DLoc: Distributed Auditing for Data Location Compliance in Cloud

The prevalence of mobile devices and their capability to access high speed Internet has transformed them into a portable pocket cloud interface. In order to protect user's privacy, the European Union Data Protection regulations restricts the transfer of European users' personal data within the geographical boundaries of the European Union itself. The matter of concern, however, is the enforcement of such regulations. Since cloud service provision is independent of physical location and data can travel to various servers, it is a challenging task to determine the location of data and enforce jurisdiction policies. In this paper we introduce a framework, named DLoc, which enables the end-users to track the location of their data after being transferred to the cloud. DLoc does not require a network of monitoring servers (landmarks) and does not need to reside and run within the target server. It uses a proof of data possession technique to guarantee that the cloud storage service possess the particular file and estimates its location(s) in a distributed manner without requiring the collaboration of the data controller or cloud provider. Empirical evaluations demonstrate that DLoc provides a better accuracy than its rival approaches in real world scenarios.