While the prevalent cloud storage platforms are offering convenient services in support of diverse data-driven applications for clients, various security concerns raise in terms of data confidentiality, availability, and retrievability. Among them, servers’ dishonesty on the location-specific data backup becomes a serious concern when the data stands out clients’ control, considering the strict regulations imposed by many governments and organizations on data storage location. This article studies location-aware data backup verification for the data stored in clouds and aims to design a secure framework, named as ReliableBox, enabling the clients to verify if their data have been backed up on the remote servers with specific geolocation. In the design of ReliableBox, we leverage the prominent proof-of-storage techniques for data possession proof, and take advantage of multilateration geolocation and Intel SGX for the precise communication delay measurement and trust computing delay measurement, respectively. In ReliableBox, a client first computes integrity tags for the files and then outsources both the files and tags to the cloud storage server. In the later attestation, with the precise network delay and distance measurement from location-known verifiers, the client verifies that the outsourced files are intact and backed-up to hosts at the specific geolocation. With the customized design, ReliableBox can support the security needs in terms of both data integrity and backup location verification for clients, even when there exists potential dishonest cloud service providers who may manipulate the network delays or forge verification proofs. We provide security analysis to show the security property of ReliableBox in terms of data access, confidentiality, and verifications. In the end, we implement the system prototype and deploy it into several prevalent and commercial cloud platforms for performance evaluation. The experimental results demonstrate that ReliableBox is secure in support of data integrity checking and location-aware backup auditing, while it is robust to the data possession and location spoofing attacks.

中文翻译：

---

ReliableBox：具有位置感知备份功能的安全且可验证的云存储

虽然流行的云存储平台正在为客户提供支持各种数据驱动应用程序的便捷服务，但在数据机密性、可用性和可检索性方面提出了各种安全问题。其中，考虑到许多政府和组织对数据存储位置的严格规定，当数据突出客户控制时，服务器在特定位置数据备份上的不诚实成为一个严重的问题。本文研究存储在云中的数据的位置感知数据备份验证，旨在设计一个名为 ReliableBox 的安全框架，使客户端能够验证其数据是否已备份到具有特定地理位置的远程服务器上。在 ReliableBox 的设计中，我们利用突出的存储证明技术进行数据占有证明，并利用多点定位和英特尔 SGX 分别进行精确的通信延迟测量和信任计算延迟测量。在 ReliableBox 中，客户端首先计算文件的完整性标签，然后将文件和标签都外包给云存储服务器。在稍后的证明中，通过位置已知验证者的精确网络延迟和距离测量，客户端验证外包文件是否完整并备份到特定地理位置的主机。通过定制化设计，ReliableBox 可以支持客户在数据完整性和备份位置验证方面的安全需求，即使存在可能操纵网络延迟或伪造验证证明的潜在不诚实云服务提供商。我们提供安全分析来展示 ReliableBox 在数据访问、机密性和验证方面的安全属性。最后，我们实现了系统原型并将其部署到几个流行的和商业的云平台中进行性能评估。实验结果表明，ReliableBox 在支持数据完整性检查和位置感知备份审计方面是安全的，同时对数据占有和位置欺骗攻击具有鲁棒性。