2017 International Conference on Computer Science and Application Engineering (CSAE 2017) ISBN: 978-1-60595-505-6
A Time-Controlled Data Destruction Model
Adapted for Cloud Storage
Lixin Li*, Yongshan Ding, Jingyuan Cao, Ruiyu Dou and Zuohui Li Zhengzhou Information Science and Technology Institute,
450000 Zhengzhou, China
With the progress of cloud storage technology, its data security is threatened and its time of data destruction is limited in its life cycle in the cloud storage environment. Based on object storage technology, cryptography and data rewrite technology, a time-controlled data destruction model is proposed under the cloud storage environment to protect user’s data security in its whole life cycle. The model is processed by the function transformation to generate the ciphertext and avoid the complex key management. To improve the controllability of data destruction, a time-controllable self-destructing data object is designed so that any illegal access to expired data will trigger a data rewrite program to execute assured deletion of self-destructing data objects. Finally, the analysis and experimental results show that the scheme can enhance the flexibility and controllability of data destruction and reduce the performance cost, while protecting the data safely and more efficiently.
Cloud storage has become a popular storage service because of its flexible architecture, strong scalability and low cost. With the explosive growth of massive data, Users are more likely to choose cloud storage services to provide them with massive space of storage services[1,2,3]. However, different from the traditional data storage scheme, the user’s data privacy issues in cloud storage run through the entire data lifecycle. Because the data storage location is not within the control of the data owner, resulting in the separation of data ownership and control, the traditional data destruction scheme is no longer applicable to the cloud storage environment. The entire life cycle of the data security includes data upload and download, data storage, data destruction, data recovery, which are facing great challenges.
Considering the Cloud Service Provider(CSP)’s characteristics is "honest but curious", and the environmental conditions exposed by the cloud environment, researchers will then typically upload data to the cloud server after encrypted them [2-3]. Even so, with the rapid development of high-performance computing today, the traditional ciphertext still exists possibility to be compromised . Once the rival has obtained a complete data or its copy from the CSP through an illegal way, the security of the user's data is likely to be threatened . Therefore, it is important to study the data destruction mechanism in cloud storage environment.
centralized management mode. The literature  first proposed a third party with time as a destruction condition, once the conditions are met, it will delete the data key. Tang et al. proposed a policy-based data destruction scheme based on the strategy, that is, each data file corresponds to one or N policies, and encryption keys are generated according to the policy. If the user wants to destroy the data, it can be implemented by related policies. The second is distributed management mode. Vanish system  uses Distribute Hash Table (DHT) network’s dynamic characteristics to realize data destruction. The system distributes the data encryption key to the DHT network through the threshold program so that users only can reconstruct the decryption key in the default time. Otherwise, the key will be automatically destroyed. Then, the literature  proposed the Safe Vanish scheme by introducing the public key encryption scheme and extending the key length to resist sniffing attacks and jump attacks. In the literature , the key derived tree is used to fine-manage the original data and the minimum key set is assigned to the DHT network, which ensures the minimum authority of the data user. In , Xiong uses part of the ciphertext and key distribution to the DHT network program, increase the cost of the attack, but also increased the network overhead.
The first centralized solution relies on a third party to destroy operations, but there may not be a complete destruction. The second distributed solution does not have a third party's concerns, but the time has been limited by the DHT network itself. In addition to the above two schemes, Xu et al.  proposed a data destruction model based on mobile agent, which does not rely on third parties. It use agent to monitor cloud data destruction and use data folding program to delete data when malicious objects attack on data. In , a scheme based on ciphertext sampling is proposed. The idea of sampling slices is used to keep the cloud from intact ciphertext, and even if the key is leaked, the confidentiality of the data can be ensured. While the sampling of ciphertext can also be achieved the deterministic deletion of cloud data. Peterson et al. implemented data destruction at the data block layer using All or Nothing Transform (AONT) technology. The method convert each data block, covering any part of it will make the entire data block unavailable. In , In order to control the life cycle of the data, the concept of the object is introduced, and the file is encapsulated when the file is encrypted. The data user can only read the plaintext information in the life cycle. Once the life cycle is exceeded, the system will automatically delete the ciphertext, including the entire object, any software can’t restore the original data. However, once the ciphertext is too large, it will bring a large amount of communication overhead when data sharing.
Cloud Storage Data Self-Destruct Object
Cloud Storage Data Self-Destruct Object (CSDSO) is a data structure proposed by this scheme. Each CSDSO object is a collection of a series of ordered bytes, including data and attributes. CSDSO package with a life cycle value of the package header and encrypted data ciphertext package, can effectively resist attacks, protect data security.
