Data Security Enhancement for Web Applications Using Cryptographic Back-end Store

Lin, Wenghui

01 January 2009

Conventional storage technologies do not always give sufficient guarantees of security for critical information. Databases and file servers are regularly compromised, with consequential theft of identities and unauthorized use of sensitive information. Some cryptographic technologies increase the security guarantees, but rely on a key, and key secrecy and maintenance are difficult problems. Meanwhile, there is an accelerating trend of moving data from local storage to Internet storage. As a result, automatic security of critical information without the need for key management promises to be an important technology for Web Applications. This thesis presents such solution for Internet data storage that uses a secret sharing scheme. The shared secrets are packaged as JSON objects and delivered to various endpoints using HTTP semantics. A shopping website is developed to demonstrate the solution.

Web Applications; Storage; Security

Secure Store : A Secure Distributed Storage Service

Lakshmanan, Subramanian

12 August 2004

As computers become pervasive in environments that include the home and community, new applications are emerging that will create and manipulate sensitive and private information. These applications span systems ranging from personal to mobile and hand held devices. They would benefit from a data storage service that protects the integrity and confidentiality of the stored data and is highly available. Such a data repository would have to meet the needs of a variety of applications, handling data with varying security and performance requirements. Providing simultaneously both high levels of security and high levels of performance may not be possible when many nodes in the system are under attack. The agility approach to building secure distributed services advocates the principle that the overhead of providing strong security guarantees should be incurred only by those applications that require such high levels of security and only at times when it is necessary to defend against high threat levels. A storage service that is designed for a variety of applications must follow the principles of agility, offering applications a range of options to choose from for their security and performance requirements. This research presents secure store, a secure and highly available distributed store to meet the performance and security needs of a variety of applications. Secure store is designed to guarantee integrity, confidentiality and availability of stored data even in the face of limited number of compromised servers. Secure store is designed based on the principles of agility. Secure store integrates two well known techniques, namely replication and secret-sharing, and exploits the tradeoffs that exist between security and performance to offer applications a range of options to choose from to suit their needs. This thesis makes several contributions, including (1) illustration of the the principles of agility, (2) a novel gossip-style secure dissemination protocol whose performance is comparable to the best-possible benign-case protocol in the absence of any malicious activity, (3) demonstration of the performance benefits of using weaker consistency models for data access, and (4) a technique called collective endorsement that can be used in other secure distributed applications.

Consistency

Secure dissemination

Byzantine fault tolerance

Storage security

Distributed storage

Addressing the Data Location Assurance Problem of Cloud Storage Environments

Noman, Ali

09 April 2018

In a cloud storage environment, providing geo-location assurance of data to a cloud user is very challenging as the cloud storage provider physically controls the data and it would be challenging for the user to detect if the data is stored in different datacenters/storage servers other than the one where it is supposed to be. We name this problem as the “Data Location Assurance Problem” of a Cloud Storage Environment. Aside from the privacy and security concerns, the lack of geo-location assurance of cloud data involved in the cloud storage has been identified as one of the main reasons why organizations that deal with sensitive data (e.g., financial data, health-related data, and data related to Personally Identifiable Infor-mation, PII) cannot adopt a cloud storage solution even if they might wish to. It might seem that cryptographic techniques such as Proof of Data Possession (PDP) can be a solution for this problem; however, we show that those cryptographic techniques alone cannot solve that. In this thesis, we address the data location assurance (DLA) problem of the cloud storage environment which includes but is not limited to investigating the necessity for a good data location assurance solution as well as challenges involved in providing this kind of solution; we then come up with efficient solutions for the DLA problem. Note that, for the totally dis-honest cloud storage server attack model, it may be impossible to offer a solution for the DLA problem. So the main objective of this thesis is to come up with solutions for the DLA problem for different system and attack models (from less adversarial system and attack models to more adversarial ones) available in existing cloud storage environments so that it can meet the need for cloud storage applications that exist today.

cloud storage security

data location assurance for cloud

cloud computing security

DLAS

cloud computing

Storage Systems and Security Challenges in Telemetry Post Processing Environments

Kalibjian, Jeff

10 1900

ITC/USA 2008 Conference Proceedings / The Forty-Fourth Annual International Telemetering Conference and Technical Exhibition / October 27-30, 2008 / Town and Country Resort & Convention Center, San Diego, California / A common concern in telemetry post-processing environments is adequate disk storage capacity to house captured and post-processed telemetry data. In today's network environments there are many storage solutions that can be deployed to address storage needs. Recent trends in storage systems reveal movement to implement security services in storage systems. After reviewing storage options appropriate for telemetry post-processing environments; the security services such systems typically offer will also be discussed and contrasted with other third party security services that might be implemented directly on top of a networked storage system.

Storage security

Network Attached Storage (NAS)

Storage Area Networks (SAN)

disk arrays

key management

symmetric key cryptography

dual asymmetric key cryptography

digitial signature