CloudSky: A Controllable Data Self-Destruction System for Untrusted Cloud Storage Networks

In cloud services, users may frequently be required to reveal their personal private information which could be stored in the cloud to used by different parts for different purposes. However, in a cloud-wide storage network, the servers are easily under strong attacks and also commonly experience software/hardware faults. As such, the private information could be under great risk in such an untrusted environment. Given that the presented personal sensitive information is usually out of user´s controlin most cloud-based services, ensuring data security and privacy protection with respect to untrusted storage network has become a formidable challenge in research. To address these challenges, in this paper we propose a self-destruction system, named CloudSky, which is able to enforce the security of user privacy over the untrusted cloud in a controllable way. CloudSky exploits a key control mechanism based on the attribute-based encryption (ABE) and takes advantage of active storage networks to allow the user to control the subjective life-cycle and the access control polices of the private data whose integrity is ensured by using HMAC to cope with untrusted environments. %and thereby adapting it to the cloud in terms of both performance and security requirements. The feasibility of the system in terms of its performance and scalability is demonstrated by experiments on a real large-scale storage network.