Jian Zhang,Yang,Yanjiao Chen,Jing Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2017.08.019

IF: 5.493

2017-01-01

Computer Networks

Abstract:With the growing popularity of cloud storage, to guarantee the security of outsourced data becomes more and more important. In this paper, we make the first attempt to explore the intrinsic relationship between secure cloud storage and homomorphic encryption scheme, based on which we present a Generic way to design a Secure Cloud Storage protocol, denoted as G-SCS, using any homomorphic encryption scheme (HES). The proposed G-SCS is secure under a definition that satisfy the security requirement of cloud storage. To address various issues in real application scenarios, we further extend the protocol to support deterministic and randomized auditing, data dynamics (i.e., data insertion, deletion and modification), as well as third-party public auditing, while preserving the efficiency and security of the protocol. By instantiating all abstract semantics in G-SCS, we construct three concrete secure cloud storage protocols using RSA-based, Paillier-based and DGHV-based HESs, which are multiplicatively, additively and fully HESs, respectively. We conduct extensive theoretical analysis and experimental evaluations to validate the practicability of the proposed protocol.

Yanzhang He,Xiaohong Jiang,Kejiang Ye,Ran Ma,Xiang Li

DOI: https://doi.org/10.1007/978-3-642-45293-2_10

2013-01-01

Abstract:As the continuous development of cloud computing and big data, data storage as a service in the cloud is becoming increasingly popular. More and more individuals and organizations begin to store their data in cloud rather than building their own data centers. Cloud storage holds the advantages of high reliability, simple management and cost-effective. However, the privacy and availability of the data stored in cloud is still a challenge. In this paper, we design and implement a High Privacy and Availability Cloud Storage (HPACS) platform built on Apache Hadoop to improve the data privacy and availability. A matrix encryption and decryption module is integrated in HDFS, through which the data can be encoded and reconstructed to/from different storage servers transparently. Experimental results show that HPACS can achieve high privacy and availability but with reasonable write/read performance and storage capacity overhead as compared with the original HDFS.

Seonyoung Park,Youngseok Lee

DOI: https://doi.org/10.1007/978-3-642-38027-3_14

2013-01-01

Abstract:As Hadoop becomes a popular distributed programming framework for processing large data on its distributed file system (HDFS), demands for secure computing and file storage grow quickly. However, the current Hadoop does not support encryption of storing HDFS blocks, which is a fundamental solution for secure Hadoop. Therefore, we propose a secure Hadoop architecture by adding encryption and decryption functions in HDFS. We have implemented secure HDFS by adding the AES encrypt/decrypt class to CompressionCodec in Hadoop. From experiments with a small Hadoop testbed, we have shown that the representative MapReduce job on encrypted HDFS generates affordable computation overhead less than 7%.

Nengneng Li,Yingcun Wang,Xiwei Xu,Xiaoyang Liu

DOI: https://doi.org/10.1088/1757-899x/768/7/072011

2020-03-01

IOP Conference Series: Materials Science and Engineering

Abstract:Abstract With the continuous development of technology, traditional data encryption technology has been cracked, existing data security measures can no longer meet the user’s data security needs, and the problem of data security remains the primary issue facing cloud storage. Based on the analysis of cloud storage data security, this paper proposes a CP-ABE-based HDFS distributed storage data security solution to the problems of traditional attribute-based data encryption technology (CP-ABE). After analysis of the algorithm, the algorithm can ensure the security of the data stored on the cloud platform users through the attribute-based encryption algorithm.

English Else

Yonglin Xu,Shaofei Wu,Mingqing Wang,Yuntao Zou

DOI: https://doi.org/10.1007/s12652-018-1021-y

IF: 3.662

2018-09-11

Journal of Ambient Intelligence and Humanized Computing

Abstract:With the advent of the era of big data, the deep integration of the Internet and healthcare makes medical data exponential growth. How to ensure data security is particularly important. However, the traditional encryption speed is no longer applicable to massive information processing. Based on Hadoop open source project, this paper designs and studies distributed RSA encryption algorithm based on distributed file system and programming model. In the beginning of this paper, a design scheme of distributed encryption algorithm based on platform is proposed, the distribution of distributed algorithm is determined, module partition and process control are carried out to the whole, and the distributed encryption function of the single computer encryption system is realized. Finally, through the large-scale distributed cluster built in the laboratory, the distributed encryption algorithm is tested by function test, extensibility test and efficiency test. It is proved that the distributed encryption algorithm can optimize the operation speed and can be applied to the processing of massive data.

