Xiao Zhang,Hong-tao Du,Jian-quan Chen,Yi Lin,Lei-jie Zeng

DOI: https://doi.org/10.1109/ncis.2011.64

2011-01-01

Abstract:The cost of maintain a data center is increasing rapidly, especially for the medium data center. An economic choice is to use cloud computing and cloud storage instead of manage data center by itself. Small companies buy compute and storage service just like water and electronic. The difficulty is how to ensure their data safe in cloud storage. Cloud storage provider claims that they can protect the data, but no one believes them. In this paper, we present a framework to ensure data security in cloud storage system. In the framework, we use SLA as the common standard between user and provider. And we discuss several technologies to make the data stored in cloud safe. These technologies can be divided into three parts: storage protect, transfer protect and authorize.

Huifeng Wang,Zhanhuai Li,Xiaonan Zhao,Chanying Qi

DOI: https://doi.org/10.1109/SOLI.2013.6611386

2013-01-01

Abstract:Cloud storage offers great convenience to users. However, the data security concerns may impede cloud storage wide adoption. Although there are many schemes to solve the problem, they mostly focus on an aspect of data security. They have not a detailed discussion about the data security in cloud. In this paper, we proposed approach provides a scheme to allow users to check the integrity of their data in the cloud. We also present the performance criteria about the scheme, which can help the researchers to optimize their mechanism efficiently and effectively. The scheme is lightweight, efficient and robust.

Haifeng Li,Caihui Lan,Xingbing Fu,Caifen Wang,Fagen Li,He Guo

DOI: https://doi.org/10.3390/s20174720

IF: 3.9

2020-01-01

Sensors

Abstract:With the explosion of various mobile devices and the tremendous advancement in cloud computing technology, mobile devices have been seamlessly integrated with the premium powerful cloud computing known as an innovation paradigm named Mobile Cloud Computing (MCC) to facilitate the mobile users in storing, computing and sharing their data with others. Meanwhile, Attribute Based Encryption (ABE) has been envisioned as one of the most promising cryptographic primitives for providing secure and flexible fine-grained “one to many” access control, particularly in large scale distributed system with unknown participators. However, most existing ABE schemes are not suitable for MCC because they involve expensive pairing operations which pose a formidable challenge for resource-constrained mobile devices, thus greatly delaying the widespread popularity of MCC. To this end, in this paper, we propose a secure and lightweight fine-grained data sharing scheme (SLFG-DSS) for a mobile cloud computing scenario to outsource the majority of time-consuming operations from the resource-constrained mobile devices to the resource-rich cloud servers. Different from the current schemes, our novel scheme can enjoy the following promising merits simultaneously: (1) Supporting verifiable outsourced decryption, i.e., the mobile user can ensure the validity of the transformed ciphertext returned from the cloud server; (2) resisting decryption key exposure, i.e., our proposed scheme can outsource decryption for intensive computing tasks during the decryption phase without revealing the user’s data or decryption key; (3) achieving a CCA security level; thus, our novel scheme can be applied to the scenarios with higher security level requirement. The concrete security proof and performance analysis illustrate that our novel scheme is proven secure and suitable for the mobile cloud computing environment.

Xin Dong,Jiadi Yu,Yanmin Zhu,Yingying Chen,Yuan Luo,Minglu Li

DOI: https://doi.org/10.1016/j.cose.2015.01.003

IF: 5.105

2015-01-01

Computers & Security

Abstract:Cloud storage services enable users to remotely store their data and eliminate excessive local installation of software and hardware. There is an increasing trend of outsourcing enterprise data to the cloud for efficient data storage and management. However, this introduces many new challenges toward data security. One critical issue is how to enable a secure data collaboration service including data access and update in cloud computing. A data collaboration service is to support the availability and consistency of the shared data among multi-users. In this paper, we propose a secure, efficient and scalable data collaboration scheme SECO. In SECO, we employ a multi-level hierarchical identity based encryption (HIBE) to guarantee data confidentiality against untrusted cloud. This paper is the first attempt to explore secure cloud data collaboration services that precludes information leakage and enables a one-to-many encryption paradigm, data writing operation and fine-grained access control simultaneously. Security analysis indicates that the SECO is semantically secure against adaptive chosen ciphertext attacks (IND-ID-CCA) in the random oracle model, and enforces fine-grained access control, collusion resistance and backward secrecy. Extensive performance analysis and experimental results show that SECO is highly efficient and has only low overhead on computation, communication and storage.

