Regenerating Code in Cloud Storage System: Comparison
View Latest Version
Please note this is a comparison between Version 2 by Rita Xu and Version 1 by Fan Zhang.

Cloud storage is an indispensable part of cloud computing solutions and the security of its stored data has become a key issue in the research and application of cloud storage systems.

  • cloud storage
  • regenerating code
  • security level

1. Introduction

As an indispensable part of cloud computing solutions, cloud storage is a system that provides external data storage and business access functions, based on distributed storage systems (DSSs). Currently, both public and large private clouds such as OceanStore and Google Drive contain a large amount of sensitive and private data, worldwide. Adopting a DSS that stores data in different geographical locations can improve stability. Unfortunately, it can lead to more target attacks and increase the risk of personal sensitive data being eavesdropped. Therefore, information security in cloud storage is particularly important. According to statistics, there were over 1000 public data breaches worldwide in 2022, resulting in 4 billion personal information breaches. A means to improve data security, on the basis of ensuring storage efficiency, is a key issue in cloud storage applications.
Research has shown that regenerating code (RC) technology plays a crucial role in addressing information security issues in DSSs [1]. When there are eavesdroppers in the system, the regenerating code can prevent the eavesdroppers from restoring the original data. This blocking mechanism belongs to an information-theory-based data security protection scheme, which assumes that the eavesdropper is familiar with coding design principles and has infinite computing power. A way to use regenerating code technology to resist eavesdropping and ensure the data security of DSSs has become a challenging problem in the research of cloud storage systems in recent years [2].
Until now, scholars have proposed various regenerating code structures to ensure the security of DSSs. These structures mostly focus on achieving strong or weak security for DSSs under different system models and eavesdropping models. Strong security necessitates that, when there is eavesdropping in the system, no information about the stored data is leaked to the eavesdropper. Weak security allows for partial information leakage, on the premise that the original message symbols cannot be decoded. It should be noted that strong security and weak security are only two security attributes that DSSs may possess. Existing research has shown that the security level (SL) of a DSS can be further quantitatively characterized by a value between 0 and 1, defined as the probability that the system will prevent eavesdroppers from restoring the original data file [3]. In practice, different applications (or customers) may have different requirements for security levels, such as government cloud platforms, enterprise clouds and other public storage services. At the same time, appropriately reducing the security level can enable the system to obtain storage performance gains, thereby reducing the deployment costs [4].

