Title: A Secure Storage Service for Managing Personal Information

Funding Source: Georgia Tech Broadband Institute

PIs: Mustaque Ahamad and H. Venkateswaran

 

Motivation: As information rich applications proliferate in the home and community, secure storage of information created and manipulated by such applications will become increasingly important. For example, sensors such as cameras can record information about the residents and their activities in the Broadband Residential Laboratory. Clearly, such information could be private and the storage service where it is kept must secure access to it. Other information such as medical or financial records also needs to be stored securely.

The increased reliance of people on applications that will be deployed in future homes and community institutions (e.g., school or city hall) motivate the design of a secure storage service that will meet the following security requirements: (1) confidentiality so that private information is not disclosed to unauthorized parties, (2) integrity which implies that its content can be trusted, and (3) availability which means that critical information can be provided to applications when they need it. The goal of this project is to build a secure storage service for the home and community environment that will meet these security needs.

 

Proposed Work: In our proposed work, we will explore the following research questions pertaining to the design and implementation of a secure storage service.

 

1. Where should the secure store be located? Should it be implemented as part of the computation infrastructure in the home or should it be implemented by external storage services?
2. What cryptographic support is necessary and suited to ensure confidentiality and integrity? How could such support be implemented in the home and community setting?
3. The storage service will be implemented by one or more storage nodes. How can we guard against the problem of some of these nodes being compromised? In particular, we will explore how schemes that fragment data across such nodes can be implemented where a limited number of compromised nodes are not able to construct the data values.
4. What abstractions does a secure storage service provide? For example, a generic file system that meets the security needs may be sufficient or higher-level storage abstractions may be more appropriate.
5. How can we support shared access to sensitive information to authorized users when access requests come from many different locations?

 

The exploration of these research questions will lead to the design and implementation of a secure storage service. We will make every effort to collaborate with other Broadband Institute researchers to understand the storage needs of their applications and evaluate the effectiveness of our secure storage service in meeting those needs.