Dark clouds on the horizon: Using cloud storage as attack vector and online slack space

Proceedings of the 20th USENIX Security Symposium

Volumn , Issue , 2011, Pages 65-75

  Mulazzani, Martin ^a   Schrittwieser, Sebastian ^a   Leithner, Manuel ^a   Huber, Markus ^a   Weippl, Edgar ^a  

^a SBA Research

Author keywords

[No Author keywords available]

Indexed keywords

DATA TRANSFER; VECTOR SPACES;

CLIENT SOFTWARE; FILE SHARING NETWORKS; ONLINE STORAGES; REAL-TIME COLLABORATION; SECURITY IMPROVEMENT; STORAGE CAPACITY; STORAGE SPACES; TRANSMISSION PROTOCOLS;

DIGITAL STORAGE;

EID: 84863932631     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (32)

1. Amazon.com, Amazon Web Services (AWS). Online at http://aws.amazon.com.
2. At Dropbox, Over 100 Billion Files Served-And Counting, retrieved May 23rd, 2011. Online at http://gigaom.com/2011/05/23/at-dropbox-over-100-billionfiles-served-and-counting/.
3. Dropbox Users Save 1 Million Files Every 5 Minutes, retrieved May 24rd, 2011. Online at http://mashable.com/2011/05/23/dropbox-stats/.
4. Grab the pitchforks!. again, retrieved April 19th, 2011. Online at http://benlog.com/articles/2011/04/19/grab-the-pitchforksagain/.
5. How Dropbox sacrifices user privacy for cost savings, retrieved April 12th, 2011. Online at http://paranoia.dubfire.net/2011/04/how-dropbox-sacrificesuser-privacy-for.html.
6. NCrypto Homepage, retrieved June 1st, 2011. Online at http://ncrypto.sourceforge.net/.
7. Piratebay top 100. Online at http://thepiratebay.org/top/all.
8. AGGARWAL, G., BURSZTEIN, E., JACKSON, C., AND BONEH, D. An analysis of private browsing modes in modern browsers. In Proceedings of the 19th USENIX conference on Security (2010), USENIX Security'10.
9. ARMBRUST, M., FOX, A., GRIFFITH, R., JOSEPH, A. D., KATZ, R., KONWINSKI, A., LEE, G., PATTERSON, D., RABKIN, A., STOICA, I., AND ZAHARIA, M. A view of cloud computing. Communications of the ACM 53, 4 (2010), 50-58.
10. ATENIESE, G., BURNS, R., CURTMOLA, R., HERRING, J., KHAN, O., KISSNER, L., PETERSON, Z., AND SONG, D. Remote data checking using provable data possession. ACM Transactions on Information and System Security (TISSEC) 14, 1 (2011), 12.
11. ATENIESE, G., BURNS, R., CURTMOLA, R., HERRING, J., KISSNER, L., PETERSON, Z., AND SONG, D. Provable data possession at untrusted stores. In Proceedings of the 14th ACM conference on Computer and communications security (2007), CCS '07, ACM, pp. 598-609.
12. ATENIESE, G., DI PIETRO, R., MANCINI, L., AND TSUDIK, G. Scalable and Efficient Provable Data Possession. In Proceedings of the 4th international conference on Security and privacy in communication netowrks (2008), ACM, pp. 1-10.
13. BOWERS, K., JUELS, A., AND OPREA, A. HAIL: A highavailability and integrity layer for cloud storage. In Proceedings of the 16th ACM conference on Computer and communications security (2009), ACM, pp. 187-198.
14. BOWERS, K., JUELS, A., AND OPREA, A. Proofs of retrievability: Theory and implementation. In Proceedings of the 2009 ACM workshop on Cloud computing security (2009), ACM, pp. 43-54.
15. BREZINSKI, D., AND KILLALEA, T. Guidelines for Evidence Collection and Archiving (RFC 3227). Network Working Group, The Internet Engineering Task Force (2002).
16. CABUK, S., BRODLEY, C. E., AND SHIELDS, C. Ip covert timing channels: Design and detection. In Proceedings of the 11th ACM conference on Computer and communications security (2004), CCS '04, pp. 178-187.
17. CHOW, R., GOLLE, P., JAKOBSSON, M., SHI, E., STADDON, J., MASUOKA, R., AND MOLINA, J. Controlling data in the cloud: Outsourcing computation without outsourcing control. In Proceedings of the 2009 ACM workshop on Cloud computing security (2009), ACM, pp. 85-90.
18. COX, M., ENGELSCHALL, R., HENSON, S., LAURIE, B., YOUNG, E., AND HUDSON, T. Openssl, 2001.
19. EASTLAKE, D., AND HANSEN, T. US Secure Hash Algorithms (SHA and HMAC-SHA). Tech. rep., RFC 4634, July 2006.
20. ERWAY, C., KÜPCÜ, A., PAPAMANTHOU, C., AND TAMASSIA, R. Dynamic Provable Data Possession. In Proceedings of the 16th ACM conference on Computer and communications security (2009), ACM, pp. 213-222.
21. GARFINKEL, S., AND SHELAT, A. Remembrance of data passed: A study of disk sanitization practices. Security & Privacy, IEEE 1, 1 (2003), 17-27.
22. GOLAND, Y., WHITEHEAD, E., FAIZI, A., CARTER, S., AND JENSEN, D. HTTP Extensions for Distributed Authoring-WEBDAV. Microsoft, UC Irvine, Netscape, Novell. Internet Proposed Standard Request for Comments (RFC) 2518 (1999).
23. GROLIMUND, D., MEISSER, L., SCHMID, S., AND WATTENHOFER, R. Cryptree: A folder tree structure for cryptographic file systems. In Reliable Distributed Systems, 2006. SRDS'06. 25th IEEE Symposium on (2006), IEEE, pp. 189-198.
24. HARNIK, D., PINKAS, B., AND SHULMAN-PELEG, A. Side channels in cloud services: Deduplication in cloud storage. Security & Privacy, IEEE 8, 6 (2010), 40-47.
25. JUELS, A., AND KALISKI JR, B. PORs: Proofs of retrievability for large files. In Proceedings of the 14th ACM conference on Computer and communications security (2007), ACM, pp. 584-597.
26. KRISTOL, D. HTTP Cookies: Standards, privacy, and politics. ACM Transactions on Internet Technology (TOIT) 1, 2 (2001), 151-198.
27. PIATEK, M., KOHNO, T., AND KRISHNAMURTHY, A. Challenges and directions for monitoring P2P file sharing networksor: why my printer received a DMCA takedown notice. In Proceedings of the 3rd conference on Hot topics in security (2008), USENIX Association, p. 12.
28. POSTEL, J., AND REYNOLDS, J. RFC 959: File transfer protocol. Network Working Group (1985).
29. SCHWARZ, T., AND MILLER, E. Store, forget, and check: Using algebraic signatures to check remotely administered storage. In Distributed Computing Systems, 2006. ICDCS 2006. 26th IEEE International Conference on (2006), IEEE, p. 12.
30. SUBASHINI, S., AND KAVITHA, V. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications (2010).
31. WANG, C., WANG, Q., REN, K., AND LOU, W. Ensuring data storage security in cloud computing. In Quality of Service, 2009. IWQoS. 17th International Workshop on (2009), Ieee, pp. 1-9.
32. WANG, Q., WANG, C., LI, J., REN, K., AND LOU, W. Enabling public verifiability and data dynamics for storage security in cloud computing. Computer Security-ESORICS 2009 (2010), 355-370.