RESCUE: Resilient Secret Sharing Cloud-based Architecture Elochukwu Ukwandu, Prof William J Buchanan, Dr Lu Fan, Dr Gordon Russell, Dr Owen Lo Centre for Distributed Computing and Security/The Cyber Academy Edinburgh Napier University, Edinburgh, UK Contact author:
[email protected]
Abstract This paper presents an architecture (RESCUE) of a system that is capable of implementing: a keyless encryption method; self-destruction of data within a time frame without user’s intervention; and break-glass data recovery, with in-built failover protection. It aims to overcome many of the current problems within Cloud-based infastructures, such as in the loss of private keys, and inherent failover protection. The architecture uses a secret share method with: an Application Platform; Proxy Servers with Routers; and a Metadata Server. These interact within a multi-cloud environment to provide a robust, secure and dependable system, and which showcases a new direction in an improved cloud computing environment. It aims to ensure user privacy, and reduces the potential for data loss, as well as reducing denial-of-service outages within the cloud, and with failover protection for stored data. In order to assessement the best secret sharing method that could be used for the architecture, the paper outlines a range of experiments on the performance footprint of the most relevant secret sharing schemes. Keywords: secret shares, multi-cloud, failover protection, breakglass data recovery, self-destruct and keyless encryption.
I. INTRODUCTION There are many security and privacy problems within Cloudbased systems that need to be addressed, as, often, existing architectures within organisations have simply been scaled-out into the Cloud, with the addition of encryption. This methodology has been shown to be weak from many aspects, especially related to: trusted administrator access; lack of proper access control; APT; and in the loss of private keys. Many systems often protect with symmetric key encryption methods, where the key is protected by a password or encrypted using public key encryption. Along with this, anyone with System Administrator access can gain access to the encrypted content. The current encryption methods in the Cloud often suffer where the loss of a single encryption key can result in large-scale data loss. Along with security of the data, many organisations use the same methods of robustness and failover than they would do within their internal systems. With the Cloud, there is always a risk of a major outage in parts of the Cloud, such as recent ones within Azure and Amazon [35] and in many cases, this outage result to denial of service and more severely business shut down as there is no alternative means of accessing data. Beyond this, user’s privacy are usually jeopardised in the cloud as cloud service providers often without consent cache, copy and archive users’ data, which
can easily be retrieved, use and misuse by miscreants, competitors or court of law even when the owner seems to have deleted them. This paper proposes a secret share architecture (RESCUE) which aims to address these problems with:
Keyless encryption. Many systems have been breached by a compromise around the loss of a private key. The storing, processing and transmitted data within Cloudbased system can involve breaking data into secret shares which can be distributed amongst those who have rights to the data. If any of the data elements are accessed, it will not be possible to recover the original data, until the other relevant shares are available. A strong rights infrastructure can then implement the bringing-together of the shares. Self-destruct. The secret sharing method supports a selfdestructing data system, where all the information and their copies, as well as decryption keys can be destructed after a user-define time, without any user involvement. SeDas [38, 31], for example, causes sensitive information, such as account numbers, passwords and notes, to irreversibly self-destruct, without any action on the user’s part. It is thus applicable in multiple server-based systems, but has an operational overhead. Break-glass data recovery. The usage of secret shares supports a break-glass approach, where data can be recovered which does not comply with the required policy, and would be used in emergency situations. This has strong applications in safety critical system or in disaster recovery. In-built failover protection. The usage of secret shares allows the striping of data across multiple cloud-based storage systems using an any k-from-n sharing policy. For example if we stripe data across five Cloud storage systems, and apply a policy of 3-from-5 then support two of the Cloud storage systems can fail, but the original data will still be able to be recovered. The rest of this paper is organized as follows. In Section II, a review of cloud computing architecture; multi-clouds and its current method of data dissemination was carried out. We also reviewed the basic data striping schemes in cloud based systems in Section III as well reviewed several industrial applications of cloud based secret shares systems in section IV. In section V, we presented our proposed model of secret sharing architecture in a multi-cloud environment and its elements. Then an evaluation of an experimental result of three secret sharing schemes against different data sizes was done in section VI and we concluded in section VII.
