Safe Haven in the Cloud: Secure Access Controlled File Encryption ...

Science and Information Conference 2015 July 28-30, 2015 | London, UK

Safe Haven in the Cloud: Secure Access Controlled File Encryption (SAFE) System Farrukh Shahzad Information and Computer Science King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia [email protected] Abstract—The evolution of cloud computing has revolutionized how the computing is abstracted and utilized on remote third party infrastructure. It is now feasible to try out novel ideas over the cloud with no or very low initial cost. There are challenges in adopting cloud computing; but with obstacles, we have opportunities for research in several aspects of cloud computing. One of the main issue is the data security and privacy of information stored and processed at cloud provider’s systems. In this work, a practical system (called SAFE) is designed and implemented to securely store/retrieve user’s files on the third party cloud storage systems using well established cryptographic techniques. It utilizes the client-side, multilevel, symmetric/asymmetric encryption and decryption operations to provide policy-based access control and assured deletion of remotely hosted client’s files. The SAFE is a generic application which can be extended to support any cloud storage provider as long as there is an API which support basic file upload and download operations. Keywords—Cloud computing; Data privacy; Encryption; Cryptography; Secure storage; Access control; Assured deletion

I.

INTRODUCTION

Cloud computing has evolved as a popular and universal paradigm for service oriented computing where computing infrastructure and solutions are delivered as a service [1]. The cloud has revolutionized the way computing infrastructure is abstracted and used. Some of the features which makes cloud computing desirable includes; elasticity (the ability to scale ondemand), pay-per-use (which means no/low upfront investment and low time to market) and transfer of risk (from the small application developers to the large service providers) [2]. Therefore novel applications/ideas can be tried with minimal risks, an approach that was not feasible in the pre-cloud era. This has resulted in large numbers of applications—of various types, sizes, and requirements—being deployed across the various cloud service providers. Cloud computing not only realizes the dream of computing as a utility but provides opportunity for its adoption and growth. As with any new technology, there are challenges and obstacles. Data confidentiality and security is one of the main obstacles in adopting the cloud service at the enterprise level. The cloud environment includes a number of implementations, based on the services they provide, from application service provisioning, grid and utility computing, to Software as a Service [4, 6]. However, the convenience and efficiency of this service model comes with privacy and

security risks [3, 7, 8]. A significant barrier to the adoption of cloud services is the users’ fear of confidential data leakage and loss of privacy in the cloud [4, 5]. Cloud computing raises a range of important privacy issues as acknowledged by a number of recent work [3, 4, 7, 8]. Such issues are due to the fact that, in the cloud, users’ data and applications reside – at least for a certain amount of time – on the machines which are owned and maintained by third parties. One of the concerns is that it is not clear to individuals why their personal information is requested or how it will be used or passed on to other parties. The security concerns motivate the authors of [9] to propose a system, called FADE that can enforce access control and assured deletion of outsourced data on the cloud in a finegrained manner. Access control guaranties that only authorized users can access/download the data on the cloud and assured deletion means that data is permanently inaccessible even if the storage provider (or their sub-contractors) keeps the file upon request of deletion. This work is an extension or simplification of FADE [9] to achieve more practical deployment with less overhead. The Secure Access controlled File Encryption (SAFE) system is an overlay which works seamlessly over the existing cloud storage services without any changes on the cloud side. Furthermore, the implementation only requires basic data access API functions like put (upload) and get (download). In SAFE, a file is encrypted with a data key by the owner of the file, using the SAFE client. The data key is further encrypted with a secret key which is in turn is encrypted with a control key, based on the access control policy selected by the owner, with the help of a separate key server. The encrypted keys are stored as a separate metadata file, along with the encrypted data file. Our contributions are summarized below: • The design of Secure Access controlled File Encryption (SAFE) system to achieve policy-based access control and assured deletion. • The development of generic Java application to provide encryption/decryption and file upload/ download operations to/from any storage system. • Implementation of complete SAFE client and key server applications which currently support Amazon S3

1329 | P a g e www.conference.thesai.org

Science and Information Conference 2015 July 28-30, 2015 | London, UK

and Drop box storage services and can be extended other providers easily. The rest of the paper is organized as follows. Section II introduces the cloud environment and challenges related to data security with some literature review. Section III presents the design of SAFE with details of each component. Section IV gives the implementation details while section V provides some criteria for evaluating system performance empirically. Finally, section VI concludes the paper and outlines future research directions. II.

