ABSTRACT
We introduce and analyze a general framework for authentically binding data to a location while providing strong assurances against cloud storage providers that (either accidentally or maliciously) attempt to re-locate cloud data. We then evaluate a preliminary solution in this framework that combines constraint-based host geolocation with proofs of data possession, called constraint-based data geolocation (CBDG). We evaluate CBDG using a combination of experiments with PlanetLab and real cloud storage services, demonstrating that we can bind fetched data to the location originally hosting it with high precision. We geolocate data hosted on the majority of our PlanetLab targets to regions no larger than 118,000 km^2, and we geolocate data hosted on Amazon S3 to an area no larger than 12,000 km^2, sufficiently small to identify the state or service region.
- Amazon Web Services. Summary of the Amazon EC2 and Amazon RDS service disruption in the US east region. Available at http://aws.amazon.com/message/65648/.Google Scholar
- Amazon Web Services. Overview of security processes, May 2011. Available at http://aws.amazon.com/security.Google Scholar
- G. Ateniese, R. Burns, R. Curtmola, J. H. amd Lea Kissner, Z. Peterson, and D. Song. Provable data possession at untrusted stores. In Proceedings of the ACM Conference on Computer and Communications Security, 2007. Google ScholarDigital Library
- G. Ateniese, S. Kamara, and J. Katz. Proofs of storage from homomorphic identification protocols. In Proceedings of ASIACRYPT, 2009. Google ScholarDigital Library
- G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik. Scalable and efficient provable data possession. In Proceedings of the International Conference on Security and Privacy in Communication Networks, 2008. Google ScholarDigital Library
- K. Benson, R. Dowsley, and H. Shacham. Do you know where your cloud files are? In Proceedings of the ACM Cloud Computing Security Workshop, 2011. Google ScholarDigital Library
- H. Blodget. Amazon's cloud crash disaster permanently destroyed many customers' data. Business Insider, April 4 2011. http://www.businessinsider.com/amazon-lost-data-2011-4.Google Scholar
- K. D. Bowers, A. Juels, and A. Oprea. Proofs of retrievability: Theory and implementation. In Proceedings of the ACM Workshop on Cloud Computing Security, 2009. Google ScholarDigital Library
- K. D. Bowers, M. van Dijk, A. Juels, A. Oprea, and R. L. Rivest. How to tell if your cloud files are vulnerable to drive crashes. In Proceedings of the ACM Conference on Computer and Communications Security, 2011. Google ScholarDigital Library
- N. Chandran, V. Goyal, and R. M. R. Ostrovsky. Position based cryptography. In Proceedings of the International Cryptology Conference, 2009. Google ScholarDigital Library
- CIO Council. Proposed security assessment & authorization for US government cloud computing, November 2010.Google Scholar
- R. Curtmola, O. Khan, and R. Burns. Robust remtoe data checking. In Proceedings of the ACM International Workshop on Storage Security and Survivability, 2008. Google ScholarDigital Library
- R. Curtmola, O. Khan, R. Burns, and G. Ateniese. MR-PDP: Multiple-replica provable data possession. In Proceedings of the International Conference on Distributed Computing Systems, 2008. Google ScholarDigital Library
- Y. Deswarte, J.-J. Quisquater, and A. Sa1dane. Remote integrity checking: How to trust files stored on untrusted servers. In Proceedings of the Conference on Integrity and Internal Control in Information Systems, 2003.Google Scholar
- C. C. Erway, A. Küpcü, C. Papamanthou, and R. Tamassia. Dynamic provable data possession. In Proceedings of the ACM Conference on Computer and Communication Security, 2009. Google ScholarDigital Library
- European Commission. Regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation). Directive 95/46/EC, 2012.Google Scholar
- D. L. G. Filho and P. S. L. M. Barreto. Demonstrating data possession and uncheatable data transfer. Cryptology ePrint Archive, Report 2006/150, 2006.Google Scholar
- P. Gill, Y. Ganjali, B. Wong, and D. Lie. Dude, where's that IP? Circumventing measurement-based IP geolocation. In Proceedings of the USENIX Security Symposium, 2010. Google ScholarDigital Library
- N. Gohring. Amazon's S3 down for several hours. PC World, Feb 15 2008. http://www.pcworld.com/businesscenter/article/142549/amazons_s3_down_for_several_hours.html.Google Scholar
- B. Gueye, A. Ziviani, M. Crovella, and S. Fdida. Constraint-based geolocation of Internet hosts. Transactions on Networking, 14(6), December 2006. Google ScholarDigital Library
- S. Halevi, D. Harnik, B. Pinkas, and A. Shulman-Peleg. Proofs of ownership in remote storage systems. In Proceedings of the ACM Conference on Computer and Communications Security, 2011. Google ScholarDigital Library
- D. Harris. Amazon targets US government with GovCloud. The New York Times, August 2011. http://nyti.ms/y6A0ZH.Google Scholar
- B. Huffaker, M. Fomenkov, and kc claffy. Geocompare: a comparison of public and commercial geolocation databases. In Proceedings of the Network Mapping and Measurement Conference (NMC), 2011.Google Scholar
