Skip to main content
Springer Nature Link
Log in

Cross-group secret sharing scheme for secure usage of cloud storage over different providers and regions

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

With the spread of the Internet, more and more data are being stored in the cloud. Here the technique of secret sharing can be naturally applied in order to provide both security and availability of the stored data, hereby reducing the risks of data leakage and data loss. The privacy property of secret sharing ensures protection against unauthorized access, while protection against data loss may be attained by distributing shares to the servers located in different regions. However, there is still a problem: If we naively employ the secret sharing technique without regarding to whom the cloud servers belong, a dishonest provider can obtain the secret data by collecting enough shares from its servers. In this scenario, there is a need to distribute shares over cloud services operated by different providers. In this paper, we propose a simple secret sharing technique, a cross-group secret sharing (CGSS), which is suitable for storing the data on cloud storage distributed over different groups—that is, different providers and regions. By combining an \(\ell \)-out-of-m threshold secret sharing scheme with a k-out-of-n threshold secret sharing scheme using a symmetric-key encryption scheme, we construct the CGSS scheme that forces k shares to be collected from \(\ell \) groups. Compared with the previous works, our scheme attains the functionality with reasonable computation. We also formalize the problem of allocating shares over different providers and regions as an optimization problem and show the design principles, which one must follow, when applying our proposal in practical settings. An experiment on real IaaS systems shows effectiveness of our proposed scheme, CGSS.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. One can apply any searchable encryption scheme to those filenames if they must also be kept secret.

  2. https://aws.amazon.com/ec2/.

  3. https://azure.microsoft.com/services/virtual-machines/.

  4. http://vps.sakura.ad.jp/.

  5. Those implementations are published in https://itslab-kyushu.github.io/#sss.

  6. http://www.grpc.io/.

References

  1. AOL Inc (2017) The day amazon s3 storage stood still. https://techcrunch.com/2017/03/01/the-day-amazon-s3-storage-stood-still/

  2. Bai L (2006) A strong ramp secret sharing scheme using matrix projection. In: 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM’06), pp 5, 656. doi:10.1109/WOWMOM.2006.17

  3. Beimel A (2011) Secret-sharing schemes: a survey. In: Coding and Cryptology—Third International Workshop, IWCC 2011, Qingdao, China, May 30–June 3, 2011. Proceedings, pp 11–46. doi:10.1007/978-3-642-20901-7_2

  4. Beimel A, Tassa T, Weinreb E (2008) Characterizing ideal weighted threshold secret sharing. SIAM J Discrete Math 22(1):360–397. doi:10.1137/S0895480104445654

    Article  MathSciNet  MATH  Google Scholar 

  5. Berlekamp ER (2015) Algebraic coding theory, Revised edn. World Scientific Publishing Co., Inc, River Edge

    Book  MATH  Google Scholar 

  6. Blakley G (1979) Safeguarding cryptographic keys. In: Proceedings of the 1979 AFIPS National Computer Conference. AFIPS Press, Monval, NJ, USA, pp 313–317

  7. Blakley GR, Meadows CA (1984) Security of ramp schemes. In: Advances in Cryptology, Proceedings of CRYPTO ’84, Santa Barbara, California, USA, August 19–22, 1984, Proceedings, pp 242–268. doi:10.1007/3-540-39568-7_20

  8. Computerworld, Inc (2012) Hurricane sandy leaves wounded servers in its wake. http://www.computerworld.com/article/2493139/data-center/hurricane-sandy-leaves-wounded-servers-in-its-wake.html

  9. Enterprise Tech (2015) Data leaks seen driving cloud storage. http://www.enterprisetech.com/2015/06/08/data-leaks-seen-driving-cloud-storage/

  10. Feldman P (1987) A practical scheme for non-interactive verifiable secret sharing. In: Proceedings of the 28th Annual Symposium on foundations of Computer Science. IEEE Computer Society, Washington, DC, USA, SFCS ’87, pp 427–438. doi:10.1109/SFCS.1987.4

  11. Goldreich O (2004) The foundations of cryptography, vol 2, basic applications. Cambridge University Press, Cambridge

    Book  MATH  Google Scholar 

  12. Herzberg A, Jarecki S, Krawczyk H, Yung M (1995) Proactive secret sharing or: how to cope with perpetual leakage. In: Advances in Cryptology—CRYPTO ’95, 15th Annual International Cryptology Conference, Santa Barbara, California, USA, August 27–31, 1995, Proceedings, pp 339–352. doi:10.1007/3-540-44750-4_27

