Cross-group secret sharing scheme for secure usage of cloud storage over different providers and regions

摘要

With the spread of the Internet, more and more data are being stored in the cloud. Here the technique of secret sharing can be naturally applied in order to provide both security and availability of the stored data, hereby reducing the risks of data leakage and data loss. The privacy property of secret sharing ensures protection against unauthorized access, while protection against data loss may be attained by distributing shares to the servers located in different regions. However, there is still a problem: If we naively employ the secret sharing technique without regarding to whom the cloud servers belong, a dishonest provider can obtain the secret data by collecting enough shares from its servers. In this scenario, there is a need to distribute shares over cloud services operated by different providers. In this paper, we propose a simple secret sharing technique, a cross-group secret sharing (CGSS), which is suitable for storing the data on cloud storage distributed over different groups-that is, different providers and regions. By combining an -out-of-m threshold secret sharing scheme with a k-out-of-n threshold secret sharing scheme using a symmetric-key encryption scheme, we construct the CGSS scheme that forces k shares to be collected from groups. Compared with the previous works, our scheme attains the functionality with reasonable computation. We also formalize the problem of allocating shares over different providers and regions as an optimization problem and show the design principles, which one must follow, when applying our proposal in practical settings. An experiment on real IaaS systems shows effectiveness of our proposed scheme, CGSS.