JIA Ya-ru,LIU Xiang-yang,LIU Sheng-li

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.03.043

2012-01-01

Abstract:This paper proposes the decentralized secure distributed storage system.The privacy of data is fulfilled by the combination of public key system and symmetric key system.Symmetric key for data from different sources are different,hence encryptions can be implemented in a distributed way.The employment of decentralized erasure code,together with the distributed encryptions,makes possible the decentralization of the system.RS codes are used to store the encryption of symmetric keys,and the list decoding of RS codes ensures the robust.Analysis result shows that the computing efficiency of this system is higher.

Tianhao Wang,Yunlei Zhao

DOI: https://doi.org/10.1145/2897845.2897884

2016-01-01

Abstract:Cloud storage services such as Dropbox [1] and Google Drive [2] are becoming more and more popular. On the one hand, they provide users with mobility, scalability, and convenience. However, privacy issues arise when the storage becomes not fully controlled by users. Although modern encryption schemes are effective at protecting content of data, there are two drawbacks of the encryption-before-outsourcing approach: First, one kind of sensitive information, Access Pattern of the data is left unprotected. Moreover, encryption usually makes the data difficult to use. In this paper, we propose AIS (Access Indistinguishable Storage), the first client-side system that can partially conceal access pattern of the cloud storage in constant time. Besides data content, AIS can conceal information about the number of initial files, and length of each initial file. When it comes to the access phase after initiation, AIS can effectively conceal the behavior (read or write) and target file of the current access. Moreover, the existence and length of each file will remain confidential as long as there is no access after initiation. One application of AIS is SSE (Searchable Symmetric Encryption), which makes the encrypted data searchable. Based on AIS, we propose SBA (SSE Built on AIS). To the best of our knowledge, SBA is safer than any other SSE systems of the same complexity, and SBA is the first to conceal whether current keyword was queried before, the first to conceal whether current operation is an addition or deletion, and the first to support direct modification of files.

Yongqi Ai,Weiliang Li,Xuewei Ding,Xinyi Zhang,Qingqing Shang,Luyu Yang

DOI: https://doi.org/10.1109/iacis61494.2024.10721898

2024-01-01

Abstract:The development of cloud computing poses data security challenges to cloud storage services, and traditional encrypted storage mechanisms have shortcomings. This article proposes an integrated secure data storage system framework that uses RSA algorithm to establish encryption mechanism. Through data preprocessing and pseudocode generation, encryption and decryption are performed using modular exponentiation to ensure secure storage of data. It was found that the RSA algorithm proposed in this article only takes 52.12 seconds to encrypt 60000 pieces of data. With the continuous increase of plaintext/bytes, the RSA algorithm ciphertext always remains at 15 bytes. When the plaintext length is 250 bytes, the RSA algorithm takes 25 seconds to access and can access the entire plaintext. This system has improved the security factor of data transmission. The RSA algorithm has advantages in encryption performance, ciphertext length, access time consumption, and plaintext access security, which can effectively ensure the secure storage of data and meet the data security requirements in cloud environments.

LIN Hao-xiang,DONG Yuan,ZHANG Wei,ZHANG Su-qin,HU Chang-jun

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.01.026

2007-01-01

Abstract:Recently it has been a focus to protect personal sensitive information. Using cryptographic technique is a promising way. This paper describes the design and implementation of Waycryptic, a versatile cryptographic file system for Linux. By integrating cryptographic technique into file system level, users obtain transparent, dynamic, efficient and secure encryption function without modifying their applications. Encrypted files could be saved on any physical file system which supports extended attributes (XATTR). Waycryptic also permits encrypted files to be shared among multi users and to be easily recovered by designating an account in advance. The results of Iozone and Bonnie benchmarks show that Waycryptic is comparatively efficient and is suitable for personal or multi-user systems which require enhanced security.

Liang Xue,Dongxiao Liu,Cheng Huang,Xuemin (Sherman) Shen,Weihua Zhuang,Rob Sun,Bidi Ying

DOI: https://doi.org/10.1109/icc45855.2022.9838811

2022-01-01

Abstract:In this paper, we propose a Secure and Flexible Data Sharing (SFDS) scheme for distributed storage, where data owners can outsource their data to a distributed storage network and share the data with authorized users. To preserve confidentiality, all data are encrypted by data owners' secret keys before being outsourced, and fine-grained access policies are enforced on the encrypted data (ciphertexts) to achieve flexible data sharing. Furthermore, based on the ciphertext puncturable encryption and the hierarchical identity-based encryption, we design an efficient key and ciphertext update mechanism, which enables data owners to update their secret keys and the corresponding ciphertexts periodically to deal with side-channel attacks and system vulnerabilities. Update tokens are constructed to directly derive new keys and ciphertexts. Through detailed security analysis, it is demonstrated that SFDS can achieve all three essential security properties, i.e., forward security, post-compromise security, and collusion attack resistance.

