Advertisement

The Journal of Supercomputing

, Volume 73, Issue 10, pp 4275–4301 | Cite as

Cross-group secret sharing scheme for secure usage of cloud storage over different providers and regions

  • Hiroaki Anada
  • Junpei Kawamoto
  • Chenyutao Ke
  • Kirill Morozov
  • Kouichi Sakurai
Article
  • 186 Downloads

Abstract

With the spread of the Internet, more and more data are being stored in the cloud. Here the technique of secret sharing can be naturally applied in order to provide both security and availability of the stored data, hereby reducing the risks of data leakage and data loss. The privacy property of secret sharing ensures protection against unauthorized access, while protection against data loss may be attained by distributing shares to the servers located in different regions. However, there is still a problem: If we naively employ the secret sharing technique without regarding to whom the cloud servers belong, a dishonest provider can obtain the secret data by collecting enough shares from its servers. In this scenario, there is a need to distribute shares over cloud services operated by different providers. In this paper, we propose a simple secret sharing technique, a cross-group secret sharing (CGSS), which is suitable for storing the data on cloud storage distributed over different groups—that is, different providers and regions. By combining an \(\ell \)-out-of-m threshold secret sharing scheme with a k-out-of-n threshold secret sharing scheme using a symmetric-key encryption scheme, we construct the CGSS scheme that forces k shares to be collected from \(\ell \) groups. Compared with the previous works, our scheme attains the functionality with reasonable computation. We also formalize the problem of allocating shares over different providers and regions as an optimization problem and show the design principles, which one must follow, when applying our proposal in practical settings. An experiment on real IaaS systems shows effectiveness of our proposed scheme, CGSS.

