2011 Fourth IEEE International Conference on Utility and Cloud Computing
A Secure Storage Service in the Hybrid Cloud Surya Nepal, Carsten Friedrich, Leakha Henry, Shiping Chen Information Engineering Lab CSIRO ICT Centre, Australia
[email protected]
Abstract— Cloud storage services are not secure by nature. There is an inherent risk of (a) data exposure (confidentiality), (b) data tampering (integrity) and (c) denial of access to data (availability). We provide a service-oriented solution for provisioning secure storage service in the hybrid cloud environment, called TrustStore. The system is suitable to facilitate individual as well as collaborative data storage and access. In this demonstration, we show how TrustStore can be used to store and retrieve files securely in the hybrid cloud environments.
Figure 1 TrustStore architecture
Keywords- cloud computing, storage service, secure storage
A. I.
Example Scenario Though TrustStore can be used in a variety of applications, we consider a simple scenario to describe the working of it. The user has purchased storage space on a number of commercial cloud storage services such as Amazon S3 or RackSpace. The user would like to use these services to securely store sensitive data from his/her desktop computer. The user does not want to rely solely on one provider and also does not fully trust the security of any of the providers. In order to do so, the user starts the TrustStore client and creates a new Storage Space by defining which storage, key management, and integrity services should be used and providing credentials to access these services. The profile is password encrypted and stored on the client for later access to the storage space or to share for collaboration. The user then uses drag&drop to copy files from the local machine to the TrustStore client. The files are fragmented, encrypted, and hashed/signed. The encrypted fragments are uploaded to the storage providers, the keys are stored at the Key Management Service (KMS) and the signed digests are stored at the Integrity Management Service (IMS). When the user wants to access the stored files later, he/she starts the TrustStore client and loads the previously created profile, entering the password that was used to encrypt the profile. The TrustStore client presents the directory tree of the stored files similar to a file browser. Upon double-clicking on a file (or through the context menu) the user can retrieve and open it from the TrustStore. The fragments are downloaded from the closest Storage Provider. The integrity is verified using the signatures from the IMS and the fragments are decrypted using the keys from the KMS. Should an error occur during any of those steps, a different storage provider is tried. The fragments are joined together and the retrieved file is made available to the user.
INTRODUCTION
Commercial storage clouds such as Amazon S3 and RackSpace demonstrate the feasibility of storage services as a new computing paradigm by offering (almost) unlimited storage at very low prices yet with high availability. Given its innovative nature (more specifically third party ownership) compared to the standard model of service provision, cloud computing raises new questions in terms of security. For potential clients of such services it is essential to be able to effectively mitigate the new risks involved in utilizing such services. Our focus in this demonstration is to show a secure hybrid cloud storage service, TrustStore, which can ensure safety, confidentiality, and integrity of stored data in a way that is independent of the actual storage services. In terms of security, cloud users typically have no control over the cloud storage servers used. This means there is an inherent risk of data exposure to third parties on the cloud or by the cloud provider itself, also known as data confidentiality [1] . The data must be properly encrypted both in motion (when transmitted) and at rest (when stored). There is an additional risk to data tampering by a third party on the cloud or by the cloud provider itself, also known as data integrity [2]. The integrity of the data must be maintained both in motion and rest. There is also a risk of denial of access to data by third parties on the cloud or by the cloud provider itself, also known as data availability [3]. II.
TRUSTSTORE SYSTEM
The architecture of the TrustStore system is shown in Figure 1. We describe an application scenario and each of the components briefly below.
978-0-7695-4592-9/11 $26.00 © 2011 IEEE DOI 10.1109/UCC.2011.55
334
5) Encryption/Decryption Each fragment is individually encrypted with its own randomly generated key. The encrypted fragments are uploaded to the storage providers and the keys are stored with the KMS. During download, the fragments are downloaded from the closest storage provider and decrypted with the corresponding keys which are retrieved from the KMS. 6) Integrity Management The Integrity Management module computes cryptographic hashes of the fragments, combines the hash with meta data about the fragment and signs and counter-signs that information with the IMS. The signed digest is stored with the IMS. During download the Integrity Management module verifies the signature and digests for every fragment. 7) Services The TrustStore client uses 3 different types of services: A KMS, an IMS, and one or more Cloud Storage services. In order to maximize security, these services should be hosted and managed by independent providers. The Key Management service and the Integrity Management service should be hosted locally or by a highly trusted provider. The storage providers do not need to be trusted. Storage Service(s):These services are used to stores the data after it has been fragmented and encrypted.
Figure 2 TrustStore client user interface B.
TurstStore Architecture
1) Cryptographic library The cryptographic library provides functionality to encrypt and decrypt file fragments, encrypt the storage profile, create and verify digital signatures of file fragments, and generate message digests and keys. It supports the plug-in of cryptographic algorithms including key and hashing algorithms. 2) Storage Profile Each storage profile defines an independent storage space. Storage spaces can be shared for collaboration by sharing the storage profile. The storage profile is stored as a password encrypted file on the client. It contains information about which services are to be used for the storage space (Service Profile) as well as the user credentials to access these services (User Profile). a) User Profile The user profile contains the storage space private and public key, the storage space name, and the user credentials for the cloud storage providers, KMS, and IMS. b) Service Profile The service profile contains the addresses of the KMS, IMS and the storage services. 3) User Interface The demonstrator is a rich client Java WebStart application. Figure 2 shows a screen-shot of TrustStore. Its appearance is very similar to a normal split-view file explorer in modern operating systems. Users can use it by simple standard operations such as drag & drop. A user drags a file or directory to be stored in the cloud and drops at the windows. It supports other operations such as login, upload, download, cache, delete, logoff, etc. 4) Fragment/Merge When a user uploads a file, the file along with its meta-data is first fragmented into a number of pieces. A fragmentation map is then created. The fragmented data along with fragmentation map is sent to the encryption/decryption module. During download, the individual fragments are merged back together using fragmentation map to generate the complete file [1].
Key Management Service:This service is used to store the keys which are used to en/decrypt the fragments. Integrity Management Service:This service is used to store the signed digest for the encrypted fragments. The Storage Service interface facilitates the communication between the Trust Store client application and cloud storage providers by standardizing interactions with storage providers including Amazon’s S3 and RackSpace’s Openstack. Some of the operations supported by the API include uploading, downloading, listing and deleting of files. III.
CONCLUSIONS
The TrustStore system allows users to securely store and collaboratively share sensitive data in untrusted, public cloud storage environments. It does so by fragmenting, encrypting, and signing the data before uploading it to storage. This allows the system to store large data volumes cheaply with public storage providers and only requires trusted storage for very small data volumes to store keys and signatures. It is feasible to implement the trusted key and signature storage through services hosted in a trusted environment or on private clouds. REFERENCES [1]
[2] [3]
335
J. Yao, S. Chen, S. Nepal, D. Levy, and J. Zic. “TrustStore: Making Amazon S3 Trustworthy with Services Composition”. Proceedings of the CCGRID 2010, pp. 600-605. S. Nepal, S. Chen, J. Yao and D. Thilaknathan. “DIaaS: Data Integrity as a Service in the cloud”, Proceeding of IEEE Cloud, 2011. L.M. Kaufman. “Data Security in the World of Cloud Computing”. IEEE Security and Privacy vol. 7, no. 4, July 2009, pp.61-64
