While the prevalent cloud storage platforms are offering convenient services in support of diverse data-driven applications for clients, various security concerns raise in terms of data confidentiality, availability, and retrievability. Among them, servers' dishonesty on the location-specific data backup becomes a serious concern when the data stands out clients' control, considering the strict regulations imposed by many governments and organizations on data storage location. This article studies location-aware data backup verification for the data stored in clouds and aims to design a secure framework, named as ReliableBox, enabling the clients to verify if their data have been backed up on the remote servers with specific geolocation. In the design of ReliableBox, we leverage the prominent proof-of-storage techniques for data possession proof, and take advantage of multilateration geolocation and Intel SGX for the precise communication delay measurement and trust computing delay measurement, respectively. In ReliableBox, a client first computes integrity tags for the files and then outsources both the files and tags to the cloud storage server. In the later attestation, with the precise network delay and distance measurement from location-known verifiers, the client verifies that the outsourced files are intact and backed-up to hosts at the specific geolocation. With the customized design, ReliableBox can support the security needs in terms of both data integrity and backup location verification for clients, even when there exists potential dishonest cloud service providers who may manipulate the network delays or forge verification proofs. We provide security analysis to show the security property of ReliableBox in terms of data access, confidentiality, and verifications. In the end, we implement the system prototype and deploy it into several prevalent and commercial cloud platforms for performance evaluation. The experimental results demonstrate that ReliableBox is secure in support of data integrity checking and location-aware backup auditing, while it is robust to the data possession and location spoofing attacks.
Read full abstract