research-article

Geolocation of data in the cloud

Authors:
Mark Gondree

Naval Postgraduate School, Monterey, CA, USA

Naval Postgraduate School, Monterey, CA, USA
View Profile

,
Zachary N.J. Peterson

Naval Postgraduate School, Monterey, CA, USA

Naval Postgraduate School, Monterey, CA, USA
View Profile

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacyFebruary 2013Pages 25–36https://doi.org/10.1145/2435349.2435353

Published:18 February 2013Publication History

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

Pages 25–36

ABSTRACT

We introduce and analyze a general framework for authentically binding data to a location while providing strong assurances against cloud storage providers that (either accidentally or maliciously) attempt to re-locate cloud data. We then evaluate a preliminary solution in this framework that combines constraint-based host geolocation with proofs of data possession, called constraint-based data geolocation (CBDG). We evaluate CBDG using a combination of experiments with PlanetLab and real cloud storage services, demonstrating that we can bind fetched data to the location originally hosting it with high precision. We geolocate data hosted on the majority of our PlanetLab targets to regions no larger than 118,000 km^2, and we geolocate data hosted on Amazon S3 to an area no larger than 12,000 km^2, sufficiently small to identify the state or service region.

References

Amazon Web Services. Summary of the Amazon EC2 and Amazon RDS service disruption in the US east region. Available at http://aws.amazon.com/message/65648/.Google Scholar
Amazon Web Services. Overview of security processes, May 2011. Available at http://aws.amazon.com/security.Google Scholar
G. Ateniese, R. Burns, R. Curtmola, J. H. amd Lea Kissner, Z. Peterson, and D. Song. Provable data possession at untrusted stores. In Proceedings of the ACM Conference on Computer and Communications Security, 2007. Google ScholarDigital Library
G. Ateniese, S. Kamara, and J. Katz. Proofs of storage from homomorphic identification protocols. In Proceedings of ASIACRYPT, 2009. Google ScholarDigital Library
G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik. Scalable and efficient provable data possession. In Proceedings of the International Conference on Security and Privacy in Communication Networks, 2008. Google ScholarDigital Library
K. Benson, R. Dowsley, and H. Shacham. Do you know where your cloud files are? In Proceedings of the ACM Cloud Computing Security Workshop, 2011. Google ScholarDigital Library
H. Blodget. Amazon's cloud crash disaster permanently destroyed many customers' data. Business Insider, April 4 2011. http://www.businessinsider.com/amazon-lost-data-2011-4.Google Scholar
K. D. Bowers, A. Juels, and A. Oprea. Proofs of retrievability: Theory and implementation. In Proceedings of the ACM Workshop on Cloud Computing Security, 2009. Google ScholarDigital Library
K. D. Bowers, M. van Dijk, A. Juels, A. Oprea, and R. L. Rivest. How to tell if your cloud files are vulnerable to drive crashes. In Proceedings of the ACM Conference on Computer and Communications Security, 2011. Google ScholarDigital Library
N. Chandran, V. Goyal, and R. M. R. Ostrovsky. Position based cryptography. In Proceedings of the International Cryptology Conference, 2009. Google ScholarDigital Library
CIO Council. Proposed security assessment & authorization for US government cloud computing, November 2010.Google Scholar
R. Curtmola, O. Khan, and R. Burns. Robust remtoe data checking. In Proceedings of the ACM International Workshop on Storage Security and Survivability, 2008. Google ScholarDigital Library
R. Curtmola, O. Khan, R. Burns, and G. Ateniese. MR-PDP: Multiple-replica provable data possession. In Proceedings of the International Conference on Distributed Computing Systems, 2008. Google ScholarDigital Library
Y. Deswarte, J.-J. Quisquater, and A. Sa1dane. Remote integrity checking: How to trust files stored on untrusted servers. In Proceedings of the Conference on Integrity and Internal Control in Information Systems, 2003.Google Scholar
C. C. Erway, A. Küpcü, C. Papamanthou, and R. Tamassia. Dynamic provable data possession. In Proceedings of the ACM Conference on Computer and Communication Security, 2009. Google ScholarDigital Library
European Commission. Regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation). Directive 95/46/EC, 2012.Google Scholar
D. L. G. Filho and P. S. L. M. Barreto. Demonstrating data possession and uncheatable data transfer. Cryptology ePrint Archive, Report 2006/150, 2006.Google Scholar
P. Gill, Y. Ganjali, B. Wong, and D. Lie. Dude, where's that IP? Circumventing measurement-based IP geolocation. In Proceedings of the USENIX Security Symposium, 2010. Google ScholarDigital Library
N. Gohring. Amazon's S3 down for several hours. PC World, Feb 15 2008. http://www.pcworld.com/businesscenter/article/142549/amazons_s3_down_for_several_hours.html.Google Scholar
