Hemalata A. Gosavi,Manish R. Umale

DOI: https://doi.org/10.14445/22315381/IJETT-V11P235

2014-05-24

Abstract:Cloud computing has been envisioned as the next generation architecture of IT Enterprise. Using Cloud Storage,users can remotely store their data and enjoy the on demand high quality applications and services from a shared pool of configurable computing resources, without the burden local copy data storage and maintenance. It moves the application of software data stored to the centralized large data centers, where the management of the data stored services may not be completely trusted. There are many new security challenges and the problems taken into account for ensuring the integrity of data storage in Cloud Computing. In particular, we consider the task of allowing a third party auditor (TPA) to perform verifies the integrity of the dynamic data stored in the cloud.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

DOI: https://doi.org/10.1007/s11277-024-11023-4

IF: 2.017

2024-05-08

Wireless Personal Communications

Abstract:Data auditing in the cloud, along with files and authentication server Deduplication, may protect the integrity of cloud storage and substantially decrease the cloud stored data. With the rise of Smart Cities, the sector has offered plenty of potential problems. The failure in single point, Although, Cloud computing is standard in modern enterprise networks, and cloud security is a significant concern in the Cloud Integrated Smart City (CISC). However, to deal with large amounts of data created by different intelligent devices, storing and uploading all that information to the cloud servers is necessary. Therefore, cloud servers must protect the data against integrity as well as ensuring it is private. Over the last year, Cloud servers had suggested several cloud security auditing plans. Because of this, they were verifying data integrity using a third-party auditor (TPA) is crucial. Bi-linear pairing procedures are the most often used operation in the audit phase, and they require substantial effort and expense. Additionally, such approaches will not secure users' data privacy. Thus, we proposed a Artificial Bee colony and SHA algorithm for public cloud auditing system for CISC that preserves integrity and confidentiality. Security can be improved by using this proposed strategy, although the associated communication and computational costs are low National cyber security authorities may use CISC as security and privacy for auditing/scoring. A batch audit is used, as well as dynamic process data. In addition, the suggested method protects smart cities from unauthorized TPA. CISC auditing in TPA assessed the proposed system's security and performance to be strong.

telecommunications

Bao Weimin

DOI: https://doi.org/10.3969/j.issn.1674-7933.2012.06.006

2012-01-01

Abstract:In recent years , Cloud computing has become an important application mode of the internet age. This paper analyzes the security issues existing in the cloud computing platform and presents software design of the security audit system based cloud computing, which can audit and monitor the whole progress of virtual behavior in cloud computing environment. The success of this system may provide some useful thoughts for the application of security audit technology in the field of cloud computing security.

Victor Chang,Muthu Ramachandran

DOI: https://doi.org/10.1109/tsc.2015.2491281

IF: 11.019

2016-01-01

IEEE Transactions on Services Computing

Abstract:Offering real-time data security for petabytes of data is important for cloud computing. A recent survey on cloud security states that the security of users' data has the highest priority as well as concern. We believe this can only be able to achieve with an approach that is systematic, adoptable and well-structured. Therefore, this paper has developed a framework known as Cloud Computing Adoption Framework (CCAF) which has been customized for securing cloud data. This paper explains the overview, rationale and components in the CCAF to protect data security. CCAF is illustrated by the system design based on the requirements and the implementation demonstrated by the CCAF multi-layered security. Since our Data Center has 10 petabytes of data, there is a huge task to provide real-time protection and quarantine. We use Business Process Modeling Notation (BPMN) to simulate how data is in use. The use of BPMN simulation allows us to evaluate the chosen security performances before actual implementation. Results show that the time to take control of security breach can take between 50 and 125 hours. This means that additional security is required to ensure all data is well-protected in the crucial 125 hours. This paper has also demonstrated that CCAF multi-layered security can protect data in real-time and it has three layers of security: 1) firewall and access control; 2) identity management and intrusion prevention and 3) convergent encryption. To validate CCAF, this paper has undertaken two sets of ethical-hacking experiments involved with penetration testing with 10,000 trojans and viruses. The CCAF multi-layered security can block 9,919 viruses and trojans which can be destroyed in seconds and the remaining ones can be quarantined or isolated. The experiments show although the percentage of blocking can decrease for continuous injection of viruses and trojans, 97.43 percent of them can be quarantined. Our CCAF multi-layered security has an average of 20 percent better performance than the single-layered approach which could only block 7,438 viruses and trojans. CCAF can be more effective when combined with BPMN simulation to evaluate security process and penetrating testing results.