LIU Jianwei,QIU Xiufeng,LIU Jianhua

DOI: https://doi.org/10.3969/j.issn.1009-6868.2012.03.012

2012-01-01

Abstract:In this paper,we emphasize the necessity of designing a secure cloud computing architecture for mobile Internet.We analyze cloud computing security risks and secure architectures and propose a general secure cloud computing architecture that takes into account the characteristics of mobile Internet.This architecture has a multihierarchy,multilevel,elastic,cross-platform,unified user interface that can provide cloud services with different levels of security.The cross-layer cloud security management platform can be used to monitor the whole system and maintain different security domains and levels.

Jiaqing Mo,Zhongwang Hu,Hang Chen,Wei Shen

DOI: https://doi.org/10.1155/2019/4520685

2019-01-01

Wireless Communications and Mobile Computing

Abstract:Nowadays, due to the rapid development and wide deployment of handheld mobile devices, the mobile users begin to save their resources, access services, and run applications that are stored, deployed, and implemented in cloud computing which has huge storage space and massive computing capability with their mobile devices. However, the wireless channel is insecure and vulnerable to various attacks that pose a great threat to the transmission of sensitive data. Thus, the security mechanism of how the mobile devices and remote cloud server authenticate each other to create a secure session in mobile cloud computing environment has aroused the interest of researchers. In this paper, we propose an efficient and provably secure anonymous two-factor user authentication protocol for the mobile cloud computing environment. The proposed scheme not only provides mutual authentication between mobile devices and cloud computing but also fulfills the known security evaluation criteria. Moreover, utilization of ECC in our scheme reduces the computing cost for mobile devices that are computation capability limited and battery energy limited. In addition, the formal security proof is given to show that the proposed scheme is secure under random oracle model. Security analysis and performance comparisons indicate that the proposed scheme has reasonable computation cost and communication overhead at the mobile client side as well as the server side and is more efficient and more secure than the related competitive works.

Wenyun Dai,Longbin Chen,Meikang Qiu,Ana Wu,Meiqin Liu

DOI: https://doi.org/10.1109/smartcloud.2017.45

2017-01-01

Abstract:In this mobile period, users enjoy various functions and convenience from mobile devices, but the coarse-grained data access permission of current mobile operating system brings about serious risk of privacy leakage. In other words, users mobile data are over-collected by apps. This study focuses on a new framework to provide fine-grained data access mechanism for mobile systems. With the help of cloud storage, we separate mobile data by types, contents, and privacy levels. We design and implement the DASS system to provide fine-grained data access management, while keep it transparent to users. Experimental results show that our system can protect users’ privacy greatly while keep the extra cost within a reasonable range.

Zhen Qin,Jianfei Sun,Abubaker Wahaballa,Wentao Zheng,Hu Xiong,Zhiguang Qin

DOI: https://doi.org/10.1016/j.csi.2016.11.012

IF: 3.721

2017-01-01

Computer Standards & Interfaces

Abstract:Mobile wallet, also known as mobile payment, is becoming one of the most frequently used approach to provide payment services under financial regulation via mobile device and may redefine our lifestyle with the rapid popularity of mobile Internet. In this paper, we address the security of the mobile wallet by providing a detailed threat analysis and identifying some unique design requirements in terms of security and privacy protection for mobile wallet. We then provide a novel approach to secure the mobile wallet and protect the privacy of the mobile user by incorporating the digital signature and pseudo-identity techniques. In view of several advantages of cloud computing, the computation task on the client side, which is usually featured with limited computation resources, is outsourced to the untrusted cloud server securely. The performance of our approach is evaluated via both theoretic analysis and experimental simulations. Also, the security analysis demonstrate that our approach can achieve desirable security properties of mobile wallet.

