Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #34

Proactively Secure Cloud-Enabled Storage

Karim Eldefrawy, Sky Faber, and Tyler Kaczmarek

2017 · 37th IEEE International Conference on Distributed Computing Systems (ICDCS)

  • Theory
  • Applied
  • System
  • Implementation
  • protocol

What does the paper try to establish?

Can proactive secret sharing, previously used mainly for small cryptographic secrets, be engineered into a practical cloud-storage system for megabyte-scale files and tens of servers while preserving long-term confidentiality against a mobile compromise adversary?

What is the proposed answer?

PiSCES packs file data into secret shares, distributes them across virtual servers, and periodically reboots servers, recovers and rerandomizes shares, replaces keys, and disassociates old storage. A prototype on Amazon EC2 explores security, file, concurrency, field-size, and refresh parameters and reports that carefully chosen configurations make proactive storage of larger data operationally and economically feasible under a passive mobile-adversary model and substantial cloud/hypervisor assumptions.

Abstract

Attacking cloud-enabled storage is becoming increasingly lucrative as more personal and enterprise data moves to the cloud. Traditional security mechanisms temporarily limit such attacks, but over a long period of time attackers will eventually find vulnerabilities; this can lead to compromising large amounts of valuable data and lead to large-scale privacy breaches. This paper addresses this problem by incorporating proactive security guarantees into cloud-enabled storage. Proactive security deals with an adversary’s ability to eventually compromise all involved servers in a distributed storage or computation system. While there are several proactively secure secret sharing protocols that can be used to improve confidentiality of data stored in the cloud, their high overhead has traditionally limited them to less than ten parties and to only 100s of bytes typical for cryptographic keys. Realizing proactively secure cloud storage for larger data (e.g, MBs) requires careful design and calibration of system parameters, and faces several challenges. In this paper we design, implement and assess performance of the first system for Proactively Secure Cloud-Enabled Storage (PiSCES) of data larger than cryptographic keys. Based on our practical performance results we advocate that the high level of resilience and long-term security and confidentiality guarantees enabled by proactive security should be considered in future distributed and cloud-based storage and computing services.

Provenance: Transcribed from the public author-uploaded full text; only typography, discretionary hyphenation, and line-break artifacts were normalized. Source forms such as '100s of bytes' and '(e.g, MBs)' are retained. Local file fixity has not been recorded.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence High

The complete paper combines explicit PSS conditions, a concrete architecture and threat model, an implemented system, cloud experiments, and a multi-parameter performance and cost study. The concrete end-to-end security argument is architectural rather than machine-checked or independently reproduced.

Packed proactive secret sharing and parameter constraints System security analysis and hypervisor boundary Prototype architecture and host control flow EC2 testbed, varied parameters, performance, and cost
Auditability High

A public author-uploaded full-text route and the official DOI make the paper's assumptions, design, and reported measurements inspectable, satisfying the author-defined High rule. A stable direct PDF, local hash, code, and raw data were not obtained.

Problem, contribution, and deployment scenarios Official ICDCS publication identity
Production provenance Medium

Named authors, affiliations, venue, date, DOI, and an author-uploaded manuscript are documented. Contributor roles, revision history, software versions, tool use, and experiment-artifact lineage were not audited.

Problem, contribution, and deployment scenarios Official ICDCS publication identity
External scrutiny Medium

ICDCS publication establishes external venue scrutiny, while review reports, rebuttal, independent cryptographic audit, reproduction, deployment, and correction history remain unrepresented.

Official ICDCS publication identity
Reception Low

OpenAlex reported no citing works for this DOI on 2026-07-11. Under the author-defined corpus rule, 0 through 8 located citations is Low. Index coverage may be incomplete and the count is not a correctness judgment.

Dated citation-count snapshot
Contribution significance Medium

The source presents the work as the first feasibility study of proactive security for larger cloud-stored files and supplies an implemented bridge from cryptographic protocol to cloud operation. Priority and downstream uptake were not independently established, and the audited citation index located no citing works.

Problem, contribution, and deployment scenarios Lessons learned, selected configuration, and conclusions Dated citation-count snapshot

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

Proactively Secure Cloud-Enabled Storage

A theory-to-system feasibility study that turns packed proactive secret sharing into PiSCES, a cloud file-storage prototype whose shares, servers, and keys are periodically refreshed to limit what a mobile attacker can accumulate over time.

Problem, contribution, and deployment scenarios
  1. scope Confidentiality-focused proactive model explicitly scoped

    Time is divided into rounds. Between rounds, old shares are rerandomized and removed so compromises collected in different periods cannot be combined; the represented goal is long-term data confidentiality rather than a general cloud integrity or availability service.

    Problem, contribution, and deployment scenarios Passive mobile-adversary model
    1. threat model

      Passive mobile compromise adversary

      defined

      The honest-but-curious outside adversary may compromise different servers over time and eventually visit all of them, but fewer than one third in any round. It cannot globally monitor traffic, delay traffic it did not send, create servers, corrupt multiple hypervisors, break the Internet, or orchestrate system-wide denial of service.