2. Regenerating Code in Cloud Storage System

Since Dimakis et al. [5] first introduced the idea of network coding [6] into DSS and proposed regenerating code to solve the problem of high bandwidth consumption within erasure correcting code [7], the security of cloud storage system based on regenerating code has begun to receive extensive attention from researchers. Oliveira et al. [8] used a Vandermonde matrix to design codes to increase the security capacity of a system, which indicates that regenerating codes can improve the security of a storage system. The data security strategy based on regenerating codes belongs to information-theory security. A number of simple encoding and decoding methods has been developed, though they have not limited the computing power of eavesdroppers. Hence, regenerating code is suitable for promotion and application in DSSs [9]. In recent years, research on using regenerating codes to ensure the security of DSS can be roughly divided into two categories. The first category focuses on deriving the corresponding upper bound of security capacity for different system models and eavesdropping models, and providing a regenerating code scheme that can achieve this upper bound, enabling the DSS to enhance its security. For example, Pawar et al. [10] used the max-flow min-cut theorem of graph theory [11] to solve the problem of node eavesdropping in homogeneous storage systems, and further constructed an encoding structure that can achieve the upper bound of the security capacity at the minimum bandwidth regeneration (MBR) point, enabling the system to achieve strong security. Rashmi et al. [12] used product matrix (PM) theory [13] and FR codes [14] to develop encoding schemes that meet strong security at MBR and minimum storage regeneration (MSR) points, respectively. Rawat et al. [15] and Goparaju et al. [16] used the linear subspace analysis method to give a new upper bound estimate of security capacity at MSR points, and constructed a secure storage code based on the maximum rank distance (MRD) codes [17,18][17][18]. Tandon et al. [19] studied the tradeoff between secure storage capacity and repair bandwidth, and obtained an improved upper bound on the security capacity that general regenerating codes can achieve. A team from Shanghai Jiao Tong University [20] considered the problem of multidimensional and multi-level secure regenerating codes, providing security constraints that can obtain MBR points. A team from Shandong University [21] gave a strong security coding design under the generalized cloud storage model. A team from the National University of Defense Science and Technology [22] proposed the concept of stationary MSR codes and obtained a fixed upper bound of the security capacity in linear MSR code scenarios. The main objective of the above studies is to meet the strong security of the system. Although strong security does not reveal any information about the original file, it requires the introduction of a large number of random keys in the data symbols. As a result, the storage capacity is sacrificed, which is costly for cloud storage providers. Based on this, the second research direction on using regenerating codes to ensure data security is weak secure regenerating codes. The weak security nature of the system allows eavesdroppers to obtain partial information from the original file. However, they cannot decode any meaningful information of a single symbol in the original file [23]. Essentially, weak security does not introduce random keys and does not cause loss of storage capacity. Regarding the research on weakly secure regenerating codes, Kadhe et al. [24,25][24][25] proposed two external encoding structures using nested codes that can weakly protect PM-MBR codes and PM-MSR codes against eavesdropping. For MSR codes, Kadhe et al. [26] further proposed a generalized weakly secure encoding to meet practical application scenarios, where external encoding can be designed independently of internal encoding. Liu et al. [27] designed two types of weakly secure regenerating code schemes against eavesdropping attacks by combining the all-or-nothing transformation and a precise repair regenerating code strategy. Xu et al. [28] designed a heterogeneous encoding scheme, that satisfies weak security constraints, to address the issue of anti-link-eavesdropping in heterogeneous DSS. The team from the Beijing University of Posts and Telecommunications [29] analyzed the block security of PM-MSR codes, based on the Cauchy matrix, and proposed an improved MSR coding scheme to achieve optimal weak security. It can be seen that research on strong or weak secure regenerating codes has achieved a series of results in recent years. However, strong security and weak security are only two properties of DSS. The former is too strict and the latter is too lenient. In practice, different applications may have different requirements for security levels [30]. Based on this consideration, this preseaperrch put forward a novel regenerating code structure with different security levels. The application of such a coding structure in cloud storage systems can not only ensure the availability and repairability of data, but also meet the personalized requirements of security level for cloud storage customers.

