Abstract
Recent years have seen the trend to leverage cloud-based services for large scale content storage, processing, and distribution. Security and privacy are among top concerns for public cloud environments. Towards the end-to-end content confidentiality protection, we propose CloudSeal, a scheme for securely sharing and distributing data via cloud-based data storage and content delivery services (e.g., Amazon S3 and CloudFront). CloudSeal ensures the confidentiality of content stored in public cloud storage services, by encrypting it before sharing at the cloud. To achieve flexible access control policies, CloudSeal further adopts k-out-of-n secret sharing and broadcast revocation mechanisms to renew shared secrets, e.g., when a user joins or leaves a content sharing group. Most importantly, CloudSeal leverages proxy re-encryption algorithm to transfer part of stored cipher content in the cloud, which can be decrypted by a valid user with updated secret keys. We achieve this property without modifying most of the encrypted content. This feature is critical for the efficiency of content distribution.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Cloud Computing, an IDC update (2010), http://www.slideshare.net/JorFigOr/cloud-computing-2010-an-idc-update
Koglin, Y., Yao, D., Bertino, E.: Secure Content Distribution by Parallel Processing from Cooperative Intermediaries. IEEE Transactions on Parallel and Distributed Systems 19(5), 615–626 (2008)
Yao, D., Koglin, Y., Bertino, E., Tamassia, R.: Decentralized Authorization and Data Security in Web Content Delivery. In: Proc. ACM Symp. on Applied Computing (SAC), pp. 1654–1661 (2007)
Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast Security: A Taxonomy and Some Efficient Constructions. In: Proceedings of INFOCOM (March 1999)
AWS Customer Agreement (2011), http://aws.amazon.com/agreement/
Xiong, H., Zhang, X., Zhu, W., Yao, D.: CloudSeal: End-to-End Content Protection in Cloud-based Storage and Delivery Services. Technical report, Huawei Research (2011)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, Get Off of My cloud! Exploring Information Leakage in Third-Party Compute Clouds. In: Proceedings of ACM Conference on Computer and Communications Security (2009)
Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage. ACM Trans. Inf. Syst. Secur. 9, 1–30 (2006)
Naor, M., Pinkas, B.: Efficient Trace and Revoke Schemes. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 1–20. Springer, Heidelberg (2001)
Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)
Shamir, A.: How to Share A Secret. Commun. ACM 22 (November 1979)
Li, M., Yu, S., Cao, N., Lou, W.: Authorized Private Keyword Search over Encrypted Personal Health Records in Cloud Computing. In: Proceedings of The 31st Int’l Conference on Distributed Computing Systems, ICDCS 2011 (2011)
Wang, C., Wang, Q., Ren, K., Lou, W.: Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing. In: Proceedings of INFOCOM (2010)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing. In: Proceedings of INFOCOM (2010)
Zarandioon, S., Yao, D., Ganapathy, V.: K2C: Cryptographic Cloud Storage With Lazy Revocation and Anonymous Access. In: Rajarajan, M., et al. (eds.) SecureComm 2011. LNICST, vol. 96, pp. 59–76. Springer, Heidelberg (2012)
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable Secure File Sharing on Untrusted Storage. In: Proceedings of FAST, Berkeley, CA, USA (2003)
Wong, C.K., Gouda, M., Lam, S.S.: Secure Group Communications Using Key Graphs. IEEE/ACM Trans. Netw. (2000)
Briscoe, B.: MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences. In: Rizzo, L., Fdida, S. (eds.) NGC 1999. LNCS, vol. 1736, pp. 301–320. Springer, Heidelberg (1999)
Briscoe, B.: Nark: Receiver-based Multicast Non-repudiation and Key Management. In: Proceedings of ACM Conference on Electronic Commerce, EC 1999 (1999)
Traynor, P., Butler, K.R.B., Enck, W., McDaniel, P.: Realizing Massive-Scale Conditional Access Systems Through Attribute-Based Cryptosystems. In: NDSS (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Xiong, H., Zhang, X., Zhu, W., Yao, D. (2012). CloudSeal: End-to-End Content Protection in Cloud-Based Storage and Delivery Services. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds) Security and Privacy in Communication Networks. SecureComm 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 96. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31909-9_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-31909-9_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31908-2
Online ISBN: 978-3-642-31909-9
eBook Packages: Computer ScienceComputer Science (R0)