Scientific knowledge map · Paper #34
Proactively Secure Cloud-Enabled Storage
2017 · 37th IEEE International Conference on Distributed Computing Systems (ICDCS)
- Theory
- Applied
- System
- Implementation
- protocol
Research question
What does the paper try to establish?
Can proactive secret sharing, previously used mainly for small cryptographic secrets, be engineered into a practical cloud-storage system for megabyte-scale files and tens of servers while preserving long-term confidentiality against a mobile compromise adversary?
Central answer
What is the proposed answer?
PiSCES packs file data into secret shares, distributes them across virtual servers, and periodically reboots servers, recovers and rerandomizes shares, replaces keys, and disassociates old storage. A prototype on Amazon EC2 explores security, file, concurrency, field-size, and refresh parameters and reports that carefully chosen configurations make proactive storage of larger data operationally and economically feasible under a passive mobile-adversary model and substantial cloud/hypervisor assumptions.
Full paper abstract
Abstract
Attacking cloud-enabled storage is becoming increasingly lucrative as more personal and enterprise data moves to the cloud. Traditional security mechanisms temporarily limit such attacks, but over a long period of time attackers will eventually find vulnerabilities; this can lead to compromising large amounts of valuable data and lead to large-scale privacy breaches. This paper addresses this problem by incorporating proactive security guarantees into cloud-enabled storage. Proactive security deals with an adversary’s ability to eventually compromise all involved servers in a distributed storage or computation system. While there are several proactively secure secret sharing protocols that can be used to improve confidentiality of data stored in the cloud, their high overhead has traditionally limited them to less than ten parties and to only 100s of bytes typical for cryptographic keys. Realizing proactively secure cloud storage for larger data (e.g, MBs) requires careful design and calibration of system parameters, and faces several challenges. In this paper we design, implement and assess performance of the first system for Proactively Secure Cloud-Enabled Storage (PiSCES) of data larger than cryptographic keys. Based on our practical performance results we advocate that the high level of resilience and long-term security and confidentiality guarantees enabled by proactive security should be considered in future distributed and cloud-based storage and computing services.
Provenance: Transcribed from the public author-uploaded full text; only typography, discretionary hyphenation, and line-break artifacts were normalized. Source forms such as '100s of bytes' and '(e.g, MBs)' are retained. Local file fixity has not been recorded.
Evidence profile
Six dimensions, kept separate
The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.
LowMediumHighN/A = not assessed
A smaller value means less documented support for that dimension, not that the paper is false or unimportant.
- Epistemic evidence High
-
The complete paper combines explicit PSS conditions, a concrete architecture and threat model, an implemented system, cloud experiments, and a multi-parameter performance and cost study. The concrete end-to-end security argument is architectural rather than machine-checked or independently reproduced.
Packed proactive secret sharing and parameter constraints System security analysis and hypervisor boundary Prototype architecture and host control flow EC2 testbed, varied parameters, performance, and cost - Auditability High
-
A public author-uploaded full-text route and the official DOI make the paper's assumptions, design, and reported measurements inspectable, satisfying the author-defined High rule. A stable direct PDF, local hash, code, and raw data were not obtained.
Problem, contribution, and deployment scenarios Official ICDCS publication identity - Production provenance Medium
-
Named authors, affiliations, venue, date, DOI, and an author-uploaded manuscript are documented. Contributor roles, revision history, software versions, tool use, and experiment-artifact lineage were not audited.
Problem, contribution, and deployment scenarios Official ICDCS publication identity - External scrutiny Medium
-
ICDCS publication establishes external venue scrutiny, while review reports, rebuttal, independent cryptographic audit, reproduction, deployment, and correction history remain unrepresented.
Official ICDCS publication identity - Reception Low
-
OpenAlex reported no citing works for this DOI on 2026-07-11. Under the author-defined corpus rule, 0 through 8 located citations is Low. Index coverage may be incomplete and the count is not a correctness judgment.
Dated citation-count snapshot - Contribution significance Medium
-
The source presents the work as the first feasibility study of proactive security for larger cloud-stored files and supplies an implemented bridge from cryptographic protocol to cloud operation. Priority and downstream uptake were not independently established, and the audited citation index located no citing works.
Problem, contribution, and deployment scenarios Lessons learned, selected configuration, and conclusions Dated citation-count snapshot
Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.
Top-down and bottom-up view
Hierarchical knowledge map
Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.
Proactively Secure Cloud-Enabled Storage
A theory-to-system feasibility study that turns packed proactive secret sharing into PiSCES, a cloud file-storage prototype whose shares, servers, and keys are periodically refreshed to limit what a mobile attacker can accumulate over time.