II. CLOUD COMPUTING ARCHITECTURES NIST define Cloud computing as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. [21], in contrast, defines cloud as an elastic execution environment of resources involving multiple stakeholders and providing a metered service and multiple granularities for specified level of quality [1, 15, 36]. The major concerns of moving towards Cloud-based storage have been security and availability of data when accessed. Several researchers defined that a multi-cloud storage platform might improve security and resilience ([23]; [4]; and [30]). Based on this, to ensure effective data splitting and security of stored data, a secret sharing algorithm such as Shamir secret sharing has been proposed for multi-cloud storage ([29]; [24]; [7]; [20]; [28] and [19]). Previous methods split the data into pieces and then reconstruct when needed, and replicate data at different storage areas using encryption to safeguard them. This type of methodology can be costly (in terms of network bandwidth and storage facilities), and not quite safe in the case of poor key management. III. B ASIC DATA S TRIPING S CHEMES IN C LOUD -BASED S YSTEMS Dodis [10] states that a basic secret sharing scheme is given by two algorithms: Sharing (Share); and Recovery (Rec). Share takes a message M and split it into n pieces. Since M is secret, Share must introduce randomness (that is, Share is probabilistic); Rec is a deterministic algorithm which recreates the message from some or all of the shares: •
•
The Sharing Algorithm: Share (M) → (S 1 , S 2 , …. S n , pub). The secrets S 1 , S 2 , …. S n are distributed securely among servers 1 through to n, and pub is a public share. The Recovery Algorithm: (S ’1 , S ’2 , …. S ’n , pub)=M’. The correctness property of the algorithm defines that, for any message, we have: M, Rec(Share(M)) = M
where → depicts randomness. Secret sharing schemes are important in cryptography and are a key building block for many secure protocols, such as for: Threshold Cryptography; Access Control; Attribute-Based encryption; Byzantine agreement; generalised oblivious transfer; and general protocol for Multi-Party computation [5]. The thresholds are:
tp - the privacy threshold. This describes the maximum number of servers that cannot determine the secret, even if they combine their shares. tf - the fault-tolerance threshold. With this, suppose every server is honest; this is the minimum number of servers you need to recover the secret (if the other servers are absent).
tr - the robustness threshold. This is arguably the most important, as this is the minimum number of correct shares you need to recover the secret if other servers are compromised. ts - the soundness threshold. This determines the minimum number of correct shares such that it is not possible to recover the wrong secret. ti - the information rate threshold. This describes the amount of information that the server needs to keep on a secret and determines the efficiency and idealness of a secret sharing scheme.
A. Sharing methods There are several relevant methods which could be used for secret sharing these are outlined in the following sections. The most relevant methods are evaluated at the end of this paper. Perfect Secret sharing scheme (PSS) Shamir (1979) provides a good example of a perfect secret sharing [41]. Its perfectness is measured by two parameters: if, and only if, t-1 shares, provide absolutely no information regarding the hidden secret, and when the ratio of the length of the secret to the length of each of the shares known as information rate, is equivalent to 1. Share distribution An honest Dealer (D) selects n distinct, non-zero elements of ℤp, denoted by xi where i [1, n] and it is required that p≥n+1 because in a field of ℤp, we can have at most p-1 participants. D spreads the value xi to Pi and these xi values are public. The Dealer selects the secret k ℤp, secretly, and independently, at random, selects t-1 elements of ℤp denoted by a1 , a2 , … at-1 . For i [1, n] , dealer computes yi=a(xi), where: t 1
a( x) k a j x j (mod p)
Eqn. 1
j 1
For
i [1, n] , dealer gives
the Share
S yi
to
Pi
Secret recovery: A group of participants A, which are members of the access structure Γ are required to meet to recover the secret say A and can reconstruct the secret k=a(0) by substituting x=0 into LaGrangian interpolation formula: t xik k yi j j 1 1k t ,k j xik xi j
mod p
Eqn. 2
Information Dispersal Algorithm (IDA) Rabin (1989) suggested splitting a secret S into n pieces such that a person can obtain the secret only if k < n of these pieces are available, where k is the threshold. Here, each secret Si, i ≤ n, is of size |S|/k, where |S| is the size of the secret [40]. The total sizes of all the secrets are: (n/k)× |S|
Eqn. 3
Thus, with Rabin’s Information Dispersal Algorithm, the storage complexity of a secret sharing system can be
