Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.

Published byMarybeth Summers Modified over 9 years ago

Similar presentations

Presentation on theme: "Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing."— Presentation transcript:

1 Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing

2 Securing Data Integrity 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan2 Goal: Learn about PoR based techniques for protecting data integrity in clouds Review Assignment #4 Kevin D. Bowers, Ari Juels, and Alina Oprea. HAIL: A high-availability and integrity layer for cloud storage. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09), 2009

3 PoR: Proof of Retrievability Definition: – A compact proof that the stored file is intact It can be retrieved Difference with PDP? – PDP proves the file is present in the server – PDP doesn’t prove the file is retrievable in entirety 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan3

4 Overview of PoR 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan4 Client Server Challenge c Response r File F Key Generator File Encoder Key k

5 HAIL: High Availability and Integrity Layer (RSA Labs) RAID for clouds!! Uses PoR and distributed file storage to ensure retrievability, integrity, and availability Allows recovering from malicious cloud providers 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan5

6 Why we need HAIL? PoR allows checking data retrievability, but if data is deleted by malicious provider, nothing can be done. Even single bit errors can render file useless Idea: – Use error-correcting codes to ignore small errors – Use PoR to detect larger errors – Use RAID like redundancy using multiple cloud providers (to ensure reconstruction) 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan6

7 Advantages of HAIL Strong file-intactness assurance Low overhead Strong adversarial model Direct client-server communication 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan7

8 RAID (Redundant Array of Inexpensive Disks) File block Parity block F F1F1 F 1  F 2  F 3 F3F3 F2F2 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan8

9 F F1F1 F 1  F 2  F 3 F3F3 F2F2 The Cloud isn’t necessarily so nice What if service providers lose data but… don’t tell you until file is lost? X XX Provider AProvider BProvider CProvider D 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan9

10 Mobile adversary A mobile adversary moves from device to device, corrupting as it goes—potentially silently Mobile adversary models, e.g., system failures / corruptions over time, virus propagation RAID isn’t designed for this kind of adversary – Designed for limited, readily detectable failures in devices you own—the benign case 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan10

11 Mobile adversary In cryptography, usual approach to mobile adversary is proactive 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan11

12 Mobile adversary In cryptography, usual approach to mobile adversary is proactive Another, cheaper possibility is reactive: We detect and remediate – Like whack-a-mole! PORs can provide detection here… 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan12

13 HAIL design principle TAR: Test and Redistribute – Divide time into epochs – At each epoch, test for any corruption/missing blocks – Rebuild corrupted blocks by getting data from other cloud providers, and distributing to damaged copy 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan13

14 Multiple providers: Naïve approach 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan14 Amazon S3 GoogleEMC Atmos Client F Sample and check consistency across providers FF F Naïve approach

15 Creeping attack 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan15 Amazon S3 GoogleEMC Atmos Client FFF The probability that client samples the corrupted block is low File can not be recovered after [n/b] epochs F F F

16 Local PoR checks are costly 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan16 Amazon S3 GoogleEMC Atmos Client F F FF ECC POR Cons: requires integrity checks for each replica

17 HAIL overview 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan17

18 Reconstruction in HAIL 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan18

19 19 Dispersal code Client F dispersal (n,m) P1P1 P2P2 P3P3 P4P4 P5P5 F Dispersal code parity blocks 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan

20 20 Dispersal code Client P1P1 P2P2 P3P3 P4P4 P5P5 Stripe Check that stripe is a codeword in dispersal code POR encoding to correct small corruption Dispersal code parity POR encoding F Dispersal code parity blocks How to increase file lifetime? 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan

21 21 Increasing file lifetime with MACs Client P1P1 P2P2 P3P3 P4P4 P5P5 MAC Can we reduce storage overhead? 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan

22 22 Integrity-protected dispersal code Client P1P1 P2P2 P3P3 P4P4 P5P5 Reed-Solomon dispersal code m h k 1 (m) UHF h k 2 (m) PRF + 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan

23 23 Integrity-protected dispersal code Client P1P1 P2P2 P3P3 P4P4 P5P5 MACs embedded into parity symbols m PRF+ 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan

24 Things to consider Practicality of the scheme (test and redistribute) Attacker model Other security issues 09/15/2011Fall 2011 Lecture 10 | UAB | Ragib Hasan24

Download ppt "Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing."