computer science, information systems,telecommunications, artificial intelligence

Qingni Shen,Yahui Yang,Zhonghai Wu,Dandan Wang,Min Long

DOI: https://doi.org/10.1504/ijguc.2013.057118

2013-01-01

International Journal of Grid and Utility Computing

Abstract:With the growth of business, an enterprise would like to make its PSC private storage cloud approach an infrastructure service in a partner/public cloud. In such PSCs, there are some new data security issues, First, how to keep the data rest in the PSC isolated from internal and external attackers; second, how to make secure intra-cloud data migration within the enterprise; third, how to secure inter-cloud data migrating between the PSC and the partner/public cloud. In this paper, we propose an architecture design for enforcing data security services on the layer of HDFS in the PSC, including secure data isolation service, secure intra-cloud data migration service, and secure inter-cloud data migration service. Finally, it gives the prototype implemented as pluggable security modules in accord with our custom security policies through AOP Aspect-Oriented Programming method. The time cost is given and evaluated efficiently.

Yannan Ma,Yu Zhou,Yao Yu,Chenglei Peng,Ziqiang Wang,Sidan Du

DOI: https://doi.org/10.1016/j.procs.2015.05.062

2015-01-01

Procedia Computer Science

Abstract:Distributed file system for the storage of massive files have obvious advantages compared with the conventional file system. For instance, Hadoop Distributed File System (HDFS) implemented with commodity hardware has the advantages of low cost, high fault tolerance, scalability, etc. However, HDFS has the potential safety hazard due to the unencrypted data stored in Datanode, which may cause data leakage during the manipulation. In this paper, we purpose a new architecture based on HDFS, combined with network coding and multi-node reading, to improve the security and storage efficiency of the distributed file system. Experiments have shown that the method proposed in this paper greatly improves the safety of files transfer and storage, while the speed of files reading has increased threefold compared to the original HDFS model.

English Else

Gayatri Kapil,Alka Agrawal,Abdulaziz Attaallah,Abdullah Algarni,Rajeev Kumar,Raees Ahmad Khan

DOI: https://doi.org/10.7717/peerj-cs.259

2020-02-17

Abstract:Hadoop has become a promising platform to reliably process and store big data. It provides flexible and low cost services to huge data through Hadoop Distributed File System (HDFS) storage. Unfortunately, absence of any inherent security mechanism in Hadoop increases the possibility of malicious attacks on the data processed or stored through Hadoop. In this scenario, securing the data stored in HDFS becomes a challenging task. Hence, researchers and practitioners have intensified their efforts in working on mechanisms that would protect user's information collated in HDFS. This has led to the development of numerous encryption-decryption algorithms but their performance decreases as the file size increases. In the present study, the authors have enlisted a methodology to solve the issue of data security in Hadoop storage. The authors have integrated Attribute Based Encryption with the honey encryption on Hadoop, i.e., Attribute Based Honey Encryption (ABHE). This approach works on files that are encoded inside the HDFS and decoded inside the Mapper. In addition, the authors have evaluated the proposed ABHE algorithm by performing encryption-decryption on different sizes of files and have compared the same with existing ones including AES and AES with OTP algorithms. The ABHE algorithm shows considerable improvement in performance during the encryption-decryption of files.

