Enforcing Data Geolocation Policies in Public Clouds using Trusted Computing

TL;DR

This paper proposes a trusted computing-based method to enforce data geolocation policies in public clouds, ensuring data compliance and security through remote attestation and key sealing.

Contribution

It introduces a novel technique that uses trusted computing mechanisms to verify host geolocation and platform state before allowing data decryption in cloud environments.

Findings

Effective enforcement of data geolocation policies.

Secure remote attestation of host and geolocation.

Protection of decryption keys through TPM sealing.

Abstract

With the advancement in technology, Cloud computing always amazes the world with revolutionizing solutions that automate and simplify complex computational tasks. The advantages like no maintenance cost, accessibility, data backup, pay-per-use models, unlimited storage, and processing power encourage individuals and businesses to migrate their workload to the cloud. Despite the numerous advantages of cloud computing, the geolocation of data in the cloud environment is a massive concern, which relates to the performance and government legislation that will be applied to data. The unclarity of data geolocation can cause compliance concerns. In this work, we have presented a technique that will allow users to restrict the geolocation of their data in the cloud environment. We have used trusted computing mechanisms to attest the host and its geolocation remotely. With this model, the user will upload the data whose decryption key will be shared with a third-party attestation server only. The decryption key will be sealed to the TPM of the host after successful attestation guaranteeing the authorized geolocation and platform state.