KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Reliable Secure Storage Cloud and Data Migration Based on Erasure Code

  • Mugisha, Emmy (School of Computer Science and Engineering, Nanjing University of Science and Technology) ;
  • Zhang, Gongxuan (School of Computer Science and Engineering, Nanjing University of Science and Technology)
  • Received : 2017.05.04
  • Accepted : 2017.09.15
  • Published : 2018.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

Storage cloud scheme, pushing data to the storage cloud poses much attention regarding data confidentiality. With encryption concept, data accessibility is limited because of encrypted data. To secure storage system with high access power is complicated due to dispersed storage environment. In this paper, we propose a hardware-based security scheme such that a secure dispersed storage system using erasure code is articulated. We designed a hardware-based security scheme with data encoding operations and migration capabilities. Using TPM (Trusted Platform Module), the data integrity and security is evaluated and achieved.

Keywords

References

  1. J. Kubiatowicz, D. Bindel, Y. Chen, P. Eaton, D. Geels, R. Gummadi, S. Rhea, H. Weatherspoon, ,C. Wells, B. Zhao and et al, "Oceanstore: An Architecture for Global-Scale Persistent Storage," in Proc. of Ninth Int'l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 190-201, 2000.
  2. P. Druschel and A. Rowstron, "PAST: A Large-Scale, Persistent Peer-to-Peer Storage Utility," in Proc. Eighth Workshop Hot Topics in Operating System (HotOS VIII), pp. 75-80, 2001.
  3. A. Adya, W.J. Bolosky, M. Castro, G. Cermak, R. Chaiken, J.R. Douceur, J. Howell, J.R. Lorch, M. Theimer and R. Wattenhofer, "Farsite: Federated, Available, and Reliable Storage for an Incompletely Trusted Environment," in Proc. of Fifth Symp. Operating System Design and Implementation (OSDI), pp. 1-14, 2002.
  4. A. Haeberlen, A. Mislove and P. Druschel, "Glacier: Highly Durable, Decentralized Storage Despite Massive Correlated Failures," in Proc. Second Symp. Networked Systems Design and Implementation (NSDI), pp. 143-158, 2005.
  5. Z. Wilcox-O'Hearn and B. Warner, "Tahoe: The Least-Authority Filesystem," in Proc. of Fourth ACM Int'l Workshop Storage Security and Survivability (StorageSS), pp. 21-26, 2008.
  6. International Organization for Standardization, "ISO/IEC 11889-1:2009," ISO.org, 2013.
  7. Trusted Computing Group, "Trusted Platform Module (TPM) Specifications," Trusted Computing Group.
  8. Trusted Computing Group, "Trusted Platform Module Library," Trusted Computing Group.
  9. A. Suciu and T. Carean, "Benchmarking the True Random Number Generator of TPM Chips," arXiv:1008.2223, Aug, 2010.
  10. Trusted Computing Group, "TPM Main Specification Level 2 (PDF), Part 1 - Design Principles (Version 1.2, Revision 116 ed.)," Trusted Computing Group, 2012.
  11. Trusted Computing Group, "tspi_data_bind(3) - Encrypts data blob," Trusted Computing Group, 2009.
  12. Trusted Computing Group, "TPM Main Specification Level 2 (PDF), Part 3 - Commands (Version 1.2, Revision 116 ed.)," Trusted Computing Group, 2011.
  13. Trusted Computing Group, "TPM - Trusted Platform Module," IBM, 2016.
  14. US Department of Defense, "Instruction 8500.01 (PDF)," US Department of Defense, pp.43, 2014.
  15. LUKS, "LUKS Support for storing keys in TPM NVRAM," 2013.
  16. RIZZO, L. "Effective erasure codes for reliable computer communication protocols," ACM SIGCOMM Computer Communication Review, vol. 27, No. 2, pp. 24-36, 1997. https://doi.org/10.1145/263876.263881
  17. Reed. I. S., and Solomon, G, "Polynomial codes over certain finite fields," Journal of the Society for Industrial and Applied Mathematics, vol. 8, No. 2, pp. 300-304, 1960. https://doi.org/10.1137/0108018
  18. H. Abu-Libdeh et al. "Racs", Proceedings of the 1st ACM symposium on Cloud computing - SoCC '10, p. 229-240, 2010.
  19. D.R. Brownbridge, L.F. Marshall and B. Randell, "The Newcastle Connection or Unixes of the World Unite," Software Practice and Experience, vol. 12, no. 12, pp. 1147-1162, 1982. https://doi.org/10.1002/spe.4380121206
