Decentralized Cloud Storage services represent a promising opportunity for a different cloud market, meeting the supply and demand for IT resources of an extensive community of users. The dynamic and independent nature of the resulting infrastructure introduces security concerns that can represent a slowing factor towards the realization of such an opportunity, otherwise clearly appealing and promising for the expected economic benefits. In this paper, we present an approach enabling resource owners to effectively protect and securely delete their resources while relying on decentralized cloud services for their storage. Our solution combines All-Or-Nothing-Transform for strong resource protection, and carefully designed strategies for slicing resources and for their decentralized allocation in the storage network. We address both availability and security guarantees, jointly considering them in our model and enabling resource owners to control their setting.
The sharing of large amounts of data is greatly facilitated by the adoption of cloud storage solutions. In many scenarios, this adoption could be hampered by possible concerns about data confidentiality, as cloud providers are not trusted to know the content of the data they store. Especially when the data are organized in objects, the application of an encryption layer is an interesting solution to this problem, because it o↵ers strong confidentiality guarantees with a limited performance overhead. In a data sharing scenario, the management of access privileges then requires an adequate support for key derivation and for managing policy evolution.We present a solution that provides transparent support for the encryption of objects stored on Swift. Our system o↵ers an e cient management of the updates to the access control policy, including revocation of authorizations from some of the sharing users. We explore several alternatives for the architecture, associated with distinct levels of transparency for the applications, and integrate di↵erent options for the management of policy updates. Our implementation and experiments demonstrate the easy integration of the approach with existing cloud storage solutions.
With the widespread success and adoption of cloud-based solutions, we are witnessing an ever increasing reliance on external providers for storing and managing data. This evolution is greatly facilitated by the availability of solutions-typically based on encryption-ensuring the confidentiality of externally outsourced data against the storing provider itself. Selective application of encryption (i.e., with different keys depending on the authorizations holding on data) provides a convenient approach to access control policy enforcement. Effective realization of such policy-based encryption entails addressing several problems related to key management, access control enforcement, and authorization revocation, while ensuring efficiency of access and deployment with current technology. We present the design and implementation of an approach to realize policy-based encryption for enforcing access control in OpenStack Swift. We also report experimental results evaluating and comparing different implementation choices of our approach.
A Time-Lock enables the release of a secret at a future point in time. Many approaches implement Time-Locks as cryptographic puzzles, binding the recovery of the secret to the solution of the puzzle. Since the time required to find the puzzle's solution may vary due to a multitude of factors, including the computational effort spent, these solutions may not suit all scenarios.To overcome this limitation, we propose I Told You Tomorrow (ITYT), a novel way of implementing time-locked secrets based on smart contracts. ITYT relies on the blockchain to measure the elapse of time, and it combines threshold cryptography with economic incentives and penalties to replace cryptographic puzzles.We implement a prototype of ITYT on top of the Ethereum blockchain. The prototype leverages secure Multi-Party Computation to avoid any single point of trust. We also analyze resiliency to attacks with the help of economic game theory, in the context of rational adversaries. The experiments demonstrate the low cost and limited resource consumption associated with our approach. CCS CONCEPTS• Security and privacy → Security services.
We present an approach to enforce access revocation on resources stored at external cloud providers. The approach relies on a resource transformation that provides strong mutual inter-dependency in its encrypted representation. To revoke access on a resource, it is then sufficient to update a small portion of it, with the guarantee that the resource as a whole (and any portion of it) will become unintelligible to those from whom access is revoked. The extensive experimental evaluation on a variety of configurations confirmed the effectiveness and efficiency of our solution, which showed excellent performance and compatibility with several implementation strategies.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.