C3S: Cryptographically Combine Cloud Storage for Cost-Efficient Availability and Confidentiality

Increasing the availability by using multiple cloud storage providers for replication comes at a price; not only does it increase storage costs with every replica, it also greatly disperses the information to different cloud storage systems. Thus, all storage locations must be trusted to not read that data. Contrary the cryptographic technique of secret sharing splits data into confidentiality protected shares and if the adversary does not have access to more than a pre-defined threshold k of those shares, then the data's confidentiality is protected. At the same time secret sharing also increases the availability because the legitimate user must only download the data from k out of n shares. The goal of this paper is to quantify the economic advantages of efficient and secure information dispersal strategies in multi-cloud settings based on the current market situation. Therefore, we put together a database of 63 cloud storage offers and analyzed opportunities to combine them into virtual storage services delivering availabilities of 99.999% at the best price. Additionally, the combined multi-cloud storage is leaning towards data protection legislation of the European Union (EU), as any combination of k shares includes at least one from an EU-based provider. This inhibits non-EU jurisdictions to 'subpoena' the required number of shares to reconstruct data without the help of an EU-based provider. Our findings show that it is possible to find combinations which give the cloud storage consumer the wanted high availability and legal compliance guarantee at half the cost of any two providers from within the EU storing unencrypted replicas.