Tao Li,Xiaojun Ye,Jianmin Wang

DOI: https://doi.org/10.1145/2430475.2430493

2012-01-01

Abstract:To achieve a trustworthy cloud data service, there is a need to both provide the right services from a security engineering perspective, as well as to allows specific types of computations to be carried out on encrypted cloud data. However, traditional encryption solutions can't be used to process outsourcing encrypted data hosting to an untrusted cloud provider. A novel encryption scheme, called fully homomorphic encryption (FHE), could afford the circuit ability over encrypted data without decrypting it. In this paper, we deliver a universal construction framework for fully homomorphic encryption schemes. At first, this framework initializes a somewhat homomorphic encryption scheme based on the concept of metric space in abstract algebra which encodes the plaintext into a offset vector and generates a ciphertext by adding the offset vector to a random eigenvector in the metric space. As an abelian group, the ring is closed under addition and multiplication, this abstract algebra assume the metric space could forma ring and the eigenvectors belong to an ideal of this ring, then this framework could achieve homomorphism by having the scheme live in rings. We also deduce some well-known fully homomorphic schemes from the construction framework, and propose a prototype with an FHE encryption proxy to solve confidentiality problems in cloud systems. At last, we show the performance of FHE with some experiments, and speed the performance of fully homomorphic encryption up with cloud computing (parallel computing, distribute computing, etc.). We also discuss some opening issues and directions for future fully homomorphic encryption researches.

Qian He,Hong He

DOI: https://doi.org/10.3390/su13010101

IF: 3.9

2020-12-24

Sustainability

Abstract:Due to the increasing growth of technologies and the diversity of user needs in the field of information technology, the position of cloud computing is becoming more apparent. The development of computing infrastructure in any organization requires spending a lot of money, time, and manpower, which sometimes does not fit into the operational capacity of an organization. Therefore, organizations tend to use such technologies to advance their goals. A fully open and distributed structure in cloud computing and its services makes it an attractive target for attackers. This structure includes multiple service-oriented and distributed paradigms, multiple leases, multiple domains, and multi-user autonomous management structures that are more prone to security threats and vulnerabilities. In this paper, the basic concepts of the cloud computing and its applications have been investigated regarding to the importance of security issues. The proposed algorithm improves the level of security in the cloud computing platform through data mining and decision tree algorithm. Low computational burden and client numbers independency help to effectively implement the proposed algorithm in reality.

environmental sciences,environmental studies,green & sustainable science & technology

Jiaqi Zhao,Lizhe Wang,Jie Tao,Jinjun Chen,Weiye Sun,Rajiv Ranjan,Joanna Kołodziej,Achim Streit,Dimitrios Georgakopoulos

DOI: https://doi.org/10.1016/j.jcss.2014.02.006

IF: 1.043

2014-08-01

Journal of Computer and System Sciences

Abstract:MapReduce is regarded as an adequate programming model for large-scale data-intensive applications. The Hadoop framework is a well-known MapReduce implementation that runs the MapReduce tasks on a cluster system. G-Hadoop is an extension of the Hadoop MapReduce framework with the functionality of allowing the MapReduce tasks to run on multiple clusters. However, G-Hadoop simply reuses the user authentication and job submission mechanism of Hadoop, which is designed for a single cluster. This work proposes a new security model for G-Hadoop. The security model is based on several security solutions such as public key cryptography and the SSL protocol, and is dedicatedly designed for distributed environments. This security framework simplifies the users authentication and job submission process of the current G-Hadoop implementation with a single-sign-on approach. In addition, the designed security framework provides a number of different security mechanisms to protect the G-Hadoop system from traditional attacks.

computer science, theory & methods, hardware & architecture

A.Abdo,Taghreed S. Karamany,Ahmed Yakoub

DOI: https://doi.org/10.1016/j.jksuci.2024.101999

IF: 9.006

2024-03-09

Journal of King Saud University - Computer and Information Sciences

Abstract:Cloud computing has revolutionized the way businesses and individuals manage and utilize computing resources, providing significant benefits such as scalability, flexibility, and cost-effectiveness. However, the increasing use of cloud computing to store and transmit sensitive data has raised concerns about data security. Ensuring confidentiality and data integrity while enabling effective data transmission is a significant challenge. To overcome this issue, the proposed approach integrates encryption and compression methods to enhance transmission performance in the cloud and prevent unauthorized access to confidential information. This approach applies multiple layers of robust encryption algorithms, followed by LZMA, which aims to compress data size while ensuring data security. The proposed approach is well-suited for real-time implementation and delivers high encryption quality and compression capabilities. Various performance metrics evaluate its performance, including space-saving percentage, processing time, and the NIST randomness test. It provides a substantial improvement in space-saving percentage from 58.63% to 81.8%, ensuring efficiency. The security analysis confirms that ciphertexts generated by this approach pass all NIST tests, generating a 99% confidence level regarding the randomness of the ciphertext. The proposed hybrid approach offers an effective solution for addressing the challenges of securing sensitive data while taking advantage of the benefits of cloud computing.

