Improving the Resistance to Side-Channel Attacks on Cloud Storage Services

Improving the Resistance to Side-Channel Attacks on Cloud Storage Services

Providers of cloud storage services usually apply deduplication across multiple user accounts in order to optimize savings of both upload bandwidth and storage space. However, deduplication can be used as a side channel by an adversary for obtaining sensitive information about other user's data...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Heen, O., Neumann, C., Montalvo, L., Defrance, S.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Bandwidth
Cloud computing
Logic gates
Privacy
Security
Servers
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Providers of cloud storage services usually apply deduplication across multiple user accounts in order to optimize savings of both upload bandwidth and storage space. However, deduplication can be used as a side channel by an adversary for obtaining sensitive information about other user's data. We propose a new gateway-based deduplication model that lets the storage service provider apply efficient deduplication while substantially reducing the risk of information leakage. We suppose that the cloud storage service is provided by a Network Service Provider that also ships advanced gateways to its customers. We discuss why it is much harder for an adversary to infer deduplication from the gateway than from a fully controlled host.
ISSN:2157-4952
DOI:10.1109/NTMS.2012.6208705