BACKGROUND AND RELATED WORK

Cloud computing can be defined as, “A large-scale distributed computing paradigm that is driven by economies of scale, in which a pool of abstracted, virtualized, dynamicallyscalable, managed computing power, storage, platforms, and services are delivered on demand to external customers over the Internet” [1]. Cloud Computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the datacenters that provide those services. In the cloud, there are following two important characteristics that impose challenges to the development of data protection techniques: • A cloud service can be provided through a chain of service providers. This means the primary provider uses the resources of other providers (the identity to these indirect providers may be unknown to the user). This makes the outsourced files more venerable to attacks and data mining. • Some possible changes to the indirect providers involved in a cloud service need to be considered also. For example: a participating provider may need to transfer its operations together with users’ data to someone else because of the sale of company, a merger, seizure by the government, etc. This means the user’s files may remain on several ‘inactive’ hard drives even after user’s request for deletion or close of account. A. Cloud Storage There are many cloud storage providers including wellknown providers like Microsoft (SkyDrive), Google (Google Drive), Amazon (S3) [17], Dropbox [18] and others. Cloud storage services are very handy as it saves space on portable drive, smartphone or computer; it can sync all user’s files throughout different devices, its cross-platform compatibility and best of all, user can get storage space for free. Sharing big or multiple files is also made easy while it keeps files away from public computers. Some of the providers do offer serverside encryption which can protect information from external hackers, but it can’t be completely relied upon. There is no guarantee that storage providers will not mine through the client’s files to retrieve confidential or personal information. Other issue is that these providers keep multiple copies of files for fault tolerance and client can’t be assured if all copies are completely removed upon deletion request or when user decided to close the account.

B. Data Security Some secure solutions which are compatible with existing public cloud storage services have been proposed. Yun et al. [14] proposed a cryptographic file system that provides privacy and integrity guarantees for outsourced data using a universal hash-based MAC tree. They prototype a system that can interact with an untrusted storage server via a modified file system. In [16], a survey of proposed system to protect outsourced storage via cryptographic techniques is presented. Time-based assured deletion was proposed in [10] and implemented in [11], which was generalized into policy based deletion in the design of FADE by the authors of [9]. In [9], the authors also utilize blinded RSA, attribute-based encryption (ABE) for access control [12], and Shamir’s Secret Sharing [13] to have multiple key managers in order to achieve more reliable key management. Our work is also applicable to mobile storage devices which are theft-prone like USB flash drives, tablets and smart phones, as presented in [15]. III.

SAFE DESIGN

In this section, the design of SAFE is presented. The purpose of SAFE is to achieve policy-based access control and assured deletion. The basic components are shown in Fig.1. SAFE system consists of two main components: 1) SAFE Client. This is an interface application between client’s or user’s storage system and the cloud storage. It communicates with Key server securely (SSL protocol) to request appropriate cryptographic operations. The application performs all required upload, download, encryption and decryption functions. 2) Key Server. This is a multi-threaded server application which provides all needed backend services to SAFE clients. It utilizes SSL socket to communicate with SAFE clients securely. It provides storage for users, policies and corresponding public/private key pair. The services include user’s registration, user’s authentication, policy management, policy’s public/private key generation and maintains, and decryption using private key.

Fig. 1. SAFE system overview

A. Cryptographic Keys SAFE uses three types of cryptographic keys to protect the data files stored on the cloud.

1330 | P a g e www.conference.thesai.org

Science and Information Conference 2015 July 28-30, 2015 | London, UK

1) Data key. A data key is a random secret that is generated by a SAFE client. It is used for encrypting or decrypting data files via symmetric (AES) key encryption. 2) Secret key. Similar to the data key, a secret key is generated by a SAFE client. It is used for encrypting or decrypting the data key via symmetric (AES) key encryption. 3) Policy key. This key is associated with a particular policy. It is represented by a public-private key pair, which is maintained by the key server. It is used to encrypt/decrypt the secret key of the file via RSA. To ensure file deletion (inaccessibility), the corresponding policy can be revoked. Therefore, to successfully decrypt an encrypted file stored on the cloud, the correct combination of data key, secret key and policy key needs to be known; otherwise it will be computationally infeasible to access a SAFE protected file. B. Policy Management The owner of the file needs to select proper policy for the file which needs to be uploaded to the cloud. There are two types of policies: 1) Individual. Each user of the SAFE system is assigned a unique individual policy at the time he/she register with the Key server. 2) Group Policy. Separate policies can be added for a group of users. For example, a department in a company can have a group policy so that the employees of that department can share files on the cloud, if the owner of the file, uploads the file with the group policy assigned to that department. Similarly, there could be group policy for a team project so all members can share files related to the project. The key server administrator is responsible for adding, maintaining and revoking the policies as needed. Each policy corresponds to a public/private key which is generated and maintained by the key server. The owner of the file has the option to select the appropriate policy before uploading any file i.e. individual (no one else can access the file) or group (if he/she is a member of the certain group so that the whole group can access/download the file). Individual policy can be revoked by removing the user and/or the corresponding key pair from the key server. Group policy can be revoked either completely or partially by removing some users from the group. C. Metadata File There is a metadata file associated with each object/file, protected by SAFE. It contains the policy name, encrypted data key and encrypted secret key. It is created and uploaded by the SAFE client, at the time the encrypted data file is uploaded by the owner of the file. During download operation, this file needs to be downloaded by the SAFE client first to check whether the requester is authorized the use the policy which was used to upload the file. Also secret key needs to be decrypted first using key server which in turn will be used to

decrypt the data key. It should be noted that the storage of metadata file on the cloud doesn’t pose any security threat as the keys are encrypted and it is computationally impossible to extract the data and secret keys. D. Key Server Description The key server is an independent, centralized application for user, policy and key management. TABLE I. lists the functions or services provided by the key server. The SAFE client need these services to achieve policy based encrypted file upload, download and decryption. Some services are listed as ‘Admin’ which are required for adding or removing users and policies. Key server maintained three different data structures; for users, policies and user-policy assignments using hash tables. It needs to support multiple clients simultaneously. It is assumed that all the resources (database, file systems) associated with the key server application is internally secured and clients connects to the server via SSL connection. E. SAFE Basic Functions Let F represent the file which needs to be stored securely with access policy P. Each policy corresponds to unique pair of public Ppub and private Pprv keys which is generated and maintained by the key server. Assume that the encryption and decryption function is represented by eK(F) and dK(F) respectively, where K is the key used for encrypting or decrypting the data/file F. Similarly ePpub(S) and dPprv(S) represent the encryption of data S with public key Ppub and decryption with private key Pprv, respectively. Note that the data key is denoted by K and secret key is denoted by S. TABLE I. Service Register

KEY SERVER SERVICES

Description Register a new user with Key Server. A new policy will be created for the user and a corresponding public/private key pair will be generated and stored.

Login

Key server authenticates a registerd user.

Logout

Key server log out a logged in user.

Change Password

User request change of his/her password.

Perform Decryption

SAFE client/user request the public key corresponds to the selected policy during uplaod operation. SAFE client/user request the decryption of secret key during download operation

Get all Policies

User request list of all policies assigned to him/her.