significantly reduced in comparison to Shamir (1979) perfect secret sharing (PSS) scheme. But, the security flaw in this method is that, if the data exhibits some pattern frequently, and that the attacker gets hold of m < k slices, there are great possibilities for him gaining the secret S. Both the split and combine algorithms operate by performing matrix multiplication over the input. In the case of the split operation, the transform matrix has n rows (n=number of shares) and k columns (k=quorum), while, in the case of combine operation, the transform matrix has k rows and k columns. Either operation is described simply as the matrix multiplication: Transform Matrix × Input Matrix=Output matrix Krawczyk’s Computational Secret Sharing (CSS) Hugo Krawczyk [42] proposed the Computational Secret Sharing (CSS) technique (a.k.a. secret sharing made short), which combines Rabin’s IDA with Shamir's PSS. Data is first encrypted with a randomly generated key, using a symmetric encryption algorithm. Next this data is split into n fragments using Rabin’s IDA with a threshold t configured. In this case, the scheme is t times more efficient than Shamir's PSS. The final step is to use Shamir’s PSS to produce shares of the randomly generated symmetric key (which is typically of the order of 64 to 256 bits) and then give one share and one fragment to each shareholder. A related approach, known as AONT -RS [43], applies an All-Or-Nothing transform (AONT) to the data as a preprocessing step to the IDA. AONT guarantees that any number of shares less than the threshold is insufficient to decrypt the data. IV. APPLICATIONS OF C LOUD-BASED S ECRET S HARES S YSTEMS Secret sharing schemes have long been applied in several areas of human endeavours utilising in-house storage systems, but its applications in multi-cloud-based systems has scarcely been discussed. A. Government: Election Many government are moving towards e-voting, and must thus make sure no-one can figure out the final result. With secret shares the splitting of a secret key guarantees that decryption will occur once all parties agree to it [2]. Other works justifying the use of Secret Sharing Scheme in electronic voting are: A Simple Publicly Verifiable Secret Sharing Scheme (PVSS) and its Application to Electronic Voting [34], in showed that VSS can be applied in small scale e-voting as the scheme aims to achieve security with regard to universal verifiability, privacy, and robustness. Overall it does not require a shared-key generation protocol for a threshold decryption scheme. [27] and [33] made useful contributions towards the use of this scheme in electronic voting. A non-VSS scheme in electronic voting is the one proposed by [25]. Their work tends to leverage on the potentials e-voting has in terms of security, transparency, accuracy and reliability over other voting schemes by proposing: An Improved E-Voting scheme using Secret
Sharing-based Secure Multi-party Computation. The system makes use of bitwise representation of votes and only the shares are used for transmission and computation of result. Secure sum evaluation can be done with shares distributed using Shamir’s secret sharing scheme, which is secure and ideal. B. Data Storage, security and Management Cloud storage has become an integral part of modern businesses, education, government and mobile lives. With the advent of Multi-Cloud Databases as a panacea to the issue of data availability, with secret sharing scheme being adopted to provide security of the stored data by splitting the data into smaller chunks rather than the whole data. To reduce storage overhead, cloud file systems are transiting from replication to erasure codes [16] and this attributes led to the use of Reed-Solomon (RS) codes in erasure coding as a scalable option in providing a reliable local storage in High Performance Computing and on Infrastructure as a Service in clouds. This technology has found application in the design of Local Reconstruction Codes (LRC) by [14]. Overall, LRC is designed so that it reduces the number of erasure coding fragments that need to be read when reconstructing data fragments that are offline, while still keeping the storage overhead low. The important benefits of LRC are that it reduces the bandwidth and Input/Outputs required for repair reads over prior codes, while still allowing a significant reduction in storage overhead in Windows Azure Storage. [17] outlined the application of Reed-Solomon codes for cloud storage system and proposed a distributed data storage system model that provides adjusted layer of integrity and availability by using RS codes. The system is capable of restoring lost or changed data, and is scalable and platform independent. This is achieved by using two layers of coding at the server: the distributed and local levels of coding; and that at each level RS codes were used to ensure the integrity of user data. The check availability mechanism is not dependent on stored data size and also redundancy size is set by system parameters. Systematic code, which is used for data availability control, allows access to data without creating additional load on the system. DEPSKY [6] is a system that improves the availability, integrity and confidentiality of information stored in the cloud through the encryption, encoding and replication of the data on diverse clouds that form a cloud-of-clouds and is a good example of real life application of Secret Sharing scheme in multi-cloud-based storage system. CloudStash [3] applies secret-sharing scheme directly on files to store multi-shares of a file into multi-clouds. It splits files into multi-shares of secret and distributing these multi-shares into multi-clouds simultaneously, where threshold shares are required to reconstruct the file. The experiment shows that CloudStash is significantly faster for small files, and even for large files the added cost is not statistically worse. There are some proposed works such as: [32] on Effective Data Distribution techniques for multi-cloud storage in cloud computing; [22] on Using Secret Sharing Algorithm for
