Event Recording

Cloud 3.0: Decentralizing Cloud Storage with Web 3.0 and Analyzing Security Threats

Log in and watch the full video!

We are in the mid of one of the most significant revolutions in the cloud and identity ecosystem since the last decade. With the dynamic transformation from Web2.0 to Web3.0, both the cloud as well as the identity ecosystem embrace themselves for a change in the way we perceived security. Blockchain is revolutionizing both the cloud industry as well as the financial sectors. In my talk, I will focus on the transformative impact of blockchain protocols like Filecoin and Storj which are playing a significant role in changing the way we have perceived cloud storage. Decentralized Cloud Storage will be the future for sustainable data storage in Web 3.0, in which we will move from a single service provider to create an ecosystem where anybody could be a cloud storage provider. Highly successful blockchain projects like Filecoin have been able to create such an ecosystem. But we are far away from attending the level of scale needed to reach out to every corner of the globe. Decentralized Cloud Storage poses a different set of security challenges and scalability issues. I will be presenting my research work which focuses on the new advances in tackling future security threats for decentralized cloud storage. Additionally, I will focus on discussing how to overcome scalability issues in the blockchain using the most advanced cryptographical tools knowns as zk-SNARKs.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Hi everyone. Thank you for coming to my presentation. I'm really thrilled to talk to everybody today. And this is the first time I met ending the EIC as well as the speaker and in the 15th anniversary. So it's all very thrilling to me at the same time. So without further delay, we start with the presentation. So my topic is cloud 3.0, where I will talk about the decentralized cloud storage and the future of the cloud storage and how it looks like. And also try to discuss and share some of my thoughts about what are the future security threads that can happen in web 3.0,
So a little bit about the research that we are doing at the secured and network system division. So we have three labs, the network security and the privacy lab, where I work on blockchain security and many other research on postpartum cryptography, secure cloud storage happens in this particular lab. Then we have the network system lab where we work on 5g and six year infrastructure and the intelligence system labs deals with IOTs and machine learning. So I'm Rohan and I, my research lies in three domain. That's a decentralized cloud storage blocks and security and post quantum cryptography. So before joining Delon university, I hold a double master degree in mathematics, the university of Greensburg in Germany and university of Melan in Italy. That's all about me. And so recently since the November, we have been hearing a lot of buzz around the world, web 3.0, and this is something quite new for me.
Also, since I started my research and I, as a researcher, I was very curious to understand what ewe 3.0, whether it is all buzz or there are substantial innovation and potentiality in that. So in order to understand what EWA 3.0, and for the last two days of the conference, we have been talking about decentralized identity and the potentiality of the web 3.0, and by now I think we all have an idea what's the future lies. So in order to understand what, what the future of the web lies, let's just go back and see how we have evolved. In web one, we talked about as an user interface, the webpages were like a user interface where people used to just communicate in a one way direction and not in a, in a communicative way. And then with web 2.0, the era that we are living in the webpage became a user interaction with hardware. We shared a lot of personal data, so collecting personal data and storing them in a secured way and storing our identities in a secured way, became a concern. And there comes the secure cloud storage part. So most of the, most of the centralized authorities that our applications that we use right now in a daily life, in terms of Facebook or Gmail or Twitter, they collected terabytes of data every day and secure, secure storage is a matter of fact.
So what is the concept of web 3.0 in, in general? So in, in general, it means that we want to decentralize the power and give the power in the hand of the client. So the main reason behind decentralization is like that the content will be owned by the person who is creating the content and the right to how to use the content will be there with the person who is creating the content. And that's where, that's where the power of blockchain lies. And according to me, blockchain protocols like Ethereum, so polygon would play a, quite a big role in the way, 3.0 ecosystem. So is decentralized or way 3.0, just a concept, or we have something substantial right now. So I came across a platform called ITU that is decentralized version of the YouTube, where anybody can put their content and they have the full control over the things that they're sharing. And that's quite interesting because this is a hybridized version of decentralized wave inside wave 2.0. So we are in a process of evolution and a journey that we will reach sooner or later.
So in order to understand the potentiality of three point, oh, let's talk about the full main advantages. So the first advantages lies, as I said, like, we need the customers are in the control, and then we will try to slowly move away from the central dependency towards more decentralized method. And what, what is the core of doing everything? Is that increasing the inha, increasing the privacy and the data security because data breach and, and con censoring has become a recent problem. And since the blockchain has become a integrable part of the well 3.0, so immutability of data is a really important fact because the data should not be deleted without our consent. And that's, that's where the advantages of a 3.0. Now since the topic of the, of today's presentation is cloud storage and, and I'm interested into sharing what the future of the cloud storage looks like in with 3.0, and in the, in the last two days of the talks, I, I was, I gained a lot of knowledge regarding decentralized identities, and I realized like decentralized identities and decentralized cloud storage goes hand in hand because it's not only it is important to decentralized identities, but it is also important to know how our datas are being stored.
If we are storing data in a centralized way that we have been doing in the same, same format, then the single point of failure still lies in the same, in the same manner. So in order to understand the decentralized cloud stories, let's have a very, very simple understanding of how cloud storage works right now. For example, I want to store a file in a, in any centralized cloud storage, like Google cloud or box. So I send the file to the particular service provider. They receive the file encrypted for the purpose of security and store the servers of their central system. I do not know the location. I do not know how this, what kind of protocol they, they go through. And when I want to retrieve it, I can say that, okay, I want to retrieve my file. Please give me back. And that, that's how the very simple architecture works.
But with the contemporary story system, we have quite a lot of disadvantages. First is the cost of services quite high. If you look at the evolution, how the evolution happened, the service cost was quite high and the vulnerability remained same because we are using centralized stories. So single point of failure is one of the, one of the concerns and various kind of ransomeware attacks had been followed and which finally lead to decentral the security and privacy concerns. So is there a solution, is there a solution that we could come up and that's yes. That's the answer lies with decentralized cloud storage. So what is decentralized cloud storage? So we have a user pool. The user pool is everybody among us. And instead of storing data via centralized authority, we are actually storing data in a secure way, in different node, in different parts of the world in, in a various geographical location. So this node are actually anybody among us who had extra storage space and can store data in a secured way by following some certain protocols. And this actually gives a lot of flexibility, scalability, and power to the hand of the common people, and not only relying on a particular, particular centralized authority.