Yuzhao Wu,Yongqiang Lyu,Qian Fang,Hao Yin,Geng Zheng,Yuanchun Shi

DOI: https://doi.org/10.1109/icdcsw.2017.19

2017-01-01

Abstract:Data outsourcing in cloud is emerging as a successful paradigm that benefits organizations and enterprises with high-performance, low-cost, scalable data storage and sharing services. However, this paradigm also brings forth new challenges for data confidentiality because the outsourced are not under the physic control of the data owners. The existing schemes to achieve the security and usability goal usually apply encryption to the data before outsourcing them to the storage service providers (SSP), and disclose the decryption keys only to authorized user. They cannot ensure the security of data while operating data in cloud where the third-party servicers are usually semi-trustworthy, and need lots of time to deal with the data. We construct a privacy data management system appending hierarchical access control called HAC-DMS, which can not only assure security but also save plenty of time when updating data in cloud.

Hui Zhu,Yingfang Xue,Xiaofeng Chen,Qiang Li,Hui Li

DOI: https://doi.org/10.1155/2015/841292

2015-01-01

Abstract:With the pervasiveness of smart phones and the advance of Mobile Internet, more and more Mobile Internet services migrated to the cloud service platform for better user experience. As one of the most indispensable components of the cloud computing infrastructure, virtualization technology has attracted considerable interest recently. However, the flourish of virtualization still faces many challenges in information security. In this paper, we propose a novel architecture, called multilevel and grouping security model for virtualization (V-MGSM), for the security of resources in cloud computing platform. Specifically, to fulfill the balance between information sharing and privacy preservation, the virtual machines (VMs) are divided into diverse groups based on their corresponding entities, and each VM in the same group is assigned to different security level according to security requirements. Besides, the operation between VMs is based on mandatory access control mechanism. Detailed security analysis shows that the proposed V-MGSM can provide a secure communication mechanism for VMs and implement the synchronous updates of the borrowed data. Ultimately, we implement V-MGSM in Xen for experiments, and the results demonstrate that V-MGSM can indeed achieve data security and privacy protection efficiently for Mobile Internet service.

Yong Yu,Jianbing Ni,Qi Xia,Xiaofen Wang,Haomiao Yang,Xiaosong Zhang

DOI: https://doi.org/10.1002/cpe.3484

2016-01-01

Abstract:SummaryMobile networks integrate cloud computing to impair the weaknesses of the mobile terminals. With mobile cloud storage, mobile users can fully enjoy the advantages from both mobile networks and cloud storage. However, a major concern of mobile users is how to guarantee the integrity of their outsourced data. Taking into account the mobility of mobile devices, in this paper, we propose a shared data integrity verification protocol with identity privacy preserving, named SDIVIP2, for mobile cloud storage. In the construction of SDIVIP2, the dynamic group key agreement technique is employed for key sharing among a group of mobile users and the proxy re‐signature mechanism is utilized to update tags efficiently when users in the group change. In this new protocol, a third party auditor is able to verify the correctness of cloud data without the knowledge of mobile users' identities during the data integrity checking process. Performance analysis demonstrates that SDIVIP2 outperforms the existing schemes in the sense that it can significantly enhance the efficiency of mobile users' joining and leaving a group. Copyright © 2015 John Wiley & Sons, Ltd.

Hongbin Liang,Dijiang Huang,Cai, L.X.,Xuemin Shen

DOI: https://doi.org/10.1109/infcomw.2011.5928806

2011-01-01

Abstract:Mobile cloud is a machine-to-machine service model, where a mobile device can use the cloud for searching, data mining, and multimedia processing. To protect the processed data, security services, i.e., encryption, decryption, authentications, etc., are performed in the cloud. In general, we can classify cloud security services in two categories: Critical Security (CS) service and Normal Security (NS) service. CS service provides strong security protection such as using longer key size, strict security access policies, isolations for protecting data, and so on. The CS service usually occupies more cloud computing resources, however it generates more rewards to the cloud provider since the CS service users need to pay more for using the CS service. With the increase of the number of CS and NS service users, it is important to allocate the cloud resource to maximize the system rewards with the considerations of the cloud resource consumption and incomes generated from cloud users. To address this issue, we propose a Security Service Admission Model (SSAM) based on Semi-Markov Decision Process to model the system reward for the cloud provider. We, first, define system states by a tuple represented by the numbers of cloud users and their associated security service categories, and current event type (i.e., arrival or departure).We then derive the system steady-state probability and service request blocking probability by using the proposed SSAM. Numerical results show that the obtained theoretic probabilities are consistent with our simulation results.

