Liang Xue,Dongxiao Liu,Cheng Huang,Xuemin (Sherman) Shen,Weihua Zhuang,Rob Sun,Bidi Ying

DOI: https://doi.org/10.1109/icc45855.2022.9838811

2022-01-01

Abstract:In this paper, we propose a Secure and Flexible Data Sharing (SFDS) scheme for distributed storage, where data owners can outsource their data to a distributed storage network and share the data with authorized users. To preserve confidentiality, all data are encrypted by data owners' secret keys before being outsourced, and fine-grained access policies are enforced on the encrypted data (ciphertexts) to achieve flexible data sharing. Furthermore, based on the ciphertext puncturable encryption and the hierarchical identity-based encryption, we design an efficient key and ciphertext update mechanism, which enables data owners to update their secret keys and the corresponding ciphertexts periodically to deal with side-channel attacks and system vulnerabilities. Update tokens are constructed to directly derive new keys and ciphertexts. Through detailed security analysis, it is demonstrated that SFDS can achieve all three essential security properties, i.e., forward security, post-compromise security, and collusion attack resistance.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/iwqos.2009.5201385

2009-01-01

Abstract:Cloud computing has been envisioned as the next-generation architecture of IT enterprise. In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, however, poses many new security challenges which have not been well understood. In this article, we focus on cloud data storage security, which has always been an important aspect of quality of service. To ensure the correctness of users' data in the cloud, we propose an effective and flexible distributed scheme with two salient features, opposing to its predecessors. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server (s). Unlike most prior works, the new scheme further supports secure and efficient dynamic operations on data blocks, including: data update, delete and append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

K. L. Neela

DOI: https://doi.org/10.1002/ett.70016

IF: 3.6

2024-11-08

Transactions on Emerging Telecommunications Technologies

Abstract:ABSTRACT With the increasing trend of outsourcing data to cloud services, ensuring data security and privacy has become crucial. Typically, data are stored on cloud servers in encrypted form to mitigate risks. However, accessing the encrypted data requires an access key distributed by a third party. If this third party is untrustworthy, it poses a significant security threat to the system. To address this challenge, we propose a Decentralized Secure Data Outsourcing System (DSDOS) that uses blockchain technology to ensure data security and privacy. The DSDOS system comprises three modules: data security and privacy, access control and authorization, and data integrity and availability. The data security and privacy module uses a hybrid encryption scheme that combines Advanced Encryption Standard (AES), partially homomorphic encryption (PHE), and Diffie–Hellman (DH) to ensure secure data storage and access. The access control and authorization module uses a blockchain‐based smart contract system to manage access to the encrypted data. The data integrity and availability module uses hash‐based message authentication code (HMAC) to ensure that the data are not tampered with and is always available. We conducted a security and performance analysis of the DSDOS system and found that it outperforms previous schemes in terms of security and performance. The DSDOS system is a secure and privacy‐preserving data outsourcing system that can be used to mitigate the security risks associated with traditional cloud storage systems.

telecommunications

Jianbing Ni,Xiaodong Lin,Kuan Zhang,Yong Yu,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/iccchina.2016.7636866

2016-01-01

Abstract:With the proliferation of cloud storage, outsourced data transfer becomes an essential requirement for users to migrate their outsourced data from one cloud to another. However, data confidentiality and integrity are big concerns for users when their data are migrating between two semi-honest clouds. In this paper, we propose a secure outsourced data transfer scheme (SODT) to achieve secure data migration in cloud storage. SODT allows users to migrate the remote data from one cloud to another without retrieving the data from the former cloud, such that the data confidentiality and integrity can be achieved during this process. In addition, the cloud can perform secure data erasure after the data are migrated by utilizing the proxy re-encryption technique. Finally, we discuss the security properties including confidentiality and integrity of SODT, and demonstrate its efficiency in terms of the computational and communication overhead.

