DOC PREVIEW
Purdue CS 59000 - Ensuring Data Storage Security

This preview shows page 1-2-24-25 out of 25 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Ensuring Data Storage Security in Cloud ComputingCong Wang1, Qian Wang1, Kui Ren1, and Wenjing Lou21ECE Department, Illinois Institute of Technology 2ECE Department, Worcester Polytechnic InstituteOutlineCloud Computing and Its Security ChallengesData Storage Security in Cloud ComputingOur ApproachEvaluationConcluding RemarksCloud Computing BackgroundCloud computing has been envisioned as the next-generation architecture of IT enterprise.on-demand self-service, ubiquitous network access, location independent resource pooling, rapid resource elasticity, usage-based pricing and transference of riskPrediction from Market-research firm IDC, cloud-computing revenue will increase from US $16.2 billion to 42.3 billion during the next few years.Image from: Neal Leavitt, "Is Cloud Computing Really Ready for Prime Time?," Computer, vol. 42, no. 1, pp. 15-20, January, 2009.Cloud Computing BackgroundAlong with the coming of Cloud Computing is its untested deployment, correlated adversarial models and vulnerabilities:Secure resource virtualizationPractical integrity mechanisms for data outsourcingSecure computation outsourcingBusiness and security risk models and cloudsSecure data management outsourcingand many……It is imperative that our community gets involved at this early stage and do it right for the first time!OutlineCloud Computing BackgroundData Storage Security in Cloud ComputingOur ApproachEvaluationConcluding RemarksOverview for Data Storage in Cloud From user’s perspective, data outsourcing brings: Relief of the burden for storage management universal access to data, independent of location lower capital expenditure (CapEx) on hardware, software and services Data outsourcing also eliminates users’ ultimate control over the fate of their data.Shall We Trust the Cloud for data integrity?Broad range of threats for data integrity still exist:Internal: Byzantine failure, management errors, software bugs etc. External: malicious malware, economically motivated attacks etc.Motivation for the Cloud service providers to cheat:Discard rarely accessed data for monetary reasonHide data loss incident for reputation. While cloud data storage is economically attractive for the costs and complexity of long-term large-scale data storage, it doesn’t offer guarantees on data integrity and availability.Problem Description Users should be equipped with security means so that they can make continuous correctness assurance of their stored data. Data integrity auditing tasks, if necessary, can be delegated to an optional Third Party Auditor (TPA).Challenges for ensuring data integrity in Cloud Traditional crypto primitives can not be directly adopted. No local copy of data at user side.  Retrieving large amount data for checking is unpractical. I/O burden on both servers and user, Huge network traffic, Expensive services charge, by byte of I/O and byte transferred Data dynamics should be considered Cloud is not just a data warehouse: data may be frequently updated.  Most previous work on remote data integrity do not support data dynamicsDistributed protocols for storage correctness is demandedCloud is powered by data centers running in a simultaneous, cooperated and distributed manner Most previous work on distributed data storage only provide binary results for the storage correctness.Design GoalsStorage Correctness VerificationDistributed protocol for storage correctness assuranceFast Data Error Localization (outperform the binary result)Identifying misbehaving server(s)Explicit Dynamic Data Operation SupportData modification, deletion and append are consideredDependability Minimize the effect brought by data errors or server failuresEfficiencyOutlineCloud Computing BackgroundData Storage Security in Cloud ComputingOur ApproachEnsuring Cloud Data StorageSupporting Data DynamicsEvaluationConcluding RemarksEnsuring Cloud Data StorageWe rely on a (m + k, k) Reed-Solomon erasure-correcting code to disperse the data file F redundantly across a set of n = m + k distributed servers. The systematic layout with parity vectors is achieved with the information dispersal matrix A:(1) (2) ( ) ( 1) ( )( | ) ( ) ( | )()m m m kF F FG G G G G -  -  -1 2 mG F A F I P , I P, , ,f11f12f13... ... f53f11f21f31f41f51f12f22f32f42f52f13f23f33f43f53F1F2F3f11f21f31f41f51f12f22f32f42f52f13f23f33f43f53f14f24f34f44f54f15f25f35f45f55Original file block Parity blockG(1)G(2)G(3)G(4)G(5)A Reed-Solomon CodewordEnsuring Cloud Data StorageBased on the codeword relationship, we can verify the correctness of data block in each “row” via information dispersal matrix A (or P). Drawbacks: 1. need block retrieval at first, which is proportional to vector length. 2. large communication overhead.3. only binary result about the storage state.f11f12f13... ... f53f11f21f31f41f51f12f22f32f42f52f13f23f33f43f53F1F2F3f11f21f31f41f51f12f22f32f42f52f13f23f33f43f53f14f24f34f44f54f15f25f35f45f55Original file block Parity blockG(1)G(2)G(3)G(4)G(5)A Reed-Solomon Codeword31 32 33 34 35( , , ) ( , )f f f P f fCan we do better?Ensuring Cloud Data StorageRandom sampling + homomorphic token pre-computation(linear combination)f11f21f31f41f51f12f22f32f42f52f13f23f33f43f53f14f24f34f44f54f15f25f35f45f55Original file block Parity blockG(1)G(2)G(3)G(4)G(5)αα2α3v(1)v(2)v(3)v(4)v(5)Pre-computed tokenR(1)R(2)R(3)R(4)R(5)Server Response1. Check if it is a valid a Reed-Solomon Codeword. If not, go to step 2.2. Check if R(j)=v(j)(j = 1, …,5 ) to identify the misbehaving server(s).3( ) ( )1* [ ],{ 1,3,5} {1,...,5}j q jqqqv G I I and j    ()jR (1) (2) (3) (4) (5)( , , ) ( , )R R R P R RAdvantages: 1. only small constant block retrieval is required2. Finding misbehaving server(s)3. EfficiencyOutlineCloud Computing BackgroundData Storage Security in Cloud ComputingOur ApproachEnsuring Cloud Data StorageSupporting Data DynamicsEvaluationConcluding RemarksSupporting Data DynamicsCloud data storage is not only for archive purposeGeneral block-level operations: update, delete, append…Trivial way is to download all the data from the cloud servers and re-compute parity blocks and tokensCan we do better?Supporting Data Dynamics()     *F A F F A F A F A   Logical


View Full Document

Purdue CS 59000 - Ensuring Data Storage Security

Documents in this Course
Lecture 4

Lecture 4

42 pages

Lecture 6

Lecture 6

38 pages

Load more
Download Ensuring Data Storage Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Ensuring Data Storage Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Ensuring Data Storage Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?