Improving Security in Cloud Computing; [37] on Selecting the Right Data Distribution scheme for a survival storage system justifying the use of Threshold Secret Sharing as the best method of secured distribution in cloud. C. Health Care Services Health Care services could benefit greatly from the usage of Cloud Computing, but many risks still exist, including security and performance. In a bid to provide a solution to this, [13] presented a novel architecture and its implementation for inter-organizational data sharing, which provides a high level of security and privacy for patient data in semi-trusted cloud computing environments. This architecture features attributebased encryption for selective access authorization and cryptographic secret sharing in order to disperse data across multiple clouds, reducing the adversarial capabilities of curious cloud providers. An implementation and evaluation by several experiments demonstrate the practical feasibility and good performance. [26] provided a solution for secret image sharing by suggesting a scheme which deploys a simple graphical masking method, done by using AND for share generation and OR for share reconstruction of the qualified set of shares. Also, this proposed method creates meaningful shares by using Steganography instead of noise-like shares. Rabin’s IDA has been deployed in sharing health data alongside Shamir’s Secret sharing scheme in a multi-cloud environment, the result shows that the adoption of Rabin’s IDA would create a low overhead and more feasible that Shamir’s Secret sharing scheme, as Shamir’s reconstruction phase had a huge marginal increase when the document size or the threshold grows despite the optimisation by Lagrange interpolation [12]. D. Finanical Sector SHAREMIND [8] is a distributed virtual machine that uses secure multi-party computation to securely process data based on the secret sharing primitive introduced by Blakley and Shamir, and is a good example of financial application of secret sharing schemes. It has been deployed for secured multi-party computation in Financial Data Analysis [9] and can also analyse confidential data without compromising privacy.
SeDas [38] is a Self-Destructing Data System based on Shamir’s Secret Sharing Algorithm (Fig. 1). In a selfdestructing data system all the information and their copies, as well as decryption keys become destructed after a userspecified time, without any user’s involvement. It is a new approach based on object-based storage technique for protecting data privacy from attackers who retroactively obtain, through legal or other means, a user’s stored data and private decryption keys. SeDas causes sensitive information, such as account numbers, passwords and notes to irreversibly self-destruct, without any action on the user’s part. It is applicable in a multiple server-based systems. It has an operational overhead, but, by using the cloud nodes, the overhead can be reduced. E. Authentication and Key Management FEACS (Flexible and Efficient Access Control Scheme for Cloud Computing) [39] is a system whose mathematical background is on a Linear Secret Sharing scheme suitable for fine-grained access control. In consideration of the dynamic nature of user’s membership in cloud-based systems, FEACS has the capability of coping with this dynamism. Secondly, full logic expression is supported to make the access policy described accurately and efficiently. Besides, FEACS is secure based on the Decisional Bilinear Diffie-Hellman assumption. [18] defines an Attribute-Based Keyword Search and Data Access Control in Cloud based on Bilinear Maps and Linear Secret Sharing scheme. The scalability of cloud-based system in key-management such as key-recovery service of cryptographic systems is an attractive cost saving proposition In order to verifiably support key-recovery in a public cloud, it is essential to use publicly verifiable secret-sharing (PVSS) schemes. In addition, a holistic approach to security must be taken by requiring that running the key-management service in an untrusted cloud does not violate the security of the cryptographic system at hand. In Publicly Verifiable Secret Sharing (PVSS) for CloudBased Key Management [11] the authors took a holistic approach for the case of public-key encryption which is one of the most basic cryptographic tasks, and formalises the security of public-key encryption in the presence of PVSS.
Data Storage Area Active Storage Object 1 (ASO1) -Status (lifetime, time-to-live, et al) -Method
Active Storage Object n (ASOn)
ASO Handlers
ASO API
External Interface
Security Policy
ASO Runtime
Store System
Fig. 1: The Self-destruct (SeDas) system architecture (Source: [38])
V. S ECRET S HARING IN A MULTI -C LOUD ENVIRONMENT Fig. 2 outlines the RESCUE architecture which supports a secret sharing scheme in a multi-cloud environment. It has four main elements:
Application Platform. Its function is to: determine the access structure; encode secrets; sends secrets to the main multi-cloud proxy server for distribution to multi-cloud service providers, as well as keeping the secret shares when recovered.
Main Multi-Cloud Proxy Server with Router. This splits and distributes encoded shares to multi-cloud based on pre-determined access structure and manages the failover protection of shares.
Metadata server. This includes the functionality of: User management; Server management; Session management; and File metadata management [38].
Multi-cloud Proxy server. This gathers shares and reconstruct secret as well manages break-glass data recovery.
Sub-Routers. This creates a path between Cloud Service Provider (CSP) 1 (considered here as front-end) with other Cloud Service providers (considered here as the Back-ends) thereby creating a quick and alternative recovery path for all the shares. For example: R4 connects with R3+R2+R1, so R4 is a path for CSP1+R3+ R2+R1+S1, and so on.