Get Public Key

Add Group Policy Revoke Group Policy Assign policy to a user Remove policy from User Remove User

A new group policy will be added and a corresponding public/private key pair will be generated and stored. (Admin) The group policy will be removed and corresponding key pair will be deleted. (Admin) A user is assgined (added to) a group policy. (Admin) Removes the user from a group. (Admin) Closes the user account and remove the individual policy and corresponnding key pair (Admin)

1331 | P a g e www.conference.thesai.org

Science and Information Conference 2015 July 28-30, 2015 | London, UK

used are third party or built in Java libraries including the following: • javax.swing (for SAFE GUI) • com.amazonaws (for amazon S3 APIs) • com.dropbox (for Dropbox APIs) • org.apache.log4j (for interactive on-screen and file logging) • javax.crypto and javax.Security for crypto-graphical operations like AES/RSA encryption/decryption, Key generation, etc.

Fig. 2. SAFE File Upload

• Many other built-in libraries for File I/O, SSL socket programming. There are also other external Java libraries which are used by Amazon and Dropbox APIs. A Java package edu.kfupm.ccse.safe is created with several Java class files and resources. The Java classes provide all high-level crypto-graphical operations like AES/RSA encryption/decryption, Key generation, etc. apart from high level functions to support SAFE operations like upload and download. The resources include image files and properties file to store cloud provider’s access tokens/API keys. The SAFE client and key server are two independent applications which communicate via SSL protocol.

Fig. 3. SAFE File Download

1) Upload Function The file upload function is shown in Fig. 2. The client first requests the public key Ppub of policy P from the key server. Then the client generates two random keys K and S and perform the encryption eS(K), ePpub(S) and eK(F). Finally, the client sends eK(F) i.e. the encrypted file and P, eS(K) , ePpub(S) (as metadata) to the cloud. The client should discard K and S. There will be two objects on the cloud: One the encrypted client’s file and the other is the corresponding metadata text file containing policy and related keys (encrypted). 2) Download Function Fig. 3 show the file download function. The client fetches the metadata file to get P, eS(K) , ePpub(S) from the storage system. Then the client sends ePpub(S) to the key server for decryption. The key server decrypts using the policy’s private key and returns S = dPprv(ePpub(S)) to the client. The client can now decrypt eS(K) to get K. The client finally fetches the actual encrypted file eK(F) and decrypt with K to get the original file F. The client should immediately discard K and S. 3) Update Policy Function If the file owner wants to change the policy associated with an outsourced encrypted file (e.g. from an individual policy to a group policy), he/she only needs to download the corresponding metadata file and update the last line (secret key encrypted with new policy key) and write back the modified metadata file. There is no need to access the actual encrypted data file. IV.

IMPLEMENTATION

The SAFE is implemented purely in Java based on design framework presented in the previous section. All the libraries

A. Requirements To run the application, user needs all of the above mentioned libraries (available as freeware). User also needs to sign up for Amazon S3 or/and Dropbox cloud storage service (free for some GB of usage). The application is built on Java version 1.7 so JRE version 1.7 is also required to run the application. B. SAFE Client The SAFE client is menu-driven, GUI based application developed using Java Swing framework. It implements the basic file upload/download (including corresponding metadata) to the cloud provider using SAFE design as described in the previous section. The application connects to the key server at initialization through SSL TCP/IP socket connection (need key server’s IP address: port). User need to login to the key server to access all assigned policies and select the appropriate cloud storage provider. The user interface is shown in Fig. 4. The user interface screen is spilt horizontally into left and right panes. The right pane is used for interactive logging for user to see underlying processing/information during application execution. The left pane contains the upload and download tabs. The upload tab shows the client’s file system for user to select the file he/she wants to upload to the cloud. The download tab shows the list of existing objects(files) on the cloud for user to select the object he/she wants to download to his/her local file system. The application will perform all the necessary encryption, decryption, metafile generation and any other related task transparently (with the help of key server). C. Metadata File Here is an example of a metadata file generated after an upload to the cloud:

