Lecture01: Introduction to Security and Privacy in Cloud Computing
600.412.Lecture08
1. Security and Privacy in Cloud Computing Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010 Lecture 8 04/05/2010
2. The Data Outsourcing Problem Clients store data on untrusted remote servers Clients need guarantees about their data integrity Clients may not have computational resources or time to verify integrity 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 2
3. Different approaches PDP Proof of data possession PoR Proof of data possession + retrievability 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 3
4. Limitations of PDF/PoR models Lack of dynamic update Using the index of blocks in tag generation 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 4
5. This paper Goals Public verification Dynamic modification support Blockless verification Stateless verification 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 5 Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing Wang et al., ESORICS 2009
6. Model Clients: Store data on cloud; don’t have resources to audit Cloud service provider: Untrusted data store Third Party auditor: Can audit data without any knowledge of data 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 6
7. Discussion Looking at the big picture: Is third party auditability / pubic auditability a practical idea? Should cloud data be publicly verifiable? Can we use a delegation scheme for non-public but third party verification? 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 7
8. Key idea Client and cloud provider use a Merkle Hash Tree for the file blocks, the root is signed by client A challenge is given to the cloud provider To compute a response, cloud provider needs to have the original blocks 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 8
9. Merkle hash tree Client signs only top hash To prove the server holds a data block 000, server needs to provide Hash 0-1, Hash 1, and hash of datablock 000 to client. 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 9
10. Client/provider interaction Setup: Client precomputes the homomorphic tags for file F KeyGen: Client prepares the keypairs SigGen: Client prepares signatures for each block, Then creates a Merkle hash tree Finally signs root hash 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 10
11. Auditor/ Cloud Provider interaction 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 11
12. Dynamic updates Modification/insertion/deletions supported by update of the Merkle tree Idea: Client sends update to server, server returns sibling hashes of the updated node, also new root hash 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 12
16. Discussion Threat model Is it realistic to trust the third party auditor? Efficiency How efficient/practical is this scheme? 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 16
17. Discussion Experiments Were the experiments well designed / comprehensive? Should they have used multiple file sizes What is missing from the experiments? 4/05/2010 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan 17
18. 4/05/2010 18 en.600.412 Spring 2010 Lecture 8 | JHU | Ragib Hasan Further Reading PoR paper from RSA Labs http://www.rsa.com/rsalabs/hail/POR.pdf