21-11-2012, 06:29 PM
A Secure Erasure Code-Based Cloud Storage
System with Secure Data Forwarding
A Secure Erasure Code-Based Cloud Storage.pdf (Size: 700.28 KB / Downloads: 68)
INTRODUCTION
AS high-speed networks and ubiquitous Internet access
become available in recent years, many services are
provided on the Internet such that users can use them from
anywhere at any time. For example, the email service is
probably the most popular one. Cloud computing is a
concept that treats the resources on the Internet as a unified
entity, a cloud. Users just use services without being
concerned about how computation is done and storage is
managed. In this paper, we focus on designing a cloud
storage system for robustness, confidentiality, and functionality.
A cloud storage system is considered as a largescale
distributed storage system that consists of many
independent storage servers.
Proxy Re-Encryption Schemes
Proxy re-encryption schemes are proposed by Mambo and
Okamoto [14] and Blaze et al. [15]. In a proxy re-encryption
scheme, a proxy server can transfer a ciphertext under a
public key PKA to a new one under another public key PKB
by using the re-encryption key RKA!B. The server does not
know the plaintext during transformation. Ateniese et al.
[16] proposed some proxy re-encryption schemes and
applied them to the sharing function of secure storage
systems. In their work, messages are first encrypted by the
owner and then stored in a storage server.
Threat Model
We consider data confidentiality for both data storage and
data forwarding. In this threat model, an attacker wants to
break data confidentiality of a target user. To do so, the
attacker colludes with all storage servers, nontarget users,
and up to ðt 1Þ key servers. The attacker analyzes stored
messages in storage servers, the secret keys of nontarget
users, and the shared keys stored in key servers. Note that
the storage servers store all re-encryption keys provided by
users. The attacker may try to generate a new re-encryption
key from stored re-encryption keys.
DISCUSSION AND CONCLUSION
In this paper, we consider a cloud storage system consists of
storage servers and key servers. We integrate a newly
LIN AND TZENG: A SECURE ERASURE CODE-BASED CLOUD STORAGE SYSTEM WITH SECURE DATA FORWARDING 1001
TABLE 1
The Computation Cost of Each Algorithm
in Our Secure Cloud Storage System
proposed threshold proxy re-encryption scheme and
erasure codes over exponents. The threshold proxy reencryption
scheme supports encoding, forwarding, and
partial decryption operations in a distributed way. To
decrypt a message of k blocks that are encrypted and
encoded to n codeword symbols, each key server only has
to partially decrypt two codeword symbols in our system.
By using the threshold proxy re-encryption scheme, we
present a secure cloud storage system that provides secure
data storage and secure data forwarding functionality in a
decentralized structure. Moreover, each storage server
independently performs encoding and re-encryption and
each key server independently performs partial decryption.
Our storage system and some newly proposed content
addressable file systems and storage system [27], [28], [29]
are highly compatible. Our storage servers act as storage
nodes in a content addressable storage system for storing
content addressable blocks. Our key servers act as access
nodes for providing a front-end layer such as a traditional
file system interface. Further study on detailed cooperation
is required.