Shield: A stackable secure storage system for file sharing in public storage

• We propose a new system architecture for secure file sharing in cloud scenario.
• We implement a stackable secure storage system named Shield.
• A hierarchical key organization is designed for convenient keys management.
• Shield adopts lazy revocation to accelerate the revocation process.
• Shield supports concurrent write access by employing a virtual linked list.

With the increasing amount of personal data stored in public storage, users are losing control of their physical data, putting their data information at risk of theft or being compromised. Traditional secure storage systems either require users to completely trust the storage provider or impose the considerable burden of managing files on file owners; such systems are inapplicable in the practical cloud environment. This paper addresses these challenging problems by proposing a new secure system architecture and implementing a stackable secure storage system named Shield, in which a proxy server is introduced to be in charge of authentication and access control. We propose a new variant of the Merkle Hash Tree to support efficient integrity checking and file content update; further, we have designed a hierarchical key organization to achieve convenient keys management and efficient permission revocation. Shield supports concurrent write access by employing a virtual linked list; it also provides secure file sharing without any modification to the underlying file systems. A series of evaluations over various real benchmarks show that Shield causes about 7%∼13%7%∼13% performance degradation when compared with eCryptfs but provides enhanced security for user’s data.