Cross-group secret sharing scheme for secure usage of cloud storage over different providers and regions

Hiroaki Anada, Junpei Kawamoto, Chenyutao Ke, Kirill Morozov, Kouichi Sakurai

Research output: Contribution to journalArticle

Abstract

With the spread of the Internet, more and more data are being stored in the cloud. Here the technique of secret sharing can be naturally applied in order to provide both security and availability of the stored data, hereby reducing the risks of data leakage and data loss. The privacy property of secret sharing ensures protection against unauthorized access, while protection against data loss may be attained by distributing shares to the servers located in different regions. However, there is still a problem: If we naively employ the secret sharing technique without regarding to whom the cloud servers belong, a dishonest provider can obtain the secret data by collecting enough shares from its servers. In this scenario, there is a need to distribute shares over cloud services operated by different providers. In this paper, we propose a simple secret sharing technique, a cross-group secret sharing (CGSS), which is suitable for storing the data on cloud storage distributed over different groups—that is, different providers and regions. By combining an ℓ-out-of-m threshold secret sharing scheme with a k-out-of-n threshold secret sharing scheme using a symmetric-key encryption scheme, we construct the CGSS scheme that forces k shares to be collected from ℓ groups. Compared with the previous works, our scheme attains the functionality with reasonable computation. We also formalize the problem of allocating shares over different providers and regions as an optimization problem and show the design principles, which one must follow, when applying our proposal in practical settings. An experiment on real IaaS systems shows effectiveness of our proposed scheme, CGSS.

Original languageEnglish
Pages (from-to)4275-4301
Number of pages27
JournalJournal of Supercomputing
Volume73
Issue number10
DOIs
Publication statusPublished - Oct 1 2017

All Science Journal Classification (ASJC) codes

  • Software
  • Theoretical Computer Science
  • Information Systems
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'Cross-group secret sharing scheme for secure usage of cloud storage over different providers and regions'. Together they form a unique fingerprint.

  • Cite this