RESCUE: Evaluation of a fragmented secret share system in distributed cloud architecture
  This work aims to address current problems of security within Cloud-based systems, as the risks in moving data into public cloud environments persists, along with an increasing threat around large-scale data leakage. It tends to apply secret sharing methods as used in cryptography to create robust and secure Cloud-based data storage, including mitigating disaster and provide self-healing. It outlines a method to distribute equal shares to each host and using a host monitor provide information on access denial rate, which helps to implement a break-glass mechanism in a case of a predefined adverse denial rate. This is to improve on data availability, mitigate losses, and eliminate key management problem with self-healing capability during system restoration.
The implementation involves providing data security in a keyless manner, with in-built failover protection, consistent data availability and resilience. The system will scale up the experiment using public clouds and with a key metrics of effects of latency on performance, keyless security and availability. Initial evaluation using Shamir, Krawczyk and Rabin’s secret share methods has evaluated the performance of splitting data into secret shares, using keyless cryptography. The work evaluated performance overhead at with various thresholds and data sizes, and the results obtained showed different, with Rabin’s method processing the fastest (as the key is shared), Shamir’s is the most secure (as it creates shares from the data). A new agent that can scan folder, suck files when added, create shares and recover secret is being developed. Some recent results obtained are helping to reposition the work as well in confronting recent challenges.

  • Dates:

    2014 to 2019

  • Qualification:

    Doctorate (PhD)

Project Team

Themes

Research Areas