iDataGuard: an interoperable security middleware for untrusted internet data storage

Abstract

Businesses that provide data storage facilities on the internet (IDP) have exploded recently. Such businesses provide the following benefits to end users: a) anytime, anywhere access to data; b) low cost; and c) good quality of service. Examples of data storage providers include Amazon S3 service, Windows SkyDrive, Nirvarnix, etc. Users face two challenges in utilizing the storage infrastructures of the IDPs: a) Heterogeneity: Different IDPs provide different interfaces to application developers to store and fetch data with them due to lack of accepted standards; and b) Security: Data outsourced to IDPs is vulnerable to attacks from internet thieves and from malicious employees of IDPs. In this paper, we present the design of iDataGuard, a client side interoperable security middleware that adapts to the heterogeneity of interfaces of IDPs and enforces security constraints on outsourced data. This significantly simplifies the effort for application development. To combat heterogeneity, iDataGuard incorporates an abstract service model that can be easily customized to individual IDPs. To address the security challenges, iDataGuard supports a security model that protects the confidentiality and integrity of outsourced data. We propose a novel indexing technique that allows search on the encrypted data stored at the IDPs. We illustrate the feasibility/efficacy of iDataGuard by implementing the middleware and executing it on two popular IDPs, Amazon S3 service and Gmail.com.