The low costs and high reliability guarantees associated with cloud storage led many organizations to offload their data to the cloud. Yet, this raises new challenges to manage access control and data confidentiality. Cloud service providers can be classified as centralized (managed by a single entity) and decentralized (peer-to-peer solutions). Both these scenarios have security and privacy issues. One example is how to prevent the service provider from accessing the data while being able to easily manage access regulation, such as revoking access privileges from some specific users. The first part of this doctoral thesis analyzes the centralized scenario. In this setting, the provider complies with users' requests, but it might access unprotected data. A possible defense is to encrypt the data; but, standard encryption modes would introduce relevant overheads when performing access revocation. We present an approach that relies on a resource transformation that provides strong mutual inter-dependency in its encrypted representation. To revoke access to a resource, it is then sufficient to update a small portion of it. The second part studies how these guarantees can be extended to the decentralized cloud-storage environments, where data is offloaded in a peer-to-peer network, in which nodes might be dishonest and try to disobey users' deletion and access revocation requests to maximize their revenue. We propose a solution that addresses both availability and security guarantees and enables resource owners to tune these settings to their needs. When dealing with decentralized networks, an important aspect is how to detect misbehaving nodes. To address this problem, in the third part of this thesis, we detail a novel way of deploying self-releasing time-locked secrets. This technique can be used to implement delegated challenge-response protocols that, in turn, can guarantee data confidentiality and retrievability properties in fully decentralized systems.

(2021). Protecting Resources and Regulating Access in Centralized and Decentralized Cloud Systems . Retrieved from http://hdl.handle.net/10446/200094

Protecting Resources and Regulating Access in Centralized and Decentralized Cloud Systems

Bacis, Enrico
2021

Abstract

The low costs and high reliability guarantees associated with cloud storage led many organizations to offload their data to the cloud. Yet, this raises new challenges to manage access control and data confidentiality. Cloud service providers can be classified as centralized (managed by a single entity) and decentralized (peer-to-peer solutions). Both these scenarios have security and privacy issues. One example is how to prevent the service provider from accessing the data while being able to easily manage access regulation, such as revoking access privileges from some specific users. The first part of this doctoral thesis analyzes the centralized scenario. In this setting, the provider complies with users' requests, but it might access unprotected data. A possible defense is to encrypt the data; but, standard encryption modes would introduce relevant overheads when performing access revocation. We present an approach that relies on a resource transformation that provides strong mutual inter-dependency in its encrypted representation. To revoke access to a resource, it is then sufficient to update a small portion of it. The second part studies how these guarantees can be extended to the decentralized cloud-storage environments, where data is offloaded in a peer-to-peer network, in which nodes might be dishonest and try to disobey users' deletion and access revocation requests to maximize their revenue. We propose a solution that addresses both availability and security guarantees and enables resource owners to tune these settings to their needs. When dealing with decentralized networks, an important aspect is how to detect misbehaving nodes. To address this problem, in the third part of this thesis, we detail a novel way of deploying self-releasing time-locked secrets. This technique can be used to implement delegated challenge-response protocols that, in turn, can guarantee data confidentiality and retrievability properties in fully decentralized systems.
File allegato/i alla scheda:
File Dimensione del file Formato  
CollanaSAFD_Volume28_2021.pdf

accesso aperto

Versione: publisher's version - versione editoriale
Licenza: Creative commons
Dimensione del file 2.38 MB
Formato Adobe PDF
2.38 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/200094
Citazioni
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact