Using the cloud securely is easy, and so is leveraging the benefits offered by the cloud. Leveraging the benefits of the cloud securely, however, is hard. The SafeCloud project is about tradeoffs: provide enhanced security for efficient communication, storage and processing of data between the cloud and end-users at a reasonable cost. In this post, we summarise the SafeCloud consortium work on cloud storage.
File storage is one of the most successful use cases for cloud computing. Services like Dropbox, Google Drive, Amazon S3, Microsoft OneDrive, and Apple iCloud Drive are widely used worldwide to store both personal and professional files. However, there have been security issues with these services and they cannot stand against the strong adversaries that SafeCloud is concerned with.
The SafeCloud consortium, led by INESC-ID, has developed and deployed SafeCloudFS, a secure file system. SafeCloud FS improves the availability, integrity and confidentiality of information stored in the cloud using encryption, encoding and replication of the data on diverse clouds that form a cloud-of-clouds. SafeCloudFS protocols improves the availability and the access latency when compared with individual cloud providers. Moreover, the monetary costs of using SafeCloudFS on four clouds is twice the cost of using a single cloud, which is optimal, and a worthwhile tradeoff given the benefits.
The SafeCloud consortium, lead by the UniNE, is also working on protecting archived data against tampering by malicious attackers. In our novel SafeCloud secure data archive, an attacker who wants to censor or tamper with a file must cause obvious collateral damage to a large number of other files in the system. We use erasure error-correcting codes to entangle unrelated data blocks and provide redundancy against storage failures, which results in an archive with constant time read-write operations. Our architecture is asymmetric between attackers and defenders: while a defender can efficiently recover from imperfect attacks, an attacker must work very hard and control a large number of storage nodes to irrecoverably tamper with a data object. We developed a promising full-fledged prototype, although there are many obstacles remaining to achieve a deployment in a production environment. The tradeoffs of the SafeCloud secure data archive are between performance of read-write operations, storage overhead, the difficulty to tamper with data, and the difficulty to delete data for legitimate reasons. This is, in a sense, similar to the tradeoffs offered by blockchains, but without the need of massively replicating data. Results indicate that the SafeCloud secure data archive offers strong anti-tampering guarantees while offering similar storage overhead and performance than state-of-the-art systems.
Consult the other sections of http://www.safecloud-project.eu for more details about the scientific and technical details of the consortium work on storage, and https://github.com/safecloud-project for open source releases of the code.
Hugues Mercier, UniNE