Cai Liang,Yang Xiao-hu,Dong Jin-xiang

DOI: https://doi.org/10.1631/jzus.2003.0287

2003-01-01

Journal of Zhejiang University SCIENCE A

Abstract:Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

Qingni Shen,Lizhe Zhang,Xin Yang,Yahui Yang,Zhonghai Wu,Ying Zhang

DOI: https://doi.org/10.1109/dasc.2011.114

2011-01-01

Abstract:With the development of cloud computing, cloud security issues have recently gained traction in the research community. Although much of the efforts are focused on securing the operation system and virtual machine, or securing data storage inside a cloud system, this paper takes an alternative perspective to cloud security-the security of data migration between different clouds. First, we describe some threats when we are doing data migration. Second, we propose a security mechanism to deal with the security issues on data migration from one cloud to another. Third, we design a prototype to give the mechanism a brief implementation based on HDFS (Hadoop Distributed File System) and we do a series of tests to evaluate our prototype. Here, the solutions to securing data migration between clouds mainly involve in SSL negotiation, migration ticket design and block encryption in distributed file system and cluster parallel computing.

Qingshui Xue,Chenglong Tan

DOI: https://doi.org/10.1109/iciibms60103.2023.10347872

2023-01-01

Abstract:As the demand for cloud storage continues to grow, both individual users and enterprises are storing their data on cloud servers. However, cloud storage providers' servers are often semi-trusted, leading to frequent occurrences of data leaks in recent years. Currently, searchable encryption is an effective solution to safeguard data stored in the cloud. However, traditional searchable encryption is not well-suited for large-scale data and multiple users in cloud storage, as it results in low retrieval efficiency and consumes substantial resources.To address these issues, this paper proposes a distributed cloud storage solution using dynamic searchable encryption. The data stored in the cluster is verified and partitioned using the consistent hashing algorithm, avoiding single point failures and data loss in the index. The scheme utilizes multi-gate distribution to achieve efficient and parallel keyword retrieval, ensuring secure data searches and implementing a distributed storage system that is efficient, scalable, and load-balanced in a distributed environment.This approach primarily focuses on striking a balance between security, retrieval efficiency, and query accuracy. It achieves secure data storage and retrieval while ensuring high performance and accuracy in a distributed setting.

Jingting Xue,Chunxiang Xu,Lanhua Bai

DOI: https://doi.org/10.1016/j.future.2019.04.022

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:In this article, we propose a distributed outsourced data storage and retrieval system named DStore, which is constructed in a peer-to-peer networking environment. Peers (data owners) can rent the local idle disk space and large bandwidth of other peers (lessors) to store personal data and achieve fine-grained data retrieval in a distributed manner without the burden of local storage and maintenance. However, after data outsourcing, data owners no longer have physical possession of the data and face the risk of not being able to efficiently access the data. To solve the above issues, DStore employs smart contracts to audit the integrity of the outsourced data and develop a multikeyword retrieval module to support efficient access by data owners. In DStore, smart contracts can efficiently audit outsourced data without additional communication overhead for data owners; smart contracts and lessors do not compromise the privacy of data owners. Finally, we conduct an extensive security and performance analysis to ensure that DStore is secure and feasible.

Ming Hu,Minghua Jiang

2008-01-01

Abstract:A performance-optimizing dependable virtual storage scheme is proposed to improve both the data-accessing performance and availability for distributed storage systems to meet user's different requirements. The storage system improves the storage security by encrypting command message between servers and storage nodes. It also provides the two-level address-mapping and request-decomposing computation to hide the implementation of storage nodes, to increase the capability of distributed computation, and to implement two types of storage layout. The scheme takes not only both homo- and hetero-geneous storage nodes into account, but also protect the integrity of the storage system behaviors based on distributed environments.

