D4.3 Efficient Sharing-Based Storage Protocols for Mixed Adversaries

Contributing Partners


Executive Summary

Efficient and secure cloud-storage solutions are of increasing importance in real-world ITsecurity applications and a vibrant field of research. In that sense, PRISMACLOUD tries to address confidentiality, integrity, and high availability of distributed data in the cloudcomputing context. In particular, the secure outsourcing of data and also sharing this data with others is of significant interest. In Deliverable D4.1 [BDH+16], we consider the problem of the secure outsourcing of data, give a state-of-the-art overview, and identify the research gaps. Deliverable D4.2 [ST17] documents the work on closing these gaps identified in D4.1 while this deliverable is an iteration of D4.2 and deals with efficient sharing-based storage protocols for mixed adversaries. All in all, we present two results in the above mentioned research field:
*As a first result, we propose an innovative evidence-based trust mechanism that deals with selfish cloud providers. More precisely, the storage of the data relies on the trustworthiness of the storage servers owned by multiple cloud provider. That is, more information is stored to the more trustworthy storage servers, and thus, the more a cloud provider is trustworthy the higher the income. Therefore, selfish cloud providers can blame competitor cloud providers in order to maximize the income. Our trust mechanism mitigates this problem and allows for a more accurate distribution of the data across the storage server. This result was publish in [TCN+17].
*As a second result, we propose Evolution-Based Proxy Re-Encryption (e-PRE) as an enhancement of proxy re-encryption (PRE). One particular application of e-PRE is a cryptographically enforced access control mechanism with dynamic revocation that can immediately be integrated into PRISMACLOUD on top of the secret-sharingbased approach. As one main contribution, we leverage the well-established security definitions of PRE to stronger notions. Besides the application of dynamic revocation, we note that we also derive the first forward-secure PRE scheme. (However, in this deliverable, we focus on e-PRE and discuss solely the revocation scenario.) A technical report is available [DKL+17].