CRSS publication: Clasas: A Key-Store for the Cloud

Clasas: A Key-Store for the Cloud

Appeared in Proceedings of the 18th Annual Meeting of the IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS 2010).

Abstract

We propose Clasas (from the Castilian “Claves seguras” for “secure keys”), a key-store for distributed storage such in the Cloud. The security of Clasas derives from breaking keys into K shares and storing the key shares at many different sites. This provides both a probabilistic and a deterministic guarantee against an adversary trying to obtain keys. The probabilistic guarantee is based on a combinatorial explosion, which forces an adversary to subvert a very large portion of the storage sites for even a minute chance of obtaining a key. The deterministic guarantee stems from the use of LH* distributed linear hashing. Our use of the LH* addressing rules insures that no two key shares (belonging to the same key) are ever, even in transit, stored at the same site. Consequentially, an adversary has to subvert at least K sites. In addition, even an insider with extensive administrative privileges over many of the sites used for key storage is prevented from obtaining access to any key. Our key-store uses LH* or its scalable availability derivate, LH*RS to distribute key shares among a varying number of storage sites in a manner transparent to its users. While an adversary faces very high obstacles in obtaining a key, clients or authorized entities acting on their behalf can access keys with a very small number of messages, even if they do not know all sites where key shares are stored. This allows easy sharing of keys, rekeying, and key revocation.

Publication date:
August 2010

Authors:
Thomas Schwarz
Darrell D. E. Long

Projects:
Secure File and Storage Systems
Reliable Storage

Available media

Full paper text: PDF

Bibtex entry

@inproceedings{schwarz-clasas-mascots10,
  author       = {Thomas Schwarz and Darrell D. E. Long},
  title        = {Clasas: A Key-Store for the Cloud},
  booktitle    = {Proceedings of the 18th Annual Meeting of the IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS 2010)},
  month        = aug,
  year         = {2010},
}

Last modified 24 May 2019