Cong Wang,Qian Wang,Kui Ren,Ning Cao,Wenjing Lou

DOI: https://doi.org/10.1109/tsc.2011.24

IF: 11.019

2011-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. Though the benefits are clear, such a service is also relinquishing users' physical possession of their outsourced data, which inevitably poses new security risks toward the correctness of the data in cloud. In order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphic token and distributed erasure-coded data. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost. The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of misbehaving server. Considering the cloud data are dynamic in nature, the proposed design further supports secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append. Analysis shows the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

Parinya Suwansrikham,She Kun,Shaukat Hayat,Jehoiada Jackson

DOI: https://doi.org/10.3390/info11060303

2020-01-01

Information

Abstract:Due to the advancement of technology, devices generate huge working files at a rapid rate. These data, which are of considerable scale and are created very fast, can be called big data. Keeping such files in one storage device is impossible. Therefore, a large file size is recommended for storage in a cloud storage service. Although this concept is a solution to solve the storage problem, it still faces challenges in terms of reliability and security. The main issues are the unreliability of single cloud storage when its service is down, and the risk of insider attack from the storage service. Therefore, this paper proposes a file sharing scheme that increases both the reliability of the file fragments using a multi-cloud storage system and decreases the risk from insider attack. The dew computing concept is used as a contributor to the file-sharing scheme. The working file is split into fragments. Each fragment is deployed to cloud storage services, one fragment per one cloud provider manner. The dew server controls users' access and monitors the availability of fragments. Finally, we verify the proposed scheme in aspects of the downloading performance, and security.

Dong Yang,Wei-Tek Tsai

DOI: https://doi.org/10.3390/e26080690

2024-08-15

Abstract:In recent years, with the rapid development of blockchain technology, the issues of storage load and data security have attracted increasing attention. Due to the immutable nature of data on the blockchain, where data can only be added and not deleted, there is a significant increase in storage pressure on blockchain nodes. In order to alleviate this burden, this paper proposes a blockchain data storage strategy based on a hot and cold block mechanism. It employs a block heat evaluation algorithm to assess the historical and correlation-based heat indicators of blocks, enabling the identification of frequently accessed block data for storage within the blockchain nodes. Conversely, less frequently accessed or "cold" block data are offloaded to cloud storage systems. This approach effectively reduces the overall storage pressure on blockchain nodes. Furthermore, in applications such as healthcare and government services that utilize blockchain technology, it is essential to encrypt stored data to safeguard personal privacy and enforce access control measures. To address this need, we introduce a blockchain data encryption storage mechanism based on threshold secret sharing. Leveraging threshold secret sharing technology, the encryption key for blockchain data is fragmented into multiple segments and distributed across network nodes. These encrypted key segments are further secured through additional encryption using public keys before being stored. This method serves to significantly increase attackers' costs associated with accessing blockchain data. Additionally, our proposed encryption scheme ensures that each block has an associated encryption key that is stored alongside its corresponding block data. This design effectively mitigates vulnerabilities such as weak password attacks. Experimental results demonstrate that our approach achieves efficient encrypted storage of data while concurrently reducing the storage pressure experienced by blockchain nodes.

Keke Gai,Meikang Qiu,Hui Zhao

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids.2016.68

2016-01-01

Abstract:Implementing cloud computing empowers numerous paths to Web-based computing service offerings for meeting diverse needs. However, cloud data security and privacy information protection have also become a critical issue restraining the cloud applications. One of the major concerns in security is that cloud operators will have a chance to reach sensitive data, which dramatically increases users' anxiety and reduces the adoptability of cloud computing in many fields, such as the financial industry and governmental agencies. This paper focuses on this issues and proposes a novel approach that can efficiently split the file and separately store the data in the distributed cloud servers, in which the data cannot be directly reached by cloud service operators. The proposed scheme is entitled as Security-Aware Efficient Distributed Storage (SAEDS) model, which is mainly supported by the proposed algorithms, named Secure Efficient Data Distributions (SED2) Algorithm and Efficient Data Conflation (EDCon) Algorithm. Our experimental evaluations have assessed both security and efficiency performances.