The structure consists of the encapsulation head OBJHead and the encapsulation object OBJBody. OBJHead contains the symmetric key and the life cycle value (TimeToLive, TTL) of the encrypted data, where the TTL value is the time range that the data can be accessed and can be determined by the data owner Specify. OBJBody contains a series of system parameters that need to be encrypted by the symmetric key of the encrypted data.
The AONT algorithm is a function transformation encryption algorithm that can’t derive any plaintext information through some ciphertexts. It draws on the counter (Counter, CTR) mode of thinking, can’t get any part of the characteristics of plain text messages with no secret in the case of complete ciphertext. AONT was originally proposed by Rivest to resist violent search key attacks, which require rivals to decrypt the ciphertext by trying every possible key. After using the AONT algorithm, the difficulty of getting the correct key of the adversary will increase exponentially with the increase in the number of ciphertext blocks.
The AONT algorithm is well suited for data destruction. Because:
(1) When destruct the encrypted data, just delete a part of ciphertext(we call it stub) to delete the entire ciphertext. Greatly reducing the cost of data destruction. In general, rewriting 4KB of stub data blocks can delete at least 1MB of data.
(2) The AONT algorithm does not require a key other than the encryption key, greatly simplifying the management of the key in handling the ciphertext block.
Data rewriting technology is a military-class hard disk data erase technology based on the US Department of Defense standards 5220.22-M. Which aims to use rewrite program to write data repeatedly on the hard disk to achieve the permanent deletion of data.
The data in the cloud storage environment is not controlled by the data owner and can’t be destroyed by rewrite program. The technology is mainly rewriting CSDSO objects in this paper.
Figure 1. The model architecture of CSDD.
The model architecture of CSDD is shown in the Figure 1. It consists of Data Owner (DO), Data User (DU), CSP, and Time Server (TS). DO first prepares the plaintext M by the AONT algorithm and encrypts the ciphertext data C. Where ciphertext data C includes ciphertext sequencesx x1, 2...xm, and ciphertext stub x 0 , keys
K,Kmac, block flags, and so on. DO stores the ciphertext sequences x x1, 2...xm in the cloud server through the cloud storage API provided by the CSP. When the data sharing is required, DU sends the request to DO, DO obtains the request and confirms that the user authorization is valid, obtains the current time from the time server TS and calculates the TTL value. At the same time, the encapsulation function uses the stub and the corresponding stub x
0 , K , Kmac , block identity BID and other parameters
encapsulated into CSDSO object. Finally, DO uses the DU public key to encrypt the CSDSO and send it to the DU.
DU gets the encapsulation object CSDSO, then decrypts and decapsulates it with the private key. At this time, it acquires the time from TS and judges whether the CSDSO object is out of date and decides whether to perform the data erase operation according to the judgment. Once the decapsulation, DU can obtain the DO-uploaded ciphertext block from the CSP according to the parameters, and use the AONT algorithm to recover the plaintext M.
This article makes the following security assumptions:
(1) CSP is "honest but curious", which provides reliable services to DO and DU. However, it may spy on the user's privacy and disclose the user's data to a third party. It may also not notify the user when the data is backed up and transmitted. When the user issues a data deletion request, it may not faithfully perform its duties.
Data Owner Data User
1, ...2 m
x x x
stub x K
K Bid AONT
Get current time TTL
0 ( ),mac, ,
stub x K URL K K
0 ( ),mac, ,
stub x K URL
K Secure channel
stub x K
no 1, ...2 m
x x x
Response:get URL Request:put URL
Get current time
(2) Any DU is credible, and DU is a legitimate data visitor authorized by DO. Of course, for similar copy, screenshots, photos and other malicious information disclosure behavior is not able to prevent, so this assumption is reasonable.
(3) CSDSO data life cycle is limited, once the specified life cycle is over, the data should become permanent and inaccessible.
(4) The network is connected because that the model needs to access the time server TS to obtain the current time, in order to achieve data destruction time control. It is necessary to ensure that DO is connected with DU and TS.
The model shown in Figure 1 is done by the following algorithm:
p q K, ,
, Initialization algorithm. System initialization randomly
generates two large prime factors p q, and a random symmetric key K (using 128-bit AES algorithm).
b) RSASetup p q( , )
, Public-private key pair generation algorithm.