  13. Hitachi Solutions America, Ltd (2014) Google drive, dropbox, box and icloud reach the top 5 cloud storage security breaches list. https://psg.hitachi-solutions.com/credeon/blog/google-drive-dropbox-box-and-icloud-reach-the-top-5-cloud-storage-security-breaches-list

  14. Ito M, Saito A, Nishizeki T (1989) Secret sharing scheme realizing general access structure. Electron Commun Jpn (Part III Fundam Electron Sci) 72(9):56–64. doi:10.1002/ecjc.4430720906

    Article  MathSciNet  Google Scholar 

  15. Iwamoto M, Yamamoto H (2006) Strongly secure ramp secret sharing schemes for general access structures. Inf Process Lett 97(2):52–57. doi:10.1016/j.ipl.2005.09.012

    Article  MathSciNet  MATH  Google Scholar 

  16. Ke C, Anada H, Kawamoto J, Morozov K, Sakurai K (2016) Cross-group secret sharing for secure cloud storage service. In: Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication, IMCOM 2016, Danang, Vietnam, January 4–6, 2016, pp 63:1–63:8. doi:10.1145/2857546.2857610

  17. Krawczyk H (1993) Secret sharing made short. In: Advances in Cryptology—CRYPTO ’93, 13th Annual International Cryptology Conference, Santa Barbara, California, USA, August 22–26, 1993, Proceedings, pp 136–146. doi:10.1007/3-540-48329-2_12

  18. Kurosawa K, Obana S, Ogata W (1995) t-cheater identifiable (k, n) threshold secret sharing schemes. In: Advances in Cryptology—CRYPTO ’95, 15th Annual International Cryptology Conference, Santa Barbara, California, USA, August 27–31, 1995, Proceedings, pp 410–423. doi:10.1007/3-540-44750-4_33

  19. Lin H, Harn L (1991) A generalized secret sharing scheme with cheater detection. In: Advances in Cryptology—ASIACRYPT ’91, International Conference on the Theory and Applications of Cryptology, Fujiyoshida, Japan, November 11–14, 1991, Proceedings, pp 149–158. doi:10.1007/3-540-57332-1_12

  20. Maeda A, Miyaji A, Tada M (2001) Efficient and unconditionally secure verifiable threshold changeable scheme. In: Information Security and Privacy, 6th Australasian Conference, ACISP 2001, Sydney, Australia, July 11–13, 2001, Proceedings, pp 403–416. doi:10.1007/3-540-47719-5_32

  21. Martin KM, Pieprzyk J, Safavi-Naini R, Wang H (1999) Changing thresholds in the absence of secure channels. In: Information Security and Privacy, 4th Australasian Conference, ACISP’99, Wollongong, NSW, Australia, April 7–9, 1999, Proceedings, pp 177–191. doi:10.1007/3-540-48970-3_15

  22. NTT Corp (2015) The world’s first high-speed secret sharing engine for openstack swift. http://www.ntt.co.jp/news2015/1505e/150518a.html

  23. Patterson DA, Gibson G, Katz RH (1988) A case for redundant arrays of inexpensive disks (raid). In: Proceedings of the 1988 ACM SIGMOD International Conference on Management of Data, ACM, New York, NY, USA, SIGMOD ’88, pp 109–116. doi:10.1145/50202.50214

  24. Pedersen TP (1991) Non-interactive and information-theoretic secure verifiable secret sharing. In: Advances in Cryptology—CRYPTO ’91, 11th Annual International Cryptology Conference, Santa Barbara, California, USA, August 11–15, 1991, Proceedings, pp 129–140. doi:10.1007/3-540-46766-1_9

  25. Rabin MO (1989) Efficient dispersal of information for security, load balancing, and fault tolerance. J ACM 36(2):335–348. doi:10.1145/62044.62050

    Article  MathSciNet  MATH  Google Scholar 

  26. Rogaway P, Bellare M (2007) Robust computational secret sharing and a unified account of classical secret-sharing goals. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, ACM, New York, NY, USA, CCS ’07, pp 172–184. doi:10.1145/1315245.1315268