computer science, information systems

Qingni Shen,Lizhe Zhang,Xin Yang,Yahui Yang,Zhonghai Wu,Ying Zhang

DOI: https://doi.org/10.1109/dasc.2011.114

2011-01-01

Abstract:With the development of cloud computing, cloud security issues have recently gained traction in the research community. Although much of the efforts are focused on securing the operation system and virtual machine, or securing data storage inside a cloud system, this paper takes an alternative perspective to cloud security-the security of data migration between different clouds. First, we describe some threats when we are doing data migration. Second, we propose a security mechanism to deal with the security issues on data migration from one cloud to another. Third, we design a prototype to give the mechanism a brief implementation based on HDFS (Hadoop Distributed File System) and we do a series of tests to evaluate our prototype. Here, the solutions to securing data migration between clouds mainly involve in SSL negotiation, migration ticket design and block encryption in distributed file system and cluster parallel computing.

xuejiao liu,yingjie xia,yang xiang,mohammad mehedi hassan,abdulhameed alelaiwi

DOI: https://doi.org/10.1109/SocialSec2015.13

2015-01-01

Abstract:Hybrid cloud is a widely used cloud architecture in large companies that can outsource data to the publiccloud, while still supporting various clients like mobile devices. However, such public cloud data outsourcing raises serious security concerns, such as how to preserve data confidentiality and how to regulate access policies to the data stored in public cloud. To address this issue, we design a hybrid cloud architecture that supports data sharing securely and efficiently, even with resource-limited devices, where private cloud serves as a gateway between the public cloud and the data user. Under such architecture, we propose an improved construction of attribute-based encryption that has the capability of delegating encryption/decryption computation, which achieves flexible access control in the cloud and privacy-preserving in datautilization even with mobile devices. Extensive experiments show the scheme can further decrease the computational cost and space overhead at the user side, which is quite efficient for the user with limited mobile devices. In the process of delegating most of the encryption/decryption computation to private cloud, the user can not disclose any information to the private cloud. We also consider the communication securitythat once frequent attribute revocation happens, our scheme is able to resist some attacks between private cloud and data user by employing anonymous key agreement.

Li, ZiTong,Yan, Zhengmao,Liu, Yi,Zeng, Detian,Yu, Haoyang

DOI: https://doi.org/10.1007/s12083-024-01856-y

IF: 3.488

2024-12-01

Peer-to-Peer Networking and Applications

Abstract:The evolution of cloud computing towards X-as-a-Service models and the adoption of microservices architecture have significantly matured the field. As these technologies advance, they bring challenges such as data consistency, transaction traceability, and efficient information processing, particularly in edge computing environments. This paper explores the integration of microservices architecture, edge computing, and blockchain technology to address these challenges, with a focus on secure file sharing. We present a framework that uses identity authentication and leverages Ethereum blockchain, IPFS, and HDFS for decentralized, tamper-resistant file sharing. Our implementation in the FsMbe system fetches data using the DHT of the distributed network after authentication by Ethereum and employs multi-round AES encryption for data sharing. Extensive experiments were conducted to evaluate our framework's performance in various scenarios, including small data communication between microservices in edge groups and large file transfers between edge nodes in larger groups. The framework demonstrated stable data transfer performance, particularly for small payloads, even as the number of clients increased. This research contributes to secure and efficient data management in edge computing and microservice environments, providing a robust solution for decentralized file sharing with enhanced performance and security.

