Proofs of data residency: Checking whether your cloud files have been relocated

Hung Dang, Erick Purwanto, Ee Chien Chang

Research output: Chapter in Book or Report/Conference proceedingConference Proceedingpeer-review

11 Citations (Scopus)

Abstract

While cloud storage services offer manifold benefits such as cost-effectiveness or elasticity, there also exist various security and privacy concerns. Among such concerns, we pay our primary attention to data residency { a notion that requires outsourced data to be retrievable in its entirety from local drives of a storage server in-question. We formulate such notion under a security model called Proofs of Data Residency (PoDR). PoDR can be employed to check whether the data are replicated across different storage servers, or combined with storage server geolocation to \locate" the data in the cloud. We make key observations that the data residency checking protocol should exclude all server-side computation and that each challenge should ask for no more than a single atomic fetching operation. We illustrate challenges and subtleties in protocol design by showing potential attacks to naive constructions. Next, we present a secure PoDR scheme structured as a timed challenge-response protocol. Two implementation variants of the proposed solution, namely N-ResCheck and E-ResCheck, describe an interesting use-case of trusted computing, in particular the use of Intel SGX, in cryptographic timed challenge-response protocols whereby having the verifier co-locating with the prover offers security enhancement. Finally, we conduct extensive experiments to exhibit potential attacks to insecure constructions and validate the performance as well as the security of our solution.

Original languageEnglish
Title of host publicationASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages408-422
Number of pages15
ISBN (Electronic)9781450349444
DOIs
Publication statusPublished - 2 Apr 2017
Externally publishedYes
Event2017 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2017 - Abu Dhabi, United Arab Emirates
Duration: 2 Apr 20176 Apr 2017

Publication series

NameASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security

Conference

Conference2017 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2017
Country/TerritoryUnited Arab Emirates
CityAbu Dhabi
Period2/04/176/04/17

Cite this