Problem, contribution, and deployment scenarios-
question Research question
research questionCan proactive security be scaled from small keys and fewer than ten parties to larger files and tens of commodity cloud servers at tolerable refresh time and monetary cost?
Problem, contribution, and deployment scenarios Packed proactive secret sharing and parameter constraints -
contribution PiSCES feasibility result
source assertedThe paper designs and prototypes a proactively secure storage service parameterized by an underlying PSS scheme and reports that packed shares, constant-amortized refresh, reboot orchestration, and deployment-specific tuning make larger-file operation feasible.
Problem, contribution, and deployment scenarios PiSCES components and five-stage server lifecycle Lessons learned, selected configuration, and conclusions -
scope Confidentiality-focused proactive model explicitly scoped
Time is divided into rounds. Between rounds, old shares are rerandomized and removed so compromises collected in different periods cannot be combined; the represented goal is long-term data confidentiality rather than a general cloud integrity or availability service.
Problem, contribution, and deployment scenarios Passive mobile-adversary model-
threat model Passive mobile compromise adversary
definedThe honest-but-curious outside adversary may compromise different servers over time and eventually visit all of them, but fewer than one third in any round. It cannot globally monitor traffic, delay traffic it did not send, create servers, corrupt multiple hypervisors, break the Internet, or orchestrate system-wide denial of service.
Passive mobile-adversary model -
assumption Underlying packed PSS guarantee
inherited security assumptionThe implementation instantiates a perfectly secure packed PSS scheme with constant amortized communication per share. Its privacy and robustness parameter constraints include l + t at most d and 3t + l less than n.
Packed proactive secret sharing and parameter constraints -
assumption Trusted lifecycle mechanisms
assumedSecurity relies on read-only pristine images, authenticated fresh keys, controlled VM creation, scheduled reboot, bounded network delay, and secure disassociation that prevents a restarted VM from accessing storage and RAM associated with earlier rounds.
Secure reboot, key replacement, restart schedule, and disassociation Broadcast, timing, network, and share-storage assumptions
-
-
system PiSCES architecture specified and implemented
A client shares files among n storage hosts; hosts keep inactive shares in secondary storage, periodically load batches into memory, execute recovery and refresh, and write new shares back. The client may disconnect between upload and reconstruction.
PiSCES components and five-stage server lifecycle Broadcast, timing, network, and share-storage assumptions-
method Three deployment patterns
proposedThe design covers a single cloud provider, multiple providers, and a hybrid of local enterprise infrastructure with remote providers. Only the single-provider arrangement is the reported prototype deployment.
Problem, contribution, and deployment scenarios EC2 testbed, varied parameters, performance, and cost -
protocol Proactive server lifecycle
specifiedThe hypervisor creates hosts from a read-only image, allocates shares, shuts down and reclaims resources, initializes a replacement with fresh authenticated keys, and lets peers recover and rerandomize its shares according to a predetermined rotation schedule.
PiSCES components and five-stage server lifecycle Secure reboot, key replacement, restart schedule, and disassociation -
protocol Epoch key secrecy
specified with alternativesThe prototype assumes TPM-backed or hypervisor-installed fresh keying material so a key learned in period i cannot forge or decrypt period-j traffic. The paper also discusses pre-uploaded signed key pairs as a way to reduce hypervisor computation.
Packed proactive secret sharing and parameter constraints Secure reboot, key replacement, restart schedule, and disassociation
-
-
claim group Main claims source asserted
The paper combines inherited PSS confidentiality with systems assumptions and empirical feasibility evidence. The cryptographic, architectural, and measured claims have different support and should not be collapsed into one guarantee.
System security analysis and hypervisor boundary EC2 testbed, varied parameters, performance, and cost-
claim Long-term confidentiality against mobile compromise
conditional on modelIf fewer than the tolerated servers are exposed within any refresh period and old state, keys, and adversarial presence are removed at the boundary, observations from different periods do not combine to reveal the protected file.
Passive mobile-adversary model Packed proactive secret sharing and parameter constraints System security analysis and hypervisor boundary -
claim Larger-file and tens-of-host feasibility
implemented and measuredThe prototype exercises files beyond cryptographic-key sizes and configurations up to 30 servers, including a t = 9 threshold point, showing that the selected PSS can operate at a scale not previously exercised by the cited PSS implementations.
Packed proactive secret sharing and parameter constraints EC2 testbed, varied parameters, performance, and cost -
claim Deployment-specific cost feasibility
reported measurementThe lessons-learned section reports, for one tuned configuration, storage of a 10-kilobyte object at approximately 0.08 cents per kilobyte per refresh; it does not claim that this price generalizes across clouds, dates, objects, or assurance settings.
