D5.1 Design of distributed storage systems without single-point-of- failure
AIT, TUDA, TUGRAZ,
Cloud computing is a major trend in the IT world and brings completely new delivery models for computing and storage resources to customers. The shift from locally hosted and specifically tailored IT systems to externally hosted and maintained IT is currently transforming the landscape for both end users as well as business customers. Cloud computing can dramatically reduce capital expenditure and also operational costs if standard products from cloud service providers can be used. Among the whole range of cloud offerings, cloud storage is one of the most basic and fundamental one in the infrastructure domain.
However, the cloud usage also introduces many new security risks which need to be considered when outsourcing certain task and associated data. Data breach and data loss are among the most prevailing risks for cloud adoption in the business domain and no satisfactory solutions exist to mitigate these, not even for the most basic functionality like remote data storage and sharing. Especially sharing data in dynamic groups for collaboration is very challenging from a cryptographic perspective and introduces many interesting research questions which need to be solved in order to establish end-to-end security, the ultimate goal for cloud usage.
The goal of PRISMACLOUD is to overcome the shortcomings for storage services and design a distributed storage network which can prevent from data breach and data loss at the same time and further protect the user from lock-in situations. The solution should help to protect data
at rest for condentiality, integrity and availability with strong guarantees and in a convincing manner. Even the provider itself should have no access to plain customer data without their consent. In this report we present the rst draft of an architecture called ARCHISTAR which will be developed further and implemented throughout Prismacloud. The components of the architecture are described and potential technologies for realisation have been identied.
Furthermore, this report reviews the state of the art of core technologies relevant for the realisation of the storage network which shall better protect the privacy of the data and the user than existing solutions. In particular we review protocols for fault tolerant concurrent access in
distributed systems. They will build the base layer of ARCHISTAR and augmented with secret sharing protocols developed in WP4 to provide condentiality together with robustness. Private information retrieval, oblivious transfer and oblivious RAM are reviewed for the purpose of integration of user privacy methods. Additional functionalities expected from a cloud storage system are remote data checking and server based search on encrypted data. We review the state-of-the art of both and also give an overview about existing proposals for more dynamic
congurations and associated management of trust levels.
In summary, we describe a first draft of an architecture and review important building blocks to design a secure distributed storage system based on secret sharing, which supports collaboration among dynamic user groups while protecting their privacy as good as possible. A storage network in the spirit of Prismacloud establishes a trustworthy, secure and reliable virtual storage service by combining less trusted and error prone cloud services, i.e., it delivers a top level service which is more than the sum of its parts.