Abstract:While the prevalent cloud storage platforms are offering convenient services in support of diverse data-driven applications for clients, various security concerns raise in terms of data confidentiality, availability, and retrievability. Among them, servers' dishonesty on the location-specific data backup becomes a serious concern when the data stands out clients' control, considering the strict regulations imposed by many governments and organizations on data storage location. This article studies location-aware data backup verification for the data stored in clouds and aims to design a secure framework, named as ReliableBox, enabling the clients to verify if their data have been backed up on the remote servers with specific geolocation. In the design of ReliableBox, we leverage the prominent proof-of-storage techniques for data possession proof, and take advantage of multilateration geolocation and Intel SGX for the precise communication delay measurement and trust computing delay measurement, respectively. In ReliableBox, a client first computes integrity tags for the files and then outsources both the files and tags to the cloud storage server. In the later attestation, with the precise network delay and distance measurement from location-known verifiers, the client verifies that the outsourced files are intact and backed-up to hosts at the specific geolocation. With the customized design, ReliableBox can support the security needs in terms of both data integrity and backup location verification for clients, even when there exists potential dishonest cloud service providers who may manipulate the network delays or forge verification proofs. We provide security analysis to show the security property of ReliableBox in terms of data access, confidentiality, and verifications. In the end, we implement the system prototype and deploy it into several prevalent and commercial cloud platforms for performance evaluation. The experime-tal results demonstrate that ReliableBox is secure in support of data integrity checking and location-aware backup auditing, while it is robust to the data possession and location spoofing attacks.

What problem does this paper attempt to address?

The main problem this paper attempts to address is the issue of data backup location verification in cloud storage. Specifically, the paper focuses on how to ensure that cloud service providers (CSPs) back up customer data to servers in specific geographic locations as required by contractual agreements, in order to comply with data protection regulations such as the General Data Protection Regulation (GDPR). Once data leaves the customer's control, it may face risks related to confidentiality, availability, and recoverability, especially when there is a possibility of dishonest behavior by the cloud service provider, making this issue even more critical. To tackle these challenges, the paper proposes a secure framework called ReliableBox, which aims to enable customers to verify whether their data has been backed up to remote servers with specific geographic locations. ReliableBox leverages proof of storage technology to verify data ownership and combines multilateration techniques and Intel SGX technology to accurately measure communication delays and trusted computing delays, thereby achieving precise verification of data backup locations. In this way, ReliableBox not only supports data integrity verification but also provides reliable data backup location verification services in the presence of potentially dishonest or malicious cloud service providers.

ReliableBox: Secure and Verifiable Cloud Storage With Location-Aware Backup

A Compressive Integrity Auditing Protocol for Secure Cloud Storage

Privacy-Preserving Protocol for Data Stored in the Cloud

A Secure Cloud Storage System Based on Discrete Logarithm Problem.

Toward Secure and Dependable Storage Services in Cloud Computing

SecLoc: Securing Location-Sensitive Storage in the Cloud.

Toward Publicly Auditable Secure Cloud Data Storage Services

Provable Data Possession Supporting Secure Data Transfer for Cloud Storage

Cloud Storage Data Integrity Verification Scheme That Users Can Revoke in Real Time

Cryptographic Public Verification of Data Integrity for Cloud Storage Systems

Reputation Audit in Multi-cloud Storage Through Integrity Verification and Data Dynamics

Secure Auditing and Deduplicating Data in Cloud

MB-DDIVR: A Map-Based Dynamic Data Integrity Verification and Recovery Scheme in Cloud Storage.

Attribute-Based Cloud Data Integrity Auditing for Secure Outsourced Storage

Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing

Ensuring Data Storage Security in Cloud Computing.

Blockchain-Based Decentralized Cloud Storage with Reliable Deduplication and Storage Balancing

Preserving Client Privacy and Designate Verifier Data Auditing in Cloud Storage

Mutual Verifiable Provable Data Auditing in Public Cloud Storage

Secure Outsourced Data Transfer with Integrity Verification in Cloud Storage

Message-locked Proof of Ownership and Retrievability with Remote Repairing in Cloud