  20. R. Sandberg, D. Goldberg, S. Kleiman, D. Walsh and B. Lyon, "Design and Implementation of the Sun Network Filesystem," in Proc. USENIX Assoc. Conf, 1985.
  21. M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang and K. Fu, "Plutus: Scalable Secure File Sharing on Untrusted Storage," in Proc. of Second USENIX Conf. File and Storage Technologies (FAST), pp. 29- 42, 2003.
  22. S. Rhea, P. Eaton, D. Geels, H. Weatherspoon, B. Zhao and J. Kubiatowicz, "Pond: The Oceanstore Prototype," in Proc. of Second USENIX Conf. File and Storage Technologies (FAST), pp. 1-14, 2003.
  23. R. Bhagwan, K. Tati, Y.-C. Cheng, S. Savage and G.M. Voelker, "Total Recall: System Support for Automated Availability Management," in Proc. First Symp. Networked Systems Design and Implementation (NSDI), pp. 337-350, 2004.
  24. A.G. Dimakis, V. Prabhakaran and K. Ramchandran, "Ubiquitous Access to Distributed Data in Large-Scale Sensor Networks through Decentralized Erasure Codes," in Proc. Fourth Int'l Symp. Information Processing in Sensor Networks (IPSN), pp. 111- 117, 2005.
  25. A.G. Dimakis, V. Prabhakaran and K. Ramchandran, "Decentralized Erasure Codes for Distributed Networked Storage," IEEE Trans. Information Theory, vol. 52, no. 6, pp. 2809-2816, June 2006. https://doi.org/10.1109/TIT.2006.874535
  26. H. Y. Lin and W. G. Tzeng, "A Secure Decentralized Erasure Code for Distributed Network Storage," IEEE Trans. Parallel and Distributed Systems, vol. 21, no. 11, pp. 1586-1594, Nov. 2010. https://doi.org/10.1109/TPDS.2010.27
  27. A. Mehmood, H. Song and J. Lloret, "Multi-Agent based Framework for Secure and Reliable Communication among Open Clouds," Network Protocols and Algorithms, Vol. 6, no. 4, pp. 60-76, 2014. https://doi.org/10.5296/npa.v6i4.6028
  28. E. Baccarelli, N. Cordeschi, A. Mei, M. Panella, M. Shojafar, and J. Stefa, "Energy-Efficient Dynamic Traffic Offloading and Reconfiguration of Networked Data Centers for Big Data Stream Mobile Computing: Review, Challenges, and a Case Study," IEEE Network, vol. 30, no. 2, pp. 54-61, 2016. https://doi.org/10.1109/MNET.2016.7437025
  29. E. Baccarelli, P. G. V. Naranjo, M. Scarpiniti, M. Shojafar, and J. H. Abawajy, "Fog of Everything: Energy-Efficient Networked Computing Architectures, Research Challenges, and a Case Study," Access IEE, Vol.5, pp. 9882-9910, 2017. https://doi.org/10.1109/ACCESS.2017.2702013
  30. Y.C. Chen, Y. S. Lim, R. J. Gibbens, E. M. Nahum, R. Khalili, and D. Towsley, ''A measurement-based study of multipath TCP performance over wireless networks,'' in Proc. of Conf. Internet Meas. Conf, pp. 455-468, 2013.
  31. F. D. Costa and et al, "Rethinking Internet Things: A Scalable Approach to Connecting Everything," New York, NY, USA: Apress, 2013.
  32. G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson and D. Song, "Provable Data Possession at Untrusted Stores," in Proc. of 14th ACM Conf. Computer and Comm. Security (CCS), pp. 598-609, 2007.
  33. G. Ateniese, R.D. Pietro, L.V. Mancini and G. Tsudik, "Scalable and Efficient Provable Data Possession," in Proc. of Fourth Int'l Conf. Security and Privacy in Comm. Netowrks (SecureComm), pp. 1-10, 2008.
  34. H. Shacham and B. Waters, "Compact Proofs of Retrievability," in Proc. of 14th Int'l Conf. Theory and Application of Cryptology and Information Security (ASIACRYPT), pp. 90-107, 2008.
  35. G. Ateniese, S. Kamara and J. Katz, "Proofs of Storage from Homomorphic Identification Protocols," in Proc. of 15th Int'l Conf. Theory and Application of Cryptology and Information Security (ASIACRYPT), pp. 319-333, 2009.
  36. K.D. Bowers, A. Juels and A. Oprea, "HAIL: A High-Availability and Integrity Layer for Cloud Storage," in Proc. of 16th ACM Conf. Computer and Comm. Security (CCS), pp. 187-198, 2009.
  37. C. Wang, Q. Wang, K. Ren and W. Lou, "Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing," in Proc. of IEEE 29th Int'l Conf. Computer Comm. (INFOCOM), pp. 525-533, 2010.