DocumentCode :
3194092
Title :
DFCloud: A TPM-based secure data access control method of cloud storage in mobile devices
Author :
Jaebok Shin ; Yungu Kim ; Wooram Park ; Chanik Park
Author_Institution :
Dept. of Comput. Sci. & Technol., Pohang Univ. of Sci. & Technol., Pohang, South Korea
fYear :
2012
fDate :
3-6 Dec. 2012
Firstpage :
551
Lastpage :
556
Abstract :
Using the cloud storage services, users can access their data in any time, at any place, even with any computing device including mobile devices. Although these properties provide flexibility and scalability in handling data, security issues should be handled especially when mobile devices try to access data stored in cloud storage. Currently, a typical cloud storage service, Dropbox, offers server-side data encryption for security purpose. However, we think such method is not secure enough because all the encryption keys are managed by software and there is no attestation on the client software integrity. Moreover, a simple user identification based on user ID and Password is also easy to be compromised. Data sharing which is critical in enterprise environment is significantly restricted because it is not easy to share encryption key among users. In this paper, we propose DFCloud, a secure data access control method of cloud storage services to handle these problems found in the typical cloud storage service Dropbox. DFCloud relies on Trusted Platform Module (TPM) [1] to manage all the encryption keys and define a key sharing protocol among legal users. We assume that each client is mobile device using ARM TrustZone [2] technology. The DFCloud server prototype is implemented using ARM Fastmodel 7.1 and Open Virtualization software stack for ARM TrustZone. For DFCloud client, TPM functions are developed in the secure domain of ARM TrustZone because most ARM-based mobile devices are not equipped with TPM chip. The DFCloud framework defines TPM-based secure channel setup, TPM-based key management, remote client attestation, and a secure key share protocol across multiple users/devices. It is shown that our concept works correctly through a prototype implementation.
Keywords :
cloud computing; information retrieval; information storage; integrated software; microcontrollers; mobile computing; private key cryptography; service-oriented architecture; virtualisation; ARM Fastmodel 7.1; ARM TrustZone technology; ARM-based mobile devices; DFCloud client; DFCloud server prototype; Dropbox; Password based user identification; TPM; TPM-based key management; TPM-based secure channel setup; TPM-based secure data access control method; client software integrity; cloud storage services; computing device; data handling; data sharing; key sharing protocol; legal users; mobile devices; open virtualization software stack; remote client attestation; secure key share protocol; security issues; server-side data encryption keys; trusted platform module; user ID-based user identification; Cloud computing; Encryption; Protocols; Servers; ARM TrustZone; TPM; cloud storage service; security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on
Conference_Location :
Taipei
Print_ISBN :
978-1-4673-4511-8
Electronic_ISBN :
978-1-4673-4509-5
Type :
conf
DOI :
10.1109/CloudCom.2012.6427606
Filename :
6427606
Link To Document :
بازگشت