Xiong Li,Saru Kumari,Jian Shen,Fan Wu,Caisen Chen,SK Hafizul Islam

DOI: https://doi.org/10.1007/s11277-016-3742-6

IF: 2.017

2016-01-01

Wireless Personal Communications

Abstract:Cloud storage is a new storage mode emerged along with the development of cloud computing paradigm. By migrating the data to cloud storage, the consumers can be liberated from building and maintaining the private storage infrastructure, and they can enjoy the data storage service at anywhere and anytime with high reliability and a relatively low cost. However, the security and privacy risks, especially the confidentiality and integrity of data seem to be the biggest hurdle to the adoption of the cloud storage applications. In this paper, we consider the secure data access and sharing issues for cloud storage services. Based on the intractability of the discrete logarithm problem, we design a secure data access and data sharing scheme for cloud storage, where we utilize the user authentication scheme to deal with the data access problem. According to our analysis, through our scheme, only valid user with the correct password and biometric can access to the cloud storage provider. Besides, the authorized users can access the rightful resources and verify the validity of the shared data, but cannot transfer the permission to any other party. At the same time, the confidentiality and integrity of data can be guaranteed.

D. Dhinakaran,D. Selvaraj,N. Dharini,S. Edwin Raja,C. Sakthi Lakshmi Priya

2024-07-09

Abstract:The intersection of cloud computing, blockchain technology, and the impending era of quantum computing presents a critical juncture for data security. This research addresses the escalating vulnerabilities by proposing a comprehensive framework that integrates Quantum Key Distribution (QKD), CRYSTALS Kyber, and Zero-Knowledge Proofs (ZKPs) for securing data in cloud-based blockchain systems. The primary objective is to fortify data against quantum threats through the implementation of QKD, a quantum-safe cryptographic protocol. We leverage the lattice-based cryptographic mechanism, CRYSTALS Kyber, known for its resilience against quantum attacks. Additionally, ZKPs are introduced to enhance data privacy and verification processes within the cloud and blockchain environment. A significant focus of this research is the performance evaluation of the proposed framework. Rigorous analyses encompass encryption and decryption processes, quantum key generation rates, and overall system efficiency. Practical implications are scrutinized, considering factors such as file size, response time, and computational overhead. The evaluation sheds light on the framework's viability in real-world cloud environments, emphasizing its efficiency in mitigating quantum threats. The findings contribute a robust quantum-safe and ZKP-integrated security framework tailored for cloud-based blockchain storage. By addressing critical gaps in theoretical advancements, this research offers practical insights for organizations seeking to secure their data against quantum threats. The framework's efficiency and scalability underscore its practical feasibility, serving as a guide for implementing enhanced data security in the evolving landscape of quantum computing and blockchain integration within cloud environments.

Cryptography and Security

Fangyong Hou,Dawu Gu,Nong Xiao,Yuhua Tang

DOI: https://doi.org/10.1109/NAS.2008.48

2008-01-01

Abstract:Storage systems are more distributed and more subject to attacks. Cryptographic file system gives a promising way to mitigate the danger of exposing data by using encryption and integrity protection methods and guarantee end-to-end security to clients. This paper describes SRSAE, a generic approach to cryptographic file system, as well as its realization in a distributed data storage environment. SRSAE applies authenticated encryption to each data block transferred between clients and the remote block devices. It provides strong data confidentiality and integrity protections through trusted IV (Initialization Vector) and MAC (Message Authentication Code) comparison. Performance is optimized by buffering IV and MAC locally. Integration into original file system is presented with specific implementation. Related model, approach and system realization are elaborated, as well as testing results. Theoretical analysis and experimental simulations show that it is a practical and available way to build secure network storage system.

