SaTC: Secure Cloud Storage Verification Methods

Summary and Project Goals

With the continuously decreasing costs of cloud services, many organizations including government agencies, healthcare providers, financial institutions, universities, and enterprises outsource large data repositories to cloud service providers (CSPs). Doing this relieves organizations from the financial burden of deploying and maintaining in-house data infrastructures. However, storing data with third parties exposes organizations to legal and financial liabilities should the data leak, become unavailable, or be lost. To reduce these risks, CSPs employ reliable storage technologies which are outlined in service level agreements (SLAs) negotiated with their clients. An SLA states data availability/reliability guarantees against misconfigurations, attacks, and any other disruption. Current SLAs, however, do not specify mechanisms for verifying that the CSP is adhering to the SLA terms. Accidental misconfigurations or attacks can lead to irrecoverable data loss that is detected only long after it has occurred. Moreover, economically motivated CSPs may choose to circumvent the SLA to reduce their operational costs. This project aims to design and test auditing mechanisms for provably and efficiently verifying adherence to SLA terms. The effort is well-aligned with national priorities on critical infrastructure security and resilience. It will result in cloud architectures, storage algorithms, and network and security protocols that strengthen the security, privacy, and usability of cloud storage systems, advancing the state-of-the-art on reliable and secure data storage. The project team will also use the work to inform the development of related courses and a cybersecurity certificate program, as well as supporting outreach efforts to middle and high school students and to groups traditionally underrepresented in computer science.

The research agenda is organized around two major activities. The first activity investigates storage verification methods that not only prove the existence of the outsourced data but also verify the storage of redundant information for recovering from attacks and failures. Achieving such high levels of assurance is challenging because redundant information can be easily regenerated on-the-fly whenever the CSP is challenged to prove its existence. Effective auditing mechanisms require the joint design of the verification, coding, and data recovery processes to optimize the security-reliability-resource-efficiency tradeoffs while preserving data privacy and supporting data updatability. The second activity explores the physical storage verification at multiple storage nodes within a data center and/or between data centers. The team approaches the physical storage and geodiversity verification problems from the realistic standpoint of utilizing bounds on the physical resources such as network delay (which can be set conservatively). This allows technology-agnostic storage verification methods that are future-proof. A core project goal is the integration of logical and physical storage verification methods under a single suite of protocols. This integration is jointly considered with practical operational aspects of cloud systems, including data maintenance, dynamic data update, and privacy preservation.

Team Members

Prof. Loukas Lazos (PI)

Prof. Marwan Krunz (Co-PI)

Prof. Bane Vasic (co-PI)

Li Li (graduate student)

Islam Samy (graduate student)

Nithin Raveendran (graduate student)

Xin Xiao (graduate student)

Broader Impacts

The proposed research is well aligned with the recent Presidential Policy Directive (PDP 21) on critical infrastructure security and resilience. It will result in cloud architectures, storage algorithms, network and security protocols that strengthen the security, privacy, and usability of cloud storage systems. Such systems are rapidly becoming an indispensable component of all enterprise, government, consumer, and military operations. Moreover, the expected results will advance knowledge in a number of scientific fields, including security, privacy, coding theory, and others. As an integral part of this project, we will provide training opportunities to graduates and undergraduates, as well as underrepresented minorities, to create the future security experts. Outcomes of this research will be disseminated to a broader audience by integrating them into the curriculum, publishing in international venues, maintaining a project web page, and giving seminars nationally, as well as within our local community (through outreach activities).

List of Publications

  1. Samy, I ; Tandon, R ; Lazos, L On the Capacity of Leaky Private Information Retrieval pdf
    IEEE International Symposium on Information Theory, to appear, 2019.
  2. Raveendran, N., Bahrami, M., and Vasic, B., Syndrome-Generalized Belief Propagation Decoding for Quantum Memories. Syndrome-Generalized Belief Propagation Decoding for Quantum Memories pdf
    Proceedings of the IEEE International Conference on Communications (ICC), 2019.
  3. Xiao, Xin, Vasic, Bane. Lin, S. Abdel-Ghaffar, K. and Ryan, W. E., Girth-Eight Reed-Solomon Based QC-LDPC Codes pdf
    Proceedings of the IEEE 10th International Symposium on Turbo Codes Iterative Information Processing (ISTC), 2018.
  4. Bahrami, M. and Vasic‡, B., Constraint Satisfaction through GBP-Guided Deliberate Bit Flipping pdf
    Proceedings of the 8th International Conference on Algebraic Informatics (CAI), 2019.
  5. Vasic, B. and Declercq, D., Graph Expansion-Contraction Method for Estimating the Error Floors of {LDPC} Codes pdf
    Oberpfaffenhofen Workshop on High-Troughput Coding, 2019.
  6. Xiao, X., Raveendran, N., and Vasic, B Iteration-Varying Iterative Decoders for Quantum {LDPC} Codes pdf
    Proceedings of the Information Theory and Applications Workshop (ITA), 2019.
  7. Xiao, X. Vasic, B., Li, J., Lin, S., Abdel-Ghaffar, K. Quasi-cyclic LDPC Codes with Parity-Check Matrices of Column Weight Two for Erasure Correction pdf
    Proceedings of the Information Theory and Applications Workshop (ITA), 2019.
  8. Xiao, X., Vasic, B., Lin, S., and Abdel-Ghaffar, K., and Ryan, W. E., Reed-Solomon Based Quasi-Cyclic LDPC Codes: Designs, Girth, Cycle Structure, and Reduction of Short Cycles pdf
    IEEE Transactions on Communications, to appear, 2019.