Disguising access patterns to protect sensitive data in the cloud

April 26, 2018, Iowa State University
Credit: Iowa State University

A team of computer scientists is working to defend against the next potential cyber risk – cloud storage. Wensheng Zhang, an associate professor of computer science at Iowa State University, says cloud users can encrypt sensitive data and information, but how they access the data may make it vulnerable.

Reports of access pattern-based attacks to are rare, Zhang said. Phishing attacks – including a recent hack targeting professors and researchers – are the most common. A 2017 Google study identified as many as 12.4 million potential victims of phishing over the course of a year. However, if hackers can crack the data storage service, Zhang says it is only a matter of time before they try to exploit data access patterns.

"Cloud storage is very convenient, but there are privacy risks," he said. "This kind of threat may be of greater concern to companies or agencies working with very . For example, military agencies or some branches of the government."

Here is an example of the threat Zhang is working to prevent: An agency uploads a large dataset to its cloud account. A team analyzing a specific subset of the data regularly accesses the information, creating a pattern. Someone – a rogue employee or hacker who compromised the – could observe the pattern and make assumptions about the data.

The idea may seem a little farfetched for the average person who uses the cloud to store photos or less sensitive information, but a user storing classified documents or research results in the cloud may feel differently. Zhang says if an agency makes a major decision after accessing that subset of data, hackers can infer the value and focus their efforts on that section, rather than trying to crack the entire file.

Building an efficient solution

Developing the technology to disguise access patterns is technical and complex work. Zhang says the basic premise is to create an algorithm that incorporates a mix of fake and real access requests, making it difficult to detect a pattern. It sounds simple, but time and cost are two barriers. It needs to be efficient so that the fake access does not delay work or cost too much (bandwidth limitations and cloud service fees), he said.

Zhang; Jinsheng Zhang, lead author and former graduate student in computer science; Qiumao Ma, a graduate student in computer science; and Daji Qiao, an associate professor of electrical and computer engineering, detail one technique in a paper published in the journal Future Internet. The researchers say it is one of the most efficient algorithms proposed for protecting the data access pattern.

The work is ongoing as the team looks for ways to improve performance and efficiency. Zhang says they are also exploring the pros and cons of splitting large datasets across multiple providers, so that access patterns do not reveal the full picture.

"Storage is now more affordable. Five years ago, it was expensive to buy a with several hundred gigabytes of storage, but today it is very common," Zhang said. "If users are concerned about privacy, they can keep a small subset of data locally and export the remaining dataset to , which can save some cost for protecting the access pattern privacy."

Explore further: New service improves cloud storage usage on mobile devices

Related Stories

How secure is your data when it's stored in the cloud?

January 25, 2018

As cloud storage becomes more common, data security is an increasing concern. Companies and schools have been increasing their use of services like Google Drive for some time, and lots of individual users also store files ...

A user-controlled file security scheme for cloud services

May 22, 2017

By securing data files with a 'need-to-know' decryption key, researchers at Singapore's Agency for Science, Technology and Research (A*STAR) have developed a way to control access to cloud-hosted data in real time, adding ...

The key to private and efficient data storage

May 1, 2017

Cloud storage services, like Dropbox and Gmail, may soon be able to better manage your content, giving you more storage capacity while still being unable to 'read' your data.

Recommended for you

Archaeologists discover Incan tomb in Peru

February 16, 2019

Peruvian archaeologists discovered an Incan tomb in the north of the country where an elite member of the pre-Columbian empire was buried, one of the investigators announced Friday.

Where is the universe hiding its missing mass?

February 15, 2019

Astronomers have spent decades looking for something that sounds like it would be hard to miss: about a third of the "normal" matter in the Universe. New results from NASA's Chandra X-ray Observatory may have helped them ...

What rising seas mean for local economies

February 15, 2019

Impacts from climate change are not always easy to see. But for many local businesses in coastal communities across the United States, the evidence is right outside their doors—or in their parking lots.

The friendly extortioner takes it all

February 15, 2019

Cooperating with other people makes many things easier. However, competition is also a characteristic aspect of our society. In their struggle for contracts and positions, people have to be more successful than their competitors ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.