The Experts below are selected from a list of 30573 Experts worldwide ranked by ideXlab platform
Ee-chien Chang - One of the best experts on this subject based on the ideXlab platform.
-
AsiaCCS - Proofs of Data Residency: Checking whether Your Cloud Files Have Been Relocated
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 2017Co-Authors: Hung Dang, Erick Purwanto, Ee-chien ChangAbstract:While cloud Storage services offer manifold benefits such as cost-effectiveness or elasticity, there also exist various security and privacy concerns. Among such concerns, we pay our primary attention to data residency -- a notion that requires outsourced data to be retrievable in its entirety from local drives of a Storage Server in-question. We formulate such notion under a security model called Proofs of Data Residency (PoDR). can be employed to check whether the data are replicated across different Storage Servers, or combined with Storage Server geolocation to "locate" the data in the cloud. We make key observations that the data residency checking protocol should exclude all Server-side computation and that each challenge should ask for no more than a single atomic fetching operation. We illustrate challenges and subtleties in protocol design by showing potential attacks to naive constructions. Next, we present a secure PoDR scheme structured as a timed challenge-response protocol. Two implementation variants of the proposed solution, namely NVeri and EVeri, describe an interesting use-case of trusted computing, in particular the use of Intel SGX, in cryptographic timed challenge-response protocols whereby having the verifier co-locating with the prover offers security enhancement. Finally, we conduct extensive experiments to exhibit potential attacks to insecure constructions and validate the performance as well as the security of our solution.
-
weak leakage resilient client side deduplication of encrypted data in cloud Storage
Computer and Communications Security, 2013Co-Authors: Ee-chien Chang, Jianying ZhouAbstract:Recently, Halevi et al. (CCS '11) proposed a cryptographic primitive called proofs of ownership (PoW) to enhance security of client-side deduplication in cloud Storage. In a proof of ownership scheme, any owner of the same file F can prove to the cloud Storage that he/she owns file F in a robust and efficient way, in the bounded leakage setting where a certain amount of efficiently-extractable information about file F is leaked. Following this work, we propose a secure client-side deduplication scheme, with the following advantages: our scheme protects data confidentiality (and some partial information) against both outside adversaries and honest-but-curious cloud Storage Server, while Halevi et al. trusts cloud Storage Server in data confidentiality; our scheme is proved secure w.r.t. any distribution with sufficient min-entropy, while Halevi et al. (the last and the most practical construction) is particular to a specific type of distribution (a generalization of "block-fixing" distribution) of input files. The cost of our improvements is that we adopt a weaker leakage setting: We allow a bounded amount one-time leakage of a target file before our scheme starts to execute, while Halevi et al. allows a bounded amount multi-time leakage of the target file before and after their scheme starts to execute. To the best of our knowledge, previous works on client-side deduplication prior Halevi et al. do not consider any leakage setting.
-
remote integrity check with dishonest Storage Server
European Symposium on Research in Computer Security, 2008Co-Authors: Ee-chien Chang, Jia XuAbstract:We are interested in this problem: a verifier, with a small and reliable Storage, wants to periodically check whether a remote Server is keeping a large file x . A dishonest Server, by adapting the challenges and responses, tries to discard partial information of x and yet evades detection. Besides the security requirements, there are considerations on communication, Storage size and computation time. Juels et al. [10] gave a security model for Proof of Retrievability($\mathcal{POR}$) system. The model imposes a requirement that the original x can be recovered from multiple challenges-responses. Such requirement is not necessary in our problem. Hence, we propose an alternative security model for Remote Integrity Check($\mathcal{RIC}$). We study a few schemes and analyze their efficiency and security. In particular, we prove the security of a proposed scheme HENC . This scheme can be deployed as a $\mathcal{POR}$ system and it also serves as an example of an effective $\mathcal{POR}$ system whose "extraction" is not verifiable. We also propose a combination of the RSA-based scheme by Filho et al. [7] and the ECC-based authenticator by Naor et al. [12], which achieves good asymptotic performance. This scheme is not a $\mathcal{POR}$ system and seems to be a secure $\mathcal{RIC}$. In-so-far, all schemes that have been proven secure can also be adopted as $\mathcal{POR}$ systems. This brings out the question of whether there are fundamental differences between the two models. To highlight the differences, we introduce a notion, trap-door compression, that captures a property on compressibility.
