Research Article
CloudSeal: End-to-End Content Protection in Cloud-Based Storage and Delivery Services
@INPROCEEDINGS{10.1007/978-3-642-31909-9_30, author={Huijun Xiong and Xinwen Zhang and Wei Zhu and Danfeng Yao}, title={CloudSeal: End-to-End Content Protection in Cloud-Based Storage and Delivery Services}, proceedings={Security and Privacy in Communication Networks. 7th International ICST Conference, SecureComm 2011, London, UK, September 7-9, 2011, Revised Selected Papers}, proceedings_a={SECURECOMM}, year={2012}, month={10}, keywords={Cloud computing content delivery network proxy-based re-encryption secret sharing}, doi={10.1007/978-3-642-31909-9_30} }- Huijun Xiong
Xinwen Zhang
Wei Zhu
Danfeng Yao
Year: 2012
CloudSeal: End-to-End Content Protection in Cloud-Based Storage and Delivery Services
SECURECOMM
Springer
DOI: 10.1007/978-3-642-31909-9_30
Abstract
Recent years have seen the trend to leverage cloud-based services for large scale content storage, processing, and distribution. Security and privacy are among top concerns for public cloud environments. Towards the end-to-end content confidentiality protection, we propose , a scheme for securely sharing and distributing data via cloud-based data storage and content delivery services (e.g., Amazon S3 and CloudFront). CloudSeal ensures the confidentiality of content stored in public cloud storage services, by encrypting it before sharing at the cloud. To achieve flexible access control policies, CloudSeal further adopts -out-of- secret sharing and broadcast revocation mechanisms to renew shared secrets, e.g., when a user joins or leaves a content sharing group. Most importantly, CloudSeal leverages proxy re-encryption algorithm to transfer part of stored cipher content in the cloud, which can be decrypted by a valid user with updated secret keys. We achieve this property without modifying most of the encrypted content. This feature is critical for the efficiency of content distribution.