ABSTRACT
Recent years have witnessed the trend of leveraging cloud-based services for large scale content storage, processing, and distribution. Security and privacy are among top concerns for the public cloud environments. Towards end-to-end content security, we propose and implement CloudSeal, a scheme for securely sharing and distributing content via the public cloud. CloudSeal ensures the confidentiality of content in the public cloud environments with flexible access control policies for subscribers and efficient content distribution via content delivery network.
CloudSeal seamlessly integrates symmetric encryption, proxy-based re-encryption, k-out-of-n secret sharing, and broadcast revocation mechanisms. These algorithms allow CloudSeal to cache the major part of a stored cipher content object in the delivery network for content distribution, while keeping the minor part in the cloud storage for key management. The separation of subscription-based key management and confidentiality-oriented proxy-based re-encryption policies uniquely enables flexible and scalable deployment of the solution as well as strong security for cached content in the network. We have implemented CloudSeal on Amazon Web Services, including EC2, S3, and CloudFront. Through experimental evaluation, we demonstrate the end-to-end efficiency and scalability of CloudSeal.
- Amazon Web Services. http://aws.amazon.com.Google Scholar
- boto: Python interface to amazon web services. http://code.google.com/p/boto/ .Google Scholar
- Netflix on Amazon's Cloud. http://www.techflash.com/seattle/2010/05/netflix_on_amazon_cloud.html.Google Scholar
- OpenSSL Cryptography and SSL/TLS Tookit, http://www.openssl.org/.Google Scholar
- Pairing-based cryptography (pbc) library.http://crypto.stanford.edu/pbc/Google Scholar
- Cloud Computing, an IDC update, 2010.Google Scholar
- AWS Customer Agreement http://aws.amazon.com/agreement/, 2011.Google Scholar
- G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage. ACM Trans. Inf. Syst. Secur., 9:1--30, February 2006. Google ScholarDigital Library
- E. Bertino, F. Paci, R. Ferrini, and N. Shang. Privacy-preserving Digital Identity Management for Cloud Computing. IEEE Data Eng. Bull., 2009.Google Scholar
- D. Boneh and M. K. Franklin. Identity-based Encryption from the Weil Pairing. In CRYPTO '01. Google ScholarDigital Library
- D. Boneh, B. Lynn, and H. Shacham. Short Signatures from the Weil Pairing. In Proc. of ASIACRYPT '01. Google ScholarDigital Library
- B. Briscoe. MARKS: Multicast Key Management using Arbitratily Revealed Key Sequences. In Proceedings of NGC'99. Google ScholarDigital Library
- B. Briscoe. Nark: Receiver-based Multicast Non-repudiation and Key Management. In Proceedings of EC'99. Google ScholarDigital Library
- R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas. Multicast Security: A Taxonomy and Some Efficient Constructions. In INFOCOM '99.Google Scholar
- Y.-P. Chiu, C.-L. Lei, and C.-Y. Huang. Secure Multicast Using Proxy Encryption. In Information and Communications Security, Lecture Notes in Computer Science. 2005.Google ScholarCross Ref
- R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, and J. Molina. Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control. In Proceedings of CCSW '09. Google ScholarDigital Library
- V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based Encryption for Fine-grained Access Control of Encrypted Data. In Proc. of ACM CCS, 2006. Google ScholarDigital Library
- Cisco Inc. Cisco Visual Networking Index: Forecast and Methodology, 2010--2015. White paper, Cisco., 2011.Google Scholar
- M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus: Scalable Secure File Sharing on Untrusted Storage. In Proceedings of FAST, 2003. Google ScholarDigital Library
- Y. Koglin, D. Yao, and E. Bertino. Secure Content Distribution by Parallel Processing from Cooperative Intermediaries. IEEE Transactions on Parallel and Distributed Systems, 2008.Google Scholar