-
remote integrity check with dishonest Storage Server
European Symposium on Research in Computer Security, 2008Co-Authors: Ee-chien ChangAbstract:We are interested in this problem: a verifier, with a small and reliable Storage, wants to periodically check whether a remote Server is keeping a large file x . A dishonest Server, by adapting the challenges and responses, tries to discard partial information of x and yet evades detection. Besides the security requirements, there are considerations on communication, Storage size and computation time. Juels et al. [10] gave a security model for Proof of Retrievability($\mathcal{POR}$) system. The model imposes a requirement that the original x can be recovered from multiple challenges-responses. Such requirement is not necessary in our problem. Hence, we propose an alternative security model for Remote Integrity Check($\mathcal{RIC}$). We study a few schemes and analyze their efficiency and security. In particular, we prove the security of a proposed scheme HENC . This scheme can be deployed as a $\mathcal{POR}$ system and it also serves as an example of an effective $\mathcal{POR}$ system whose "extraction" is not verifiable. We also propose a combination of the RSA-based scheme by Filho et al. [7] and the ECC-based authenticator by Naor et al. [12], which achieves good asymptotic performance. This scheme is not a $\mathcal{POR}$ system and seems to be a secure $\mathcal{RIC}$. In-so-far, all schemes that have been proven secure can also be adopted as $\mathcal{POR}$ systems. This brings out the question of whether there are fundamental differences between the two models. To highlight the differences, we introduce a notion, trap-door compression, that captures a property on compressibility.
Shucheng Yu - One of the best experts on this subject based on the ideXlab platform.
-
proofs of retrievability with public verifiability and constant communication cost in cloud
International Workshop on Security, 2013Co-Authors: Jiawei Yuan, Shucheng YuAbstract:For data Storage outsourcing services, it is important to allow data owners to efficiently and securely verify that the Storage Server stores their data correctly. To address this issue, several proof-of-retrievability (POR) schemes have been proposed wherein a Storage Server must prove to a verifier that all of a client's data are stored correctly. While existing POR schemes offer decent solutions addressing various practical issues, they either have a non-trivial (linear or quadratic) communication complexity, or only support private verification, i.e., only the data owner can verify the remotely stored data. It remains open to design a POR scheme that achieves both public verifiability and constant communication cost simultaneously. In this paper, we solve this open problem and propose the first POR scheme with public verifiability and constant communication cost: in our proposed scheme, the message exchanged between the prover and verifier is composed of a constant number of group elements; different from existing private POR constructions, our scheme allows public verification and releases the data owners from the burden of staying online. We achieved these by tailoring and uniquely combining techniques such as constant size polynomial commitment and homomorphic linear authenticators. Thorough analysis shows that our proposed scheme is efficient and practical. We prove the security of our scheme based on the Computational Diffie-Hellman Problem, the Strong Diffie-Hellman assumption and the Bilinear Strong Diffie-Hellman assumption.
-
SCC@ASIACCS - Proofs of retrievability with public verifiability and constant communication cost in cloud
Proceedings of the 2013 international workshop on Security in cloud computing - Cloud Computing '13, 2013Co-Authors: Jiawei Yuan, Shucheng YuAbstract:For data Storage outsourcing services, it is important to allow data owners to efficiently and securely verify that the Storage Server stores their data correctly. To address this issue, several proof-of-retrievability (POR) schemes have been proposed wherein a Storage Server must prove to a verifier that all of a client's data are stored correctly. While existing POR schemes offer decent solutions addressing various practical issues, they either have a non-trivial (linear or quadratic) communication complexity, or only support private verification, i.e., only the data owner can verify the remotely stored data. It remains open to design a POR scheme that achieves both public verifiability and constant communication cost simultaneously. In this paper, we solve this open problem and propose the first POR scheme with public verifiability and constant communication cost: in our proposed scheme, the message exchanged between the prover and verifier is composed of a constant number of group elements; different from existing private POR constructions, our scheme allows public verification and releases the data owners from the burden of staying online. We achieved these by tailoring and uniquely combining techniques such as constant size polynomial commitment and homomorphic linear authenticators. Thorough analysis shows that our proposed scheme is efficient and practical. We prove the security of our scheme based on the Computational Diffie-Hellman Problem, the Strong Diffie-Hellman assumption and the Bilinear Strong Diffie-Hellman assumption.