      Passive mobile-adversary model
    2. assumption

      Underlying packed PSS guarantee

      inherited security assumption

      The implementation instantiates a perfectly secure packed PSS scheme with constant amortized communication per share. Its privacy and robustness parameter constraints include l + t at most d and 3t + l less than n.

      Packed proactive secret sharing and parameter constraints
  2. system PiSCES architecture specified and implemented

    A client shares files among n storage hosts; hosts keep inactive shares in secondary storage, periodically load batches into memory, execute recovery and refresh, and write new shares back. The client may disconnect between upload and reconstruction.

    PiSCES components and five-stage server lifecycle Broadcast, timing, network, and share-storage assumptions
  3. claim group Main claims source asserted

    The paper combines inherited PSS confidentiality with systems assumptions and empirical feasibility evidence. The cryptographic, architectural, and measured claims have different support and should not be collapsed into one guarantee.

    System security analysis and hypervisor boundary EC2 testbed, varied parameters, performance, and cost
    1. claim

      Deployment-specific cost feasibility

      reported measurement

      The lessons-learned section reports, for one tuned configuration, storage of a 10-kilobyte object at approximately 0.08 cents per kilobyte per refresh; it does not claim that this price generalizes across clouds, dates, objects, or assurance settings.

      Lessons learned, selected configuration, and conclusions
  4. evidence group Evidence mixed analytical and empirical

    Evidence includes the inherited packed-PSS conditions, an architectural security analysis, an implemented multi-host prototype, an automated EC2 benchmarking driver, and parameter sweeps over security, file, restart, packing, threading, and field-size choices.

    Packed proactive secret sharing and parameter constraints System security analysis and hypervisor boundary Prototype architecture and host control flow EC2 testbed, varied parameters, performance, and cost
    1. evidence

      Amazon EC2 testbed

      reported experiment

      The experiments use dedicated EC2 Small, Medium, and Large instances and an outside driver that creates deployments and initiates measurements. Dedicated hosts reduce interference but differ from the lower-priced instances anticipated for practical operation.

      EC2 testbed, varied parameters, performance, and cost
    2. evidence

      Security analysis boundary

      architectural argument

      The paper reasons about hypervisor compromise, secure broadcast, reboot authentication, and stale-state isolation, but the represented source does not supply a composable end-to-end proof that the concrete cloud implementation realizes the ideal PSS model.

      System security analysis and hypervisor boundary
  5. limitation group Limitations and operational assumptions material

    PiSCES trades long-term confidentiality for periodic computation, many hosts, synchronized recovery windows, key and image trust, and provider-dependent state isolation. Parameter selection is non-obvious, and more hosts can improve threshold efficiency while increasing fleet complexity and idle cost.

    Secure reboot, key replacement, restart schedule, and disassociation Broadcast, timing, network, and share-storage assumptions Lessons learned, selected configuration, and conclusions
    1. limitation

      Passive-adversary and availability boundary

      explicitly out of scope

      The core evaluation does not establish Byzantine robustness against arbitrary active deviations, multi-hypervisor compromise, global traffic observation, Internet failure, or denial of service. Manual recovery may be required after some assumed-away platform failures.

      Passive mobile-adversary model System security analysis and hypervisor boundary
    2. limitation

      Disassociation is not assured deletion

      weakened requirement

      Because commercial clouds did not provide guaranteed erasure, the design substitutes probabilistic or architectural disassociation: a new VM must not regain physical access to the prior round's RAM or disk. This is a key assumption, not a measured deletion guarantee.

      Broadcast, timing, network, and share-storage assumptions
  6. scrutiny

    External scrutiny

    venue reviewed

    The paper appeared at IEEE ICDCS. The official record establishes venue review, but public reports, rebuttal, independent deployment, reproduction, and correction history were not located in this audit.

    Official ICDCS publication identity

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Problem, contribution, and deployment scenarios Abstract and Section I, including Contributions and Envisioned Use Cases
  2. Passive mobile-adversary model Section III-A, Adversary Model
  3. Packed proactive secret sharing and parameter constraints Sections II and III-B-C, Cryptographic Building Blocks and Roadblocks
  4. PiSCES components and five-stage server lifecycle Section IV and Figure 4, System Design
  5. Secure reboot, key replacement, restart schedule, and disassociation Section IV-A, Cloud Provider and Hypervisor
  6. Broadcast, timing, network, and share-storage assumptions Sections IV-B-C, Secure Broadcast and Share Storage Hosts
  7. System security analysis and hypervisor boundary Section V, Security Analysis
  8. Prototype architecture and host control flow Section VI, Implementation
  9. EC2 testbed, varied parameters, performance, and cost Sections VI-VII, Testing Parameters, Testbed Setup, and Results
  10. Lessons learned, selected configuration, and conclusions Sections VIII-IX
  11. Official ICDCS publication identity ICDCS 2017, pages 1499-1509, DOI 10.1109/ICDCS.2017.293
  12. Dated citation-count snapshot OpenAlex reported 0 citing works when accessed 2026-07-11