1332 | P a g e www.conference.thesai.org

Science and Information Conference 2015 July 28-30, 2015 | London, UK SAFE0001 6B6C379A35A8A17CF005F8CE850D0F45A24C86747DB1D83E167A46A DBBF8CF03 4A31EAF4FFC824ADD69D327D551705F2CB164D23AC47D0B85E47D1B CFEBA342F7C886C3292DBDB590348FC900F210D56DEC21E1177A0CF C17138ACB41193AC9DEECCC74D0B72A1599026A3FD1A0BEBA1E08D A716CE7C58BA77BD79E42E1E85033EA1F1A2B785F939F47BE421A9A2 EA82005AFB81B50D628ABDA43AEFC989B788

This metadata file is saved along with the encrypted file on the cloud with extension ‘.safe’. First line is the policy name/Id (P). The second line is the file’s AES key (K) encrypted with the user generated secret AES key (S). The rest is the user generated secret key (S) encrypted with public key for policy P. Notice that K and S are generated every time user need to upload a file and should be discarded by the client. D. File Upload Here is a sample log of file upload.

Reliability: Reliability refers to the ability of a system to withstand crashes, and temporal data and network failures (accidental or voluntary). The SAFE system is designed to handle exceptions and evaluated satisfactorily for reliability. Robustness: The robustness of the system needs to be evaluated, for example, by conducting a thorough vulnerability analysis of the system. This could include man-in-the middle attack, password-guessing, reverse engineering, and privacy inference. This is achieved by using the SSL socket communication between key server and SAFE clients. Scalability: Since cloud itself is scalable, any add on service like SAFE should be scalable. To evaluate this, we need to test the average performance of a developed system (basically key server) by increasing users or clients with different service providers. The scalability is designed into the SAFE system by utilizing the multi-threading in the key server implementation. Multiple copies of key server can also be executed on different machines, to allow some kind of load sharing. Time Efficiency: Time efficiency or performance can be measured by computing the file transfer time, metadata file transfer time and cryptographic operation time. File transfer time is same whether the file is protected with SAFE or just uploaded as raw file. The time of metadata file transfer is fixed and negligible as it is a small fixed size file. The cryptographic operation time is directly dependent on the size of the file. As shown by [9] this time is relatively small when compared with the file transmission time.

2013-05-21 14:22:36 File will be uploaded from: C:\Users\ 2013-05-21 14:22:36 Encrypting... 2013-05-21 14:22:36 Uploading a new object to S3... 2013-05-21 14:22:38 Uploading the corresponding metadata... 2013-05-21 14:22:39 Uploaded file: abc.pdf done.

E. File Download Here is a sample log of file download.

Communication Cost: The SAFE doesn’t add any significant communication cost as the additional meta data file is very small (less than 500 bytes).

2013-05-22 05:51:26 Downloading the object metadata. 2013-05-22 05:51:24 Downloading the object

VI.

2013-05-22 05:51:26 File Name: abc.pdf 2013-05-22 05:51:27 Decrypting... 2013-05-22 05:52:13 File will be saved to: C:\abc.pdf

V.

SYSTEM EVALUATION CRITARIA

In this section, I provide criteria for system empirical evaluation and how SAFE is tested against each of these criterions. These are general guidelines for evaluating any system to validate if it is built according to the general design principles. The client and key server were deployed within the KFUPM network for evaluation. Correctness: First and foremost, the design and implementation need to be 100% correct. This is evaluated by uploading/downloading different types/sizes of files and make sure that original file and the decrypted downloaded files are exactly matched. Security: An integral part of the evaluation is a thorough security and privacy assessment of the SAFE system. The data and keys should be protected against information flow leakage, i.e. access by unauthorized individuals or applications. It was noted earlier that the storage of metadata file on the cloud doesn’t pose any security threat. It is also mentioned that the key server and SAFE clients communicates on SSL.