References

  1. Elmahdy, A.; Kleckler, M.; Mohajer, S. Secure Determinant Codes for Distributed Storage Systems. IEEE Trans. Inf. Theory 2023, 69, 1966–1987.
  2. Lavauzelle, J.; Tajeddine, R.; Freij-Hollanti, R.; Hollanti, C. Private Information Retrieval Schemes with Product-Matrix MBR Codes. IEEE Trans. Inf. Forensics Secur. 2021, 16, 441–450.
  3. Gaeta, R. On the Impact of Pollution Attacks on Coding-Based Distributed Storage Systems. IEEE Trans. Inf. Forensics Secur. 2022, 17, 292–302.
  4. Holzbaur, L.; Kruglik, S.; Frolov, A. Secure Codes with Accessibility for Distributed Storage. IEEE Trans. Inf. Forensics Secur. 2021, 16, 5326–5337.
  5. Dimakis, A.G.; Godfrey, P.B.; Wu, Y.; Wainwright, M.J.; Ramchandran, K. Network coding for distributed storage systems. IEEE Trans. Inf. Theory 2010, 56, 4539–4551.
  6. Ahlswede, R.; Cai, N.; Li, S.-Y.R.; Yeung, R.W. Network information flow. IEEE Trans. Inf. Theory 2000, 46, 1204–1216.
  7. Rodrigues, R.; Liskov, B. High Availability in DHTs: Erasure Coding vs. Replication. In Proceedings of the 4th International Workshop on Peer-to-Peer Systems, New York, NY, USA, 24–25 February 2005.
  8. Oliveira, P.F.; Lima, L.; Vinhoza, T.; Barros, J.; Médard, M. Coding for trusted storage in untrusted networks. IEEE Trans. Inf. Forensics Secur. 2012, 7, 1890–1899.
  9. Zhang, Z.; Zhou, L. A Vertical-Horizontal Framework for Building Rack-Aware Regenerating Codes. IEEE Trans. Inf. Theory 2023, 69, 2874–2885.
  10. Pawar, S.; Rouayheb, E.S.; Ramchandran, K. Securing dynamic distributed storage systems against eavesdropping and adversarial attacks. IEEE Trans. Inf. Theory 2012, 58, 6734–6753.
  11. Bondy, A.; Murty, U.S.R. Graph Theory; Springer: Berlin, Germany, 2011.
  12. Rashmi, K.V.; Shah, N.B.; Ramchandran, K.; Kumar, P. Information-Theoretically Secure Erasure Codes for Distributed Storage. IEEE Trans. Inf. Theory 2018, 64, 1621–1646.
  13. Rashmi, K.V.; Shah, N.B.; Kumar, P.V. Optimal Exact-Regenerating Codes for Distributed Storage at the MSR and MBR Points via a Product-Matrix Construction. IEEE Trans. Inf. Theory 2011, 57, 5227–5239.
  14. Silberstein, N.; Etzion, T. Optimal Fractional Repetition Codes Based on Graphs and Designs. IEEE Trans. Inf. Theory 2015, 61, 4164–4180.
  15. Rawat, A.S.; Koyluoglu, O.O.; Silberstein, N.; Vishwanath, S. Optimal locally repairable and secure codes for distributed storage systems. IEEE Trans. Inf. Theory 2014, 60, 212–236.
  16. Goparaju, S.; Rouayheb, S.E.; Calderbank, R.; Poor, H.V. Data secrecy in distributed storage systems under exact repair. In Proceedings of the International Symposium on Network Coding, Calgary, AB, Canada, 7–9 June 2013.
  17. Tamo, I.; Wang, Z.; Bruck, J. Zigzag codes: MDS array codes with optimal rebuilding. IEEE Trans. Inf. Theory 2013, 59, 1597–1616.
  18. Sengupta, B.; Dixit, A.; Ruj, S. Secure Cloud Storage with Data Dynamics Using Secure Network Coding Techniques. IEEE Trans. Cloud Comput. 2022, 10, 2090–2101.
  19. Tandon, R.; Amuru, S.; Clancy, T.C.; Buehrer, R.M. Toward optimal secure distributed storage systems with exact repair. IEEE Trans. Inf. Theory 2016, 62, 3477–3492.
  20. Shuo, S.; Tie, L.; Chao, T.; Cong, S. Multilevel Diversity Coding with Secure Regeneration: Separate Coding Achieves the MBR Point. Entropy 2018, 20, 751.
  21. Xu, J.; Cao, Y.; Wang, D. Generalised Regenerating Codes for Securing Distributed Storage Systems against Eavesdropping. J. Inf. Secur. Appl. 2017, 34, 225–232.
  22. Huang, K.; Parampalli, U.; Xian, M. On Secrecy Capacity of Minimum Storage Regenerating Codes. IEEE Trans. Inf. Theory 2017, 63, 1510–1524.
  23. Chen, J.; Sung, C.W. Weakly Secure Coded Distributed Computing with Group-based Function Assignment. In Proceedings of the IEEE Information Theory Workshop (ITW), Mumbai, India, 6–9 November 2022.
  24. Kadhe, S.; Sprintson, A. Weakly secure regenerating codes for distributed storage. In Proceedings of the International Symposium on Network Coding, Aalborg Oest, Denmark, 27–28 June 2014.
  25. Kadhe, S.; Sprintson, A. On a weakly secure regenerating code construction for minimum storage regime. In Proceedings of the 52nd Annual Allerton Conference on Communication, Control, and Computing, Monticello, IL, USA, 30 September–3 October 2014.
  26. Kadhe, S.; Sprintson, A. Universally Weakly Secure Coset Coding Schemes for Minimum Storage Regenerating (MSR) Codes. In Proceedings of the 55th Annual Allerton Conference on Communication, Control, and Computing, Monticello, IL, USA, 3–6 October 2017.
  27. Liu, J.; Wang, H.; Xian, M.; Huang, K. Weakly Secure Regenerating Codes for Cloud Storage against Eavesdropper. J. Electron. Inf. Technol. 2014, 36, 1221–1228.
  28. Xu, J.; Cao, Y.; Wang, D.; Wu, C.; Yang, G. Optimal Heterogeneous Distributed Storage Regenerating Code at Minimum Remote-Repair Bandwidth Regenerating Point. ETRI J. 2016, 38, 529–539.
  29. Bian, J.; Luo, S.; Li, Z.; Yang, Y. Optimal Weakly Secure Minimum Storage Regenerating Codes Scheme. IEEE Access 2019, 7, 151120–151130.
  30. Dau, H.; Song, W.; Sprintson, A.; Yuen, C. Secure Erasure Codes with Partial Reconstructibility. IEEE Trans. Inf. Theory 2020, 66, 6809–6822.
More
© Text is available under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/)
Video Production Service
Feedback