At the Application platform, the data owner determines n and t values (see section VI) and using both calls up the application to be used, selects algorithm of choice based on our Evaluation in Section VI after a successful sign in to the system and access level determined. It will be nice to base the choice of algorithm on performance as it relates to security, overhead cost and data size. In Fig. 2 we have a 3-out-of-5 access structure, while in section VI we used 4-out-of-10 and 2-out-of-5. The encoded data is sent to the local main multicloud proxy server with router for onward dissemination to the CSPs. The proxy splits the encoded data according to a secretsharing scheme determined access structure, and distributes each share over the Internet to different CSPs. The retrieval process is similar to the storage process as the metadata server helps to keep track of the siblings of the shares. The proxy retrieves enough corresponding shares from the cloud service providers. This retrieval involves authentication to the cloud providers. The retrieved shares are sent back to the application platform software, which decodes them and verifies their authenticity before reconstructing the data. The system is capable of a break-glass data recovery through the local multicloud proxy server in a case of emergency after, which a clean-up should be performed at the end of the activities for record purposes. The design incorporates unique feature in a multi-cloud environment as it uses secret sharing scheme to implement keyless encryption. This is done by breaking the secret into chunks called (k-out-of-n) threshold in such a manner that less than k shares cannot recover the secret, thus using it for data distribution in object storage system. This is also used to
implement safety destruct with equal divided shares. The incorporation of a Self-Destructive system solves the problem of cloud user’s privacy as there is no way the user’s data can be accessed, copied, cached or used without the data owner’s consent within a pre-determined time-frame as all data and their copies become destructed or unreadable after a userspecified time, without any user intervention [38]. The selfdestructive system defines two modules: a self-destruct method object; and survival time parameter for each secret key part. In this case, a secret sharing algorithm is used to implement share distribution in object storage system so as to ensure safe destruct with equally divided shares. Based on active storage framework, object-based storage interface will be used to store and manage the equal divided shares. The use and implementation of a threshold system in cloud services are deliberate act towards implementing a failover protection in the model. In a normal circumstance all the service providers are used in share storage as well as secret reconstruction, but in an extreme desperate situation, 2-out-of5 can be made redundant. That is to say if 2-out-of-5 CSPs fails, data/secret storage and reconstruction are still possible. The use of the second local multi-cloud proxy server and the sub-routers (1-5) were deliberate as they are for the implementation of a failover protection. With the sub-routers and the second multi-cloud server, a route is established to and from all the CSPs and having decided for a 3-out-of-5 access structure only 3-out-of-5 CSPs are required to store and reconstruct the secret at an emergency situation. By this feature, the concept of total business shut down as in [35] or denial of service may not exist in using this model, though the number of CSPs required are dependent on the secret sharing algorithm of choice in times of secret reconstruction (see section VI). This is because Shamir is a perfect scheme, while Krawczyk is not. In fact, Krawczyk is termed secret sharing made short (see section III). There is also an incorporation of a Break-Glass data recovery system implemented using one of the Proxy Servers. An access to Multi-Cloud proxy Server II entails an access to CSPs 1, 3 and 5 and this in turn ensures a quick recovery of shares in order to reconstruct the secret as it is a quick link to all other CSPs and moreover, following the access structure, such access ensures the possibility of reconstructing the secret in an emergency situation. This is an important feature as there could be a period of cloud outage as stated in [35], and in such situation, data recovery could be done from 3-out-of-5 Cloud service providers being used for data storage. That is to say, if 2-out-of-the-5 cloud service providers fail, data recovery is still possible in such an extreme condition. Our proposed architecture can provide the following: 1. Fast and efficient data/key distribution to multi-cloud service providers. 2. Keyless encryption and by extension data security. 3. Data privacy by implementing SeDas, as it meets all the privacy-preserving goals [38].
Application Platform: Determines the access structure; encodes secret; sends same to main multi-cloud proxy server for distribution to multicloud service providers as well keeps the secret.
Application Platform
Multi-cloud Proxy Server
Metadata server
Main Multi-Cloud Proxy Server with Router
R1 – Sub-router 1 R2 – Sub-router 2 R3 – Sub-router 3 R4 – Sub-router 4 R5 – Sub-router 5 S1-S5 – Shares 1-5 CSP1-5 Cloud Service Providers 1-5
R4
S5 R1
R2
CSP5
R3
S1 S4 Data storage E with self destruct ability
CSP4
Data storage D with self destruct ability
CSP1 S3 CSP3
S2
CSP2 Data storage A with self destruct ability
Data storage C with self destruct ability
Data storage B with self destruct ability
Fig. 2: Proposed architecture of a Secret Sharing Scheme in a Multi-cloud environment 4.