B. Gueye, A. Ziviani, M. Crovella, and S. Fdida. Constraint-based geolocation of Internet hosts. Transactions on Networking, 14(6), December 2006. Google ScholarDigital Library
S. Halevi, D. Harnik, B. Pinkas, and A. Shulman-Peleg. Proofs of ownership in remote storage systems. In Proceedings of the ACM Conference on Computer and Communications Security, 2011. Google ScholarDigital Library
D. Harris. Amazon targets US government with GovCloud. The New York Times, August 2011. http://nyti.ms/y6A0ZH.Google Scholar
B. Huffaker, M. Fomenkov, and kc claffy. Geocompare: a comparison of public and commercial geolocation databases. In Proceedings of the Network Mapping and Measurement Conference (NMC), 2011.Google Scholar
K. Irion. Government cloud computing and the policies of data sovereignty, 2011. Available at http://ssrn.com/abstract=1935859.Google ScholarCross Ref
A. Juels and B. S. Kaliski Jr. PORs: Proofs of retrievability for large files. In Proceedings of the ACM Conference on Computer and Communications Security, 2007. Google ScholarDigital Library
E. Katz-Bassett, J. P. John, A. Krishnamurthy, D. Wetherall, T. Anderson, and Y. Chawathe. Towards IP geolocation using delay and topology measurements. In Proceedings of the Conference on Internet Measurement, 2006. Google ScholarDigital Library
V. Kundra. Federal cloud computing strategy, February 2011. Available at http://www.cio.gov/documents/federal-cloud-computing-strategy.pdf.Google Scholar
K. E. Kushida, J. Murray, and J. Zysman. Diffusing the cloud: Cloud computing and implications for public policy. Journal of Industry, Competition and Trade, 11(3), 2011.Google Scholar
S. Laki, P. Matray, P. Haga, I. Csabai, and G. Vattay. A detailed path-latency model for router geolocation. In Proceedings of the International Conference on Testbeds and Research Infrastructures for the Development of Networks Communities and Workshops, 2009.Google ScholarCross Ref
A. Li, X. Yang, S. Kandula, and M. Zhang. CloudCmp: Comparing public cloud providers. In Proceedings of the Internet Modeling Conference, 2010. Google ScholarDigital Library
Microsoft Corporation. Building confidence in the cloud: A proposal for industry and government action to advance cloud computing. Technical report, Microsoft Corporation, January 2010.Google Scholar
M. Naor and G. N. Rothblum. The complexity of online memory checking. Journal of the ACM, 56(1), 2009. Google ScholarDigital Library
V. N. Padmanabhan and L. Subramanian. An investigation of geographic mapping techniques for Internet hosts. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, 2001. Google ScholarDigital Library
R. Percacci and A. Vespignani. Scale-free behavior of the internet global performance. European Physical Journal B, 32(4), 2003.Google Scholar
Z. N. J. Peterson, M. Gondree, and R. Beverly. A position paper on data sovereignty: The importance of geolocating data in the cloud. In Proceedings of the USENIX Workshop on Hot Topics in Cloud Computing, 2010. Google ScholarDigital Library
I. Poese, S. Uhlig, M. A. Kaafar, B. Donnet, and B. Gueye. Ip geolocation databases: unreliable? Computer Communication Review, 41(2), 2011. Google ScholarDigital Library
T. Schwarz, S.J. and E. L. Miller. Store, forget, and check: Using algebraic signatures to check remotely administered storage. In Proceedings of the IEEE International Conference on Distributed Computing Systems, 2006. Google ScholarDigital Library
H. Shacham and B. Waters. Compact proofs of retrievability. In Proceedings of ASIACRYPT, 2008. Google ScholarDigital Library
M. A. Shah, M. Baker, J. C. Mogul, and R. Swaminathan. Auditing to keep online storage services honest. In Proceedings of the USENIX workshop on Hot Topics in Operating Systems, 2007. Google ScholarDigital Library
S. Siwpersad, B. Gueye, and S. Uhlig. Assessing the geographic resolution of exhaustive tabulation for geolocating internet hosts. In Passive and Active Network Measurement, 2008. Google ScholarDigital Library
J. Sommers, P. Barford, N. Duffield, and A. Ron. Multiobjective monitoring for SLA compliance. Transaction on Networking, 18(2), 2010. Google ScholarDigital Library
S. Capkun, M. Cagalj, and M. Srivastava. Secure localization with hidden and mobile base stations. In Proceedings of the IEEE International Conference on Computer Communications, 2006.Google ScholarCross Ref
Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou. Enabling public verifiability and data dynamics for storage security in cloud computing. In Proceedings of the European Symposium on Research in Computer Security, 2009. Google ScholarDigital Library
B. Wong, I. Stoyanov, and E. G. Sirer. Octant: A comprehensive framework for the geolocalization of internet hosts. In Proceedings of the USENIX Networked Systems Design and Implementation, 2007. Google ScholarDigital Library