- D. Lin and A. Squicciarini. Data Protection Models for Service Provisioning in the Cloud. In Proceeding of ACM SACMAT '10. Google ScholarDigital Library
- Lockheed Martin, LM Cyber Security Alliance. Awareness, Trust and Security to Shape Government Cloud Adoption. White paper, Cisco, 2010.Google Scholar
- M. Nabeel, N. Shang, J. Zage, and E. Bertino. Mask: A System for Privacy-preserving Policy-based Access to Published Content. In Proceedings of SIGMOD '10. Google ScholarDigital Library
- M. Naor and B. Pinkas. Efficient Trace and Revoke Schemes. In Proceedings of the 4th International Conference on Financial Cryptography, 2001. Google ScholarDigital Library
- Pomelo, LLC Tech Memo. Analysis of Netflix's Security Framework for Watch Instantly Service, 2009.Google Scholar
- T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, You, Get Off of My cloud! Exploring Information Leakage in Third-Party Compute Clouds. In Proceedings of CCS, 2009. Google ScholarDigital Library
- R. Sandhu, R. Boppana, R. Krishnan, J. Reich, T. Wolff, and J. Zachry. Towards A Discipline of Mission-aware Cloud Computing. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop, CCSW '10. Google ScholarDigital Library
- Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, 2009. https://cloudsecurityalliance.org/csaguide.pdf.Google Scholar
- A. Shamir. How to Share A Secret. Commun. ACM, 22, November 1979. Google ScholarDigital Library
- P. Traynor, K. R. B. Butler, W. Enck, and P. McDaniel. Realizing Massive-Scale Conditional Access Systems Through Attribute-Based Cryptosystems. In NDSS, 2008.Google Scholar
- W. Wang, Z. Li, R. Owens, and B. Bhargava. Secure and Efficient Access to Outsourced Data. In Proceedings of CCSW '09. Google ScholarDigital Library
- C. K. Wong, M. Gouda, and S. S. Lam. Secure Group Communications Using Key Graphs. IEEE/ACM Trans. Netw., 8, February 2000. Google ScholarDigital Library
- H. Xiong, X. Zhang, W. Zhu, and D. Yao. Cloudseal: End-to-End Content Protection in Cloud-based Storage and Delivery Services. In Proceedings of Securecomm, 2011.Google Scholar
- D. Yao, Y. Koglin, E. Bertino, and R. Tamassia. Decentralized Authorization and Data Security in Web Content Delivery. In Proc ACM Symp. on Applied Computing (SAC), 2007. Google ScholarDigital Library
- S. Yu, C. Wang, K. Ren, and W. Lou. Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing. In INFOCOM'10. Google ScholarDigital Library
- S. Zarandioon, D. Yao, and V. Ganapathy. K2C: Cryptographic Cloud Storage With Lazy Revocation and Anonymous Access. In Proceedings of Securecomm, 2011.Google Scholar
- L. Zhou, V. Varadharajan, and M. Hitchens. Enforcing role-based access control for secure data storage in the cloud. The Computer Journal, 2011. Google ScholarDigital Library
- S. Zhu, C. Yao, D. Liu, S. Setia, and S. Jajodia. Efficient Security Mechanisms for Overlay Multicast based Content Delivery. Comput. Commun., 30:793--806, February 2007. Google ScholarDigital Library
Index Terms
- Towards end-to-end secure content storage and delivery with public cloud
Recommendations
Secure, efficient and revocable multi-authority access control system in cloud storage
A multi-authority attribute-based access control system for cloud storage is proposed.An adaptively secure multi-authority CP-ABE (MA-CP-ABE) scheme in the standard model.A decryption outsourcing method for the proposed MA-CP-ABE scheme.An attribute-...
An IND-CCA2 secure post-quantum encryption scheme and a secure cloud storage use case
AbstractCode-based public key encryption (PKE) is a popular choice to achieve post-quantum security, partly due to its capability to achieve fast encryption/decryption. However, code-based PKE has larger ciphertext and public key sizes in comparison to ...
Secure public data auditing scheme for cloud storage in smart city
In the smart city construction, massive data collected from various fields need to be outsourced to the cloud for convenience and resource saving. However, integrity and confidentiality of the data in cloud remains a challenge issue due to the loss of ...
Comments