Shengmin Xu,Xingshuo Han,Guowen Xu,Jianting Ning,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tsc.2023.3321314

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Cloud computing is the widespread acceptance of a promising paradigm offering a substantial amount of storage and data services on demand. To preserve data confidentiality, many cryptosystems have been introduced. However, current solutions are incompatible with the resource-constrained end-devices because of a variety of vulnerabilities in terms of practicality and security. In this article, we propose a practical and secure data-sharing system by introducing a new design of attribute-based encryption with verifiable outsourced decryption-attribute-based encryption (VO-ABE for short). Our system offers: (1) data sharing at a fine-grained level; (2) a scalable key issuing protocol without any secure channel; (3) a verifiable outsourced decryption mechanism for resource-constrained end-devices against the malicious cloud service provider; and (4) adaptive security against the real-world attacks. To formalize our solution with cryptographic analysis, we present the formal definition of VO-ABE and its concrete construction with provable security. In particular, our design leverages the techniques of the traditional ABE, verifiable outsourced decryption, and randomness extractor to support fine-grained access control, cost-effective data sharing, and security assurance with high entropy. Moreover, our design is provably secure in the adaptive model under the standard assumption, which offers a stronger security guarantee since the state-of-the-art solution is selectively secure under the non-standard assumption and suffers from a variety of real-world attacks. The implementation and evaluation demonstrate that our solution enjoys superior functionality and better performance than the relevant solutions. More importantly, our solution is compatible with the resource-constrained end-devices since the decryption mechanism takes around 1.1 ms and is 22.7x faster than the state-of-the-art solution.

Jananya Sivakumar,Sannasi Ganapathy

DOI: https://doi.org/10.1007/s11277-023-10813-6

IF: 2.017

2024-01-31

Wireless Personal Communications

Abstract:One of the most flamboyant technological novelties of today's world is cloud computing, which has been fuelled by the increase in the number of smart devices across the internet. With the continuous advancement in the technical field, cloud computing has played a significant role in enabling the user to share, store and retrieve data from anywhere at any time. The involvement of many users in cloud computing, questions the security of the data present on the cloud. Existing features in cloud security are vulnerable to potential risks including lack of confidentiality, integrity, and authentication. In this paper, we propose a new data security mechanism using newly proposed hybrid encryption system (HES) and quantum key distribution (QKD) for secured data communication in cloud networks. The newly proposed HES uses the standard cryptographic algorithms namely AES and RSA for performing effective encryption and decryption processes. The newly proposed QKD is ensured the secured data communications by generating and distributing the reliable keys to the authorized users. Moreover, the novelty is introduced in the suggested model ensures reliable distribution of keys among the users and in turn preserves the data through secure hybrid encryption. At the end, the scrutiny of the proposed system proves that it is preferable that the existing models in terms of secure communication, reliability and performance.

telecommunications

LI Dong,GUO Jin,ZHANG JIZHENG,JIA Huibo

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.11.066

2005-01-01

Abstract:Security mechanisms for survivability used in current storage systems are divided into two classes, including distributed data copies on wide scale and self-security storage devices. The data center now this paper deploys employs the method resembling the latter, which sets up access patterns database to identify possible attacks. The paper predicts as storage device becomes more intelligent self-security storage device and combination of different security mechanisms will direct the development of survivable storage system.

Chenggang Wu,Yongbiao Chen,Zhengwei Qi,Haibing Guan

DOI: https://doi.org/10.1016/j.sysarc.2022.102441

IF: 5.836

2022-01-01

Journal of Systems Architecture

Abstract:The evolving edge and IoT devices collect and process massive data and need tremendous storage space for those data. It is more efficient and reliable to establish a distributed storage system for their storage need. However, the conventional erasure codes used in distributed storage are designed for reliable data centers. Edge and IoT devices are highly vulnerable and unreliable. The conventional distributed storage systems cannot prevent malicious attackers and require very high redundancy in wild environments. This paper presents DSPR, a new decentralized distributed storage system with proof of replication for edge and IoT devices. By providing the cryptographic proofs of stored data, the system can actively find the data corruption and recover the data before it is unrecoverable in vulnerable environments. Therefore, we can apply high efficient coding schemes with low storage redundancy. Our LDPC coding achieves about 6x encoding and 20x recovering speedup than Intel ISA-L. With an IoT device Xavier AGX, the system can prove over 180GB of data per day to securely store the data, which is about 4x faster than public auditing schemes with an even stronger threat model that every device in the network can be malicious.