Database Laboratory Regular Seminar 2013-07-22 TaeHoon Kim

Database LaboratoryRegular Seminar

2013-07-22TaeHoon Kim

New Approaches to Security and Availability for Cloud Data

Ari Juels, Alina OpreaCommunications of ACM Feb. 2013

Article

Contents

1. Introduction2. Solution Overview3. Iris

- Iris Authenticated file system - Iris Structure

4. Auditing Framework

5. Conclusion

/15

1. Introduction Cloud Computing Service Model offers users(called tenants)

on-demand network access A large shared pool of computing resources(cloud)

Many of company adopted private cloud IBM, HP, VMware, EMC2

Public cloud are not adopted Security and operational risk

Including hardware failure, software bugs, power outages, server misconfiguration, malware, and inside threats

Lack of availability and reliability Striking loss of personal customer data

3• http://blog.naver.com/PostView.nhn?blogId=lugenzhe&logNo=90100646811&redirect=Dlog&widgetTypeCall=true

/15

1. Introduction Potentially malicious tenants

Ristenpart et al,[18], such an attacker an exploit side channels in shared hardware to exfiltrate sensitive data

Our research addresses The challenge of migrating enterprise data into the public

cloud Devised Cryptographic protocol

Propose auditing framework to verify properties of the internal operation of the cloud and assure enterprise

4

/15

2. Solution Overview Our vision of more-trustworthy cloud-computing model

Manages cryptographic keys Maintains trusted storage for integrity Freshness enforcement Redundancy to data for enhanced availability

5

/15

3. Iris Authenticated file sys-tem An authenticated file system

Allows migration of existing internal enterprise systems into cloud

Offer strong integrity and freshness guarantees

Minimizes the effects of network latency on file-system op-erations

Is designed to use any existing back-end cloud storage sys-tem transparently without modification

6

/15

3. Iris Structure(2 layers) The gateway-side

Caches data and meta-data blocks from the file system recently accessed by enter-prise users.

Computes integrity checks Namely MACs on data block

MACs Fixed-size file segments of

typical size 4KB Enables random access Verification of individual file-

block integrity

7

/15

3. Iris Structure(2 layers) Merkle-tree-based structure

Internal nodes of the tree contain hashes of their chil-dren

Tenant can efficiently verify the integrity and freshness data MAC and freshness of the block-version number

Support for existing file-sys-tem operations

Support for concurrent oper-ations

8• http://en.wikipedia.org/wiki/Merkle_tree#How_hash_trees_work

/15

4. Auditing Framework When Alice(client) stores data with Bob, she wants to know

that Bob(service provider) has not let her data succumb to bit rot, storage-device failure, corruption by buggy software, … etc

Using strong cryptographic approach to assurance : PoR(Proofs of Retrievability)

Bob proves to Alice that a given piece of Data D stored in the cloud is not damaged and retrievable

Cryptographically verify the correctness of all cloud-stored data

9

/15

4. Auditing Framework Notation

D is some piece of data D* is constructed by append-

ing what are called “parity blocks”

ri denote the ith data block(fixed-size 4KB)

Using secret key k, Alice can compute MACs, secret-key digital signatures over data blocks r1, r2, r3 … rn

To verify the correctness of a block r1, Alice uses k and ci

Alice needs to store only the key k

10• http://en.wikipedia.org/wiki/Merkle_tree#How_hash_trees_work

/15

4. Auditing Framework PoR(Proofs of Retrievability)

efficient only for checks on static data(such as archived data)

PDP(Proof of Data Possession) Enables public verification of data integrity

Dynamic PoR Conceals individual parity-block updates from Bob, as well as

the code structure

PoS(Proofs of Storage) Detecting data loss

E.g)drive crash, a large data center is likely to experience thou-sands of drive failures each year[19]

11

/15

4. Auditing Framework Auditing of drive-failure Solution : RAFT(Remote Assessment

of Fault Tolerance Makes use of bounds on the seek time of a rotational drive

RAFT operates specifically on data stored in rotational drives, exploiting their performance limitations as a bound-ing parameter

12

/15

4. Auditing Framework If the cloud provider fails to respond correctly to an audit

due to data loss? HAIL(High availability and integrity layer) is the solution Works by promptly detecting and recovering from data corrup-

tion(is similar to RAID)

HAIL An extension of RAID into the cloud distributing data across multiple cloud providers to achieve

continuous availability

13• http://blog.naver.com/capemay?Redirect=Log&logNo=40192616466• http://jaesoo.com/study_board/23324

/15

4. Auditing Framework To provide recovery(resilience)cloud-provider failure, the

gateway splits the data into fixed-size blocks and encodes it with a new erasure code ; dispersal code

Distributes her data with embedded redundancy a set of n cloud providers:S1 … Sn

14

/15

Conclusion Described new techniques

a range of protections, integrity and freshness verification to high data availability

Proposed an auditing framework

These technique enable an extension from enterprise inter-nal data centers into public clouds

Our hope alleviate some of the concern over security in the cloud facilitate migration of enterprise resources into public clouds

15

/15

Q/A Thank you for listening my presentation

16