PROVIDING A DATA LOCATION ASSURANCE SERVICE FOR CLOUD STORAGE ENVIRONMENTS
Keywords:
Cloud computing security, proof of data location, proof of storage, ata location assurance service for cloud, accountable cloudAbstract
In the cloud storage environment, the geographic location of the data has profound impacts on its privacy and security; it is due to the fact that the data stored on the cloud will be subject to the laws and regulations of the country where it is physically stored. This is one of the main reasons why companies that deal with sensitive data (e.g., health related data) cannot adopt cloud storage solutions. In order to ensure the rapid growth of cloud computing, we need a data location assurance solution which not only works for existing cloud storage environments but also influences those companies to adopt cloud storage solutions. In this paper, we present a Data Location Assurance Service (DLAS) solution for the well-known, honest-but-curious server model of the cloud storage environment; the proposed DLAS solution facilitates cloud users not only to give preferences regarding their data location but also to receive verifiable assurance about their data location from the Cloud Storage Provider (CSP). This paper also includes a detailed security and performance analysis of the proposed DLAS solution. Unlike other solutions, the DLAS solution allows a user to give a negative location preference regarding his/her data and works for CSPs (e.g., Windows Azure) that practice geo-replication of data (to ensure availability of data in case of natural disasters). Our proposed DLAS solution is based on cryptographic primitives such as zero knowledge sets protocol and ciphertextpolicy attribute based encryption. According to the best of our knowledge, we are the first to propose a nongeolocation based solution of this kind.
Downloads
References
Anthes, Gary. "Security in the cloud." Communications of the ACM 53.11 (2010): 16-18..
Haeberlen, Andreas. "A case for the accountable cloud." ACM SIGOPS Operating Systems Review 44.2 (2010): 52-57.
ITCandor, Retrieved April 15, 2013 from
http://www.itcandor.com/usa-cloud-2012
Chen, Yanpei, Vern Paxson, and Randy H. Katz. "What’s new about cloud computing security?." University of California,
Berkeley Report No. UCB/EECS-2010-5 January 20.2010 (2010): 2010-5.
Chaves, Shirlei, et al. "Customer Security Concerns in Cloud Computing." ICN 2011, The Tenth International Conference
on Networks. 2011.
Heiser, Jay, and Mark Nicolett. "Assessing the security risks of cloud computing." Gartner Report (2008).
Noman, Ali, and Carlisle Adams. "DLAS: Data Location Assurance Service for cloud computing environments." Privacy,
Security and Trust (PST), 2012 Tenth Annual International Conference on. IEEE, 2012.
Albeshri, Aiiad, Colin Boyd, and Juan Gonzalez Nieto. "GeoProof: Proofs of Geographic Location for Cloud Computing
Environment." Distributed Computing Systems Workshops (ICDCSW), 2012 32nd International Conference on. IEEE,
.
Watson, Gaven J., et al. "LoSt: location based storage." Proceedings of the 2012 ACM Workshop on Cloud computing
security workshop. ACM, 2012.
Peterson, Zachary NJ, Mark Gondree, and Robert Beverly. "A position paper on data sovereignty: The importance of
geolocating data in the cloud." Proceedings of the 8th USENIX conference on Networked systems design and
implementation. 2011.
Micali, Silvio, Michael Rabin, and Joe Kilian. "Zero-knowledge sets."Foundations of Computer Science, 2003.
Proceedings. 44th Annual IEEE Symposium on. IEEE, 2003.
Bethencourt, John, Amit Sahai, and Brent Waters. "Ciphertext-policy attribute-based encryption." Security and Privacy,
SP'07. IEEE Symposium on. IEEE, 2007.
Di Vimercati, Sabrina De Capitani, et al. "Over-encryption: management of access control evolution on outsourced
data." Proceedings of the 33rd international conference on Very large data bases. VLDB endowment, 2007..
Yu, Shucheng, et al. "Achieving secure, scalable, and fine-grained data access control in cloud computing." INFOCOM,
Proceedings IEEE. IEEE, 2010.
Li, Jin, et al. "Fine-grained data access control systems with user accountability in cloud computing." Cloud Computing
Technology and Science (CloudCom), 2010 IEEE Second International Conference on. IEEE, 2010.
Li, Ming, et al. "Securing personal health records in cloud computing: Patient-centric and fine-grained data access control
in multi-owner settings." Security and Privacy in Communication Networks (2010): 89-106.
Wang, Guojun, Qin Liu, and Jie Wu. "Achieving fine‐grained access control for secure data sharing on cloud
servers." Concurrency and Computation: Practice and Experience 23.12 (2011): 1443-1464.
Popovic, Kresimir, and Zeljko Hocenski. "Cloud computing security issues and challenges." MIPRO, 2010 Proceedings of
the 33rd International Convention. IEEE, 2010.
Gill, Phillipa, et al. "Dude, where’s that IP?: circumventing measurement-based IP geolocation." Proceedings of the 19th
USENIX conference on Security. USENIX Association, 2010.
Wang, Qian, et al. "Enabling public verifiability and data dynamics for storage security in cloud computing." Computer
Security–ESORICS 2009 (2009): 355-370.
Chow, Richard, et al. "Controlling data in the cloud: outsourcing computation without outsourcing control." Proceedings
of the 2009 ACM workshop on Cloud computing security. ACM, 2009.
Mell, Peter, and Timothy Grance. "The NIST definition of cloud computing (draft)." NIST special publication 800 (2011):
Calder, Brad, et al. "Windows Azure Storage: a highly available cloud storage service with strong
consistency." Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. ACM, 2011.
Advanced Crypto Software Collection, Retrieved March 31, 2012 from
http://acsc.cs.utexas.edu/cpabe/
Catalano, Dario, Dario Fiore, and Mariagrazia Messina. "Zero-knowledge sets with short proofs." Advances in
Cryptology–EUROCRYPT 2008 (2008): 433-450.
Chase, Melissa, et al. "Mercurial commitments with applications to zero-knowledge sets." Advances in Cryptology–
EUROCRYPT 2005 (2005): 605-605.
Gondree, Mark, and Zachary NJ Peterson. "Geolocation of data in the cloud." Proceedings of the third ACM conference on
Data and application security and privacy. ACM, 2013.