computer science, information systems, software engineering

Hui Tian,Weiping Ye,Jia Wang,Hanyu Quan,Chin-Chen Chang

DOI: https://doi.org/10.1155/2023/3375823

IF: 8.993

2023-11-27

International Journal of Intelligent Systems

Abstract:In the context of healthcare 4.0, cloud-based eHealth is a common paradigm, enabling stakeholders to access medical data and interact efficiently. However, it still faces some serious security issues that cannot be ignored. One of the major challenges is the assurance of the integrity of medical data remotely stored in the cloud. To solve this problem, we propose a novel certificateless public auditing for medical data in the cloud (CPAMD), which can achieve efficient batch auditing without complicated certificate management and key escrow. Specifically, in our CPAMD, a new secure certificateless signature method is designed to generate tamper-proof data block tags; a manageable delegated data outsourcing mechanism is presented to reduce the burden of data maintenance on patients and achieve auditability of outsourcing behavior; and a privacy-preserving augmented verification strategy is proposed to provide comprehensive auditing of both medical data and its source information without compromising privacy. We perform formal security analysis and comprehensive performance evaluation for CPAMD. The results demonstrate that the presented scheme can provide better auditing security and more comprehensive auditing capabilities while achieving good performance comparable to state-of-the-art ones.

computer science, artificial intelligence

Zhen Chen,Wenyu Dong,Hang Li,Peng Zhang,Xinming Chen,Junwei Cao

DOI: https://doi.org/10.1109/tst.2014.6733211

2014-01-01

Abstract:A data center is an infrastructure that supports Internet service. Cloud computing is rapidly changing the face of the Internet service infrastructure, enabling even small organizations to quickly build Web and mobile applications for millions of users by taking advantage of the scale and flexibility of shared physical infrastructures provided by cloud computing. In this scenario, multiple tenants save their data and applications in shared data centers, blurring the network boundaries between each tenant in the cloud. In addition, different tenants have different security requirements, while different security policies are necessary for different tenants. Network virtualization is used to meet a diverse set of tenant-specific requirements with the underlying physical network, enabling multi-tenant datacenters to automatically address a large and diverse set of tenants requirements. In this paper, we propose the system implementation of vCNSMS, a collaborative network security prototype system used in a multi-tenant data center. We demonstrate vCNSMS with a centralized collaborative scheme and deep packet inspection with an open source UTM system. A security level based protection policy is proposed for simplifying the security rule management for vCNSMS. Different security levels have different packet inspection schemes and are enforced with different security plugins. A smart packet verdict scheme is also integrated into vCNSMS for intelligence flow processing to protect from possible network attacks inside a data center network.

Hui Tian,Yuxiang Chen,Hong Jiang,Yongfeng Huang,Fulin Nan,Yonghong Chen

DOI: https://doi.org/10.1109/msec.2018.2875880

IF: 3.105

2019-01-01

IEEE Security & Privacy

Abstract:Cloud storage can provide on-demand outsourcing of data services for organizations and individuals. However, because customers may not fully trust that cloud service providers meet their legal expectations for data security, techniques for auditing the cloud have attracted increasing attention. Here, we present an architecture of public data auditing, review existing methods or mechanisms for various auditing objectives, and discuss trends and possible future developments.

Hongwei Jiang

DOI: https://doi.org/10.12694/scpe.v24i4.2069

2023-11-17

Abstract:Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources. User’s data is stored in large database. The stored data can be accessed and modified by the clients over the Internet. The data is monitored by the Third Party Auditor (TPA) on behalf of the client. Therefore, integrity is lacked by the data stored on the servers. The data integrity is ensured by the cloud services that provide trust to the privacy of users. Aiming at the urgent problem of network data security in cloud computing operations, this paper proposed a security situation assessment system to grasp the security situation in real time. A set of cloud computing network data storage security is proposed. Through this model, the extraction of network data storage security situation elements, the design of network data storage security situation assessment scheme and the calculation method of network data storage security situation value are completed. The experimental results show the error of the predicted value obtained by the network data storage security situation assessment system. The effectiveness of the system model and the superiority of the improved algorithm is verified by the experimental results. This paper uses the cloud model to predict the cloud computing network security situation. On the other hand, the security situation value obtained by the situation assessment process can be used directly without training the original situation value. Performance improvement by the proposed technique over existing technique is seen and it is observe that the proposed technique is 23% and 34% better than the existing techniques.