CONCLUSION

The revolution of cloud computing has provided opportunities for research in all aspects of cloud computing. Research in the secure cloud storage is compounded by the fact that user’s data may be kept at several locations for either redundancy/ fault tolerance or because the service is provided through a chain of service providers. In this work, a simple and practical secure data storage system is designed, implemented and evaluated. The framework is based on the previous work [9]. The design is presented with all required details, which utilizes off-the-self crypto-graphical techniques (like AES and RSA) and provides basic upload/download functions. The system is developed using generic Java objects. Two major providers namely Amazon S3 and Dropbox are implemented as the proof of concept, but the system can be extended to support any cloud storage provider as long as there is an API which supports basic file upload and download operations. ACKNOWLEDGMENT I would like to acknowledge the support provided by the Deanship of Scientific Research at King Fahd University of Petroleum and Minerals (KFUPM).

1333 | P a g e www.conference.thesai.org

Science and Information Conference 2015 July 28-30, 2015 | London, UK [1]

[2] [3]

[4]

[5] [6] [7]

[8] [9]

REFERENCES Foster, I.; Yong Zhao; Raicu, I.; Shiyong Lu, “Cloud Computing and Grid Computing 360-Degree Compared,” Grid Computing Environments Workshop, 2008. GCE '08 , vol., no., pp.1,10, 12-16 Nov. 2008 doi: 10.1109/GCE.2008.4738445 Sudipto Das, “Scalable and Elastic Transactional Data Stores for Cloud Computing Platforms,” PhD dissertation, December 2011. P. T. Jaeger, J. Lin, and J. M., “Grimes. Cloud computing and information policy: Computing in a policy cloud?,” Journal of Information Technology and politics, 5(3), 2009. T. Mather, S. Kumaraswamy, and S. Latif, Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice). O’ Reilly, 2009. R. Gellman, Privacy in the clouds: Risks to privacy and confidentiality from cloud computing. World Privacy Forum, 2009. Cloud Computing: Clash of the clouds. The economist. 2009. B. R. Kandukuri, R. P. V., and A. Rakshit, “Cloud security issues,” In IEEE International Conference on Services Computing (SCC), pages 517–520, 2009. L. M. Kaufman, “Data security in the World of Cloud Computing, “ IEEE Security and Privacy, 7(4):61–64, 2009. Yang Tang; Lee, P.P.C.; Lui, J.C.S.; Perlman, R., “Secure Overlay Cloud Storage with Access Control and Assured Deletion,” Dependable

[10] [11]

[12]

[13] [14]

[15]

[16] [17] [18]

and Secure Computing, IEEE Transactions on , vol.9, no.6, pp.903,916, Nov.-Dec. 2012 doi: 10.1109/TDSC.2012.49 R. Perlman, “File System Design with Assured Delete,” Proc. Network and Distributed System Security Symp. ISOC (NDSS), 2007. R. Geambasu, T. Kohno, A. Levy, and H.M. Levy, “Vanish: Increasing Data Privacy with Self-Destructing Data,” Proc. 18th Conf. USENIX Security Symp, Aug. 2009. V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data,” Proc. 13th ACM Conf. Computer and Comm. Security (CCS), 2006. A. Shamir, “How to Share a Secret, “ Comm. ACM, vol. 22, no. 11, pp. 612-613, Nov. 1979. A. Yun, C. Shi, and Y. Kim, “On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage,” Proc. ACM Workshop Cloud Computing Security (CCSW), Nov. 2009. R. Geambasu, J.P. John, S.D. Gribble, T. Kohno, and H.M. Levy, “Keypad: Auditing File System for Mobile Devices,” Proc. Sixth Conf. Computer Systems (EuroSys), Apr. 2011. S. Kamara and K. Lauter, “Cryptographic Cloud Storage,” Proc. 14th Int’l Conf. Financial Cryptography and Data Security, 2010. Amazon S3, http://aws.amazon.com/s3, 2013 Dropbox, http://www.dropbox.com, 2013

Fig. 4. SAFE User Interface

1334 | P a g e www.conference.thesai.org