Guangyu Chen,Jian Liu,Ming Xian

DOI: https://doi.org/10.1088/1742-6596/1314/1/012190

2019-01-01

Journal of Physics Conference Series

Abstract:With the increase of data volume, the service of data publication and subscription is an efficient method to share massive data. It is impossible to capture and manage data with traditional database tools. Therefore, the cloud platform becomes the most suitable platform for data publication and subscription due to its huge storage, strong computing power and good economical utility. In the process of data publishing and subscription, cloud server as a third party is semi-honest, which will bring serious privacy problems. In this paper, a secure data publishing and subscription scheme based on cloud platform is proposed, which can protect the privacy of data and subscriber interest, and achieve efficient and accurate data publishing and subscription. It can realize that only data subscribers who meet the requirements of access rights can obtain and decrypt the data, and the matching of data subscriber interest and data label can be realized at the same time. In addition, this scheme also supports user cancellation, it can cancel dishonest users in the system.

Qiang Wu,Ran Wang,Xincheng Yan,Chunming Wu,Rongxing Lu

DOI: https://doi.org/10.1109/MWC.001.2100251

IF: 12.777

2022-01-01

IEEE Wireless Communications

Abstract:Opening-up sharing has prompted the multi-tenancy architecture, whereby different vendors (including outsourcees) work together with network operators to form a vibrant service ecosystem, resulting in several advantages as well as risks. In particular, the static nature of existing architectures in network functions virtualization-based (NFV-based) clouds facilitate hacking. Thus, much attention has been focused on determining how to avoid the uncontrollable cloud security induced by complex production relations and non-trustworthy software/hardware sources when the two sets of security risks intersect. In this article, we investigate latent persistent threats against cloud environments and determine a high degree of complementarity and consistency between the NFV-based cloud environment and the dynamic defense concept. More specifically, new NFV-based cloud features provide an effective implementation for dynamic defense, while the generalized robustness of dynamic defense theory allows for high security gains. Intrinsic cloud security (iCS) is then proposed to align NFV-based clouds, mimicking defense and the moving target defense (MTD) paradigm to implement a seamless integration and symbiosis evolution between security and NFV-based clouds. We quantify the impact on system overhead to account for efficiency and cost issues. The simulation analysis demonstrates that the enhanced mode is able to consistently obtain a more beneficial and stable defense compared with the counterparts.

Wang Guo-Feng,Liu Chuan-Yi,Pan He-Zhong,Fang Bin-Xing

DOI: https://doi.org/10.11897/SP.J.1016.2017.00296

2017-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:The division of data ownership and data management is regarded as the key characteristics of cloud computing. Customers outsource their data to the cloud and need to use cloud computing platform for data management, as a result losing direct control over the data. The introduction of cloud computing model has brought some new security issues and challenges, such as malicious cloud administrator, security vulnerabilities and improper access interface. So insider threats become more crucial, especially with the cloud administrators gaining more control on customers' virtual machines and data in reality. How to defend against malicious insiders, especially who have priorities to access or steal customers' data and computation resources, has become a challenging problem as well as a common focus of attention in both academia and industry in recent years. For further study of the insider threats in cloud computing model, making systematic summary from ways and means to deal with, and promoting domestic research in this direction, this paper firstly summarizes the major types of internal threats in the cloud environment, and takes an experimental approach to demonstrate typical insider vulnerabilities and possible actionable attacks. This paper summarizes and proposes three approaches to deal with insider threats in the cloud, as: user & entity behavior analysis and evaluation, cloud administration priority division and run-time access control, and customer controlled data encryption. For each approach, this paper thoroughly analyzes its technical principles, key technologies, state of the art, as well as practical possibilities in the real world. At last, this paper points out the future research directions and key technologies against insider threats in the cloud. © 2017, Science Press. All right reserved.

