Selecting Secret Sharing Instantiations for Distributed Storage

Distributed storage systems using secret sharing enable information-theoretic confidentiality, making them especially suitable for the outsourced storage of sensitive data. In particular, proactive secret sharing enhances the confidentiality protection of such systems by periodically renewing data shares. This adds a time constraint for an attacker trying to reconstruct the initial data by collecting enough shares. Proactive secret sharing can only be carried out effectively if the participating servers (grouped in storage service providers) are reliable. The selection of participating servers is thus critical to security. In practice, data owners have little means to make an informed decision in this regard. Furthermore, optimal share allocation depends on data-owner-specific confidentiality, availability and cost requirements. Data owners also require guidance with respect to the selection of the underlying secret sharing scheme. In this paper, we introduce a novel approach to guide data owners in the instantiation of secret sharing for outsourced storage. The decision support covers both the allocation of shares to specific storage service providers, and the choice of the underlying secret sharing scheme. We realise our approach as a solver for a set of integer linear programming problems. We then dually evaluate our approach. First, we evaluate the feasability of constraint solving by implementing the linear programs in PuLP and inputting them to the GLPK linear problem solver. The evaluation involves sixty data centers from six major public cloud providers. Second, we compare the performance of hierarchical and non-hierarachical secret sharing schemes to determine if the performance loss due to the support of hierarchical structures is affordable. Ultimately, our approach aims at supporting non-expert data owners in making the most appropriate choices for the selection of a secret-sharing-based distributed storage system, based on their requirements.