Index Terms

Geolocation of data in the cloud
1. Security and privacy
  1. Cryptography
  2. Systems security
    1. Operating systems security

Recommendations

A hill cipher-based remote data possession checking in cloud storage

Cloud storage enables users to access their data at any time anywhere. It has the advantages of high scalability, ease of use, cost effectiveness, and so on. However, the server that stores users' data may not be fully trustworthy. When users store ...
Read More
Identity-based provable data possession revisited

Provable Data Possession (PDP), which enables cloud users to verify the data integrity without retrieving the entire file, is highly essential for cloud storage. Observing all the existing PDP schemes rely on the Public Key Infrastructure (PKI), Wang ...
Read More
A Review on Secure Data Deduplication: Cloud Storage Security Issue
Abstract
Cloud storage service providers caters to the need of organizations and individuals by allowing them to store, transfer and backup their ever-increasing amount of data at low cost along with providing access to the other resources of ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy
February 2013
400 pages
ISBN:9781450318907
DOI:10.1145/2435349
General Chairs:
Elisa Bertino
Purdue University, USA
,
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Lujo Bauer
Carnegie Mellon University, USA
,
Publications Chair:
Jaehong Park
University of Texas at San Antonio, USA
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 18 February 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
cloud storage
data availability
proof of data geolocation
provable data possession
storage security
Qualifiers
- research-article
Conference

Acceptance Rates
CODASPY '13 Paper Acceptance Rate24of107submissions,22%Overall Acceptance Rate149of789submissions,19%
More
Upcoming Conference
CODASPY '24

Sponsor:

sigsac

Fourteenth ACM Conference on Data and Application Security and Privacy

June 19 - 21, 2024

Porto , Portugal
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 62
  Total Citations
  View Citations
- 955
  Total Downloads
- Downloads (Last 12 months)33
- Downloads (Last 6 weeks)6
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Geolocation of data in the cloud

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

ABSTRACT

References

Cited By

Index Terms

Recommendations

A hill cipher-based remote data possession checking in cloud storage

Identity-based provable data possession revisited

A Review on Secure Data Deduplication: Cloud Storage Security Issue