Jiwu Shu,Zhirong Shen,Wei Xue

DOI: https://doi.org/10.1016/j.jpdc.2014.06.003

IF: 4.542

2014-01-01

Journal of Parallel and Distributed Computing

Abstract:With the increasing amount of personal data stored in public storage, users are losing control of their physical data, putting their data information at risk of theft or being compromised. Traditional secure storage systems either require users to completely trust the storage provider or impose the considerable burden of managing files on file owners; such systems are inapplicable in the practical cloud environment. This paper addresses these challenging problems by proposing a new secure system architecture and implementing a stackable secure storage system named Shield, in which a proxy server is introduced to be in charge of authentication and access control. We propose a new variant of the Merkle Hash Tree to support efficient integrity checking and file content update; further, we have designed a hierarchical key organization to achieve convenient keys management and efficient permission revocation. Shield supports concurrent write access by employing a virtual linked list; it also provides secure file sharing without any modification to the underlying file systems. A series of evaluations over various real benchmarks show that Shield causes about 7%∼13% performance degradation when compared with eCryptfs but provides enhanced security for user’s data.

Shengmin Xu,Xingshuo Han,Guowen Xu,Jianting Ning,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tsc.2023.3321314

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Cloud computing is the widespread acceptance of a promising paradigm offering a substantial amount of storage and data services on demand. To preserve data confidentiality, many cryptosystems have been introduced. However, current solutions are incompatible with the resource-constrained end-devices because of a variety of vulnerabilities in terms of practicality and security. In this article, we propose a practical and secure data-sharing system by introducing a new design of attribute-based encryption with verifiable outsourced decryption-attribute-based encryption (VO-ABE for short). Our system offers: (1) data sharing at a fine-grained level; (2) a scalable key issuing protocol without any secure channel; (3) a verifiable outsourced decryption mechanism for resource-constrained end-devices against the malicious cloud service provider; and (4) adaptive security against the real-world attacks. To formalize our solution with cryptographic analysis, we present the formal definition of VO-ABE and its concrete construction with provable security. In particular, our design leverages the techniques of the traditional ABE, verifiable outsourced decryption, and randomness extractor to support fine-grained access control, cost-effective data sharing, and security assurance with high entropy. Moreover, our design is provably secure in the adaptive model under the standard assumption, which offers a stronger security guarantee since the state-of-the-art solution is selectively secure under the non-standard assumption and suffers from a variety of real-world attacks. The implementation and evaluation demonstrate that our solution enjoys superior functionality and better performance than the relevant solutions. More importantly, our solution is compatible with the resource-constrained end-devices since the decryption mechanism takes around 1.1 ms and is 22.7x faster than the state-of-the-art solution.

ZHAO Xiu-wen,LUO Ping,CHEN Qiang,ZHANG Ning

2006-01-01

Abstract:How to provide stronger and more flexible security protections for file systems is one important part of secure file systems research.Based LDAP and SSH protocol,the distributed secure file system is designed.The model,principle and security analysis of distributed secure file system are introduced.

Yang Jianxin

DOI: https://doi.org/10.3969/j.issn.2095-2783.2011.04.003

2011-01-01

Abstract:Many access control mechanisms are employed in modern operating system to safeguard confidentiality and integrity of data.However,if malicious users can get around these mechanisms,then these mechanisms will be useless.Cryptographic technology should be applied to add a last line of defense.Encrypted file system is one of the important methods,and the storage of file key has top priority in encrypted file system.However,current storage methods of file key cannot satisfy the need of expansibility.A storage method of file key based on extended file attribute is proposed.By implementing this method in ext2 file system we can see that it can be easily integrated into current file systems and satisfy the efficiency requirement of data encryption.

