Two-Party Fine-Grained Assured Deletion of Outsourced Data in Cloud Systems

Transcription

1 Two-Party Fine-Grained Assured Deletion of Outsourced Data in Cloud Systems Authors: Zhen Mo, Yan Qiao, Shigang Chen zmo, yqiao,

2 Outline Background Security Concerns Previous Work Problem Definition Our Approach Experimental Results 2

3 Cloud Storage Systems Google Microsoft 3 Dropbox Box

4 System Model Servers Clients 4 Third party

5 Security Concerns Security is one of the major concerns in the cloud storage systems. After the clients outsource their data, they will lose physical control of their data. Integrity and Confidentiality of outsourced data are major security concerns in existing work. They are trying to verify the accessibility or existence of the outsourced data on the cloud servers. 5

6 Our Concern A different direction. Inaccessibility or Nonexistence of the outsourced data on the cloud servers. Assured deletion problem in cloud storage systems. When clients delete data in the cloud storage system, the deleted data will never resurface in the future even if the clients do not perform the actual data removal themselves. Any idea? 6

7 Basic Idea Encryption How many keys to use? One key for all files One key for each file One key for each data item Who will maintain the keys? Client A trusted third party Cloud server 7

8 Previous Work Ephemerizers: Shift key management burden to third-party servers The third party will delete the keys. Simultaneous deletion: Group multiple files which should be deleted at the same future time Use one key to protect these files Reduce the number of keys Our goals: No third party Fine-grained 8

9 Problem Definition Design a two-party fine-grained assured deletion approach in cloud storage systems: No third party: The solution does not rely on any third-party server. Small client storage: Each client only keeps one or a small number of keys, regardless of how big its file system is. Fine-grained assured deletion: The client is able to delete any individual data item in any file without causing significant overhead, and the deletion is permanent. 9

10 Basic Solutions Master-key Solution: Client Individual-key Solution: Client 10

11 Our Approach of Key Modulation Can we design a new approach to avoid the problems of the previous basic solutions, while obtaining the benefits of both: small client storage overhead Small deletion overhead Key modulation Master Key Modulators 11 F F F F F F Data Keys

12 12 Modulation Function Key modulation function k = F(K, M k ) To delete k, the client will permanently delete K and choose a new master key K. Adjust the some modulators in M M K such that all other data keys k stay the same, i.e., k = F(K,M K ) = F(K, M K ) F(K,M k ) = H(...H(H(K x 1 ) x 2 )... x l ) where is the XOR operator and H is a one-way, collision-resistant hash function F(K, ) = K; F(K, M (i) k) = H(F(K, M (i-1) k ) x i ), 1 i l; M (i) k, 0 i l, be a prefix of M k, containing the first i modulators in M k.

13 Modulation Function Lemma: The output of a modulation function F(K, M k ) will stay the same after the master key is changed from K to K and the value of a single modulator x i, 1 i l, is changed to x i = x i F(K, M (i-1) k ) F(K, M (i-1) k) If M 1 M 2 M n = Then deletion overhead is O(n) How to decrease the overhead? 13

14 Modulation Tree We organize all modulators in a tree structure. x 1 c x 2 x 3 x 4 K' x 5 k M k = {x 1, x 2, x 3, x 4, x 5 } Only need to modify O(log n) modulators in order to keep (n 1) keys unchanged. 14

15 Modulator Adjustment Algorithm for Deletion Retrieve a sub-tree of size O(log n), consisting of nodes on the path from the root to leaf k and the siblings of these nodes. Update the master key from K to K. Compute δ(c) = F(K, M c ) F(K, M c ), where M c is a prefix of Mk for any data key k encoded by a leaf node within the sub-tree rooted at c. Adjust the modulators on its child links, (c, d) and (c, d ), as follows: x c,d := x c,d δ(c), x c,d := x c,d δ(c); c is not leaf x c := x c δ(c); c is leaf 15

16 Balancing Algorithm Retrieve another path P(t) from the root to node t, together with the sibling s of t. Step 1: Remove node t from the tree: The client computes a new leaf modulator for node s. k s t 16

17 Balancing Algorithm Step 2: Insert node t to the place of node k k s t 17

18 Experimental Results We implement cloud storage servers on Amazon EC2. We use an ordinary desktop computer as a client. We use Secure Hash Algorithm-1 (SHA-1) in the modulated hash chain. SHA-1 produces a 160-bit message digest. Each modulator is also 160-bit long. 18

19 Performance Comparison We compare our two-party solution with the master-key solution and the individual-key solution master-key individual-key our work client storage O(1) O(n) O(1) communication computation O(n) O(1) O(log n) master-key individual-key our work client storage 16 Bytes 1.53 MB 16 Bytes communication 391 MB KB computation 5.5 minutes Almost s 19

20 20 Communication Overhead

21 21 Computation Overhead

22 Thanks you! Authors: Zhen Mo, Yan Qiao, Shigang Chen 22