Advertisement

(More) Side Channels in Cloud Storage

Linking Data to Users
  • Tobias Pulls
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 375)

Abstract

Public cloud storage services are gaining in popularity and several commercial actors are offering their services for users, however, not always with the security and privacy of their users as the primary design goal. This paper investigates side channels in public cloud storage services that allow the service provider, and in some cases users of the same service, to learn who has stored a given file and to profile users’ usage of the service. These side channels are present in several public cloud storage services that are marketed as secure and privacy-friendly. Our conclusions are that cross-user deduplication should be disabled by default and that public cloud storage services need to be designed to provide unlinkability of users and data, even if the data is encrypted by users before storing it in the cloud.

Keywords

Service Provider Cloud Computing Storage Location Side Channel Cloud Storage 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Berthold, S., Böhme, R., Köpsell, S.: Data Retention and Anonymity Services. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) The Future of Identity. IFIP AICT, vol. 298, pp. 92–106. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Camenisch, J.L., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Chen, Y., Paxson, V., Katz, R.H.: What’s new about cloud computing security? Tech. Rep. UCB/EECS-2010-5, EECS Department, University of California, Berkeley (January 2010), http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html
  4. 4.
    Clarke, I., Miller, S.G., Hong, T.W., Sandberg, O., Wiley, B.: Protecting free expression online with freenet. IEEE Internet Computing 6(1), 40–49 (2002)CrossRefGoogle Scholar
  5. 5.
    Danezis, G., Clayton, R.: Introducing traffic analysis. In: Attacks, Defences and Public Policy Issues. CRC Press (2007)Google Scholar
  6. 6.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  7. 7.
    Douceur, J.R., Adya, A., Bolosky, W.J., Simon, D., Theimer, M.: Reclaiming space from duplicate files in a serverless distributed file system. In: ICDCS 2002: Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS 2002), p. 617. IEEE Computer Society, Washington, DC, USA (2002)Google Scholar
  8. 8.
    Dropbox: Dropbox - simplify your life, https://www.dropbox.com/ (accessed May 17, 2011)
  9. 9.
    EUR-Lex - Access to European Union law: 32006l0024 - en (2012), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:NOT (accessed February 20, 2012)
  10. 10.
    Grolimund, D., Meisser, L., Schmid, S., Wattenhofer, R.: Cryptree: A folder tree structure for cryptographic file systems. In: Symposium on Reliable Distributed Systems, pp. 189–198 (2006)Google Scholar
  11. 11.
    Harnik, D., Pinkas, B., Shulman-Peleg, A.: Side channels in cloud services: Deduplication in cloud storage. IEEE Security & Privacy 8(6), 40–47 (2010)CrossRefGoogle Scholar
  12. 12.
    Kamara, S., Lauter, K.: Cryptographic Cloud Storage. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) FC 2010 Workshops. LNCS, vol. 6054, pp. 136–149. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Kamara, S., Papamanthou, C., Roeder, T.: CS2: A semantic cryptographic cloud storage system. Tech. Rep. MSR-TR-2011-58, Microsoft Technical Report (May 2011), http://research.microsoft.com/apps/pubs/
  14. 14.
    Le-Blond, S., Chao, Z., Legout, A., Ross, K.W., Dabbous, W.: I know where you are and what you are sharing: Exploiting P2P communications to invade users’ privacy. CoRR abs/1109.4039 (2011)Google Scholar
  15. 15.
    Le-Blond, S., Legout, A., Fessant, F.L., Dabbous, W., Kâafar, M.A.: Spying the world from your laptop – identifying and profiling content providers and big downloaders in bittorrent. CoRR abs/1004.0930 (2010)Google Scholar
  16. 16.
    Mell, P., Grance, T.: The NIST definition of cloud computing, http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
  17. 17.
    Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2009), http://www.bitcoin.org/sites/default/files/bitcoin.pdf
  18. 18.
    Paysafecard: Discover the prepaid solution for the internet : paysafecard.com, http://www.paysafecard.com (accessed November 20, 2011)
  19. 19.
    Slamanig, D.: Efficient Schemes for Anonymous Yet Authorized and Bounded Use of Cloud Resources. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 73–91. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  20. 20.
    Soghoian, C.: Caught in the cloud: Privacy, encryption, and government back doors in the Web 2.0 era. Journal on Telecommunications and High Technology Law 8(2), 359–424 (2010), http://www.jthtl.org/content/articles/V8I2/JTHTLv8i2_Soghoian.PDF Google Scholar
  21. 21.
    SpiderOak: Zero-knowledge data backup, sync, access, storage and share from any device — spideroak.com, https://spideroak.com/ (accessed November 15, 2011)
  22. 22.
    Tarsnap: Tarsnap - online backups for the truly paranoid, https://www.tarsnap.com/ (accessed May 17, 2010)
  23. 23.
    The U.S Government Printing Office: Public Law 107 - 56 - Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001 (2001), http://www.gpo.gov/fdsys/pkg/PLAW-107publ56/content-detail.html (accessed February 20, 2012)
  24. 24.
    Wikipedia: Five ws — wikipedia, the free encyclopedia (2011), https://secure.wikimedia.org/wikipedia/en/w/index.php?title=Five_Ws&oldid=442072782 (accessed August 12, 2011)
  25. 25.
    Wikipedia: Friend-to-friend — wikipedia, the free encyclopedia (2012), http://en.wikipedia.org/w/index.php?title=Friend-to-friend&oldid=474069021 (accessed February 18, 2012)
  26. 26.
    Wilcox-O’Hearn, Z., Warner, B.: Tahoe: the least-authority filesystem. In: Proceedings of the 4th ACM International Workshop on Storage Security and Survivability (StorageSS 2008), pp. 21–26. ACM, New York (2008), http://portal.acm.org/citation.cfm CrossRefGoogle Scholar
  27. 27.
    Wired: Wikileaks posts mysterious ’insurance’ file — threat level — wired.com (2011), http://www.wired.com/threatlevel/2010/07/wikileaks-insurance-file/ (accessed August 12, 2011)
  28. 28.
    Wuala: Wuala - secure online storage - backup. sync. share. access everywhere, https://www.wuala.com/ (accessed May 17, 2011)

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Tobias Pulls
    • 1
  1. 1.Department of Computer ScienceKarlstad UniversityKarlstadSweden

Personalised recommendations