Yuxiang Chen,Guishan Dong,Chunxiang Xu,Yao Hao,Yue Zhao

DOI: https://doi.org/10.3390/s23208526

IF: 3.9

2023-10-18

Sensors

Abstract:In this paper, we propose a user-friendly encrypted storage scheme named EStore, which is based on the Hadoop distributed file system. Users can make use of cloud-based distributed file systems to collaborate with each other. However, most data are processed and stored in plaintext, which is out of the owner's control after it has been uploaded and shared. Meanwhile, simple encryption guarantees the confidentiality of uploaded data but reduces availability. Furthermore, it is difficult to deal with complex key management as there is the problem whereby a single key encrypts different files, thus increasing the risk of leakage. In order to solve the issues above, we put forward an encrypted storage model and a threat model, designed with corresponding system architecture to cope with these requirements. Further, we designed and implemented six sets of protocols to meet users' requirements for security and use. EStore manages users and their keys through registration and authentication, and we developed a searchable encryption module and encryption/decryption module to support ciphertext retrieval and secure data outsourcing, which will only minimally increase the calculation overhead of the client and storage redundancy. Users are invulnerable compared to the original file system. Finally, we conducted a security analysis of the protocols to demonstrate that EStore is feasible and secure.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jing Tian,Zhi Yang,Yafei Dai

2006-01-01

Abstract:Though conventional block cipher is widely used in Peer-to-Peer storage systems, it is insufficient to ensure the confidentiality of long-term archive data because of the inherent Peer-to-Peer storage vulnerability that data is stored on other untrusted peers. There are two potential security weak spots: (1) sensitive data may be exposed from the encrypted data stored on an adversary peer when the weakness of block cipher is discovered or there is a leakage of secret key; (2) even when a user realizes the security threats, he/she cannot destroy the encrypted data stored on an adversary peer to minimizing the loss. This paper proposes a novel secure erasure code (SEC) scheme to solve the above security problems. The SEC scheme encodes the sensitive data into several fragments, and then stores the fragments onto different peers. In theory, SEC ensures unconditional confidentiality at the fragment level, which means that an adversary cannot obtain any portion of sensitive data from local stored encrypted fragment even if he/she has the secret key and infinite computation power. By leveraging the large scale property of Peer-to-Peer systems, SEC further makes it infeasible for the adversary to collect enough fragments for decrypting. SEC can be used alone or together with block cipher to solve these potential security problems. The performance results show that the SEC scheme is practical for the real-world applications.

Xiangguo Li,JianHua Yang,Zhaohui Wu

DOI: https://doi.org/10.1007/11576259_15

2005-01-01

Abstract:This paper presents a security scheme for network-attached storage based on NFSv4 frame. One novel aspect of our system is that it enhances NFSv4 to guarantee the security of storage. Another novel feature is that we develop new user authentication mechanism which outperforms Kerberos. It uses HMAC and the symmetric cryptography to provide the integrity and privacy of transmitted data. The system includes three essential procedures: authenticating user, establishing security context and exchanging data. Our scheme can protect data from tampering, eavesdropping and replaying attacks, and it ensures that the data stored on the device is copy-resistant and encrypted. In spite of this level of security, the scheme does not impose much performance overhead. Our experiments show that large sequential reads or writes with security impose performance expense by 10-20%, which is much less than some other security systems.

Hsiao-Ying Lin,Wen-Guey Tzeng

DOI: https://doi.org/10.1109/tpds.2011.252

IF: 5.3

2012-06-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:A cloud storage system, consisting of a collection of storage servers, provides long-term storage services over the Internet. Storing data in a third party's cloud system causes serious concern over data confidentiality. General encryption schemes protect data confidentiality, but also limit the functionality of the storage system because a few operations are supported over encrypted data. Constructing a secure storage system that supports multiple functions is challenging when the storage system is distributed and has no central authority. We propose a threshold proxy re-encryption scheme and integrate it with a decentralized erasure code such that a secure distributed storage system is formulated. The distributed storage system not only supports secure and robust data storage and retrieval, but also lets a user forward his data in the storage servers to another user without retrieving the data back. The main technical contribution is that the proxy re-encryption scheme supports encoding operations over encrypted messages as well as forwarding operations over encoded and encrypted messages. Our method fully integrates encrypting, encoding, and forwarding. We analyze and suggest suitable parameters for the number of copies of a message dispatched to storage servers and the number of storage servers queried by a key server. These parameters allow more flexible adjustment between the number of storage servers and robustness.

computer science, theory & methods,engineering, electrical & electronic

H Han,YF Dai,XM Li

DOI: https://doi.org/10.1002/cpe.839

2005-01-01

Concurrency and Computation Practice and Experience

Abstract:The CSFS (cryptographic storage file system) is a network file storage system that is suitable for a small‐to‐medium sized networks such as a campus network. In a CSFS, a lot of distributed file servers are organized in a star‐liked architecture. File names are stored in a name server and file data are stored in distributed file servers. A CSFS has good scalability and is able to accommodate hundreds of file servers. We implemented a CSFS in pure Java and tested the system with a benchmark. The test results show that CSFS delivers acceptable performance for general file operations. Its performance of file upload and download is as efficient as FTP. It can support more than 450 concurrent online users. Copyright © 2005 John Wiley & Sons, Ltd.

