Data has proven to be an important asset of enterprises, and the rapid growth of data has made enterprises facing unprecedented challenges. Meanwhile, the cost pressure brought by the rapidly changing world economic situation and fierce competition enables enterprises to have to consider how to reduce IT costs and meet the growing storage needs of enterprises.
The existing storage architecture can be classified into two types: one is a proprietary architecture for one party, such as the DAS (Direct Attached Storage), SAN (Storage Area Network, Storage Area Network) and NAS (Network Access Server). Such storage systems are exclusively used by one party and can provide users with very good control, better reliability and performance, but due to their poor scalability, they do not apply to large-scale deployment; it is quite difficult for users in this mode to flexibly use storage budgets, and a one-time investment is needed to buy storage equipment; along with the increase in storage capacity, the cost control will also face challenges.
The other is a multi-party sharing architecture, that is, cloud storage architecture. According to their different service scopes, they are classified into private cloud and public cloud. The architecture of cloud storage based on network technologies (internet and intranet) provides users with on-demand purchasing and leasing of storage space, and on-demand configuration service; namely, usually, a third party or third-party department in enterprises provides storage apparatus and specialized maintenance personnel. Through the storage service, enterprises or various departments within the enterprises can significantly reduce their internal storage requirements and corresponding administrative costs, to balance the sharply rising storage requirements and business cost pressure. The users who adopt the storage service can be individuals, enterprises, or even departments within the enterprises or branch offices.
However, as for the cloud storage in either mode of operation (private cloud and public cloud), the data owners will inevitably concern about the security and privacy of its data. The risk of the data security and privacy is mainly from the loss of control right of all data after the data are delivered to a third party for custody, that is, data can be visited, copied, moved, modified and so on without the authorization of data owners.
The existing cloud storage security solutions are mostly for cloud storage data centers, such as protection through data encryption (documented in U.S. 2008/0083036, “Off-Premise Encryption of Data Storage”, U.S. 2008/0080718, “Data Security in an Off-Premise Environment”, and U.S. 2008/0081613, “Rights Management in a Cloud Document”), virtualization and better access control and authentication mechanism (documented in U.S. 2008/0081613, “Rights Management in A Cloud”, U.S. 2009/0228950, “Self-Describing Authorization Policy for Accessing Cloud-based Resources”, and U.S. 2007/0039053, “Security Server in the Cloud Document.”) To some extent, these methods enhance the protection of data by data owner, but these methods do not fully enable the data owners to control all of their data. Typically, as users cannot participate in the management of cloud storage service data center, once users submit their data to cloud storage service providers for saving, the ownership of their data will be out of the control of users.
Taking the public cloud as an example, after users store data in the cloud storage service data center, their data are likely to be stored together with the data of their competitors, so the data owners can not control data leakage caused by human error, professional ethics and other aspects of the data center administrators, in particular, the super users without the limit of access right.
Although encryption protects the control right of data through the keys of users to some extent, it is worth noting that because the problem that the keys require too large space has not been solved, the “one-time pad” encryption algorithm can not be applied in the data encryption technology used by the existing cloud storage data protection. In theory, it can not be proved that the data encryption technologies currently used in the cloud storage services are irreversible, that is, under certain conditions, if enough computing power and adequate time are prepared, the ciphertext from the encryption can be restored to plaintext or part of plaintext. The details can be seen in pages 6 and 12 of Applied Cryptography Protocols, Algorithms and C Source Code issued by the China Machinery Industry Press on Mar. 1, 2003.
In other words, with the continuous improvement in decryption technologies, the rapid decline in the price of decryption hardware and the rising performance, it is not guaranteed that the cloud storage users fully control the control rights of all their data only through the encryption key; or although the users grasp the encryption key, the data stored in the cloud storage data center can not be prevented from being illegally cracked and used without authorization.
In short, the existing cloud storage service solutions cannot enable users to move data out of their control (mostly local) to save local storage space, and meanwhile to maintain their right to control all data, but the latter is usually the main concern of users when adopting cloud storage service.