Jiawei Yuan - One of the best experts on this subject based on the ideXlab platform.
-
proofs of retrievability with public verifiability and constant communication cost in cloud
International Workshop on Security, 2013Co-Authors: Jiawei Yuan, Shucheng YuAbstract:For data Storage outsourcing services, it is important to allow data owners to efficiently and securely verify that the Storage Server stores their data correctly. To address this issue, several proof-of-retrievability (POR) schemes have been proposed wherein a Storage Server must prove to a verifier that all of a client's data are stored correctly. While existing POR schemes offer decent solutions addressing various practical issues, they either have a non-trivial (linear or quadratic) communication complexity, or only support private verification, i.e., only the data owner can verify the remotely stored data. It remains open to design a POR scheme that achieves both public verifiability and constant communication cost simultaneously. In this paper, we solve this open problem and propose the first POR scheme with public verifiability and constant communication cost: in our proposed scheme, the message exchanged between the prover and verifier is composed of a constant number of group elements; different from existing private POR constructions, our scheme allows public verification and releases the data owners from the burden of staying online. We achieved these by tailoring and uniquely combining techniques such as constant size polynomial commitment and homomorphic linear authenticators. Thorough analysis shows that our proposed scheme is efficient and practical. We prove the security of our scheme based on the Computational Diffie-Hellman Problem, the Strong Diffie-Hellman assumption and the Bilinear Strong Diffie-Hellman assumption.
-
SCC@ASIACCS - Proofs of retrievability with public verifiability and constant communication cost in cloud
Proceedings of the 2013 international workshop on Security in cloud computing - Cloud Computing '13, 2013Co-Authors: Jiawei Yuan, Shucheng YuAbstract:For data Storage outsourcing services, it is important to allow data owners to efficiently and securely verify that the Storage Server stores their data correctly. To address this issue, several proof-of-retrievability (POR) schemes have been proposed wherein a Storage Server must prove to a verifier that all of a client's data are stored correctly. While existing POR schemes offer decent solutions addressing various practical issues, they either have a non-trivial (linear or quadratic) communication complexity, or only support private verification, i.e., only the data owner can verify the remotely stored data. It remains open to design a POR scheme that achieves both public verifiability and constant communication cost simultaneously. In this paper, we solve this open problem and propose the first POR scheme with public verifiability and constant communication cost: in our proposed scheme, the message exchanged between the prover and verifier is composed of a constant number of group elements; different from existing private POR constructions, our scheme allows public verification and releases the data owners from the burden of staying online. We achieved these by tailoring and uniquely combining techniques such as constant size polynomial commitment and homomorphic linear authenticators. Thorough analysis shows that our proposed scheme is efficient and practical. We prove the security of our scheme based on the Computational Diffie-Hellman Problem, the Strong Diffie-Hellman assumption and the Bilinear Strong Diffie-Hellman assumption.
Makoto Takizawa - One of the best experts on this subject based on the ideXlab platform.
-
AINA Workshops - A Model of Virtual Machines to Support Storage Processes
Advances in Intelligent Systems and Computing, 2019Co-Authors: Naohiro Ogura, Tomoya Enokido, Dilawaer Duolikun, Makoto TakizawaAbstract:Virtual machines are widely used to support applications with virtual computation service of computer resources in a cluster of Servers. Application processes on a virtual machine can take usage of not only CPUs but also Storage resources like files and databases independently of heterogeneity and location of each host Server. In addition, virtual machines can migrate from a host Server to a guest Server in the live manner. In this paper, we consider Storage processes which read and write data in files of Storages like HDD. We propose a model for performing Storage processes on virtual machines and migrating virtual machines supporting files from host Servers to guest Servers. Here, every file used by application processes is stored in a Storage Server and every virtual machine supporting files resides on the Storage Server. If a Storage process using a file is issued, a virtual machine supporting the file is found in Servers. Virtual machines migrate to working Servers, and Storage processes on virtual machines are performed. If a virtual machine supporting read-only files is overloaded, a clone of the virtual machine is created on the Storage Server and new processes reading the file is performed on the clone.
