Singapore Academic Cybersecurity R&D

Harnessing R&D to Secure our Nation

NRF2014NCR-NCR001-029

Securing Data on the Cloud Storage using Information Dispersal
 

  • Lead PI : Mar Kheng Kok, Senior Lecturer, NYP ( mar_kheng_kok@nyp.edu.sg )
  • Host Institution : School of Information Technology, NYP

I. Goal

To build a highly resilient and secure storage for the cloud using information dispersal/secret sharing techniques

II. Background

Traditional methods of securing data are challenged by specific nature and architecture of cloud. The sophistication of cyber attackers and advancement of cryptanalysis techniques requires a more adaptive and flexible approach to data security. Our system uses information dispersal algorithm (IDA) to disperse data into n unrecognizable slices to be stored in multitudes of storage nodes in multiple locations. Attackers need to compromise a threshold m ( m < n ) of slices to be able to reconstruct the original data. IDA is optimal in storage efficiency and can provide similar level of availability guarantee as replication at the fraction of storage overhead. Coupling IDA with our light weight All-or-Nothing Transform (AONT-lite), our system is resilient against information leakage for strongly correlated data.

IDA

An adversary has to compromise at least m of the n slices to get any information from the file. By making n and m sufficiently large, and by combining with authentication-based scheme, we are able provide data secrecy without encryption.

File F can be chunked into blocks ( B ) of m bytes:

IDA_eqn1.png

A Cauchy matrix A of n x m is used as generator matrix to transform the original file into n slices. We obtain output matrix C by multiplying A with B as follows:

IDA_eqn2.png

where

IDA_eqn3.png

III. Technologies

AONT-Lite

We have devised a light-weight preprocessing algorithm to remove any data correlation and known pattern with a reversible randomization method using just hashing and CBC chaining (XOR).

AONT-lite.png

Security Enhancement

We considered the case where IDA matrix is known and attacker managed to obtain certain number (< m ) of the slices. We showed that partial information leakage can happen for data of specific nature. To prevent these attacks, we can either apply encryption before dispersing the file with IDA or encode the file with AONT.

NYP_technology_part1.png

NYP_technology_part2.png