Cryptonite: A Secure and Performant Data Repository on Public Clouds

Cloud storage has become immensely popular for maintaining synchronized copies of files and for sharing documents with collaborators. However, there is heightened concern about the security and privacy of Cloud-hosted data due to the shared infrastructure model and an implicit trust in the service providers. Emerging needs of secure data storage and sharing for domains like Smart Power Grids, which deal with sensitive consumer data, require the persistence and availability of Cloud storage but with client-controlled security and encryption, low key management overhead, and minimal performance costs. Cryptonite is a secure Cloud storage repository that addresses these requirements using a Strongbox model for shared key management. We describe the Cryptonite service and desktop client, discuss performance optimizations, and provide an empirical analysis of the improvements. Our experiments shows that Cryptonite clients achieve a 40% improvement in file upload bandwidth over plaintext storage using the Azure Storage Client API despite the added security benefits, while our file download performance is 5 times faster than the baseline for files greater than 100MB.

[1]  Paul Stanton Securing Data in Storage: A Review of Current Research , 2004, ArXiv.

[2]  Viktor K. Prasanna,et al.  On Using Cloud Platforms in a Software Architecture for Smart Energy Grids , 2010 .

[3]  E. Miller,et al.  Strong security for distributed file systems , 2001, Conference Proceedings of the 2001 IEEE International Performance, Computing, and Communications Conference (Cat. No.01CH37210).

[4]  Yogesh Simmhan,et al.  Designing a secure storage repository for sharing scientific datasets using public clouds , 2011, DataCloud-SC '11.

[5]  Yogesh L. Simmhan,et al.  An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[6]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[7]  Pascal Bouvry,et al.  Certicloud: A Novel TPM-based Approach to Ensure Cloud IaaS Security , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[8]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[9]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[10]  Ling Liu,et al.  Security Models and Requirements for Healthcare Application Clouds , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[11]  Qian Wang,et al.  USENIX Association Proceedings of FAST ’ 03 : 2 nd USENIX Conference on File and Storage Technologies , 2003 .

[12]  Idit Keidar,et al.  Trusting the cloud , 2009, SIGA.

[13]  Helen J. Wang,et al.  Enabling Security in Cloud Storage SLAs with CloudProof , 2011, USENIX Annual Technical Conference.

[14]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[15]  Niraj K. Jha,et al.  Secure Virtual Machine Execution under an Untrusted Management OS , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[16]  Dalit Naor,et al.  Broadcast Encryption , 1993, Encyclopedia of Cryptography and Security.