-
BWCCA - Power Consumption and Computation Models of a Storage Server
2015 10th International Conference on Broadband and Wireless Computing Communication and Applications (BWCCA), 2015Co-Authors: Atsuhiro Sawada, Tomoya Enokido, Hiroki Kataoka, Dilawaer Duolikun, Makoto TakizawaAbstract:It is now critical to reduce electric energy consumed in a cluster of Servers, especially scalable systems including a huge number of Servers like cluster computing systems. Types of application processes like computation, Storage, and communication processes are performed on Servers in clusters. In clusters, most applications use not only CPU resources but also Storage drives like database and web applications. In this paper, we consider Storage processes which read and write files in Storage devices. The SPCS model (simple power consumption model for a Storage Server) shows how much electric power a Server consumes to perform Storage and computation processes. In our macro-level approach, we first measure the electric power consumed by a whole Server to perform Storage and computation processes and the computation time of each process. Then, we define the SPCS model of a Server to perform Storage and computation processes by abstracting parameters like number of processes which dominate the electric power consumption. We also define a simple computation model for a Storage Server (SPCS model) to perform Storage and computation processes.
-
NBiS - A Power Consumption Model of a Storage Server
2011 14th International Conference on Network-Based Information Systems, 2011Co-Authors: Takuro Inoue, Tomoya Enokido, Ailixier Aikebaier, Makoto TakizawaAbstract:In order to realize digital ecosystems, the total electric power consumption of Servers to perform application processes has to be reduced in information systems. Applications are classified into three types, computation, communication, and Storage based types. In the computation and communication types of applications, CPU and communication resources of computers are mainly consumed, respectively. In this paper, we measure how much electric power of a whole computer is consumed to perform application processes. In the Storage types of applications, the electric power is consumed to read and write files in to Storage drives like hard disk drive (HDD). Then, we discuss a power consumption model of a computer to perform Storage application processes by abstracting most factors dominating the power consumption from the experimental results. Here, the power consumption rate of a computer is maximum if at least one process is performed. Otherwise, the power consumption rate is minimum. This is a simple power consumption model.
Jia Xu - One of the best experts on this subject based on the ideXlab platform.
-
remote integrity check with dishonest Storage Server
European Symposium on Research in Computer Security, 2008Co-Authors: Ee-chien Chang, Jia XuAbstract:We are interested in this problem: a verifier, with a small and reliable Storage, wants to periodically check whether a remote Server is keeping a large file x . A dishonest Server, by adapting the challenges and responses, tries to discard partial information of x and yet evades detection. Besides the security requirements, there are considerations on communication, Storage size and computation time. Juels et al. [10] gave a security model for Proof of Retrievability($\mathcal{POR}$) system. The model imposes a requirement that the original x can be recovered from multiple challenges-responses. Such requirement is not necessary in our problem. Hence, we propose an alternative security model for Remote Integrity Check($\mathcal{RIC}$). We study a few schemes and analyze their efficiency and security. In particular, we prove the security of a proposed scheme HENC . This scheme can be deployed as a $\mathcal{POR}$ system and it also serves as an example of an effective $\mathcal{POR}$ system whose "extraction" is not verifiable. We also propose a combination of the RSA-based scheme by Filho et al. [7] and the ECC-based authenticator by Naor et al. [12], which achieves good asymptotic performance. This scheme is not a $\mathcal{POR}$ system and seems to be a secure $\mathcal{RIC}$. In-so-far, all schemes that have been proven secure can also be adopted as $\mathcal{POR}$ systems. This brings out the question of whether there are fundamental differences between the two models. To highlight the differences, we introduce a notion, trap-door compression, that captures a property on compressibility.
