Proactively Secure Cloud-Enabled Storage
Karim Eldefrawy, Tyler Kaczmarek and Sky Faber
Hughes Research Lab, University of California, Irvine, University of California, Irvine

Attacking cloud-enabled storage systems is becoming increasingly lucrative as more personal and enterprise data moves to the cloud. Traditional security mechanisms may temporarily limit such attacks, but over a long period of time attackers will eventually find vulnerabilities; this can lead to compromising large amounts of valuable data and thus largescale privacy breaches. This paper addresses this problem by incorporating proactive security guarantees into cloud-enabled storage systems. Proactively secure protocols and systems deal with an adversary’s ability to eventually compromise all involved servers in a distributed storage or computation. While there are several proactively secure secret sharing protocols that can be used to improve confidentiality of data stored in the cloud, their high overhead has traditionally limited them to less than ten parties and to only 100s of bytes typical for cryptographic keys. Realizing proactively secure cloud storage for larger data (e.g, MBs) requires careful design and calibration of system parameters, and faces several challenges. In this paper we design, implement and assess performance of the first system for Proactively Secure Cloud-Enabled Storage (PiSCES) of data larger than cryptographic keys. Based on our practical performance results we advocate that the high level of resilience and long-term security and confidentiality guarantees enabled by proactive security should be considered in future distributed and cloud-based storage and computing services.