Abstract
While we can now outsource data backup to third-party cloud storage services so as to reduce data management costs, security concerns arise in terms of ensuring the privacy and integrity of outsourced data. We design FADE, a practical, implementable, and readily deployable cloud storage system that focuses on protecting deleted data with policy-based file assured deletion. FADE is built upon standard cryptographic techniques, such that it encrypts outsourced data files to guarantee their privacy and integrity, and most importantly, assuredly deletes files to make them unrecoverable to anyone (including those who manage the cloud storage) upon revocations of file access policies. In particular, the design of FADE is geared toward the objective that it acts as an overlay system that works seamlessly atop today’s cloud storage services. To demonstrate this objective, we implement a working prototype of FADE atop Amazon S3, one of today’s cloud storage services, and empirically show that FADE provides policy-based file assured deletion with a minimal trade-off of performance overhead. Our work provides insights of how to incorporate value-added security features into current data outsourcing applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Amazon. SmugMug Case Study: Amazon Web Services (2006), http://aws.amazon.com/solutions/case-studies/smugmug/
Amazon Simple Storage Service (Amazon S3), http://aws.amazon.com/s3/
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: Above the Clouds: A Berkeley View of Cloud Computing. Technical Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley (February 2009)
Ateniese, G., Pietro, R.D., Mancini, L.V., Tsudik, G.: Scalable and Efficient Provable Data Possession. In: Proc. of SecureComm. (2008)
Geambasu, R., Kohno, T., Levy, A., Levy, H.M.: Vanish: Increasing Data Privacy with Self-Destructing Data. In: Proc. of USENIX Security Symposium (August 2009)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data. In: Proc. of ACM CCS (2006)
JungleDisk, http://www.jungledisk.com/
Kamara, S., Lauter, K.: Cryptographic Cloud Storage. In: Proc. of Financial Cryptography: Workshop on Real-Life Cryptographic Protocols and Standardization (2010)
LibAWS++, http://aws.28msec.com/
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (October 1996)
MyAsiaCloud, http://www.myasiacloud.com/
Nair, S., Dashti, M.T., Crispo, B., Tanenbaum, A.S.: A Hybrid PKI-IBC Based Ephemerizer System. In: IFIP International Federation for Information Processing, vol. 232, pp. 241–252 (2007)
OpenSSL, http://www.openssl.org/
Perlman, R.: File System Design with Assured Delete. In: ISOC NDSS (2007)
Perlman, R., Kaufman, C., Perlner, R.: Privacy-Preserving DRM. In: IDtrust (2010)
Pirretti, M., Traynor, P., McDaniel, P., Waters, B.: Secure Attribute-Based Systems. In: ACM CCS (2006)
Sahai, A., Waters, B.: Fuzzy Identity-Based Encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)
Shamir, A.: How to Share a Secret. CACM 22(11), 612–613 (1979)
SmugMug, http://www.smugmug.com/
Stallings, W.: Cryptography and Network Security. Prentice-Hall, Englewood Cliffs (2006)
Vrable, M., Savage, S., Voelker, G.M.: Cumulus: Filesystem backup to the cloud. ACM Trans. on Storage (ToS) 5(4) (December 2009)
Wang, C., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for storage security in cloud computing. In: Proc. of IEEE INFOCOM (March 2010)
Wang, W., Li, Z., Owens, R., Bhargava, B.: Secure and Efficient Access to Outsourced Data. In: ACM Cloud Computing Security Workshop (CCSW) (November 2009)
Yun, A., Shi, C., Kim, Y.: On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage. In: ACM Cloud Computing Security Workshop (CCSW) (November 2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Tang, Y., Lee, P.P.C., Lui, J.C.S., Perlman, R. (2010). FADE: Secure Overlay Cloud Storage with File Assured Deletion. In: Jajodia, S., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16161-2_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-16161-2_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16160-5
Online ISBN: 978-3-642-16161-2
eBook Packages: Computer ScienceComputer Science (R0)