The purpose of this project is showing and testing the possibility to realize a distributed online storage system whose security is independent from the cloud service providers. In other words: is it possible to store data and access them in a way that they result securely stored and inaccessible, even partially, to anyone including those providers? The answer, as we will see later on this discussion, is yes and this is where the AONT transform starts playing its crucial role as it lets us crypt (transform) a bunch of data without the necessity of storing the key used in the process thus allowing us to manage the encrypted file independently from its key which represent a remarkable advantage over other encrypting techniques. As a matter of fact this characteristic distinguish this “data masking” method from the other ciphers algorithms and make it so that it doesn’t belong to any encryption family because its key is public, stored in the data itself and therefore it doesn’t need to be traded between two communicants in order for them to share some AONT masked data. More precisely it is defined as an unkeyed, invertible, randomized transformation and is impossible to invert unless we get to obtain all of its output. As it is suggested by its name, in fact, AONT stands for All-Or-Nothing-Transform and turned out to be an essential procedure when applied before any other encryption method since it enhances significantly its security. What do we mean with distributed? We call this whole system distributed since we are going to split a single data file into a chosen number of slices and store, after being encrypted, each in a different online storage cloud making them available in a wider and more distributed environment that will grant more flexibility and efficiency. For the purpose of testing this technique in our project we worked with Google Drive and Dropbox API’s ( Application Programming Interface ). In this dissertation we will look closer at the AONT mechanism ( Chapter 2 ), its relationship with the other encryption methods, and how and why they work so well together. In fact, we can consider AONT as a process to apply before another encryption to increase its strength without increasing its key size as in many bureaucratic situations it happens frequently that, in order to comply some government cryptography regulations, we may want to limit the key size used, for example, to a maximum of 8 bits. Later ( Chapter 3 ) we will take an overview of CryptoFile’s software implementation and some usage samples. This will lead us towards some statistics regarding execution time depending from the number of slices wanted and we will also consider the estimated brute force attack time needed to get access to the plain data if an offender wanted to retrieve it in an illegal way ( Chapter 4 ).
Abstract Tesi L’argomento preso in esame per la tesi proposta è la realizzazione di un sistema distribuito di storage online. Per lo scopo è stato progettato un software, rinominato CryptoFile, in grado di sfruttare la trasformazione All-Or-Nothing (AONT) per nascondere tutta l’informazione sensibile di un file, suddividerlo in porzioni uguali da inviare a differenti cloud online. Il software proposto è, allo stato attuale, in grado di comunicare con le API ( Application Program Interface ) di Google Drive e Dropbox ma, data la struttura ad oggetti con cui è stato realizzato, rimane possibile l’implementazione di ulteriori online storages. Nella discussione proposta vengono affrontati dal punto di vista teorico/matematico il funzionamento e l’efficienza di AONT, l’algoritmo proposto dal crittografo americano Ronald Linn Rivest, assieme ai concetti fondamentali per la comprensione di un comune algoritmo di cifratura quale l’AES ( Advanced Encryption Standard ). Successivamente alla trattazione teorica dell’argomento preso in esame, si discute della effettiva implementazione di CryptoFile affiancata da schemi che ne evidenziano la struttura informatica ed esempi pratici di funzionamento. L’intero codice del software è in ogni caso disponibile su GitHub. In ultima analisi si considerano dal punto di vista computazionale i benefici della Trasformazione di Rivest nella protezione dei dati da attacchi informatici quali il brute-force. A fronte di tali benefici vengono inoltre proposti test per valutare quale svantaggio si paga in termini di tempo computazionale necessario per applicare AONT ai dati.
CryptoFile: Sviluppo Sistema di Storage Distribuito
MANFRINI, PIER LUIGI
2018/2019
Abstract
The purpose of this project is showing and testing the possibility to realize a distributed online storage system whose security is independent from the cloud service providers. In other words: is it possible to store data and access them in a way that they result securely stored and inaccessible, even partially, to anyone including those providers? The answer, as we will see later on this discussion, is yes and this is where the AONT transform starts playing its crucial role as it lets us crypt (transform) a bunch of data without the necessity of storing the key used in the process thus allowing us to manage the encrypted file independently from its key which represent a remarkable advantage over other encrypting techniques. As a matter of fact this characteristic distinguish this “data masking” method from the other ciphers algorithms and make it so that it doesn’t belong to any encryption family because its key is public, stored in the data itself and therefore it doesn’t need to be traded between two communicants in order for them to share some AONT masked data. More precisely it is defined as an unkeyed, invertible, randomized transformation and is impossible to invert unless we get to obtain all of its output. As it is suggested by its name, in fact, AONT stands for All-Or-Nothing-Transform and turned out to be an essential procedure when applied before any other encryption method since it enhances significantly its security. What do we mean with distributed? We call this whole system distributed since we are going to split a single data file into a chosen number of slices and store, after being encrypted, each in a different online storage cloud making them available in a wider and more distributed environment that will grant more flexibility and efficiency. For the purpose of testing this technique in our project we worked with Google Drive and Dropbox API’s ( Application Programming Interface ). In this dissertation we will look closer at the AONT mechanism ( Chapter 2 ), its relationship with the other encryption methods, and how and why they work so well together. In fact, we can consider AONT as a process to apply before another encryption to increase its strength without increasing its key size as in many bureaucratic situations it happens frequently that, in order to comply some government cryptography regulations, we may want to limit the key size used, for example, to a maximum of 8 bits. Later ( Chapter 3 ) we will take an overview of CryptoFile’s software implementation and some usage samples. This will lead us towards some statistics regarding execution time depending from the number of slices wanted and we will also consider the estimated brute force attack time needed to get access to the plain data if an offender wanted to retrieve it in an illegal way ( Chapter 4 ).| File | Dimensione | Formato | |
|---|---|---|---|
|
TESI_MANFRINI(pdfa).pdf
Open Access dal 28/10/2022
Dimensione
1.51 MB
Formato
Adobe PDF
|
1.51 MB | Adobe PDF | Visualizza/Apri |
I documenti in UNITESI sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/20.500.12075/7020