The low costs and high reliability guarantees associated with cloud storage led many organizations to offload their data to the cloud. Yet, this raises new challenges to manage access control and data confidentiality. Cloud service providers can be classified as centralized (managed by a single entity) and decentralized (peer-to-peer solutions). Both these scenarios have security and privacy issues. One example is how to prevent the service provider from accessing the data while being able to easily manage access regulation, such as revoking access privileges from some specific users. The first part of this doctoral thesis analyzes the centralized scenario. In this setting, the provider complies with users' requests, but it might access unprotected data. A possible defense is to encrypt the data; but, standard encryption modes would introduce relevant overheads when performing access revocation. We present an approach that relies on a resource transformation that provides strong mutual inter-dependency in its encrypted representation. To revoke access to a resource, it is then sufficient to update a small portion of it. The second part studies how these guarantees can be extended to the decentralized cloud-storage environments, where data is offloaded in a peer-to-peer network, in which nodes might be dishonest and try to disobey users' deletion and access revocation requests to maximize their revenue. We propose a solution that addresses both availability and security guarantees and enables resource owners to tune these settings to their needs. When dealing with decentralized networks, an important aspect is how to detect misbehaving nodes. To address this problem, in the third part of this thesis, we detail a novel way of deploying self-releasing time-locked secrets. This technique can be used to implement delegated challenge-response protocols that, in turn, can guarantee data confidentiality and retrievability properties in fully decentralized systems.
(2021). Protecting Resources and Regulating Access in Centralized and Decentralized Cloud Systems . Retrieved from http://hdl.handle.net/10446/200094
Protecting Resources and Regulating Access in Centralized and Decentralized Cloud Systems
Bacis, Enrico
2021-01-01
Abstract
The low costs and high reliability guarantees associated with cloud storage led many organizations to offload their data to the cloud. Yet, this raises new challenges to manage access control and data confidentiality. Cloud service providers can be classified as centralized (managed by a single entity) and decentralized (peer-to-peer solutions). Both these scenarios have security and privacy issues. One example is how to prevent the service provider from accessing the data while being able to easily manage access regulation, such as revoking access privileges from some specific users. The first part of this doctoral thesis analyzes the centralized scenario. In this setting, the provider complies with users' requests, but it might access unprotected data. A possible defense is to encrypt the data; but, standard encryption modes would introduce relevant overheads when performing access revocation. We present an approach that relies on a resource transformation that provides strong mutual inter-dependency in its encrypted representation. To revoke access to a resource, it is then sufficient to update a small portion of it. The second part studies how these guarantees can be extended to the decentralized cloud-storage environments, where data is offloaded in a peer-to-peer network, in which nodes might be dishonest and try to disobey users' deletion and access revocation requests to maximize their revenue. We propose a solution that addresses both availability and security guarantees and enables resource owners to tune these settings to their needs. When dealing with decentralized networks, an important aspect is how to detect misbehaving nodes. To address this problem, in the third part of this thesis, we detail a novel way of deploying self-releasing time-locked secrets. This technique can be used to implement delegated challenge-response protocols that, in turn, can guarantee data confidentiality and retrievability properties in fully decentralized systems.| File | Dimensione del file | Formato | |
|---|---|---|---|
|
CollanaSAFD_Volume28_2021.pdf
accesso aperto
Versione:
publisher's version - versione editoriale
Licenza:
Creative commons
Dimensione del file
2.38 MB
Formato
Adobe PDF
|
2.38 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo
