work on remote data integrity do not support data dynamicsDistributed protocols for storage correctness is demandedCloud is powered by data centers running in a simultaneous, cooperated and distributed manner Most previous work on distributed data storage only provide binary results for the storage correctness.Design GoalsStorage Correctness VerificationDistributed protocol for storage correctness assuranceFast Data Error Localization (outperform the binary result)Identifying misbehaving server(s)Explicit Dynamic Data Operation SupportData modification, deletion and append are consideredDependability Minimize the effect brought by data errors or server failuresEfficiencyOutlineCloud Computing BackgroundData Storage Security in Cloud ComputingOur ApproachEnsuring Cloud Data StorageSupporting Data DynamicsEvaluationConcluding RemarksEnsuring Cloud Data StorageWe rely on a (m + k, k) Reed-Solomon erasure-correcting code to disperse the data file F redundantly across a set of n = m + k distributed servers. The systematic layout with parity vectors is achieved with the information dispersal matrix A:(1) (2) ( ) ( 1) ( )( | ) ( ) ( | )()m m m kF F FG G G G G - - -1 2 mG F A F I P , I P, , ,f11f12f13... ... f53f11f21f31f41f51f12f22f32f42f52f13f23f33f43f53F1F2F3f11f21f31f41f51f12f22f32f42f52f13f23f33f43f53f14f24f34f44f54f15f25f35f45f55Original file block Parity blockG(1)G(2)G(3)G(4)G(5)A Reed-Solomon CodewordEnsuring Cloud Data StorageBased on the codeword relationship, we can verify the correctness of data block in each “row” via information dispersal matrix A (or P). Drawbacks: 1. need block retrieval at first, which is proportional to vector length. 2. large communication overhead.3. only binary result about the storage state.f11f12f13... ... f53f11f21f31f41f51f12f22f32f42f52f13f23f33f43f53F1F2F3f11f21f31f41f51f12f22f32f42f52f13f23f33f43f53f14f24f34f44f54f15f25f35f45f55Original file block Parity blockG(1)G(2)G(3)G(4)G(5)A Reed-Solomon Codeword31 32 33 34 35( , , ) ( , )f f f P f fCan we do better?Ensuring Cloud Data StorageRandom sampling + homomorphic token pre-computation(linear combination)f11f21f31f41f51f12f22f32f42f52f13f23f33f43f53f14f24f34f44f54f15f25f35f45f55Original file block Parity blockG(1)G(2)G(3)G(4)G(5)αα2α3v(1)v(2)v(3)v(4)v(5)Pre-computed tokenR(1)R(2)R(3)R(4)R(5)Server Response1. Check if it is a valid a Reed-Solomon Codeword. If not, go to step 2.2. Check if R(j)=v(j)(j = 1, …,5 ) to identify the misbehaving server(s).3( ) ( )1* [ ],{ 1,3,5} {1,...,5}j q jqqqv G I I and j ()jR (1) (2) (3) (4) (5)( , , ) ( , )R R R P R RAdvantages: 1. only small constant block retrieval is required2. Finding misbehaving server(s)3. EfficiencyOutlineCloud Computing BackgroundData Storage Security in Cloud ComputingOur ApproachEnsuring Cloud Data StorageSupporting Data DynamicsEvaluationConcluding RemarksSupporting Data DynamicsCloud data storage is not only for archive purposeGeneral block-level operations: update, delete, append…Trivial way is to download all the data from the cloud servers and re-compute parity blocks and tokensCan we do better?Supporting Data Dynamics() *F A F F A F A F A Logical
View Full Document