Generate a pair of public and private key pairs for secure communication according to the RSA algorithm.
c) AONTEnc m
i ,Bid, , ,K Kmac
x x0, i, AONT encryption algorithm. mi is a
plain block, Bid is a unique block, is a global counter, K is the symmetric key generated for the first step, and Kmac is the relevant key of the hash operation message authentication code (SHA1 is used as the hash algorithm). The stub (x0) and ciphertext
blocks x1, x2, ... xm are generated using the AON algorithm 1 i m,1 m.
d) DataUpload x x 1, 2...xm URL, Data uploading algorithm. DO uploads the
ciphertext block x1, x2, ... xm through the upload API interface provided by the CSP, and
returns the URL value of the data store at the same time.
e) AESENCKx Bid0, , , Kmac,URL OBJBody , OBJBody symmetric
encryption algorithm. When DO is sharing data to DU, the OBJBody object is generated by using the symmetric key K encryption stub (x0), block id, and so on.
f) RSA ENC pubkeyTTL K, OBJHead, OBJHead Asymmetric encryption algorithm.
After the fifth step, DO uses the public key of DU to encrypt the TTL value and symmetric key K to generate the OBJHead. Where the TTL value is autonomously specified by DO.
g) Encapsulate OBJBody OBJHead
CSDSO,CSDSO Encapsulated algorithm.
Encapsulate the OBJBody and OBJHead to obtain the data destruction object CSDSO and send it to the DU.
h) Decapsulate CSDSO
,CSDSO Decapsulated algorithm.
DU received CSDSO, the first decapsulation to get OBJBody and OBJHead object. i) RSA DEC prikeyOBJHead TTL K, ,OBJHead Asymmetric decryption algorithm.
DU uses the OBJHead decapsulation to obtain the TTL value and the symmetric key K.
0, , , ,
AESDEC OBJBody x Bid K URL ,OBJBody symmetric decryption
algorithm. DU using OBJBody decapsulation to obtain stub(x0), block sign, global
k) DataDownload URL x x1, 2...xm, Data downloading algorithm. DU obtain
the ciphertext blocks x1, x2, ... xm from the CSP according to the URL parameters.
l) AONTDec x x Bid 0, ,i , , , K Kmac mi , AONT decryption algorithm. Finally, DU
restore the plaintext block through the decryption algorithm and then get the entire text.
This section describes the concrete implementation flow and detailed algorithm description of the data destruction scheme. The implementation process mainly includes data upload, data distribution, data receive and data destruction.
DO generates a symmetric key for data encryption by algorithm
Init p q K and an input parameter for generating a public-private key pair.
( , ) ,
RSASetup p q pubkey prikey generates a public and private key, which is kept by DO.
Then, DO uses the AONT algorithm AONTEnc m
i ,Bid, , , K Kmac
x x0, i to encrypt the
data to get ciphertext blocks x1, x2,... xm and stub(x0) with all-or-nothing features.
Finally, keep the stub(x0) and upload the ciphertext blocks to get a URL value of the
location information. DO only stores a small amount of information to save storage space.
After DU send data sharing information requests to the DO, DO encrypts the corresponding information of the relevant data by encapsulating the symmetric encryption algorithm. And then use the package asymmetric encryption algorithm to encrypt the symmetric key, and specify life cycle of the file, in which the asymmetric encryption key is the public key of DU. The TTL value here is obtained by DO through the TS time server.
1. if (Timeserver.isConnected) //Determine whether the network is connected 2. T=system.getCurrentTime(); //Get current time
3. CSDSO.getCreatedTime()=T; //Time to create object 4. setTTL(); //The user specifies the TTL value in seconds
The object of the symmetric and asymmetric algorithm is combined into CSDSO object, at the same time respond to the request of the DU CSDSO will be sent to the DU through a secure channel.
After receiving CSDSO object, DU uses decapsulation algorithm
Decapsulate CSDSO OBJBody OBJHead to split the CSDSO at first. Then
1. if(Timeserver.isConnected) //Determine whether the network is connected 2. T1=system.getCurrentTime(); //DU Get current time
3. T2=CSDSO.getCreateTime(); //Time to create object 4. if( (T1-T2) > CSDSO.getTTL() )
6. /*If the difference between the current time and the
7. creation time is greater than the specified TTL value, the 8.destruction action is performed*/
9. else if( (T1-T2) <= CSDSO.getTTL() ) 10. Continue; //Otherwise continue processing
DU obtains the symmetric key and the TTL value after decapsulating the OBJHead by OBJHead Asymmetric decryption algorithm. After determining that the TTL is valid, it will use the AESDECK
x Bid0, , , Kmac,URL
algorithm to decrypt and get the stub, block flag, global variable, hash message authentication key and the URL address of the request data information.
Finally, DU downloads the incomplete ciphertext block stored at the CSP by
1, 2... m
DataDownload URL x x x , and then obtains the original plaintext according to
the AONT algorithm.