Hui Suo,Zhuohua Liu,Jiafu Wan,Keliang Zhou

DOI: https://doi.org/10.1109/iwcmc.2013.6583635

2013-01-01

Abstract:With the development of cloud computing and mobility, mobile cloud computing has emerged and become a focus of research. By the means of on-demand self-service and extendibility, it can offer the infrastructure, platform, and software services in a cloud to mobile users through the mobile network. Security and privacy are the key issues for mobile cloud computing applications, and still face some enormous challenges. In order to facilitate this emerging domain, we firstly in brief review the advantages and system model of mobile cloud computing, and then pay attention to the security and privacy in the mobile cloud computing. By deeply analyzing the security and privacy issues from three aspects: mobile terminal, mobile network and cloud, we give the current security and privacy approaches.

Yan KONG,Shuaibing ZHAO,Ruolin LIU,Shuang LIANG,Yuan ZHUANG,Shifang FENG,Gang WANG,Xiaoguang LIU,Zhongwei LI

2017-01-01

Journal of Computer Applications

Abstract:To solve security problems in cloud storage with the improvement of mobile Internet and the rise of smart phone,this paper designed a multi-cloud storage system based on Android platform.Firstly,this system adopted data encryption process to ensure the confidentiality of data,then sliced the data,used erasure code to achieve fault tolerance,and finally the data was distributed to different cloud storage service providers for solving the problem of vendor lock-in and ensuring service availability.For the security certificaiton problem of multiple service providers,this system designed a token protection mechanism based on local salt method.Because of weak computing capacity of Android equipment,it also designed a multi-level security mechanism,using the combination of different encryption and encoding methods to meet the users'different needs of a balance between data processing speed and security.This system used SIMD (Single Instution Multiple Data) technology for key operations such as encoding and encryption with parallel optimization for a better performance of reading and writing.The experimental results show that the multi-cloud storage system based on Android achieves security cloud storage for users' data,and provides a satisfactory rate of reading and writing throughput.

Qingni Shen,Lizhe Zhang,Xin Yang,Yahui Yang,Zhonghai Wu,Ying Zhang

DOI: https://doi.org/10.1109/dasc.2011.114

2011-01-01

Abstract:With the development of cloud computing, cloud security issues have recently gained traction in the research community. Although much of the efforts are focused on securing the operation system and virtual machine, or securing data storage inside a cloud system, this paper takes an alternative perspective to cloud security-the security of data migration between different clouds. First, we describe some threats when we are doing data migration. Second, we propose a security mechanism to deal with the security issues on data migration from one cloud to another. Third, we design a prototype to give the mechanism a brief implementation based on HDFS (Hadoop Distributed File System) and we do a series of tests to evaluate our prototype. Here, the solutions to securing data migration between clouds mainly involve in SSL negotiation, migration ticket design and block encryption in distributed file system and cluster parallel computing.

Zhiwei Zhang,Yunling Wang,Jianfeng Wang,Xiaofeng Chen,Jianfeng Ma

DOI: https://doi.org/10.1007/978-3-319-49106-6_81

2017-01-01

Abstract:Mobile could computing (MCC) enhances computation and storage capabilities of mobile devices by leveraging services in mobile clouds, and more and more mobile users tend to outsource their data to clouds. According to laws or user demands, some data can only be accessed by users locating at specified regions, which requires location-based access control mechanisms. There are mainly two techniques involved: secure location and location verification. Distance Bounding Protocols (DBP) is a foundation for secure location and location verification, however, existing studies require strict time synchronization which is a difficult problem in itself. In this paper, we propose a novel location verification protocol that can verify a mobile user's position more accurately and efficiently without time synchronization. Furthermore, we design a secure location-sensitive data sharing scheme based on our location protocol in mobile cloud computing.