5.
6.
SeDas supports security erasing files and random storage in drives (Cloud, HDD or SSD) respectively [38]. Backup operational mode in which the function of 5 CSPs can be assumed by 3 CSPs when 2-out-of-the5 CSPs become unavailable either through failure or scheduled down time. Break-glass data recovery. VI. EVALUATION
Secret sharing schemes have been used successfully in data splitting and reconstruction, thereby providing data security in a keyless manner. This section outlines an experiment involving three of the main contenders for Secret Sharing schemes in Cloud-based systems: Adi Shamir’s Perfect Secret Sharing Scheme (PSS)[41], Hugo Krawczyk’s Secret Sharing made short or Computational Secret Sharing scheme (CSS)[42] and Rabin’s Information Dispersal Algorithm (IDA)[40]. The evaluator in this case is the performance overhead at an increasing thresholds and data sizes shows varied behaviours that depict their strengths and weaknesses at different application scenarios. Figures 3 and 4 outline the results. The aim of the experiment is to demonstrate the implication variance in data size has on the performance of each secret sharing scheme (SSS) algorithm in terms of share creation and share recreation in case one wants to apply any in cloud-based designs such as RESCUE. Data sizes from 1024 KB to 16,384 KB were evaluated. The data generated are arbitrary due to the fact that the evaluations are not catered for in relation to one specific area where SSS algorithms may be applied in. The test machine is a D-Series
3 specification Microsoft Azure virtual machine which consists of 4 vCores, 14 GB of RAM and a 200 GB SSD. Two primary sets of results were presented which use the parameters of n=5; t=2 and n=10; t=4. The variable n relates to the number of shares to create while the variable t relates to the number of shares required for recreation of the original arbitrary data (using each SSS algorithm). Results are presented in milliseconds. From the figures and tables presented, it can be clearly demonstrated that IDA is the fastest algorithm regardless of data size. CSS comes second in terms of time taken for share creation and recreation while PSS comes last. One significant observation in the results presented is that PSS demonstrates greater issues in regards to scalability as the data size increases in comparison with the other two algorithms. Additionally, as we increase the parameters from n=5; t=2 to n=10; t=4 it can be demonstrated that only share creation will produce significant increase in performance time. Although IDA has demonstrated the fastest time in results presented in this paper it would be naive to simply use this algorithm from these results alone. Depending on the context and application, there may be a need to strike a fine balance between ensuring strong security and acceptable level of performance. Thus, ultimately, the decision on which SSS algorithm to use will be most dependent on the use-case scenario at hand.
Table 1: Time Taken (ms) of Share Creation (n=5;t=2) IDA CSS PSS
1024 (KB)
2048 (KB)
4096 (KB)
8192 (KB)
16384 (KB)
14.42 21.27 172.21
31.90 43.29 304.94
65.83 97.25 622.16
126.52 174.97 1065.41
274.43 380.53 2228.30
Table 2: Time Taken (ms) of Share Recreation (n=5;t=2) IDA CSS PSS
1024 (KB)
2048 (KB)
4096 (KB)
8192 (KB)
16384 (KB)
26.35 35.01 45.69
63.39 76.88 104.73
116.69 121.42 171.81
223.60 251.43 428.29
445.53 536.36 867.35
Table 3: Time Taken (ms) of Share Creation (n=10;t=4) IDA CSS PSS
1024 (KB)
2048 (KB)
4096 (KB)
8192 (KB)
16384 (KB)
19.97 26.80 298.25
58.90 70.81 567.11
185.20 192.48 1169.94
333.22 367.04 3013.11
518.00 871.62 6091.91
Table 4: Time Taken (ms) of Share Recreation (n=10;t=4)
Fig. 3. Share creation and recreation against increasing data sizes (n=5;t=2)
IDA CSS PSS
1024 (KB)
2048 (KB)
4096 (KB)
8192 (KB)
16384 (KB)
21.04 26.83 56.79
45.11 59.10 139.10
104.75 122.94 222.47
163.78 210.51 455.58
362.32 470.08 932.91