According to the above steps, DU will determine whether the CSDSO object is still in the life cycle or not. From the time determination algorithm we can learn, if the specified life cycle time is exceeded, the data destruction operation is performed. Data destruction algorithm using the simple 5220.22-M data rewrite technology.
1.//CSDSO’s destroy algorithm
2.int len = CSDSO.getLength(); //Get the object size 2.for(int i=0;i<len;i++)
3. CSDSO.rewrite(0); //Overwrite data 0 to object 4.for(int i=0;i<len;i++)
5. CSDSO.rewrite(1); //Rewrite data 1 to object 6.for(int i=0;i<len;i++)
7. CSDSO.rewrite((int)(random()%2)); //Rewrite data 0 or 1 randomly to object 8.CSDSO.delete(); //Perform data destruction
COMPREHENSIVE ANALYSIS Security Analysis
According to this article, the data owner DO, the data user DU, and the cloud service provider CSP will comply with their respective rules without revealing the key or plaintext information for no reason. Then the adversaries are likely to obtain information through data uploads, data storage, and data distribution processes and try to crack down on violence. Therefore, the security analysis of this paper mainly summarizes the algorithmic security of the data of the scheme in its life cycle.
same time, because the CSP is not completely credible, if the complete ciphertext placed in the cloud server, it is likely to be attacked by rivals, which is very insecure. In this scenario, the DO use the AONT algorithm to encrypt the data, which effectively protects against threats and attacks from untrusted third parties by using some of its ciphertexts to restore the characteristics of any plaintext information and to be able to resist violent attacks.
Secondly, in the data distribution processing phase, this scheme uses the combination of AES256 symmetric encryption algorithm and RSA2048 asymmetric encryption algorithm to transmit CSDSO object, Opponents only can have the opportunity to further analysis crack OBJBody by violent attack after the object OBJHead package. However, the RSA2048 algorithm and the AES256 algorithm have proven secure, and the rival will not crack the RSA2048 algorithm in polynomial time. Even if the opponent succeeds in separating the CSDSO object and attempts to attack OBJBody directly, it will not crack AES256 algorithm at foreseeable time. When exceed the preset time, CSDSO object will be destroyed, any adversary, including the authorized DU can not get in the plaintext. So the program can be considered theoretically effective against rival attacks, and to ensure data security, to meet the security needs.
The experimental environment is the Intel (R) Xeon (R) E5-2620 v3 2.4GHz six-core processor, 16GB memory, the operating system is the CentOS6.5, kernel version 2.6.32. The symmetric encryption algorithm uses AES algorithm, file encryption key length is 256 bits; asymmetric encryption algorithm using RSA algorithm, the key length is 2048 bits; MAC operation using HMAC-SHA1, MAC key length of 128 bits.
AONT Encryption and Decryption Performance Analysis
In this paper, the encryption and decryption test will block the file, and then use the AONT algorithm to encrypt and decrypt the partitioned data. Test the data1 by 128KB to block. Figure 2 shows the encryption time diagram with different size of the file, including 1MB, 10MB, 100MB, 500MB, 1GB. Figure 3 shows the corresponding size of the file for decryption time diagram.
0.1 1 10 100 500 1024
0.01 0.1 1 10 100 1,000
0.1 1 10 100 500 1024 0.01
0.1 1 10 100 1000
Figure 3. The decryption time diagram with different size of the file.
The experimental results show that the time of file encryption and decryption increases linearly with the size of the file, when the file size does not exceed 1GB, the file encryption and decryption time can be maintained in 100 seconds.
Data Destruction Performance Analysis
In order to test the cost of CSDD program data destruction, this paper compares the traditional physical data destruction methods of literature  and the latest research on the method of directly destroying Based-key Destruction . File size ranging from 1e+04 to 1e+08 byte, each file is used to destroy the above three methods of data and calculate the time overhead. From Figure 4 we can learn that the key destruction scheme and the CSDD scheme are much better than the traditional data destruction scheme, and the CSDD scheme has lower overhead than the key destruction scheme in the case of the same file size.
0 10 20 30 40 50 60 70 80 90 100
0 200 400 600 800 1000 1200 1400 1600 1800 2000
Traditional Based-key CSDD
Figure 4. The comparison of data destruction time with different schemes.
Comparison of Programs
This scheme is compared with the characteristics of the present typical scheme, as shown in TABLE I. The current research program can be summarized as centralized and distributed destruction, they both have some limitations:
generation caused by a large number of user requests, and how to update the key tree when the data is updated frequently.
