s eminar a self destructing data system based on active storage framework onon p resented by s...
TRANSCRIPT
SEMINAR
A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE
FRAMEWORK
ON
PRESENTED BYSHANKAR GADHVE
GUIDED BYPROF.PRAFUL
PARDHI
INTRODUCTION
Cloud computing is a way of computing via the internet that shares computer resources instead of using software or storage on a local computer.
Cloud services are becoming more and more important for people’s life
People are more or less requested to submit or post some personal private information to the cloud by the internet
As people rely more and more on the internet and cloud technology, security of their privacy takes more and more risks.
System or network must cache ,copy or archive it.
People have no knowledge about these copies and can not control them, so these copies may leak their privacy.
Data privacy also can be leaked via cloud service provider, hackers intrusion or some legal action
VANISH SYSTEM
Sharing and protecting privacy.
Secret key is divided and stored in a P2P system with distributed hash table(DHTs).
System can maintain secret key.
After 8 hours the DHT will refresh every node.
Shamir secret sharing algorithm. How long the key can survive is also one of the disadvantages for vanish.
SEDAS
Based on active storage framework
Defines two new modules Self destruct method object that is associated with
each secret key part . Survival time parameter for each secret key part
User can use this system as a general object storage
Focuses on related key distribution algorithm, Shamir’s algorithm
To implement a safety destruct with equal divided key.
We use an object based storage interface to store and manage the equally divided key.
Functionality and security properties .The result demonstrate that SEDAS is practical to use and meets all the privacy preserving goals
SEDAS supports security erasing files and random encryption keys stored in a hard disk drive .
KEY POINT ON SEDAS
DATA SELF DESTRUCT
The self destructing data system in the cloud environment should meet some requirements How to destruct all the copies of the data
simultaneously
No explicit delete actions by the user or any third party storing that data.
No need to modify any of the stored or archived copies of that data
No use of secure hardware but support to complete erase data in HDD
SEDAS ARCHITECTURE
ACTIVE STORAGE OBJECT
An active storage object derives from a user object and has a time-to-live (ttl) value property.
The ttl value is used to trigger the self destruct operation.
The ttl value of an active storage object is limited
Active storage object class are used to manage ttl value
SELF DESTRUCT METHOD OBJECT
A self destruct method object is a service method
It needs three arguments
The lun arguments specifies the device.
The pid arguments specifies the partition
Object id arguments specifies the object to be destructed
DATA PROCESS
To use the SEDAS system user’s application should implement logic of data process and act as a client node.
Two different logics
Uploading
Downloading
UPLOADING FILE PROCESS
User upload file in storage system and store key in SEDAS system.
Specify the file, the key and ttl as arguments for the uploading procedure.
Assume data and key read from the file.
Key shares generated by Shamir secret sharing algorithm will be used to create active storage object in storage node in the SEDAS system .
DOWNLOADING FILE PROCESS
Any user can download data stored in the data storage system
Data must be decrypted before use
The whole logic is implemented in code of user’s application
DATA SECURITY ERASING IN DISK
The system pre-specifies a directory in a special area to store sensitive files.
Monitor the file allocation table and acquire and maintain a list of all sensitive documents, the logical block address
LBA list of sensitive documents appear to increase or decrease the update is sent to the OSD
OSD internal synchronization maintains the list of LBA, the LBA data in the list updates.
CONCLUSION
This introduced a new approach for protecting data privacy from attackers who retroactively obtain through legal or other means.
SEDAS causes sensitive information .
A proof of concept prototype based on object based storage techniques.
REFRENCES R. Geambasu , T. Kohno , A. Levy and H. M. Levy "Vanish: Increasing
data privacy with self-destructing data", Proc. USENIX Security Symp., pp.299 -315 2009
A. Shamir "How to share a secret", Commun. ACM, vol. 22, no. 11, pp.612 -613 1979
S. Wolchok , O. S. Hofmann , N. Heninger , E. W. Felten , J. A. Halderman , C. J. Rossbach , B. Waters and E. Witchel "Defeating vanish with low-cost sybil attacks against large DHEs", Proc. Network and Distributed System Security Symp., 2010
L. Zeng , Z. Shi , S. Xu and D. Feng "Safevanish: An improved data self-destruction for protecting data privacy", Proc. Second Int. Conf. Cloud Computing Technology and Science (CloudCom), pp.521 -528 2010
L. Qin and D. Feng "Active storage framework for object-based storage device", Proc. IEEE 20th Int. Conf. Advanced Information Networking and Applications (AINA), 2006
Y. Zhang and D. Feng "An active storage system for high performance computing", Proc. 22nd Int. Conf. Advanced Information Networking and Applications (AINA), pp.644 -651 2008
THANK YOU