computer science, information systems,telecommunications

Yuxiang Chen,Guishan Dong,Chunxiang Xu,Yao Hao,Yue Zhao

DOI: https://doi.org/10.3390/s23208526

IF: 3.9

2023-10-18

Sensors

Abstract:In this paper, we propose a user-friendly encrypted storage scheme named EStore, which is based on the Hadoop distributed file system. Users can make use of cloud-based distributed file systems to collaborate with each other. However, most data are processed and stored in plaintext, which is out of the owner's control after it has been uploaded and shared. Meanwhile, simple encryption guarantees the confidentiality of uploaded data but reduces availability. Furthermore, it is difficult to deal with complex key management as there is the problem whereby a single key encrypts different files, thus increasing the risk of leakage. In order to solve the issues above, we put forward an encrypted storage model and a threat model, designed with corresponding system architecture to cope with these requirements. Further, we designed and implemented six sets of protocols to meet users' requirements for security and use. EStore manages users and their keys through registration and authentication, and we developed a searchable encryption module and encryption/decryption module to support ciphertext retrieval and secure data outsourcing, which will only minimally increase the calculation overhead of the client and storage redundancy. Users are invulnerable compared to the original file system. Finally, we conducted a security analysis of the protocols to demonstrate that EStore is feasible and secure.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

黄永峰,张久岭,李星

DOI: https://doi.org/10.3969/j.issn.1009-6868.2010.04.008

2010-01-01

Abstract:Problems with data security impede the widespread application of cloud computing. Although data can be protected through encryption, effective retrieval of encrypted data is difficult to achieve using traditional methods. This paper analyzes encrypted storage and retrieval technologies in cloud storage applications. A ranking method based on fully homomorphic encryption is proposed to meet demands of encrypted storage. Results show this method can improve efficiency.

Anurag Kumar,Prof. Bibha Kumari

DOI: https://doi.org/10.55041/ijsrem37051

2024-08-12

INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT

Abstract:Cloud-based deployment architectures have emerged as the preferred model for Big Data operations due to their scalability, flexibility, and cost-effectiveness. However, this shift raises new security concerns as data is no longer directly under the user's control. Securing Big Data in cloud environments is crucial for widespread adoption, but developing a comprehensive security plan is challenging without a thorough analysis of potential vulnerabilities.To address this, a novel security-by-design framework for Big Data deployment on cloud computing, termed Big Cloud, is proposed in this article. The framework leverages systematic security analysis methodologies and automated assessment tools to map domain-specific security knowledge to design best practices. Validation of the framework was conducted through an Apache Hadoop stack use case, demonstrating its effectiveness in enhancing security awareness and reducing design time.The study also evaluates the framework's strengths and limitations, identifying key challenges in the Big Cloud domain.

Mohan Naik Ramachandra,Madala Srinivasa Rao,Wen Cheng Lai,Bidare Divakarachari Parameshachari,Jayachandra Ananda Babu,Kivudujogappa Lingappa Hemalatha

DOI: https://doi.org/10.3390/bdcc6040101

2022-09-26

Big Data and Cognitive Computing

Abstract:In recent decades, big data analysis has become the most important research topic. Hence, big data security offers Cloud application security and monitoring to host highly sensitive data to support Cloud platforms. However, the privacy and security of big data has become an emerging issue that restricts the organization to utilize Cloud services. The existing privacy preserving approaches showed several drawbacks such as a lack of data privacy and accurate data analysis, a lack of efficiency of performance, and completely rely on third party. In order to overcome such an issue, the Triple Data Encryption Standard (TDES) methodology is proposed to provide security for big data in the Cloud environment. The proposed TDES methodology provides a relatively simpler technique by increasing the sizes of keys in Data Encryption Standard (DES) to protect against attacks and defend the privacy of data. The experimental results showed that the proposed TDES method is effective in providing security and privacy to big healthcare data in the Cloud environment. The proposed TDES methodology showed less encryption and decryption time compared to the existing Intelligent Framework for Healthcare Data Security (IFHDS) method.

Xiao Fu,B. Luo,Xiaojiang Du,M. Guizani,Meng-yue Chen

DOI: https://doi.org/10.1109/GLOBECOM38437.2019.9013204

2019-12-01

Abstract:Traditional cloud database directly stores user plaintext information, information security is directly related to the security of Cloud server, which will create a great security risk. The user's information security is not guaranteed. In this paper, a database encryption technology is designed, which can balance the problem of information security and use efficiency well. In this paper, a simplified onion encryption model is designed and implemented, which can realize the full homomorphic encryption on the cloud database to a certain extent, and improve the efficiency of ciphertext operation to a certain extent. Keywords-cloud; database; full homomorphic encryption

Computer Science