Similar presentations

1 Lecture 18: RAID n I/O bottleneck n JBOD and SLED n striping and mirroring n classic RAID levels: 1 – 5 n additional RAID levels: 6, 0+1, 10 n RAID usage.

1 Lecture 18: RAID n I/O bottleneck n JBOD and SLED n striping and mirroring n classic RAID levels: 1 – 5 n additional RAID levels: 6, 0+1, 10 n RAID usage.
RAID (Redundant Arrays of Independent Disks). Disk organization technique that manages a large number of disks, providing a view of a single disk of High.

RAID (Redundant Arrays of Independent Disks). Disk organization technique that manages a large number of disks, providing a view of a single disk of High.
RAID Oh yes Whats RAID? Redundant Array (of) Independent Disks. A scheme involving multiple disks which replicates data across multiple drives. Methods.

RAID Oh yes Whats RAID? Redundant Array (of) Independent Disks. A scheme involving multiple disks which replicates data across multiple drives. Methods.
RAID Redundant Array of Independent Disks

RAID Redundant Array of Independent Disks
CSCE430/830 Computer Architecture

CSCE430/830 Computer Architecture
Henry C. H. Chen and Patrick P. C. Lee

Henry C. H. Chen and Patrick P. C. Lee
HAIL (High-Availability and Integrity Layer) for Cloud Storage

HAIL (High-Availability and Integrity Layer) for Cloud Storage
Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.

Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.
RAID- Redundant Array of Inexpensive Drives. Purpose Provide faster data access and larger storage Provide data redundancy.

RAID- Redundant Array of Inexpensive Drives. Purpose Provide faster data access and larger storage Provide data redundancy.
RAID Redundant Arrays of Inexpensive Disks –Using lots of disk drives improves: Performance Reliability –Alternative: Specialized, high-performance hardware.

RAID Redundant Arrays of Inexpensive Disks –Using lots of disk drives improves: Performance Reliability –Alternative: Specialized, high-performance hardware.
PORs: Proofs of Retrievability for Large Files

PORs: Proofs of Retrievability for Large Files
R.A.I.D. Copyright © 2005 by James Hug Redundant Array of Independent (or Inexpensive) Disks.

R.A.I.D. Copyright © 2005 by James Hug Redundant Array of Independent (or Inexpensive) Disks.
CSE 486/586 CSE 486/586 Distributed Systems Case Study: Facebook f4 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586 CSE 486/586 Distributed Systems Case Study: Facebook f4 Steve Ko Computer Sciences and Engineering University at Buffalo.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.
Sean Traber CS-147 Fall 2009.  7.9 RAID  7.9.1 RAID Level 0  7.9.2 RAID Level 1  7.9.3 RAID Level 2  7.9.4 RAID Level 3  7.9.5 RAID Level 4  7.9.6.

Sean Traber CS-147 Fall  7.9 RAID  RAID Level 0  RAID Level 1  RAID Level 2  RAID Level 3  RAID Level 4 
REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.

REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.
RAID Technology CS350 Computer Organization Section 2 Larkin Young Rob Deaderick Amos Painter Josh Ellis.

RAID Technology CS350 Computer Organization Section 2 Larkin Young Rob Deaderick Amos Painter Josh Ellis.
15-447 Computer ArchitectureFall 2007 © November 28, 2007 Karem A. Sakallah Lecture 24 Disk IO and RAID CS 15-447: Computer Architecture.

Computer ArchitectureFall 2007 © November 28, 2007 Karem A. Sakallah Lecture 24 Disk IO and RAID CS : Computer Architecture.
Other Disk Details. 2 Disk Formatting After manufacturing disk has no information –Is stack of platters coated with magnetizable metal oxide Before use,

Other Disk Details. 2 Disk Formatting After manufacturing disk has no information –Is stack of platters coated with magnetizable metal oxide Before use,
HAIL (High-Availability and Integrity Layer) for Cloud Storage Kevin Bowers and Alina Oprea RSA Laboratories Joint work with Ari Juels.

HAIL (High-Availability and Integrity Layer) for Cloud Storage Kevin Bowers and Alina Oprea RSA Laboratories Joint work with Ari Juels.

Similar presentations

Ads by Google