Keywords

Data protection Privacy Secret sharing Cloud storage 

References

  1. 1.
    AOL Inc (2017) The day amazon s3 storage stood still. https://techcrunch.com/2017/03/01/the-day-amazon-s3-storage-stood-still/
  2. 2.
    Bai L (2006) A strong ramp secret sharing scheme using matrix projection. In: 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM’06), pp 5, 656. doi: 10.1109/WOWMOM.2006.17
  3. 3.
    Beimel A (2011) Secret-sharing schemes: a survey. In: Coding and Cryptology—Third International Workshop, IWCC 2011, Qingdao, China, May 30–June 3, 2011. Proceedings, pp 11–46. doi: 10.1007/978-3-642-20901-7_2
  4. 4.
    Beimel A, Tassa T, Weinreb E (2008) Characterizing ideal weighted threshold secret sharing. SIAM J Discrete Math 22(1):360–397. doi: 10.1137/S0895480104445654 MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Berlekamp ER (2015) Algebraic coding theory, Revised edn. World Scientific Publishing Co., Inc, River EdgeCrossRefzbMATHGoogle Scholar
  6. 6.
    Blakley G (1979) Safeguarding cryptographic keys. In: Proceedings of the 1979 AFIPS National Computer Conference. AFIPS Press, Monval, NJ, USA, pp 313–317Google Scholar
  7. 7.
    Blakley GR, Meadows CA (1984) Security of ramp schemes. In: Advances in Cryptology, Proceedings of CRYPTO ’84, Santa Barbara, California, USA, August 19–22, 1984, Proceedings, pp 242–268. doi: 10.1007/3-540-39568-7_20
  8. 8.
    Computerworld, Inc (2012) Hurricane sandy leaves wounded servers in its wake. http://www.computerworld.com/article/2493139/data-center/hurricane-sandy-leaves-wounded-servers-in-its-wake.html
  9. 9.
    Enterprise Tech (2015) Data leaks seen driving cloud storage. http://www.enterprisetech.com/2015/06/08/data-leaks-seen-driving-cloud-storage/
  10. 10.
    Feldman P (1987) A practical scheme for non-interactive verifiable secret sharing. In: Proceedings of the 28th Annual Symposium on foundations of Computer Science. IEEE Computer Society, Washington, DC, USA, SFCS ’87, pp 427–438. doi: 10.1109/SFCS.1987.4
  11. 11.
    Goldreich O (2004) The foundations of cryptography, vol 2, basic applications. Cambridge University Press, CambridgeCrossRefzbMATHGoogle Scholar
  12. 12.
    Herzberg A, Jarecki S, Krawczyk H, Yung M (1995) Proactive secret sharing or: how to cope with perpetual leakage. In: Advances in Cryptology—CRYPTO ’95, 15th Annual International Cryptology Conference, Santa Barbara, California, USA, August 27–31, 1995, Proceedings, pp 339–352. doi: 10.1007/3-540-44750-4_27
  13. 13.
    Hitachi Solutions America, Ltd (2014) Google drive, dropbox, box and icloud reach the top 5 cloud storage security breaches list. https://psg.hitachi-solutions.com/credeon/blog/google-drive-dropbox-box-and-icloud-reach-the-top-5-cloud-storage-security-breaches-list
  14. 14.
    Ito M, Saito A, Nishizeki T (1989) Secret sharing scheme realizing general access structure. Electron Commun Jpn (Part III Fundam Electron Sci) 72(9):56–64. doi: 10.1002/ecjc.4430720906 MathSciNetCrossRefGoogle Scholar
  15. 15.
    Iwamoto M, Yamamoto H (2006) Strongly secure ramp secret sharing schemes for general access structures. Inf Process Lett 97(2):52–57. doi: 10.1016/j.ipl.2005.09.012 MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Ke C, Anada H, Kawamoto J, Morozov K, Sakurai K (2016) Cross-group secret sharing for secure cloud storage service. In: Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication, IMCOM 2016, Danang, Vietnam, January 4–6, 2016, pp 63:1–63:8. doi: 10.1145/2857546.2857610
  17. 17.
    Krawczyk H (1993) Secret sharing made short. In: Advances in Cryptology—CRYPTO ’93, 13th Annual International Cryptology Conference, Santa Barbara, California, USA, August 22–26, 1993, Proceedings, pp 136–146. doi: 10.1007/3-540-48329-2_12
  18. 18.
    Kurosawa K, Obana S, Ogata W (1995) t-cheater identifiable (k, n) threshold secret sharing schemes. In: Advances in Cryptology—CRYPTO ’95, 15th Annual International Cryptology Conference, Santa Barbara, California, USA, August 27–31, 1995, Proceedings, pp 410–423. doi: 10.1007/3-540-44750-4_33
  19. 19.
    Lin H, Harn L (1991) A generalized secret sharing scheme with cheater detection. In: Advances in Cryptology—ASIACRYPT ’91, International Conference on the Theory and Applications of Cryptology, Fujiyoshida, Japan, November 11–14, 1991, Proceedings, pp 149–158. doi: 10.1007/3-540-57332-1_12
  20. 20.
    Maeda A, Miyaji A, Tada M (2001) Efficient and unconditionally secure verifiable threshold changeable scheme. In: Information Security and Privacy, 6th Australasian Conference, ACISP 2001, Sydney, Australia, July 11–13, 2001, Proceedings, pp 403–416. doi: 10.1007/3-540-47719-5_32
  21. 21.
    Martin KM, Pieprzyk J, Safavi-Naini R, Wang H (1999) Changing thresholds in the absence of secure channels. In: Information Security and Privacy, 4th Australasian Conference, ACISP’99, Wollongong, NSW, Australia, April 7–9, 1999, Proceedings, pp 177–191. doi: 10.1007/3-540-48970-3_15
  22. 22.
    NTT Corp (2015) The world’s first high-speed secret sharing engine for openstack swift. http://www.ntt.co.jp/news2015/1505e/150518a.html
  23. 23.
    Patterson DA, Gibson G, Katz RH (1988) A case for redundant arrays of inexpensive disks (raid). In: Proceedings of the 1988 ACM SIGMOD International Conference on Management of Data, ACM, New York, NY, USA, SIGMOD ’88, pp 109–116. doi: 10.1145/50202.50214
  24. 24.
    Pedersen TP (1991) Non-interactive and information-theoretic secure verifiable secret sharing. In: Advances in Cryptology—CRYPTO ’91, 11th Annual International Cryptology Conference, Santa Barbara, California, USA, August 11–15, 1991, Proceedings, pp 129–140. doi: 10.1007/3-540-46766-1_9
  25. 25.
    Rabin MO (1989) Efficient dispersal of information for security, load balancing, and fault tolerance. J ACM 36(2):335–348. doi: 10.1145/62044.62050 MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Rogaway P, Bellare M (2007) Robust computational secret sharing and a unified account of classical secret-sharing goals. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, ACM, New York, NY, USA, CCS ’07, pp 172–184. doi: 10.1145/1315245.1315268
  27. 27.
    Schoenmakers B (1999) A simple publicly verifiable secret sharing scheme and its application to electronic voting. In: Advances in Cryptology—CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 1999, Proceedings, pp 148–164. doi: 10.1007/3-540-48405-1_10
  28. 28.
    Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613. doi: 10.1145/359168.359176 MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
  30. 30.
    Shoup V (2006) A computational introduction to number theory and algebra. Cambridge University Press, CambridgezbMATHGoogle Scholar
  31. 31.
    Smith G, Boreli R, Kâafar MA (2013) A layered secret sharing scheme for automated profile sharing in OSN groups. In: Mobile and Ubiquitous Systems: Computing, Networking, and Services—10th International Conference, MOBIQUITOUS 2013, Tokyo, Japan, December 2–4, 2013, Revised Selected Papers, pp 487–499. doi: 10.1007/978-3-319-11569-6_38
  32. 32.
    Tompa M, Woll H (1988) How to share a secret with cheaters. J Cryptol 1(2):133–138. doi: 10.1007/BF02252871 MathSciNetzbMATHGoogle Scholar
  33. 33.
    Wikipedia, the free encyclopedia (2015) Amazon web services. https://en.wikipedia.org/wiki/Amazon_Web_Services
  34. 34.
    Zhang Z, Chee YM, Ling S, Liu M, Wang H (2012) Threshold changeable secret sharing schemes revisited. Theor Comput Sci 418:106–115. doi: 10.1016/j.tcs.2011.09.027 MathSciNetCrossRefzbMATHGoogle Scholar
  35. 35.
    Zhou L, Schneider FB, van Renesse R (2005) APSS: proactive secret sharing in asynchronous systems. ACM Trans Inf Syst Secur 8(3):259–286. doi: 10.1145/1085126.1085127 CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  1. 1.Department of Information SecurityUniversity of NagasakiNagasakiJapan
  2. 2.Department of InformaticsKyushu UniversityFukuokaJapan
  3. 3.Graduate School of Information Science and Electrical EngineeringKyushu UniversityFukuokaJapan
  4. 4.School of ComputingTokyo Institute of TechnologyTokyoJapan
  5. 5.Information Security LaboratoryInstitute of Systems, Information Technologies and NanotechnologiesFukuokaJapan

Personalised recommendations