short-paper

Towards end-to-end secure content storage and delivery with public cloud

Authors:
Huijun Xiong

Virginia Tech, Blacksburg, VA, USA

Virginia Tech, Blacksburg, VA, USA
View Profile

,
Xinwen Zhang

Huawei Technologies, Santa Clara, CA, USA

Huawei Technologies, Santa Clara, CA, USA
View Profile

,
Danfeng Yao

Virginia Tech, Blacksburg, VA, USA

Virginia Tech, Blacksburg, VA, USA
View Profile

,
Xiaoxin Wu

Huawei Technologies, Beijing, China

Huawei Technologies, Beijing, China
View Profile

,
Yonggang Wen

Nanyang Technological University, Singapore, Singapore

Nanyang Technological University, Singapore, Singapore
View Profile

CODASPY '12: Proceedings of the second ACM conference on Data and Application Security and PrivacyFebruary 2012Pages 257–266https://doi.org/10.1145/2133601.2133633

Published:07 February 2012Publication History

CODASPY '12: Proceedings of the second ACM conference on Data and Application Security and Privacy

Pages 257–266

ABSTRACT

Recent years have witnessed the trend of leveraging cloud-based services for large scale content storage, processing, and distribution. Security and privacy are among top concerns for the public cloud environments. Towards end-to-end content security, we propose and implement CloudSeal, a scheme for securely sharing and distributing content via the public cloud. CloudSeal ensures the confidentiality of content in the public cloud environments with flexible access control policies for subscribers and efficient content distribution via content delivery network.

CloudSeal seamlessly integrates symmetric encryption, proxy-based re-encryption, k-out-of-n secret sharing, and broadcast revocation mechanisms. These algorithms allow CloudSeal to cache the major part of a stored cipher content object in the delivery network for content distribution, while keeping the minor part in the cloud storage for key management. The separation of subscription-based key management and confidentiality-oriented proxy-based re-encryption policies uniquely enables flexible and scalable deployment of the solution as well as strong security for cached content in the network. We have implemented CloudSeal on Amazon Web Services, including EC2, S3, and CloudFront. Through experimental evaluation, we demonstrate the end-to-end efficiency and scalability of CloudSeal.

References

Amazon Web Services. http://aws.amazon.com.Google Scholar
boto: Python interface to amazon web services. http://code.google.com/p/boto/ .Google Scholar
Netflix on Amazon's Cloud. http://www.techflash.com/seattle/2010/05/netflix_on_amazon_cloud.html.Google Scholar
OpenSSL Cryptography and SSL/TLS Tookit, http://www.openssl.org/.Google Scholar
Pairing-based cryptography (pbc) library.http://crypto.stanford.edu/pbc/Google Scholar
Cloud Computing, an IDC update, 2010.Google Scholar
AWS Customer Agreement http://aws.amazon.com/agreement/, 2011.Google Scholar
G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage. ACM Trans. Inf. Syst. Secur., 9:1--30, February 2006. Google ScholarDigital Library
E. Bertino, F. Paci, R. Ferrini, and N. Shang. Privacy-preserving Digital Identity Management for Cloud Computing. IEEE Data Eng. Bull., 2009.Google Scholar
D. Boneh and M. K. Franklin. Identity-based Encryption from the Weil Pairing. In CRYPTO '01. Google ScholarDigital Library
D. Boneh, B. Lynn, and H. Shacham. Short Signatures from the Weil Pairing. In Proc. of ASIACRYPT '01. Google ScholarDigital Library
B. Briscoe. MARKS: Multicast Key Management using Arbitratily Revealed Key Sequences. In Proceedings of NGC'99. Google ScholarDigital Library
B. Briscoe. Nark: Receiver-based Multicast Non-repudiation and Key Management. In Proceedings of EC'99. Google ScholarDigital Library
R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas. Multicast Security: A Taxonomy and Some Efficient Constructions. In INFOCOM '99.Google Scholar
Y.-P. Chiu, C.-L. Lei, and C.-Y. Huang. Secure Multicast Using Proxy Encryption. In Information and Communications Security, Lecture Notes in Computer Science. 2005.Google ScholarCross Ref
R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, and J. Molina. Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control. In Proceedings of CCSW '09. Google ScholarDigital Library
V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based Encryption for Fine-grained Access Control of Encrypted Data. In Proc. of ACM CCS, 2006. Google ScholarDigital Library
Cisco Inc. Cisco Visual Networking Index: Forecast and Methodology, 2010--2015. White paper, Cisco., 2011.Google Scholar
M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus: Scalable Secure File Sharing on Untrusted Storage. In Proceedings of FAST, 2003. Google ScholarDigital Library
Y. Koglin, D. Yao, and E. Bertino. Secure Content Distribution by Parallel Processing from Cooperative Intermediaries. IEEE Transactions on Parallel and Distributed Systems, 2008.Google Scholar
D. Lin and A. Squicciarini. Data Protection Models for Service Provisioning in the Cloud. In Proceeding of ACM SACMAT '10. Google ScholarDigital Library
Lockheed Martin, LM Cyber Security Alliance. Awareness, Trust and Security to Shape Government Cloud Adoption. White paper, Cisco, 2010.Google Scholar
M. Nabeel, N. Shang, J. Zage, and E. Bertino. Mask: A System for Privacy-preserving Policy-based Access to Published Content. In Proceedings of SIGMOD '10. Google ScholarDigital Library
M. Naor and B. Pinkas. Efficient Trace and Revoke Schemes. In Proceedings of the 4th International Conference on Financial Cryptography, 2001. Google ScholarDigital Library
Pomelo, LLC Tech Memo. Analysis of Netflix's Security Framework for Watch Instantly Service, 2009.Google Scholar
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, You, Get Off of My cloud! Exploring Information Leakage in Third-Party Compute Clouds. In Proceedings of CCS, 2009. Google ScholarDigital Library
R. Sandhu, R. Boppana, R. Krishnan, J. Reich, T. Wolff, and J. Zachry. Towards A Discipline of Mission-aware Cloud Computing. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop, CCSW '10. Google ScholarDigital Library
Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, 2009. https://cloudsecurityalliance.org/csaguide.pdf.Google Scholar
A. Shamir. How to Share A Secret. Commun. ACM, 22, November 1979. Google ScholarDigital Library
P. Traynor, K. R. B. Butler, W. Enck, and P. McDaniel. Realizing Massive-Scale Conditional Access Systems Through Attribute-Based Cryptosystems. In NDSS, 2008.Google Scholar
W. Wang, Z. Li, R. Owens, and B. Bhargava. Secure and Efficient Access to Outsourced Data. In Proceedings of CCSW '09. Google ScholarDigital Library
C. K. Wong, M. Gouda, and S. S. Lam. Secure Group Communications Using Key Graphs. IEEE/ACM Trans. Netw., 8, February 2000. Google ScholarDigital Library
H. Xiong, X. Zhang, W. Zhu, and D. Yao. Cloudseal: End-to-End Content Protection in Cloud-based Storage and Delivery Services. In Proceedings of Securecomm, 2011.Google Scholar
D. Yao, Y. Koglin, E. Bertino, and R. Tamassia. Decentralized Authorization and Data Security in Web Content Delivery. In Proc ACM Symp. on Applied Computing (SAC), 2007. Google ScholarDigital Library
S. Yu, C. Wang, K. Ren, and W. Lou. Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing. In INFOCOM'10. Google ScholarDigital Library
S. Zarandioon, D. Yao, and V. Ganapathy. K2C: Cryptographic Cloud Storage With Lazy Revocation and Anonymous Access. In Proceedings of Securecomm, 2011.Google Scholar
L. Zhou, V. Varadharajan, and M. Hitchens. Enforcing role-based access control for secure data storage in the cloud. The Computer Journal, 2011. Google ScholarDigital Library
S. Zhu, C. Yao, D. Liu, S. Setia, and S. Jajodia. Efficient Security Mechanisms for Overlay Multicast based Content Delivery. Comput. Commun., 30:793--806, February 2007. Google ScholarDigital Library

Index Terms

Towards end-to-end secure content storage and delivery with public cloud
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Secure, efficient and revocable multi-authority access control system in cloud storage

A multi-authority attribute-based access control system for cloud storage is proposed.An adaptively secure multi-authority CP-ABE (MA-CP-ABE) scheme in the standard model.A decryption outsourcing method for the proposed MA-CP-ABE scheme.An attribute-...
Read More
An IND-CCA2 secure post-quantum encryption scheme and a secure cloud storage use case
Abstract
Code-based public key encryption (PKE) is a popular choice to achieve post-quantum security, partly due to its capability to achieve fast encryption/decryption. However, code-based PKE has larger ciphertext and public key sizes in comparison to ...
Read More
Secure public data auditing scheme for cloud storage in smart city

In the smart city construction, massive data collected from various fields need to be outsourced to the cloud for convenience and resource saving. However, integrity and confidentiality of the data in cloud remains a challenge issue due to the loss of ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CODASPY '12: Proceedings of the second ACM conference on Data and Application Security and Privacy
February 2012
338 pages
ISBN:9781450310918
DOI:10.1145/2133601
General Chair:
Elisa Bertino
Purdue University, USA
,
Program Chair:
Ravi Sandhu
University of Texas at San Antonio, USA
Copyright © 2012 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 7 February 2012
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
cloud computing
cloud storage
confidentiality
content distribution
proxy-based re-encryption
security
Qualifiers
- short-paper
Conference

Acceptance Rates
CODASPY '12 Paper Acceptance Rate21of113submissions,19%Overall Acceptance Rate149of789submissions,19%
More
Upcoming Conference
CODASPY '24

Sponsor:

sigsac

Fourteenth ACM Conference on Data and Application Security and Privacy

June 19 - 21, 2024

Porto , Portugal
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 34
  Total Citations
  View Citations
- 995
  Total Downloads
- Downloads (Last 12 months)30
- Downloads (Last 6 weeks)4
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Towards end-to-end secure content storage and delivery with public cloud

CODASPY '12: Proceedings of the second ACM conference on Data and Application Security and Privacy

ABSTRACT

References

Cited By

Index Terms

Recommendations

Secure, efficient and revocable multi-authority access control system in cloud storage

An IND-CCA2 secure post-quantum encryption scheme and a secure cloud storage use case

Secure public data auditing scheme for cloud storage in smart city