After encrypting the user's data, DO will store the complete ciphertext in the CSP, discard the key caused by ciphertext will not be resolved. And in fact, the integrity or part of the ciphertext obtained by the opponent is still a threat to be cracked.
The life cycle of the data is limited, such as Vanish as the representative of the literature  program, the default life cycle by the nature of the DHT network itself can’t change, if you want to increase the life cycle need to re- Distribute the key to bring additional computational overhead.
Considering the applicability of the system, this scheme has some advantages compared with other schemes. First, the scheme abandons the complicated key management mode. Secondly, because of the characteristics of the algorithm, even if the adversary obtains the ciphertext in the CSP or the copy should not be cracked; Finally, the user can specify arbitrary data life cycle, to achieve the free control of data destruction time.
TABLE I. COMPARED WITH OTHER SCHEMES.
At present, data destruction technology is still in the early stages of development. In the cloud storage environment, the entire life cycle of the data will be a great challenge because of that data is out of control for data owners. This paper designed a kind of self-destruction of data objects CSDSO combined with object technology, RSA algorithm, AONT algorithm and data rewriting technology. Then a data destruction scheme with life cycle controlled is put forward based on the cloud storage environment, it can ensure data security with the upload, storage, download and distribution in the entire life cycle of data, and achieve the independent control in the life cycle. When the
Scheme Key manag ement Key destruction Destruction Object Encryption algorithm Time controllable Applicab ility  Based on policy Third party
Symmetrical + asymmetric
a third party generally
Part of the
 Key spannin g tree DHT network deleted
Part of the key Symmetrical + Function transformatio n Controlled by
 Based on IBE
Key+ Part of the ciphertext
 None Automatic
+ asymmetric User-defined well
CSDD None Automatic deleted
data is destroyed, it can achieve the true sense of the safe destruction, making the data unable to recover completely. Experiments show that the program has low performance overhead in encryption and decryption and data destruction, it also can be destroyed in a specified time by data owner. At the same time, the program has advantages of resisting violent attacks, avoiding complex key management, and having good applicability.
This work is partially supported by the National key Research Program of China “Collaborative Precision Positioning Project” (2016YFB0501900).
1. Tari Z., Yi X. and Premarathne U. S. 2015. “Security and Privacy in Cloud Computing: Vision, Trends, and Challenges,” IEEE Cloud Computing, 2(2): 30-38.
2. Feng D. G, Zhang M. and Zhang Y. 2011. “Research on cloud computing security,” Journal of Software, 22(1):71-83.
3. “Cloud Security Alliance,” http://www.cloudsecurityalliance.org/guidance.
4. Rivest R. L. 1998. “All-or-nothing encryption and the package transform,” in Fast Software Encryption, Springer Berlin Heidelberg, pp. 210-218.
5. Perlman R. 2005. “File system design with assured delete,” in Proc. of the 3rd Int. Security in Storage Workshop. Piscataway. NJ: IEEE, pp. 83-88.
6. Perlman R. 2005. “The ephemerizer: Making data disappear,” Journal of Information Systems Securit , 1(1):21-32.
7. Tang Y., Lee P. P. C. and Lui J. C. S. 2012. “Secure overlay cloud storage with access control and assured deletion,” Dependable and Secure Computing, 9(6): 903-916.
8. Geambasu R., Kohno T. and Levy A. 2009. “Vanish: Increasing Data Privacy with Self-Destructing Data,” in USENIX Security Symposium, pp. 299-316.
9. Zeng L. F., Shi Zh. and Xu Sh. J. 2010. “SafeVanish: An Improved Data Self-Destruction for Protecting Data Privacy,” in IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom), pp. 531-528.
10. Wang L. N., Ren Z. W. and Yu R. W. 2013. “A data assured deletion approach adapted for cloud storage,” Acta Electronica Sinica, 40(2): 266-272.
11. Xiong J., Yao Z. and Ma J. 2014. “A secure self-destruction scheme with IBE for the internet content privacy,” Chinese Journal of Computers, 37(1): 139-150.
12. Xu X., Liu G. and Zhu J. 2016. “Cloud Data Security and Integrity Protection Model Based on Distributed Virtual Machine Agents,” in Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2016 International Conference on. IEEE, pp. 6-13.
13. Zhang K., Yang C., Ma J. and Zhang J. 2015. “Novel cloud data assured deletion approach based on ciphertext sample slice,” Journal on Communications, 36(11):108-117.
14. Peterson Z. J, Randal B. and Joe H. 2009. “Secure Deletion for a Versioning File System,” in
Proceedings of the 4th USENIX Conference on File And Storage Technologies, Berkeley, CA, USA: USENIX Association, pp.143-154.