VII. C ONCLUSIONS There are many weaknesses within Cloud-based infrastructure, including risks around the usage of public and private key encryption. RESCUE thus provides a new method of integrating privacy into the data infrastructure, along with integrating a self-destructive system, with break-glass data recovery and in-built failover protection. The evaluation shows, though, that there is a performance impact with large file, and related to the number of shares used. Overall IDA and CSS can be seen as strong contenders for an efficient method with a secret share infrastructure, while PSS struggles from a performance point-of-view. VIII. R EFERENCES [1] [2]
[3]
[4]
[5]
[6]
[7] Fig. 4: Share creation and recreation against increasing data sizes (n=10;t=4)
Abbadi, I.M. (2014). Cloud Management and Security. John Wiley & Sons Ltd, UK. ISBN 978-1-118-81709-4 (hardback), P p.2 Al Ebri, N., Baek, J., & Yeun, C. Y. (2011). Study on Secret Sharing Schemes (SSS) and their applications. In Internet Technology and Secured Transactions (ICITST), 2011 International Conference for (pp. 40-45). IEEE. Alsolami, F., & Boult, T. E. (2014). CloudStash: Using Secret-Sharing Scheme to Secure Data, Not Keys, in Multi clouds. In Information Technology: New Generations (ITNG), 2014 11th International Conference on (pp. 315 320). IEEE. AlZain, M. A., Soh, B., & P ardede, E. (2011). MCDB: Using Multi-clouds to Ensure Security in Cloud Computing. In Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on (pp. 784-791). IEEE. Beimel, A., Chee, Y. M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H. & Xing, C. (ed.),(2011). Secret -Sharing Schemes: A Survey‖, Springer, 6639, pp. 11 -46. Bessani, A., Correia, M., Quaresma, B., André, F., & Sousa, P . (2013). DepSky: dependable and secure storage in a cloud-of-clouds. ACM Transactions on Storage (TOS), 9(4), 12. Bharambe, J.V., and Makhijani, R.K. (2013). Secured Data Storage and Retrieval in Multi-Cloud using Shamir’ s Secret
[8]
[9]
[10] [11]
[12]
[13] [14]
[15]
[16]
[17]
[18]
[19]
[20]
[21] [22]
[23] [24]
[25]
[26]
Sharing Algorithm. International Journal of Computer Science and Engineering, 2(3), pp. 15-19. Bogdanov, D., Laur, S., & Willemson, J. (2008). Sharemind: A Framework for Fast P rivacy-P reserving Computations. In European Symposium on Research in Computer Security (ESORICS). Bogdanov, D., Talviste, R., & Willemson, J. (2012). Deploying secure multi-party computation for financial data analysis. In Financial Cryptography and Data Security (pp. 57-64). Springer Berlin Heidelberg. Dodis, Y. (2007). Exposure-resilient cryptography. D’ Souza, R., Jao, D., Mironov, I., & P andey, O. (2011). P ublicly verifiable secret sharing for cloud -based key management. In P rogress in Cryptology –INDOCRYPT 2011 (pp. 290-309). Springer Berlin Heidelberg. Ermakova, T., & Fabian, B. (2013). Secret sharing for health data in multi-provider clouds. In Business Informatics (CBI), 2013 IEEE 15th Conference on(pp. 93-100). IEEE. Fabian, B., Ermakova, T., & Junghanns, P . (2015). Collaborative and secure sharing of healthcare data in multiclouds. Information Systems, 48, 132 -150. Huang, C., Simitci, H., Xu, Y., Ogus, A., Calder, B., Gopalan, P ., Li, J. & Yekhanin, S. (2012). “ Erasure coding in Windows Azure Storage,” presented at the USENIX Annual Technical Conference, Boston, MA. Kaefer, G (2010). Cloud Computing Architecture. A presentation by SIEMENS in 4th generation datacenter IEEE spectrum, http://www/ct.siemens.com Khan, O., Burns, R. C., P lank, J. S., P ierce, W., & Huang, C. (2012). Rethinking erasure codes for cloud file systems: minimizing I/O for recovery and degraded reads. In FAST (p. 20). Levina, A., Kuzmin, I., & Taranov, S. (2014). Reed Solomon Codes and its application for cloud storage system. In Future Generation Communication Technology (FGCT), 2014 Third International Conference on (pp. 46 -49). IEEE. Li, J., & Zhang, L. (2014). Attribute-Based Keyword Search and Data Access Control in Cloud. In Computational Intelligence and Security (CIS), 2014 Tenth International Conference on (pp. 382-386). IEEE. Makkena, T., and Rao, T.P . (2014). A Shamir Secret Based Secure Data sharing between Data owners. International Journal of Engineering Trends and Technology, 16(8), pp. 362-165. Mallareddy, A., Bhargavi, V., & Rani, K. D. (2014). A Single to