- K. Irion. Government cloud computing and the policies of data sovereignty, 2011. Available at http://ssrn.com/abstract=1935859.Google ScholarCross Ref
- A. Juels and B. S. Kaliski Jr. PORs: Proofs of retrievability for large files. In Proceedings of the ACM Conference on Computer and Communications Security, 2007. Google ScholarDigital Library
- E. Katz-Bassett, J. P. John, A. Krishnamurthy, D. Wetherall, T. Anderson, and Y. Chawathe. Towards IP geolocation using delay and topology measurements. In Proceedings of the Conference on Internet Measurement, 2006. Google ScholarDigital Library
- V. Kundra. Federal cloud computing strategy, February 2011. Available at http://www.cio.gov/documents/federal-cloud-computing-strategy.pdf.Google Scholar
- K. E. Kushida, J. Murray, and J. Zysman. Diffusing the cloud: Cloud computing and implications for public policy. Journal of Industry, Competition and Trade, 11(3), 2011.Google Scholar
- S. Laki, P. Matray, P. Haga, I. Csabai, and G. Vattay. A detailed path-latency model for router geolocation. In Proceedings of the International Conference on Testbeds and Research Infrastructures for the Development of Networks Communities and Workshops, 2009.Google ScholarCross Ref
- A. Li, X. Yang, S. Kandula, and M. Zhang. CloudCmp: Comparing public cloud providers. In Proceedings of the Internet Modeling Conference, 2010. Google ScholarDigital Library
- Microsoft Corporation. Building confidence in the cloud: A proposal for industry and government action to advance cloud computing. Technical report, Microsoft Corporation, January 2010.Google Scholar
- M. Naor and G. N. Rothblum. The complexity of online memory checking. Journal of the ACM, 56(1), 2009. Google ScholarDigital Library
- V. N. Padmanabhan and L. Subramanian. An investigation of geographic mapping techniques for Internet hosts. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, 2001. Google ScholarDigital Library
- R. Percacci and A. Vespignani. Scale-free behavior of the internet global performance. European Physical Journal B, 32(4), 2003.Google Scholar
- Z. N. J. Peterson, M. Gondree, and R. Beverly. A position paper on data sovereignty: The importance of geolocating data in the cloud. In Proceedings of the USENIX Workshop on Hot Topics in Cloud Computing, 2010. Google ScholarDigital Library
- I. Poese, S. Uhlig, M. A. Kaafar, B. Donnet, and B. Gueye. Ip geolocation databases: unreliable? Computer Communication Review, 41(2), 2011. Google ScholarDigital Library
- T. Schwarz, S.J. and E. L. Miller. Store, forget, and check: Using algebraic signatures to check remotely administered storage. In Proceedings of the IEEE International Conference on Distributed Computing Systems, 2006. Google ScholarDigital Library
- H. Shacham and B. Waters. Compact proofs of retrievability. In Proceedings of ASIACRYPT, 2008. Google ScholarDigital Library
- M. A. Shah, M. Baker, J. C. Mogul, and R. Swaminathan. Auditing to keep online storage services honest. In Proceedings of the USENIX workshop on Hot Topics in Operating Systems, 2007. Google ScholarDigital Library
- S. Siwpersad, B. Gueye, and S. Uhlig. Assessing the geographic resolution of exhaustive tabulation for geolocating internet hosts. In Passive and Active Network Measurement, 2008. Google ScholarDigital Library
- J. Sommers, P. Barford, N. Duffield, and A. Ron. Multiobjective monitoring for SLA compliance. Transaction on Networking, 18(2), 2010. Google ScholarDigital Library
- S. Capkun, M. Cagalj, and M. Srivastava. Secure localization with hidden and mobile base stations. In Proceedings of the IEEE International Conference on Computer Communications, 2006.Google ScholarCross Ref
- Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou. Enabling public verifiability and data dynamics for storage security in cloud computing. In Proceedings of the European Symposium on Research in Computer Security, 2009. Google ScholarDigital Library
- B. Wong, I. Stoyanov, and E. G. Sirer. Octant: A comprehensive framework for the geolocalization of internet hosts. In Proceedings of the USENIX Networked Systems Design and Implementation, 2007. Google ScholarDigital Library
Index Terms
- Geolocation of data in the cloud
Recommendations
A hill cipher-based remote data possession checking in cloud storage
Cloud storage enables users to access their data at any time anywhere. It has the advantages of high scalability, ease of use, cost effectiveness, and so on. However, the server that stores users' data may not be fully trustworthy. When users store ...
Identity-based provable data possession revisited
Provable Data Possession (PDP), which enables cloud users to verify the data integrity without retrieving the entire file, is highly essential for cloud storage. Observing all the existing PDP schemes rely on the Public Key Infrastructure (PKI), Wang ...
A Review on Secure Data Deduplication: Cloud Storage Security Issue
AbstractCloud storage service providers caters to the need of organizations and individuals by allowing them to store, transfer and backup their ever-increasing amount of data at low cost along with providing access to the other resources of ...
Comments