So the datas are distributed and stored across all the notes. And these notes, as I said, are storage providers that have free storage. So let's, let's have a look at how the general architecture for the decentralized cloud storage works. So I suppose have a file that I want to store. And at first I encrypt that file for security and split the file into the encrypted file into servers chunks. And then I send those chunks into different notes and none of the north will have all the chunks. That's, that's the, that's the fundamental point. And once the, once the node received those chunks, then they, each of the, each of the node generates something called the proof of storage. And the proof of storage is a proof of, is like a proof of concept that they have to generate in order to show that I'm doing the work properly. And then that the proof of storage is being stored in the blockchain. That's how the general architecture works. Now, let's look at shortly the blockchain projects that focus on the decentralized cloud storages like file coin storage, a RWA. These are all the, all the players in the storage market for web 3.2. So for Filecoin, they work on IPFS or implementary file sharing storage a is same architecture that I just mentioned earlier. And our wave works on Parma wave or creating a permanent wave, which has pro cons. And that's a debatable topic.
So IPF is mostly work on content based, addressing on which the file coin blocks and works.
Now, the second part of the talk, I will focus on the security threads that arises in decentralized crowd storages. And that's something my idea of research that I am doing right now in order to, in order to make the web 3.0, more secure and secured decentralized networking. So the first attacks that happens in most of the blockchain protocols is known as the civil attack, and I will come to that in a bit, and then there is a routing attack, and then there is a fishing attack. So what is a routing attack? The routing attack, the attacker can divide the inter blocks and protocol into two different sub networks. And that's creating a pseudo decentralized ecosystem. And that's something can happen to any blockchain networks and fishing attack is obviously not uncommon to any of us, but fishing attacks in web 3.0 is more complicated and difficult to detect.
And recently there, the Microsoft detected fishing attack known as the ice fishing attack in which there is a malicious smart contract that was sent to the client and the client on signing that on using their smart contract is logged into a digital wallet, which is not credible and belonging to that attacker. And these are the most common types of attack. But now I want my interest lies in understanding the civil attack and the word civil comes from a diagnosis done on a young lady who has multiple dissociative identity disorder. That means the same analogy can be used in the networking part, in which one of the node supposed with part who is working only, honestly, who is working honestly within the network, but suddenly started working dishonesty and become a point of failure. So this, this node started creating multiple fake notes, which do not follow the protocol, but try to pretend that they're doing the, doing the same thing, doing the work as like of an honest note.
And they started creating fake storages, which try to be a part of the network and, and create more civil notes. So these are, this is one of the challenges that could be faced into decentralized cloud storages. And this has a lot of negative impacts because if, if this notes are not detected, they can start grow more and more. And once they start grow more and more the consensus they, they can create, they can have more power or unequal power within this, within the ecosystem. And this notes are quite dangerous because this, they don't, they don't work as far the protocol and they from the proof of storage protocol. And that's why this becomes a single point of failure within the blockchain network. So what are, what are the effects of civil attack on any blockchain network? I just obviously security threat is one of them inevitably and unequal control over the network is a major problem.
And we cannot ever that. And that's, we want to bring equality. We want to give equal power to among all the people who are using the network, not creating a pseudo decentralized platform. And obviously financial loss is a evident drawback. Censorship within the network is also can be created by, by having civil notes within the, within the blockchain network. And finally it can lead if not detected and mitigated efficiently, it can lead to a civil decentralized ecosystem. So civil attacks kind of jeopardizes what we believe in, and it's quite, it ha it is, it is important as well as it is necessary at the same time that we, we look to find more efficient blocks, more efficient prevention mechanism, which could stop civil attack from happening in the first place. So there are two, there are actually two, two framework. One is mitigating civil attacks. Another is preventing. So the prevention part is like in where we do not want the civil attack to happen in the first place. And mitigating is something I'm researching on where I want to create a framework in which even if there is civil attack, they should not able to expand. And we can detect what, which, which is the parent civil note, which is creating all the, all the dishonest parties.
The final part is a bit not related to security. And I think this is another big issue that we are facing. That's called scalability, blockchain. And now from security to scalability, I will that the journey is a bit different. So why scalability is why scalability is important because one of the most difficulty that Ethereum or any blockchain protocol are having right now is it's very difficult to scale it so that more and more node can join and it becomes more usable. So why scalability is important because more north can join the network. We can generate short proofs. What by meaning short proofs is me. I will come to the, in the final slide and obviously accelerating the speed of transaction. And that is all we have been talking about in the blockchain space with E 3m 2.01. Oh. So when it comes to scalability, we have to kind of pull our cryptography hat and talk about some crypto thing. And I will end my talk with some intuition behind one scalability technique that could be implemented in the future. That's called Zika. So zero knowledge, accent, non interactive argument of knowledge. Oof. That's really big. Oh my God,
I'm confused. Right? Yeah. And so now let's break it down. Zero knowledge means I'm not going to give you knowledge about what I am sharing. That's zero knowledge. What do you mean by succinct? That means the way I'm sharing the knowledge, it should be as, as less as possible. So it's very simple. I will try to break it down in a most simplest way. I have a approver and I have a verifier. The prover wants to prove some statement, a secret, and theier wants to just verify. So the prover has a secret, but prover doesn't want to give that secret to the fire. So the prover will give some function of the secret, some form of the secret, but in which they're not giving the secret, but it also contents the secret and send it to the very fire. The very fire, do some cryptographic magic that obviously we are not going to talk here.
And then there are two outcomes. Either theier is happy or theier is not happy. And depending on that, the prover has to do the process again or succeed. So this Zar has a huge potentiality when it comes to shortening the proof. Because if you look at the blockchain, Bitcoin, blockchain size in 33, 65 GB or something like that, but so it's not pro a lightweight device, cannot use it to mining purpose. So Zar can increase the transaction speed. And finally, I want to conclude with the ongoing research since civil, there is no one frame that fixes civil attack in a decentralized cloud stories, open problem that many people in the R and D of the blockchain network is working. So I'm, I'm trying to actively find an answer towards it. And hi at the university, I'm trying to find answer towards this problem. And we are making a small step together each day to make the web 3.0 more secured. Thank you. Thank you so much.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Evolving Identity and Access Management for the Digital Era