Multi-Cloud Security based on Secret Sharing Algorithm. International Journal of Research,1(7), 910 -915. Mell, P ., & Grance, T. (2011). The NIST definition of cloud computing. Mirajkar, S.S. & Biradar, S. (2014). Using Secret Sharin g Algorithm for Improving Security in Cloud Computing. International Journal of Advanced Research in Computer Science & Technology, 2(2.3)395-398 Morozan, I. Multi-Clouds Database: A New Model to P rovide Security in Cloud Computing. Mounica, D., & Rani, M. C. R. (2013). Optimized Multi Clouds using Shamir Shares. International Journal for Development of Computer Science & Technology, 1(3), pp. 83-87. Nair, D. G., Binu, V. P ., & Kumar, G. S. (2015). An Improved E-voting scheme using Secret Sharing based Secure Multi-party Computation. arXiv preprint arXiv:1502.07469. Naskar, P . K., Chaudhuri, A., & Chaudhuri, A. (2010). Image Secret Sharing Scheme Using a Novel Secret Sharing
[27]
[28]
[29]
[30] [31]
[32]
[33] [34]
[35]
[36]
[37]
[38]
[39]
[40] [41] [42]
[43]
Technique with Steganography. In IEEE CASCOM P OST GRADUATE STUDENT P AP ER CONFERENCE (p. 62). Neff, C. A. (2001). A verifiable secret shuffle and its application to e-voting. In P roceedings of the 8th ACM conference on Computer and Communications Security (pp. 116-125). ACM. P admavathi, M., Sirisha, D., & Laks hman Rao, A. (2014). The Security of Cloud Computing System Enabled by Shamir’ s Secret Sharing Algorithm. International Journal of Research Studies in Science, Engineering and Technology, 1(9), pp. 103-109. P adsala, C., P alav, R., Shah, P ., & Sonawan e, S. (2015). Survey of Cloud Security Techniques. International Journal for Research in Applied Science & Engineering Technology, 3(3) pp. 47-50. P atel, A., & Soni, K. (2014). Three Major Security Issues in Single Cloud Environment. International Jo urnal, 4(4). Rao, C., Rodi, P ., P alande, A., & Bhusari, V. (2015). SEDAS: A Self-Destructing Data System Based on Shamir’ s Secret Sharing Algorithm. International Journal Of Scientific Research And Education, 3(03). Reddy, B. A., & Reddy, P . R. S. Effective Data Distribution Techniques for Multi-Cloud Storage in Cloud Computing. CSE, Anurag Group of Institutions, Hyderabad, AP , India. Relan, V. (2009) Secret Sharing. A Lecture Note on CMSC 652: Cryptology Schoenmakers, B. (1999). A simple publicly verifiable secret sharing scheme and its application to electronic voting. In Advances in Cryptology—CRYP TO’ 99 (pp. 148-164). Springer Berlin Heidelberg. Srinivasan, S. (2014). Building trust in cloud computing: Challenges in the midst of outages. P roceedings of Informing Science & IT Education Conference (InSITE) 2014 (pp. 305-312). Retrieved from http://P roceedings.InformingScience.org/InSITE2014/InSIT E14p305-312Srinivasan0544.pdf VMware (2012). VMware Cloud Management: Insights into managing your virtualized datacenter weblog. Available at: http://blogs.vmware.com/management/ Wylie, J.J., Bakkaloglu, M., P andurangan, V., Bigrigg, M.W., Oguz, S., Tew, K., Williams, C., Ganger, G.R., & Khosla, P .K. (2001). Selecting the right dat a distribution scheme for a survivable storage system. Technical Report CMU-CS-01-120, Carnegie Mellon University. Zeng, L., Chen, S., Wei, Q., & Feng, D. (2012). Sedas: a self-destructing data system based on active storage framework. In APMRC, 2012 Digest (pp. 1-8). IEEE. Zhang, Y., Chen, J., Du, R., Deng, L., Xiang, Y., & Zhou, Q. (2014). FEACS: A Flexible and Efficient Access Control Scheme for Cloud Computing. In Trust, Security and P rivacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on (pp. 310 -319). IEEE. M. O. Rabin, “ Efficient Dispersal of Information for Security, Load Balancing and Fault Tolerance,” Journal of the ACM, vol. 36, no. 2, pp. 335-348, 1989. A. Shamir, “ How to share a secret ,” Communications of the ACM, vol. 22, no. 11, p. 612–613, 1979. H. Krawczyk, “ Secret Sharing Made Short,” in P roceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology, 1993. J. Resch and J. P lank, “ AONT-RS: Blending Security and P erformance in Dispersed Storage Systems,” in P roceedings of the 9th USENIX on File and Storage Technologies, 2011.
