Proactively Secure Cloud-Enabled Storage

Attacking cloud-enabled storage is becoming increasingly lucrative as more personal and enterprise data moves to the cloud. Traditional security mechanisms temporarily limit such attacks, but over a long period of time attackers will eventually find vulnerabilities; this can lead to compromising large amounts of valuable data and lead to large-scale privacy breaches. This paper addresses this problem by incorporating proactive security guarantees into cloud-enabled storage. Proactive security deals with an adversary's ability to eventually compromise all involved servers in a distributed storage or computation system. While there are several proactively secure secret sharing protocols that can be used to improve confidentiality of data stored in the cloud, their high overhead has traditionally limited them to less than ten parties and to only 100s of bytes typical for cryptographic keys. Realizing proactively secure cloud storage for larger data (e.g, MBs) requires careful design and calibration of system parameters, and faces several challenges. In this paper we design, implement and assess performance of the first system for Proactively Secure Cloud-Enabled Storage (PiSCES) of data larger than cryptographic keys. Based on our practical performance results we advocate that the high level of resilience and long-term security and confidentiality guarantees enabled by proactive security should be considered in future distributed and cloud-based storage and computing services.