  27. Schoenmakers B (1999) A simple publicly verifiable secret sharing scheme and its application to electronic voting. In: Advances in Cryptology—CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 1999, Proceedings, pp 148–164. doi:10.1007/3-540-48405-1_10

  28. Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613. doi:10.1145/359168.359176

    Article  MathSciNet  MATH  Google Scholar 

  29. Shannon CE (1949) Communication theory of secrecy systems 28(4):656–715. http://bstj.bell-labs.com/BSTJ/images/Vol28/bstj28-4-656.pdf; http://en.wikipedia.org/wiki/Communication_Theory_of_Secrecy_Systems; http://www.cs.ucla.edu/~jkong/research/security/shannon1949.pdf

  30. Shoup V (2006) A computational introduction to number theory and algebra. Cambridge University Press, Cambridge

    MATH  Google Scholar 

  31. Smith G, Boreli R, Kâafar MA (2013) A layered secret sharing scheme for automated profile sharing in OSN groups. In: Mobile and Ubiquitous Systems: Computing, Networking, and Services—10th International Conference, MOBIQUITOUS 2013, Tokyo, Japan, December 2–4, 2013, Revised Selected Papers, pp 487–499. doi:10.1007/978-3-319-11569-6_38

  32. Tompa M, Woll H (1988) How to share a secret with cheaters. J Cryptol 1(2):133–138. doi:10.1007/BF02252871

    MathSciNet  MATH  Google Scholar 

  33. Wikipedia, the free encyclopedia (2015) Amazon web services. https://en.wikipedia.org/wiki/Amazon_Web_Services

  34. Zhang Z, Chee YM, Ling S, Liu M, Wang H (2012) Threshold changeable secret sharing schemes revisited. Theor Comput Sci 418:106–115. doi:10.1016/j.tcs.2011.09.027

    Article  MathSciNet  MATH  Google Scholar 

  35. Zhou L, Schneider FB, van Renesse R (2005) APSS: proactive secret sharing in asynchronous systems. ACM Trans Inf Syst Secur 8(3):259–286. doi:10.1145/1085126.1085127

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Security, University of Nagasaki, W408, 1-1-1, Manabino, Nagayo-cho, Nishisonogi-gun, Nagasaki, 851-2195, Japan

    Hiroaki Anada

  2. Department of Informatics, Kyushu University, W2-712, 744, Motooka, Nishi-ku, Fukuoka, 819-0395, Japan

    Junpei Kawamoto & Kouichi Sakurai

  3. Graduate School of Information Science and Electrical Engineering, Kyushu University, W2-712, 744, Motooka, Nishi-ku, Fukuoka, 819-0395, Japan

    Chenyutao Ke

  4. School of Computing, Tokyo Institute of Technology, 2-12-1 Ookayama, Meguro-ku, Tokyo, 152-8552, Japan

    Kirill Morozov

  5. Information Security Laboratory, Institute of Systems, Information Technologies and Nanotechnologies, 7F, Fukuoka SRP Center Bldg., 2-1-22, Momochihama, Sawara-ku, Fukuoka, 814-0001, Japan

    Kouichi Sakurai

Authors
  1. Hiroaki Anada
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Junpei Kawamoto
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Chenyutao Ke
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Kirill Morozov
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Kouichi Sakurai
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Hiroaki Anada.

Additional information

A preliminary version [16] of this paper appeared in the proceedings of ACM-IMCOM 2016, Danang, Vietnam under the title “Cross-group Secret Sharing for Secure Cloud Storage Service”.

Hiroaki Anada: this work is partially supported by a Kakenhi Grant-in-Aid for Scientific Research (C) JP15K00029 from Japan Society for the Promotion of Science. Kirill Morozov: this work is partially supported by a Kakenhi Grant-in-Aid for Scientific Research (C) JP15K00186 from Japan Society for the Promotion of Science; this work is partially supported by JST CREST. Kouichi Sakurai: this work is partially supported by a Kakenhi Grant-in-Aid for Scientific Research (C) JP15H02711 from Japan Society for the Promotion of Science. Chenyutao Ke: this work was done as a part of the master course studies by the third author. Currently, he has graduated and he is now with NTT Communications Corporation.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Anada, H., Kawamoto, J., Ke, C. et al. Cross-group secret sharing scheme for secure usage of cloud storage over different providers and regions. J Supercomput 73, 4275–4301 (2017). https://doi.org/10.1007/s11227-017-2009-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-017-2009-7

Keywords