SEMINAR

A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE

FRAMEWORK

ON

PRESENTED BYSHANKAR GADHVE

GUIDED BYPROF.PRAFUL

PARDHI

INTRODUCTION

Cloud computing is a way of computing via the internet that shares computer resources instead of using software or storage on a local computer.

Cloud services are becoming more and more important for people’s life

People are more or less requested to submit or post some personal private information to the cloud by the internet

As people rely more and more on the internet and cloud technology, security of their privacy takes more and more risks.

System or network must cache ,copy or archive it.

People have no knowledge about these copies and can not control them, so these copies may leak their privacy.

Data privacy also can be leaked via cloud service provider, hackers intrusion or some legal action

VANISH SYSTEM

Sharing and protecting privacy.

Secret key is divided and stored in a P2P system with distributed hash table(DHTs).

System can maintain secret key.

After 8 hours the DHT will refresh every node.

Shamir secret sharing algorithm. How long the key can survive is also one of the disadvantages for vanish.

SEDAS

Based on active storage framework

Defines two new modules Self destruct method object that is associated with

each secret key part . Survival time parameter for each secret key part

User can use this system as a general object storage

Focuses on related key distribution algorithm, Shamir’s algorithm

To implement a safety destruct with equal divided key.

We use an object based storage interface to store and manage the equally divided key.

Functionality and security properties .The result demonstrate that SEDAS is practical to use and meets all the privacy preserving goals

SEDAS supports security erasing files and random encryption keys stored in a hard disk drive .

KEY POINT ON SEDAS

DATA SELF DESTRUCT

The self destructing data system in the cloud environment should meet some requirements How to destruct all the copies of the data

simultaneously

No explicit delete actions by the user or any third party storing that data.

No need to modify any of the stored or archived copies of that data

No use of secure hardware but support to complete erase data in HDD

SEDAS ARCHITECTURE

ACTIVE STORAGE OBJECT

An active storage object derives from a user object and has a time-to-live (ttl) value property.

The ttl value is used to trigger the self destruct operation.

The ttl value of an active storage object is limited

Active storage object class are used to manage ttl value

SELF DESTRUCT METHOD OBJECT

A self destruct method object is a service method

It needs three arguments

The lun arguments specifies the device.

The pid arguments specifies the partition

Object id arguments specifies the object to be destructed

DATA PROCESS

To use the SEDAS system user’s application should implement logic of data process and act as a client node.

Two different logics

Uploading

Downloading

UPLOADING FILE PROCESS

User upload file in storage system and store key in SEDAS system.

Specify the file, the key and ttl as arguments for the uploading procedure.

Assume data and key read from the file.

Key shares generated by Shamir secret sharing algorithm will be used to create active storage object in storage node in the SEDAS system .

DOWNLOADING FILE PROCESS

Any user can download data stored in the data storage system

Data must be decrypted before use

The whole logic is implemented in code of user’s application

DATA SECURITY ERASING IN DISK

The system pre-specifies a directory in a special area to store sensitive files.

Monitor the file allocation table and acquire and maintain a list of all sensitive documents, the logical block address

LBA list of sensitive documents appear to increase or decrease the update is sent to the OSD

OSD internal synchronization maintains the list of LBA, the LBA data in the list updates.

CONCLUSION

This introduced a new approach for protecting data privacy from attackers who retroactively obtain through legal or other means.

SEDAS causes sensitive information .

A proof of concept prototype based on object based storage techniques.

REFRENCES R. Geambasu , T. Kohno , A. Levy and H. M. Levy  "Vanish: Increasing

data privacy with self-destructing data",  Proc. USENIX Security Symp.,  pp.299 -315 2009 

A. Shamir  "How to share a secret",  Commun. ACM,  vol. 22,  no. 11,  pp.612 -613 1979 

S. Wolchok , O. S. Hofmann , N. Heninger , E. W. Felten , J. A. Halderman , C. J. Rossbach , B. Waters and E. Witchel  "Defeating vanish with low-cost sybil attacks against large DHEs",  Proc. Network and Distributed System Security Symp.,  2010 

L. Zeng , Z. Shi , S. Xu and D. Feng  "Safevanish: An improved data self-destruction for protecting data privacy",  Proc. Second Int. Conf. Cloud Computing Technology and Science (CloudCom),  pp.521 -528 2010 

L. Qin and D. Feng  "Active storage framework for object-based storage device",  Proc. IEEE 20th Int. Conf. Advanced Information Networking and Applications (AINA),  2006 

Y. Zhang and D. Feng  "An active storage system for high performance computing",  Proc. 22nd Int. Conf. Advanced Information Networking and Applications (AINA),  pp.644 -651 2008 

THANK YOU