Toward Secure and Dependable Storage Services in Cloud ComputingSource:IEEE Transactions on Services Computing, Vol. 5, No. 2, pp. 220-232, April-June 2012Author: Cong Wang, Qian Wang, Kui Ren, Ning Cao and Wenjing LouSpeaker:Ting-Fang ChengDate: 2012/07/12

*IntroductionWithout the burden of local hardware managementCorrectness and availability of data in clouds?Internal attacksExternal attacks

Single serverUseful for QoS testingData availability?Multiple serversDistributed Dynamic data?

*Architecture Not possess their data locallyStore/access dataPerform update/delete/insert/append operationsData auditingAuditing delegationPublic auditing

*Preliminary (m, k) Reed-Solomon coding in GF(2p)Using m data vectors to create k redundancy parity vectorsReconstructing original m data vectors from any n = m+k data and parity vectors(mn) Vandermonde matrixAny m out of n columns form an invertible matrix

*Notations F: the data file to be stored, where F = (F1, F2, , Fm), Fa = (f1a, f2a, , fla)T for a = [1, m], and fbas in GF(2p)A: the dispersal matrix derived from an m(m+k) Vandermonde matrix and used for (m, k) Reed-Solomon codingG: the encoded file matrix, where G = F.Afkey(.): a pseudorandom function (PRF), where f: {0,1}* key GF(2p)key(.): a pseudorandom permutation, where : key ver: a version number for individual blocks (initially is 0)sij: the seed for PRF which depends on the file name, block index i, the server position j, and the block version ver (optional)

*NoProposed scheme 1 flowchartStore/access dataPerform update/delete/insert/append operationsData auditingFile distributionChallenge token precomputationCorrectness verificationError localizationFile retrievalError recoveryGFKPRPkchalvi(j)snChallenge parametersRi(j)sYesF

*Proposed scheme 1 file distributionPick an m(m+k) Vandermonde matrix V, where xcs are randomly picked from GF(2p)

Make a sequence of elementary row transformations on V for deriving the dispersal matrix ASecret parity generation matrix

*Proposed scheme 1 file distributionEncode F to derive the encoded file G, where G(j) = (g1(j), g2(j), , gl(j))T for j = [1, n]

Blind parity blocks gi(j)s in by computingfor i = [1, l], where kj is the secret key for G(j)

Disperse all n encoded vectors G(j)s across n cloud servers

*Proposed scheme 1 challenge token precomputationSuppose a user wants to challenge the cloud server t timesChoose the number t of tokensChoose the number r of indices per verificationGenerate master key KPRP = (i = [1, t]) and challenge key kchalFor j = [1, n] dofor round i = [1, t] doa. derive b. compute Store all the vi(j)s locally

*Proposed scheme 1 correctness verificationFor the ith chanllenge-response across over the n serversnChallenge parameters Compute Unblind (for j = [m+1, n]) Verify

*Proposed scheme 1 error localizationFor the ith chanllenge-response across over the n serversIf the verification failFor j = [1, n] doif (Ri(j) != vi(j)) thenreturn server j is misbehaving

*Proposed scheme 1 file retrievalnIf the first m servers are behavingRetrieve F directly from the first m servers

If the data corruption is detected and the number of identified misbehaving servers is less than kRetrieve F using erasure decoding

*Proposed scheme 1 error recoverynMake error recoverya. Download r rows of blocks from behaving serversb. Regenerate the correct blocks by erasure correctionc. Redistribute the newly recovered blocks to corresponding misbehaving servers

*NoProposed scheme 2 flowchartStore/access dataPerform update/delete/insert/append operationsData auditingFile distributionChallenge token precomputationCorrectness verificationError localizationFile retrievalError recoveryGFKPRPkchalvi(j)snChallenge parametersRi(j)sYesF

*Proposed scheme 2 file distributionEncode F to derive the encoded file G, where G(j) = (g1(j), g2(j), , gl(j))T for j = [1, n]

Blind data blocks gi(j)s in by computingfor i = [1, l], where kj is the secret key for G(j)

Generate new k parity vectors via PDisperse all n encoded vectors G(j)s across n cloud servers

*Dynamic data operationUpdate Modify current fba to a new one, (fba+fba)Delete Modify current fba to a new one, (fba+(-fba))Append Concatenate corresponding rows at the bottom of the matrix

*Analyses detection probability against data modificationp = 16, nc = 10, k = 5; nc is the number of misbehaving serversz is the number of rows modified by the adversary

*Performance analyses (1/2)Performance comparison between two different parameter settings for 1GB file distribution preparation.(m, k) Reed-Solomon coding

*Performance analyses (2/2)Storage and computation cost of token precomputation for 1GB data file under different system settings

*Conclusions

Storage correctnessFast localization of data errorDynamic data supportDependabilityLightweight

*