English Else

Cong Wang,Kui Ren,Wenjing Lou,Jin Li

DOI: https://doi.org/10.1109/mnet.2010.5510914

IF: 10.294

2010-01-01

IEEE Network

Abstract:Cloud computing is the long dreamed vision of computing as a utility, where data owners can remotely store their data in the cloud to enjoy on-demand high-quality applications and services from a shared pool of configurable computing resources. While data outsourcing relieves the owners of the burden of local data storage and maintenance, it also eliminates their physical control of storage dependability and security, which traditionally has been expected by both enterprises and individuals with high service-level requirements. In order to facilitate rapid deployment of cloud data storage service and regain security assurances with outsourced data dependability, efficient methods that enable on-demand data correctness verification on behalf of cloud data owners have to be designed. In this article we propose that publicly auditable cloud data storage is able to help this nascent cloud economy become fully established. With public auditability, a trusted entity with expertise and capabilities data owners do not possess can be delegated as an external audit party to assess the risk of outsourced data when needed. Such an auditing service not only helps save data owners' computation resources but also provides a transparent yet cost-effective method for data owners to gain trust in the cloud. We describe approaches and system requirements that should be brought into consideration, and outline challenges that need to be resolved for such a publicly auditable secure cloud storage service to become a reality.

Victor Chang,Yen-Hung Kuo,Muthu Ramachandran

DOI: https://doi.org/10.1016/j.future.2015.09.031

IF: 7.307

2016-04-01

Future Generation Computer Systems

Abstract:This article presents a cloud computing adoption framework (CCAF) security suitable for business clouds. CCAF multilayered security is based on the development and integration of three major security technologies: firewall, identity management, and encryption based on the development of enterprise file sync and share technologies. This article presents the vision, related works, and views on security framework. Core technologies have been explained in detail, and experiments were designed to demonstrate the robustness of the CCAF multilayered security. In penetration testing, CCAF multilayered security could detect and block 99.95% viruses and trojans, and could achieve ≥85% of blocking for 100 h of continuous attack. Detection and blocking took <0.012s/trojan or virus. A full CCAF multilayered security protection could block all SQL (structured query language) injection, providing real protection to data. CCAF multilayered security did not report any false alarm. All F-measures for CCAF test results were ≥99.75%. The mechanism of blending of CCAF multilayered security with policy, real services, and business activities has been illustrated. Research contributions have been justified and CCAF multilayered security can be beneficial for volume, velocity, and veracity of big data services operated in the cloud.

Fei Chen,Fengming Meng,Zhipeng Li,Li Li,Tao Xiang

DOI: https://doi.org/10.1016/j.jpdc.2024.104870

IF: 4.542

2024-07-01

Journal of Parallel and Distributed Computing

Abstract:Cloud storage auditing is a technique that enables a user to remotely check the integrity of the outsourced data in the cloud storage. Although researchers have proposed various protocols for cloud storage auditing, the proposed schemes are theoretical in nature, which are not fit for existing mainstream cloud storage service practices. To bridge this gap, this paper proposes a cloud storage auditing system that works for current mainstream cloud object storage services. We design the proposed system over existing proof of data possession (PDP) schemes and make them practical as well as usable in the real world. Specifically, we propose an architecture that separates the compute and storage functionalities of a storage auditing scheme. Because cloud object storage only provides read and write interfaces, we leverage a cloud virtual machine to implement the user-defined computations that are needed in a PDP scheme. We store the authentication tags of the outsourced data as an independent object to allow existing popular cloud storage applications, e.g., file online previewing. We also present a cost model to analyze the economic cost of a cloud storage auditing scheme. The cost model allows a user to balance security, efficiency, and economic cost by tuning various system parameters. We implemented, open-sourced the proposed system over a mainstream cloud object storage service. Experimental analysis shows that the proposed system is pretty efficient and promising for a production environment usage. Specifically, for a 40 GB sized data, the proposed system only incurs 1.66% additional storage cost, 3796 bytes communication cost, 2.9 seconds maximum auditing time cost, and 0.9 CNY per auditing monetary cost.