Lessons learned, selected configuration, and conclusions
-
-
evidence group Evidence mixed analytical and empirical
Evidence includes the inherited packed-PSS conditions, an architectural security analysis, an implemented multi-host prototype, an automated EC2 benchmarking driver, and parameter sweeps over security, file, restart, packing, threading, and field-size choices.
Packed proactive secret sharing and parameter constraints System security analysis and hypervisor boundary Prototype architecture and host control flow EC2 testbed, varied parameters, performance, and cost-
evidence Amazon EC2 testbed
reported experimentThe experiments use dedicated EC2 Small, Medium, and Large instances and an outside driver that creates deployments and initiates measurements. Dedicated hosts reduce interference but differ from the lower-priced instances anticipated for practical operation.
EC2 testbed, varied parameters, performance, and cost -
evidence Parameter exploration
systematic parameter studyThe study varies n, tolerated corruptions t, file size s, simultaneous restarts r, packing l, concurrent refreshed shares b, and field size g. It identifies t and refresh interval as especially consequential and reports n = 21, t = 4, l = 6, r = 3, g = 1024 as its best tested selection.
EC2 testbed, varied parameters, performance, and cost Lessons learned, selected configuration, and conclusions -
evidence Security analysis boundary
architectural argumentThe paper reasons about hypervisor compromise, secure broadcast, reboot authentication, and stale-state isolation, but the represented source does not supply a composable end-to-end proof that the concrete cloud implementation realizes the ideal PSS model.
System security analysis and hypervisor boundary
-
-
limitation group Limitations and operational assumptions material
PiSCES trades long-term confidentiality for periodic computation, many hosts, synchronized recovery windows, key and image trust, and provider-dependent state isolation. Parameter selection is non-obvious, and more hosts can improve threshold efficiency while increasing fleet complexity and idle cost.
Secure reboot, key replacement, restart schedule, and disassociation Broadcast, timing, network, and share-storage assumptions Lessons learned, selected configuration, and conclusions-
limitation Passive-adversary and availability boundary
explicitly out of scopeThe core evaluation does not establish Byzantine robustness against arbitrary active deviations, multi-hypervisor compromise, global traffic observation, Internet failure, or denial of service. Manual recovery may be required after some assumed-away platform failures.
Passive mobile-adversary model System security analysis and hypervisor boundary -
limitation Disassociation is not assured deletion
weakened requirementBecause commercial clouds did not provide guaranteed erasure, the design substitutes probabilistic or architectural disassociation: a new VM must not regain physical access to the prior round's RAM or disk. This is a key assumption, not a measured deletion guarantee.
Broadcast, timing, network, and share-storage assumptions
-
-
artifact group Artifacts and reproducibility
paper describedThe paper describes an implementation and automated AWS benchmark, but this audit located no public code repository, deployment scripts, raw measurements, machine images, or preserved cloud-price snapshot associated with the publication.
Prototype architecture and host control flow EC2 testbed, varied parameters, performance, and cost -
scrutiny External scrutiny
venue reviewedThe paper appeared at IEEE ICDCS. The official record establishes venue review, but public reports, rebuttal, independent deployment, reproduction, and correction history were not located in this audit.
Official ICDCS publication identity
Audit trail
Source index
Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.
- Problem, contribution, and deployment scenarios Abstract and Section I, including Contributions and Envisioned Use Cases
- Passive mobile-adversary model Section III-A, Adversary Model
- Packed proactive secret sharing and parameter constraints Sections II and III-B-C, Cryptographic Building Blocks and Roadblocks
- PiSCES components and five-stage server lifecycle Section IV and Figure 4, System Design
- Secure reboot, key replacement, restart schedule, and disassociation Section IV-A, Cloud Provider and Hypervisor
- Broadcast, timing, network, and share-storage assumptions Sections IV-B-C, Secure Broadcast and Share Storage Hosts
- System security analysis and hypervisor boundary Section V, Security Analysis
- Prototype architecture and host control flow Section VI, Implementation
- EC2 testbed, varied parameters, performance, and cost Sections VI-VII, Testing Parameters, Testbed Setup, and Results
- Lessons learned, selected configuration, and conclusions Sections VIII-IX
- Official ICDCS publication identity ICDCS 2017, pages 1499-1509, DOI 10.1109/ICDCS.2017.293
- Dated citation-count snapshot OpenAlex reported 0 citing works when accessed 2026-07-11