Join Identity & Access Management experts from KuppingerCole Analysts and Broadcom as they discuss how business IT is changing, and the implications for IAM. They will define modern IAM and explain why and how IAM needs to change to support modern app development, regulatory compliance,…


Continual Access Control, Policies and Zero Trust

Trust no one, always verify. We know that Zero Trust phrase already. But this principle is rather abstract - how and where exactly should we do that? Martin sits down with Jackson Shaw, Chief Strategy Officer at Clear Skye to discuss one very important part of Zero Trust: Identity and…

Analyst Chat

Analyst Chat #154: 2022 Wrapped Up - Major Trends in IAM and Cybersecurity

Another year gone already! It's time to take a look back at 2022. Martin Kuppinger and Matthias talk about what happened in the past year and identify top trends in IAM and Cybersecurity. They go beyond technology but also look at processes and business models. By this, they also…

Webinar Recording

Unify Identity and Security to Block Identity-Based Cyber Attacks

Join security and identity experts from KuppingerCole Analysts and ARCON as they discuss the importance of securing enterprise credentials, explain why a unified identity security approach in line with Zero Trust principles improve security and efficiency, and describe how to combine…

Event Recording

The Future of Access Management: The Role of Contextual Intelligence, Verifiable Credentials, Decentralized Identity and Beyond

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00