computer science, theory & methods

M. Omer Mushtaq,Furrakh Shahzad,M. Owais Tariq,Mahina Riaz,Bushra Majeed

DOI: https://doi.org/10.48550/arXiv.1702.07140

2017-02-23

Cryptography and Security

Abstract:There is a dynamic escalation and extension in the new infrastructure, educating personnel and licensing new computer programs in the field of IT, due to the emergence of Cloud Computing (CC) paradigm. It has become a quick growing segment of IT business in last couple of years. However, due to the rapid growth of data, people and IT firms, the issue of information security is getting more complex. One of the major concerns of the user is, at what degree the data is safe on Cloud? In spite of all promotional material encompassing the cloud, consortium customers are not willing to shift their business on the cloud. Data security is the major problem which has limited the scope of cloud computing. In new cloud computing infrastructure, the techniques such as the Strong Secure Shell and Encryption are deployed to guarantee the authenticity of the user through logs systems. The vendors utilize these logs to analyze and view their data. Therefore, this implementation is not enough to ensure security, privacy and authoritative use of the data. This paper introduces quad layered framework for data security, data privacy, data breaches and process associated aspects. Using this layered architecture we have preserved the secrecy of confidential information and tried to build the trust of user on cloud computing. This layered framework prevents the confidential information by multiple means i.e. Secure Transmission of Data, Encrypted Data and its Processing, Database Secure Shell and Internal/external log Auditing.

Hui Tian,Fulin Nan,Hong Jiang,Chin-Chen Chang,Jianting Ning,Yongfeng Huang

DOI: https://doi.org/10.1016/j.ins.2018.09.009

IF: 8.1

2018-01-01

Information Sciences

Abstract:With increasing popularity of collaboration in clouds, shared data auditing has become an important issue in cloud auditing field, and attracted extensive attention from the research community. However, none of the state of the arts can fully achieve all indispensable functional and security requirements. Thus, in this paper, we present a comprehensive public auditing scheme for shared data. Specifically, to preserve users' identity privacy, signatures on the challenged blocks are converted to the ones signed by the group manager during proof generation; to protect data privacy, a random masking is adopted to blind data proof; a modification record table is designed to record operation information to support identity traceability; we further extend the dynamic hash table to support shared-data dynamics, and present a batch auditing strategy. Moreover, we design a lazy-revocation based group management mechanism to achieve efficient group dynamics, which can resist collusion attacks while significantly reducing computational costs. We formally prove the security of our scheme, and evaluate its performance by comprehensive experiments and comparisons with the state-of-the-art ones. The results demonstrate that our scheme can effectively achieve secure auditing and outperforms the previous ones in computational overhead while maintaining relatively low communication costs. (C) 2018 Elsevier Inc. All rights reserved.

Maziar Janbeglou,WeiQi Yan

DOI: https://doi.org/10.1007/978-3-642-30867-3_42

2013-01-01

Abstract:Cloud computing has been introduced as a tool for improving IT proficiency and business responsiveness for organizations as it delivers flexible hardware and software services as well as providing an array of fundamentally systematized IT processes. Despite its many advantages, cloud computing security has been a major concern for organizations that are making the transition towards usage of this technology. In this paper, we focus on improving cloud computing security by managing and isolating shared network resources in bridge-mode hypervisors.

Haoyu Chen,Shanshan Tu,Chunye Zhao,Yongfeng Huang

DOI: https://doi.org/10.1109/icoacs.2016.7563069

2016-01-01

Abstract:With the rapid development of cloud computing and distributed system, the security of data stored in cloud server becomes more and more important. In this paper, we analyze the challenges and problems of clouding security, and introduce the cloud security framework, as well as compare the different cloud security controlling methods. Meanwhile, we propose our own trusted cloud framework based on Cloud Accountability Life Cycle. To satisfy the requirements of cloud security, auditing the provenance data in cloud server is the most efficient method, and the log is a type of provenance data, which is relative easy and stable to collect. Therefore, audit based on log data plays a significant role in cloud security framework. In this paper, we also compare different security audit mechanisms, and point out their advantages and disadvantages as well as suggest how to improve these mechanisms.

Kui Ren,Cong Wang

2012-01-01

Abstract:Cloud computing economically enables a fundamental paradigm of data service outsourcing, which provides lower up-front capital costs and less hands-on management. However, outsourcing data services to the commercial public cloud deprives customers' control over the systems that manage their data, raising security and privacy as the primary obstacles to the adoption of the cloud. To address these challenges, in this dissertation we explore the problem of secure and privacy-assured data service outsourcing in cloud computing. We aim at deploying the most fundamental data services including data storage, search, and sharing on the commercial public cloud, with built-in security and privacy assurance as well as high level service performance, usability, and scalability. Our contributions are as follows: Firstly, we focus on privacy-preserving secure cloud storage auditing to maintain strong storage correctness guarantee, given the difficulty that data files are no longer locally possessed by data owners. We first develop a random-masking sampling approach to allow a third party auditor to perform on-demand privacy-preserving storage correctness auditing on behalf of data owners, without violating owners' data privacy. For storage correctness assurance with data dynamics, we further investigate a novel sequence-enforced Merkle Hash Tree and manipulate it with the random sampling approach to support fully dynamic data operations. Secondly, we focus on privacy-assured and effective cloud data search services with strong privacy-assurance, while enjoying high service-level performance inherently demanded by the large number of data users and huge amount data files. We first investigate a widely applicable fuzzy/similarity keyword search problem, and develop a brand new symbol-based trie-traverse searching approach, where transformed fuzzy keywords extracted from data files are stored using a multi-way tree structure, while protecting keyword privacy. To enable search result relevance ranking, we further investigate secure ranked search, which facilitates efficient server-side result ranking without leaking any keyword related information. Thirdly, we study how to enable scalable and owner-controlled cloud data sharing services, given the challenge that data no longer resides on owners' trusted domain. We first associate data with a set of meaningful attributes, use logical composition of attributes to reflect fine-grained data access, and enforce owner's control via attribute-based encryption. For the inherent scalability requirement of cloud system, we further leverage the cloud as a mediated proxy, to which data owners can delegate most cumbersome data/user management workload, without affecting the underlying data confidentiality.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tc.2011.245

