数据驻留证明:检查您的云文件是否已重新定位

Hung Dang, Erick Purwanto, E. Chang
{"title":"数据驻留证明:检查您的云文件是否已重新定位","authors":"Hung Dang, Erick Purwanto, E. Chang","doi":"10.1145/3052973.3053016","DOIUrl":null,"url":null,"abstract":"While cloud storage services offer manifold benefits such as cost-effectiveness or elasticity, there also exist various security and privacy concerns. Among such concerns, we pay our primary attention to data residency -- a notion that requires outsourced data to be retrievable in its entirety from local drives of a storage server in-question. We formulate such notion under a security model called Proofs of Data Residency (PoDR). can be employed to check whether the data are replicated across different storage servers, or combined with storage server geolocation to \"locate\" the data in the cloud. We make key observations that the data residency checking protocol should exclude all server-side computation and that each challenge should ask for no more than a single atomic fetching operation. We illustrate challenges and subtleties in protocol design by showing potential attacks to naive constructions. Next, we present a secure PoDR scheme structured as a timed challenge-response protocol. Two implementation variants of the proposed solution, namely NVeri and EVeri, describe an interesting use-case of trusted computing, in particular the use of Intel SGX, in cryptographic timed challenge-response protocols whereby having the verifier co-locating with the prover offers security enhancement. Finally, we conduct extensive experiments to exhibit potential attacks to insecure constructions and validate the performance as well as the security of our solution.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"18 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Proofs of Data Residency: Checking whether Your Cloud Files Have Been Relocated\",\"authors\":\"Hung Dang, Erick Purwanto, E. Chang\",\"doi\":\"10.1145/3052973.3053016\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"While cloud storage services offer manifold benefits such as cost-effectiveness or elasticity, there also exist various security and privacy concerns. Among such concerns, we pay our primary attention to data residency -- a notion that requires outsourced data to be retrievable in its entirety from local drives of a storage server in-question. We formulate such notion under a security model called Proofs of Data Residency (PoDR). can be employed to check whether the data are replicated across different storage servers, or combined with storage server geolocation to \\\"locate\\\" the data in the cloud. We make key observations that the data residency checking protocol should exclude all server-side computation and that each challenge should ask for no more than a single atomic fetching operation. We illustrate challenges and subtleties in protocol design by showing potential attacks to naive constructions. Next, we present a secure PoDR scheme structured as a timed challenge-response protocol. Two implementation variants of the proposed solution, namely NVeri and EVeri, describe an interesting use-case of trusted computing, in particular the use of Intel SGX, in cryptographic timed challenge-response protocols whereby having the verifier co-locating with the prover offers security enhancement. Finally, we conduct extensive experiments to exhibit potential attacks to insecure constructions and validate the performance as well as the security of our solution.\",\"PeriodicalId\":20540,\"journal\":{\"name\":\"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security\",\"volume\":\"18 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3052973.3053016\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3052973.3053016","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 13

摘要

虽然云存储服务提供了多种好处,如成本效益或弹性,但也存在各种安全性和隐私问题。在这些问题中,我们主要关注的是数据驻留——这一概念要求外包数据可以从存储服务器的本地驱动器中完整地检索到。我们在称为数据驻留证明(PoDR)的安全模型下表述了这样的概念。可以用来检查数据是否在不同的存储服务器上复制,或者结合存储服务器地理位置来“定位”云中的数据。我们观察到数据驻留检查协议应该排除所有服务器端计算,并且每个挑战应该只要求一个原子抓取操作。我们通过展示对幼稚构造的潜在攻击来说明协议设计中的挑战和微妙之处。接下来,我们提出了一个安全的PoDR方案结构为定时挑战响应协议。提出的解决方案的两个实现变体,即NVeri和EVeri,描述了可信计算的一个有趣用例,特别是在加密定时挑战响应协议中使用英特尔SGX,通过将验证者与证明者共同定位提供安全性增强。最后,我们进行了大量的实验,以展示对不安全结构的潜在攻击,并验证我们的解决方案的性能和安全性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Proofs of Data Residency: Checking whether Your Cloud Files Have Been Relocated
While cloud storage services offer manifold benefits such as cost-effectiveness or elasticity, there also exist various security and privacy concerns. Among such concerns, we pay our primary attention to data residency -- a notion that requires outsourced data to be retrievable in its entirety from local drives of a storage server in-question. We formulate such notion under a security model called Proofs of Data Residency (PoDR). can be employed to check whether the data are replicated across different storage servers, or combined with storage server geolocation to "locate" the data in the cloud. We make key observations that the data residency checking protocol should exclude all server-side computation and that each challenge should ask for no more than a single atomic fetching operation. We illustrate challenges and subtleties in protocol design by showing potential attacks to naive constructions. Next, we present a secure PoDR scheme structured as a timed challenge-response protocol. Two implementation variants of the proposed solution, namely NVeri and EVeri, describe an interesting use-case of trusted computing, in particular the use of Intel SGX, in cryptographic timed challenge-response protocols whereby having the verifier co-locating with the prover offers security enhancement. Finally, we conduct extensive experiments to exhibit potential attacks to insecure constructions and validate the performance as well as the security of our solution.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信