Abstract
cloud storage system, consisting of a collection of storage servers, provides long-term storage services over the Internet. Storing data in a third party’s cloud system causes serious concern over data confidentiality. General encryption schemes protect data confidentiality, but also limit the functionality of the storage system because a few operations are supported over encrypted data. Constructing a secure storage system that supports multiple functions is challenging when the storage system is distributed and has no central authority. We propose a threshold proxy re-encryption scheme and integrate it with a decentralized erasure code such that a secure distributed storage system is formulated. The distributed storage system not only supports secure and robust data storage and retrieval, but also lets a user forward his data in the storage servers to another user without retrieving the data back. The main technical contribution is that the proxy re-encryption scheme supports encoding operations over encrypted messages as well as forwarding operations over encoded and encrypted messages. Our method fully integrates encrypting, encoding, and forwarding. We analyze and suggest suitable parameters for the number of copies of a message dispatched to storage servers and the number of storage servers queried by a key server. These parameters allow more flexible adjustment between the number of storage servers and robustness.
Highlights
As high speed networks and ubiquitous internet access become available in recent years, many services are provided on the internet such that users can use them from anywhere at any time
We focus on designing a cloud storage system for robustness, confidentiality, and functionality
A cloud storage system is considered as a large- scale distributed storage system that consists of many independent storage servers
Summary
As high speed networks and ubiquitous internet access become available in recent years, many services are provided on the internet such that users can use them from anywhere at any time. As long as the number of failure servers is under the tolerance threshold of the erasure code, the message can be recovered from the codeword symbols stored in the available storage servers by the decoding process. In order to provide strong confidentiality for messages in storage servers, a user can encrypt messages by a cryptographic method before applying an erasure code method to encode and store messages When he wants to use a message, he needs to retrieve the codeword symbols from storage servers, decode them, and decrypt them by using cryptographic keys. To well fit the distributed structure of systems, we require that servers independently perform all operations With this consideration, we propose a new threshold proxy re-encryption scheme and integrate it with a secure decentralized code to form a secure distributed storage system. Our result n=akc allows the number of storage servers be much greater than the number of blocks of a message
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