Honggang Wang,Shaoen Wu,Min Chen,Wei Wang

DOI: https://doi.org/10.1109/MCOM.2014.6766088

IF: 9.03

2014-01-01

IEEE Communications Magazine

Abstract:Mobile devices such as smartphones are widely deployed in the world, and many people use them to download/upload media such as video and pictures to remote servers. On the other hand, a mobile device has limited resources, and some media processing tasks must be migrated to the media cloud for further processing. However, a significant question is, can mobile users trust the media services provided by the media cloud service providers? Many traditional security approaches are proposed to secure the data exchange between mobile users and the media cloud. However, first, because multimedia such as video is large-sized data, and mobile devices have limited capability to process media data, it is important to design a lightweight security method; second, uploading and downloading multi-resolution images/videos make it difficult for the traditional security methods to ensure security for users of the media cloud. Third, the error-prone wireless environment can cause failure of security protection such as authentication. To address the above challenges, in this article, we propose to use both secure sharing and watermarking schemes to protect user's data in the media cloud. The secure sharing scheme allows users to upload multiple data pieces to different clouds, making it impossible to derive the whole information from any one cloud. In addition, the proposed scalable watermarking algorithm can be used for authentications between personal mobile users and the media cloud. Furthermore, we introduce a new solution to resist multimedia transmission errors through a joint design of watermarking and Reed- Solomon codes. Our studies show that the proposed approach not only achieves good security performance, but also can enhance media quality and reduce transmission overhead.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/iwqos.2009.5201385

2009-01-01

Abstract:Cloud computing has been envisioned as the next-generation architecture of IT enterprise. In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, however, poses many new security challenges which have not been well understood. In this article, we focus on cloud data storage security, which has always been an important aspect of quality of service. To ensure the correctness of users' data in the cloud, we propose an effective and flexible distributed scheme with two salient features, opposing to its predecessors. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server (s). Unlike most prior works, the new scheme further supports secure and efficient dynamic operations on data blocks, including: data update, delete and append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

Zhenghe Yang,Mingzhong Wang,Liehuang Zhu,Hao Yang

DOI: https://doi.org/10.1504/ijwmc.2013.057580

2013-01-01

International Journal of Wireless and Mobile Computing

Abstract:The rapid development of mobile phones has greatly enriched our lives, but also increased the risks of information leakage of mobiles. However, compared with the variety of attacks, the protections of privacy for mobiles are not perfect enough now. In this case, we propose and implement a confidential data storage scheme named as ASCDS for Android to protect information. The scheme uses virtual disk technology to create an independent disk partition to store confidential information and employ FUSE File System in User Space technology to manage processes of file system. In order to guarantee the security of data, we establish a cryptographic file system for the partition which can protect data perfectly without producing temporary plaintexts. Besides we can protect the data selectively to reduce the cost and save the finite energy in mobiles. The partition does not depend on hard disk, so it is easy to backup and collaborate with PC.

Xin Dong,Jiadi Yu,Yuan Luo,Yingying Chen,Guangtao Xue,Minglu Li

DOI: https://doi.org/10.1109/iwqos.2013.6550281

2013-01-01

Abstract:Cloud storage services enable users to remotely store their data and eliminate excessive local installation of software and hardware. One critical issue is how to enable a secure data collaboration service including data access and update in cloud computing. A data collaboration service is to support the availability and consistency of the shared data among multi-users. In this paper, we propose a secure and efficient data collaboration scheme SECO. In SECO, we employ a two-level hierarchical identity based encryption (HIBE) to guarantee data confidentiality against untrusted cloud. This paper is the first attempt to explore secure cloud data collaboration service that precludes information leakage and enables a one-to-many encryption paradigm, data writing operation and fine-grained access control simultaneously. Security analysis indicates that the SECO enforces fine-grained access control and collusion resistant. Extensive performance analysis and experiment results demonstrate that SECO is highly efficient and low overhead on computation and communication.