Abstract
The prevalence of mobile devices and their capability to access high speed Internet has transformed them into a portable pocket cloud interface. In order to protect user’s privacy, the European Union Data Protection regulations restricts the transfer of European users’ personal data within the geographical boundaries of the European Union itself. The matter of concern, however, is the enforcement of such regulations. Since cloud service provision is independent of physical location and data can travel to various servers, it is a challenging task to determine the location of data and enforce jurisdiction policies. In this paper we introduce a framework, named DLoc, which enables the end-users to track the location of their data after being transferred to the cloud. DLoc does not require a network of monitoring servers (landmarks) and does not need to reside and run within the target server. It uses a proof of data possession technique to guarantee that the cloud storage service possess the particular file and estimates its location(s) in a distributed manner without requiring the collaboration of the data controller or cloud provider. Empirical evaluations demonstrate that DLoc provides a better accuracy than its rival approaches in real world scenarios.
This is a preview of subscription content, log in via an institution to check access.
References
Abdou, A., Matrawy, A., van Oorschot, P.C.: Accurate manipulation of delay-based internet geolocation. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 887–898. ACM (2017)
Albeshri, A., Boyd, C., Nieto, J.G.: Geoproof: proofs of geographic location for cloud computing environment. In: 2012 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW), pp. 506–514 (2012)
Ciavarrini, G., Luconi, V., Vecchio, A.: Smartphone-based geolocation of internet hosts. Comput. Netw. 116, 22–32 (2017)
Eskandari, M., De Oliveira, A.S., Crispo, B.: VLoc: an approach to verify the physical location of a virtual machine in cloud. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 86–94. IEEE (2014)
Gondree, M., Peterson, Z.N.J.: Geolocation of data in the cloud. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, CODASPY 2013, pp. 25–36. ACM, New York (2013)
Gueye, B., Ziviani, A., Crovella, M., Fdida, S.: Constraint-based geolocation of internet hosts. IEEE/ACM Trans. Netw. 14(6), 1219–1232 (2006)
Hastie, T., Friedman, J., Tibshirani, R.: Model assessment and selection. In: Hastie, T., Friedman, J., Tibshirani, R. (eds.) The Elements of Statistical Learning, pp. 219–259. Springer, New York (2009). doi:10.1007/978-0-387-21606-5_7
Jaiswal, C., Kumar, V.: IGOD: identification of geolocation of cloud datacenters. In: 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops), pp. 665–672. IEEE (2015)
Krauß, C., Fusenig, V.: Using trusted platform modules for location assurance in cloud networking. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 109–121. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38631-2_9
Padmanabhan, V.N., Subramanian, L.: An investigation of geographic mapping techniques for internet hosts. In: ACM SIGCOMM Computer Communication Review, vol. 31, pp. 173–185. ACM (2001)
Paladi, N., Michalas, A.: One of our hosts in another country: challenges of data geolocation in cloud storage. In: 2014 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace and Electronic Systems (VITAE), pp. 1–6. IEEE (2014)
European Parliament and of the Council: General data protection regulation (2016). Final Version. http://data.europa.eu/eli/reg/2016/679/oj. Accessed 27 Apr 2016
Wang, Y., Burgener, D., Flores, M., Kuzmanovic, A., Huang, C.: Towards street-level client-independent IP geolocation. NSDI 11, 27–27 (2011)
Watson, G.J., Safavi-Naini, R., Alimomeni, M., Locasto, M.E., Narayan, S.: Lost: location based storage. In: Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop, pp. 59–70. ACM (2012)
Wikipedia: Trilateration (2014)
Wikipedia: Geographic coordinate system (2016). https://en.wikipedia.org/wiki/Geographic_coordinate_system
Wikipedia: Triangle (2016). https://en.wikipedia.org/wiki/Triangle
Wikipedia: Triangulation (2016). https://en.wikipedia.org/wiki/Triangulation
Acknowledgment
This project was partially funded by the European Union’s under grant 317387 SECENTIS (FP7-PEOPLE-2012-ITN) and Horizon 2020 research and innovation programme under grant agreement No. 688797.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Eskandari, M., Crispo, B., de Oliveira, A.S. (2017). DLoc: Distributed Auditing for Data Location Compliance in Cloud. In: Garcia-Alfaro, J., Navarro-Arribas, G., Hartenstein, H., Herrera-Joancomartí, J. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2017 2017. Lecture Notes in Computer Science(), vol 10436. Springer, Cham. https://doi.org/10.1007/978-3-319-67816-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-67816-0_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67815-3
Online ISBN: 978-3-319-67816-0
eBook Packages: Computer ScienceComputer Science (R0)