Computer scientists feted for ways to store data with untrusted cloud providers

March 4, 2013
NJIT computer scientists feted for ways to store data with untrusted cloud providers
NJIT researchers received a top honor for their ideas on better ways to ensure the integrity and long-term reliability of data stored at potentially untrusted cloud storage providers. "Towards Self-Repairing Replication-Based Storage Systems Using Untrusted Clouds," was written by Bo Chen, a doctoral candidate, and his advisor, Assistant Professor Reza Curtmola, New Jersey Institute of Technology. Credit: NJIT

NJIT researchers received a top honor for their ideas on better ways to ensure the integrity and long-term reliability of data stored at potentially untrusted cloud storage providers. "Towards Self-Repairing Replication-Based Storage Systems Using Untrusted Clouds," was written by Bo Chen, a doctoral candidate, and his advisor, NJIT Assistant Professor Reza Curtmola, both in NJIT's College of Computing Sciences (CCS).

The work recently received the "Outstanding Paper Award" from the prestigious 3rd ACM Conference on Data and Application and Privacy (CODASPY 2013) and was published in February of 2013 in the Proceedings of the Third ACM Conference on Data and Application Security and Privacy.

"We are very happy to see that this important work has received such a high level of peer recognition," said CCS Interim Dean James Geller and chair of the department of computer science. "Computer security today is on everyone's mind and we take our mission seriously at NJIT to get the word out so that computing can be safer and easier for everyone—whether people are trying to protect banking accounts or . This is an enormous growth area in research and education."

"We wanted to take an in depth look at cloud ," said Curtmola. "This is an especially important issue for anyone dealing with large amounts of data that are supposed to be stored for a long period, such as archival and backup data. Using our techniques data owners can audit the service provided by the cloud and assess the risk of outsourcing their data to the cloud. We think the information will be of great help to anyone dealing with data storage."

Unlike previous work in this area, the NJIT paper proposed a new paradigm, in which the data owner is able to outsource not only the storage but also the management of her data. Whenever is detected, the storage servers collaborate among themselves to repair the corruption, and the data owner acts only as a coordinator. This minimizes the load on the data owner during repair and represents a departure from previous work, which imposes a heavy burden on the data owner during data repair.

The proposed paradigm has the advantage of minimizing the workload for data owners, but it also introduces a new type of attack: A set of malicious storage servers could collude to generate on the fly data that should be stored at all times. Thus, the main technical challenge in the paper was how to enforce that the untrusted servers manage the data properly over time. The main insights behind the solution were: (a) replicas of the data are differentiated based on a controllable amount of masking, which offers flexibility in handling different adversarial strengths, and (b) replica generation is time consuming. The NJIT researchers validated the practicality of their solution through a software prototype built on Amazon's cloud platform.

This work is part of a series of articles supported by a National Science Foundation CAREER grant awarded to Curtmola in 2011.

Curtmola is an expert in information security and applied cryptography. His research interests include security of cloud services, security of wireless networks and security of mobile computing.

Explore further: Head for the clouds, feet firmly on the ground

Related Stories

Head for the clouds, feet firmly on the ground

March 5, 2012

Computer engineers in the US writing in the International Journal of Communication Networks and Distributed Systems have reviewed the research literature to get a clear picture of cloud computing, its adoption, use and the ...

The trustworthy cloud

March 7, 2012

Not a week goes by without reports on security gaps, data theft or hacker attacks. Both businesses and private users are becoming increasingly uneasy. However, when it comes to technologies like cloud computing, trust and ...

Researchers work to take the errors out of the cloud

October 14, 2011

Cloud computing, which taps the resources of a network of remote computers, offers tremendous potential for storing and processing vast amounts of data quickly and cheaply. The catch: As cloud computing applications become ...

Study on the Security of Cloud Computing

February 26, 2010

Not only does cloud computing help to save money, it also helps to increase IT security: Small and medium sized companies especially can profit from special cloud security solutions and the knowledge advantage of experienced ...

Cloud computing: Gaps in the 'cloud'

October 24, 2011

Researchers from Ruhr-University Bochum have found a massive security gap at Amazon Cloud Services. Using different methods of attack (signature wrapping and cross site scripting) they tested the system which was deemed "safe". ...

Recommended for you

MIT's flea market specializes in rare, obscure electronics

September 25, 2016

Once a month in the summer, a small parking lot on the Massachusetts Institute of Technology's campus transforms into a high-tech flea market known for its outlandish offerings. Tables overflow with antique radio equipment, ...

Tech titans join to study artificial intelligence

September 29, 2016

Major technology firms have joined forces in a partnership on artificial intelligence, aiming to cooperate on "best practices" on using the technology "to benefit people and society."

First test of driverless minibus in Paris Saturday

September 24, 2016

The French capital's transport authority will on Saturday carry out its first test of a driverless minibus, in the hope that regular routes for the hi-tech vehicles will be up and running within two years.


Adjust slider to filter visible comments by rank

Display comments: newest first

1 / 5 (2) Mar 04, 2013
The solution is to install the cloud-dedicated operating systems in unwritable ROM chips that load into and operate from a virtual drive in the servers' RAM after boot. Thereafter, intelligently managed periodic rewrites of the OS in volatile RAM from the nonvolatile ROM chip can restore the IO and Data Management functions to their unadulterated state. The result is a clean cloud.
1 / 5 (2) Mar 04, 2013
The cloud is the past dressed up in pixie dust. Big Iron is unnecessary, unwanted and insecure by design. Want to store large amounts of data for your namby-pamby portable device? Get a cheap HDD and publish it (on the internet), using security (vpn) only you control. Yes, you have to have a computer to do it; but some boffin could create an appliance that would do the same as all those messy boxes.

Don't step back in the box IBM created, and civilization left behind 20 years ago. Be self-reliant, not reliant on big blue, apple or oracle.
not rated yet Mar 05, 2013
:scratch: The only way to be secure on the Internet and participate is to assume it is insecure, and anything left outside your direct control will be tampered with. You then take measures to ensure that: 1) You only put out data you are comfortable with being scrutinised by unknown parties,
2) you attempt to limit the data propagated or mined by third parties,
3) you use security methods such as slow file encryption, volume encryption, Public Key Infrastructure as well as VPNs.

#2 is a bitch if you have unwitting colleagues.

The final problem is convenience to do all the above and setting up the #3. Few people take the time, so virtually nobody does it. Yet it should be default on all systems.

@baudrunner: That still requires you capitulate some trust to the constructors of your system, hardware or software; essentially no different to what we have now.

I'd posit it can't be securely done the way you suggest, thus paranoia rules.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.