Hourglass schemes: How to prove that cloud files are encrypted

M. Van Dijk, A. Juels, A. Oprea, R.L. Rivest, E. Stefanov, N. Triandopoulos

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

We consider the following challenge: How can a cloud storage provider prove to a tenant that it's encrypting files at rest, when the provider itself holds the corresponding encryption keys? Such proofs demonstrate sound encryption policies and file confidentiality. (Cheating, cost-cutting, or miscon-figured providers may bypass the computation/management burdens of encryption and store plaintext only.) To address this problem, we propose hourglass schemes, protocols that prove correct encryption of files at rest by imposing a resource requirement (e.g., time, storage or computation) on the process of translating files from one encoding domain (i.e., plaintext) to a different, target domain (i.e., ciphertext). Our more practical hourglass schemes exploit common cloud infrastructure characteristics, such as limited file-system parallelism and the use of rotational hard drives for at-rest files. For files of modest size, we describe an hourglass scheme that exploits trapdoor one-way permutations to prove correct file encryption whatever the underlying storage medium. We also experimentally validate the practicality of our proposed schemes, the fastest of which incurs minimal overhead beyond the cost of encryption. As we show, hourglass schemes can be used to verify properties other than correct encryption, e.g., embedding of "provenance tags" in files for tracing the source of leaked files. Of course, even if a provider is correctly storing a file as ciphertext, it could also store a plaintext copy to service tenant requests more efficiently. Hourglass schemes cannot guarantee ciphertext-only storage, a problem inherent when the cloud manages keys. By means of experiments in Amazon EC2, however, we demonstrate that hourglass schemes provide strong incentives for economically rational cloud providers against storage of extra plaintext file copies. Copyright © 2012 ACM.
Original languageEnglish
Title of host publicationCCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security
Pages265-280
DOIs
Publication statusPublished - 2012
Externally publishedYes
Event2012 ACM Conference on Computer and Communications Security, CCS 2012 - , United States
Duration: 16 Oct 201218 Oct 2012

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference2012 ACM Conference on Computer and Communications Security, CCS 2012
Country/TerritoryUnited States
Period16/10/1218/10/12

Fingerprint

Dive into the research topics of 'Hourglass schemes: How to prove that cloud files are encrypted'. Together they form a unique fingerprint.

Cite this