2013-01-01

Abstract:Cloud Computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.

Zheng Tu,Xu An Wang,Weidong Du,Zexi Wang,Ming Lv

DOI: https://doi.org/10.1016/j.jksuci.2023.01.021

IF: 9.006

2023-02-08

Journal of King Saud University - Computer and Information Sciences

Abstract:The security of the data in the cloud server suffers great challenges, and how to ensure the integrity of the outsourced data in the cloud servers is a problem that should be solved. Cloud data auditing technique is such a solution , which allows to check data integrity without retrieving them from the cloud. In case single-copy data may be violated by malicious attackers, Zhang et al. proposed a multi-copy cloud data auditing scheme MCAM in 2020. However, in their scheme, an attacker can forge the evidence for integrity verification only by exploiting public information and the cloud server can compromise the integrity verification even it does not store any data. In this paper, we identify these security flaws in MCAM and design a new evidence verification algorithm to fix them. Then, we propose a multi-copy cloud data auditing scheme based on our evidence verification algorithm and MCAM. In security analysis, we prove that our multi-copy cloud data auditing scheme can fix the security flaws of MCAM. Thus, our scheme is more secure than MCAM. In performance analysis, we show that our scheme is more communication efficient than MCAM. Finally, we point out one potential application of our scheme.

computer science, information systems

Yu Fan,Yongjian Liao,Fagen Li,Shijie Zhou,Ganglin Zhang

DOI: https://doi.org/10.1109/access.2019.2932430

IF: 3.9

2019-01-01

IEEE Access

Abstract:The advent of cloud computing arouses the flourish of data sharing, promoting the development of research, especially in the fields of data analysis, artificial intelligence, etc. In order to address sensitive information hiding, auditing shared data efficiently and malicious manager preventing, we propose an identity-based auditing scheme for shared cloud data with a secure mechanism to hide sensitive information. This scheme provides a solution that allows users to share plaintext with researchers and keeps sensitive information invisible to the cloud and researchers at the same time. Besides, a formal security analysis is given to prove the strong security of the proposed scheme. Performance evaluation and experimental results demonstrate that our scheme is significantly more efficient over the existing scheme due to our novel mechanism for sensitive information hiding and simplifying signature algorithm. Compared to the existing approach to audit the integrity of shared data with sensitive information hiding, our scheme has desirable features and advantages as follow. Firstly, previous work has failed to construct a secure scheme to prevent malicious manager. We fill this gap and guarantee the integrity and authenticity of shared data. Secondly, our scheme constructs a novel system model to support high concurrency and massive data in the real scenario.

Keke Gai,Meikang Qiu,Hui Zhao

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids.2016.68

2016-01-01

Abstract:Implementing cloud computing empowers numerous paths to Web-based computing service offerings for meeting diverse needs. However, cloud data security and privacy information protection have also become a critical issue restraining the cloud applications. One of the major concerns in security is that cloud operators will have a chance to reach sensitive data, which dramatically increases users' anxiety and reduces the adoptability of cloud computing in many fields, such as the financial industry and governmental agencies. This paper focuses on this issues and proposes a novel approach that can efficiently split the file and separately store the data in the distributed cloud servers, in which the data cannot be directly reached by cloud service operators. The proposed scheme is entitled as Security-Aware Efficient Distributed Storage (SAEDS) model, which is mainly supported by the proposed algorithms, named Secure Efficient Data Distributions (SED2) Algorithm and Efficient Data Conflation (EDCon) Algorithm. Our experimental evaluations have assessed both security and efficiency performances.