Xiong Li,Saru Kumari,Jian Shen,Fan Wu,Caisen Chen,SK Hafizul Islam

DOI: https://doi.org/10.1007/s11277-016-3742-6

IF: 2.017

2016-01-01

Wireless Personal Communications

Abstract:Cloud storage is a new storage mode emerged along with the development of cloud computing paradigm. By migrating the data to cloud storage, the consumers can be liberated from building and maintaining the private storage infrastructure, and they can enjoy the data storage service at anywhere and anytime with high reliability and a relatively low cost. However, the security and privacy risks, especially the confidentiality and integrity of data seem to be the biggest hurdle to the adoption of the cloud storage applications. In this paper, we consider the secure data access and sharing issues for cloud storage services. Based on the intractability of the discrete logarithm problem, we design a secure data access and data sharing scheme for cloud storage, where we utilize the user authentication scheme to deal with the data access problem. According to our analysis, through our scheme, only valid user with the correct password and biometric can access to the cloud storage provider. Besides, the authorized users can access the rightful resources and verify the validity of the shared data, but cannot transfer the permission to any other party. At the same time, the confidentiality and integrity of data can be guaranteed.

Jie Lin,Yunliang Zhang,Zhiyong Tan,Yiqi Dai

2009-01-01

Abstract:The paper proposes a novel secure distributed disk system. By dynamically exploiting file-system semantics of on-disk data blocks and sensing activities of the local file system, the disk system can be integrated with the current file systems seamlessly without changing the standard block interface between them and can efficiently manage accesses to the files from multiple hosts. And the disk system adopts a new data distribution scheme to ensure confidentiality, reliability and availability of data, and a credibility evaluation strategy to prevent some attacks from malicious clients and data servers.

Xu Guodong,Bai Yingcai

DOI: https://doi.org/10.3969/j.issn.1007-757X.2006.05.020

2006-01-01

Abstract:In this paper, we firstly introduce a symmetric algorithm Crypto system and Public Key Cryptosystem with the Key Management. Then we propose an Encrypted File System under Windows, and analyze its availability and security.

ZHANG Hong,LU Songfeng,ZHAO Youqiao,XU Yongkang,HU Heping

DOI: https://doi.org/10.3778/j.issn.1002-8331.2012.18.015

2012-01-01

Abstract:Security file-slice storage system uses file-slice storage and file-slice encryption techniques.File data adopts slice storage strategy,stores in different nodes of file system in order to enhance data transmission efficiency and data security.Slice storage strategy is based on patch availability model,and concrete storage strategy is designed by analysing the effect of three factors M,P and R of model on file availability,and the storage scheme is designed.With the purpose of ensuring file data security,data-slice encryption scheme is adopted according to the features of file-slice storage,and the generation of secret key is designed.Moreover,the performance of the presented model is analyzed through experiments.

Wei-Ting Lu,Wei Wu,Shih-Ya Lin,Min-Chi Tseng,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-319-46298-1_19

2016-01-01

Abstract:Nowadays the cloud security becomes a significant issue: while the single user keyword search on encrypted data has been proposed, encrypting files before uploading scarifies the advantage of the convenience of sharing data with others on the cloud. We design a searchable encryption for the multi-user case. We combine the advantage of efficiency of the symmetric encryption with authentication of the asymmetric encryption to provide a secure and efficient system of shareable keyword search on encrypted data.

Guoyou Chen,Jiajia Miao,Feng Xie,Handong Mao

DOI: https://doi.org/10.4028/www.scientific.net/amm.278-280.1767

2013-01-01

Applied Mechanics and Materials

Abstract:Cloud computing has been a hot researching area of computer network technology, since it was proposed in 2007. Cloud computing also has been envisioned as the next-generation architecture of IT Enterprise [1]. Cloud computing infrastructures enable companies to cut costs by outsourcing computations on-demand. It moves the application software and database to the large data centers, where the management of the data and services may not be fully trustworthy [2]. This poses many new security challenges. In this paper, we just focus on data storage security in the cloud, which has been the most important aspect of quality of service. To ensure the confidentiality and integrity of user's data in the cloud, and support of data dynamic operations, such as modification, insertion and deletion, we propose a framework for storage security, which includes cryptographic storage scheme and data structure. With our framework, the untrusted server cannot learn anything about the plaintext, and the dynamic operation can be finished in short time. The encryption algorithm and data storage structure is simple, and it's easy to maintain. Hence, our framework is practical to use today.