Jingwei Li,Jin Li,Dongqing Xie,Zhang Cai

DOI: https://doi.org/10.1109/tc.2015.2389960

2016-01-01

Abstract:As the cloud computing technology develops during the last decade, outsourcing data to cloud service for storage becomes an attractive trend, which benefits in sparing efforts on heavy data maintenance and management. Nevertheless, since the outsourced cloud storage is not fully trustworthy, it raises security concerns on how to realize data deduplication in cloud while achieving integrity auditing. In this work, we study the problem of integrity auditing and secure deduplication on cloud data. Specifically, aiming at achieving both data integrity and deduplication in cloud, we propose two secure systems, namely SecCloud and SecCloud(+). SecCloud introduces an auditing entity with a maintenance of a MapReduce cloud, which helps clients generate data tags before uploading as well as audit the integrity of data having been stored in cloud. Compared with previous work, the computation by user in SecCloud is greatly reduced during the file uploading and auditing phases. SecCloud(+) is designed motivated by the fact that customers always want to encrypt their data before uploading, and enables integrity auditing and secure deduplication on encrypted data.

Yang Yang,Yanjiao Chen,Fei Chen,Jing Chen

DOI: https://doi.org/10.1109/jiot.2021.3121678

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Remote data integrity auditing ensures the integrity of cloud storage. In practice, cloud users may not want their sensitive data to be exposed to others. Thus, it is meaningful to investigate how to realize data sharing with sensitive information hiding in cloud storage auditing. Up to now, cloud storage has been proven to achieve the sensitive information hiding property through a third-party sanitizer dedicated to sanitize user data, which leads to high outlays on purchasing and maintaining a special server. To meet this challenge, we design a novel cloud storage auditing protocol to support sensitive information hiding without the need of a third-party sanitizer. In addition, our scheme allows data owners to enable or disable other users to access their sensitive information with the help of the cloud that dose not deviate from the agreement during access control. To be specific, only after receiving the delegations from the data owner, the users can compute the valid warrants that can pass the access verification of the cloud. The proposed protocol is built on identity-based cryptography, thus avoiding the complex certificate management. We validate the advantages of the proposed protocol through massive theoretical analysis and experimental results.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xueying Wang,Jun Zhang,Mingbo Wang,Lijun Zu,ZhiHui Lu,Jie Wu

DOI: https://doi.org/10.1109/SCC.2014.85

2014-01-01

Abstract:With the increasing acceptance of cloud data center and virtualization technology by enterprises and industries, the security concern becomes the key hindrance to the development and deployment of cloud computing. Security auditing is a good way to deal with the threats faced by a cloud data center. But traditional auditing is no longer suitable for the new cloud environment. In this paper, we design, implement and evaluate the CDCAS, a novel cloud data center auditing system, which matches the demand of the scalability and efficiency of a cloud data center. In this system, we design one distributed and autonomous agent model which can be controlled by a set of rules dynamically generated to fit its use scenario. We then build the log analysis model which uses the signature based method and correlative analysis algorithm to extract security events from collected log with agreeable false positives. We evaluate our system both on real world and simulation to validate its efficiency. And our system is also deployed by the cloud data center of a well-known financial institution, and performs well.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/iwqos.2009.5201385

2009-01-01

Abstract:Cloud computing has been envisioned as the next-generation architecture of IT enterprise. In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, however, poses many new security challenges which have not been well understood. In this article, we focus on cloud data storage security, which has always been an important aspect of quality of service. To ensure the correctness of users' data in the cloud, we propose an effective and flexible distributed scheme with two salient features, opposing to its predecessors. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server (s). Unlike most prior works, the new scheme further supports secure and efficient dynamic operations on data blocks, including: data update, delete and append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

Yu Fan,Yongjian Liao,Fagen Li,Shijie Zhou,Ganglin Zhang

DOI: https://doi.org/10.1109/access.2019.2932430

IF: 3.9

2019-01-01

IEEE Access

Abstract:The advent of cloud computing arouses the flourish of data sharing, promoting the development of research, especially in the fields of data analysis, artificial intelligence, etc. In order to address sensitive information hiding, auditing shared data efficiently and malicious manager preventing, we propose an identity-based auditing scheme for shared cloud data with a secure mechanism to hide sensitive information. This scheme provides a solution that allows users to share plaintext with researchers and keeps sensitive information invisible to the cloud and researchers at the same time. Besides, a formal security analysis is given to prove the strong security of the proposed scheme. Performance evaluation and experimental results demonstrate that our scheme is significantly more efficient over the existing scheme due to our novel mechanism for sensitive information hiding and simplifying signature algorithm. Compared to the existing approach to audit the integrity of shared data with sensitive information hiding, our scheme has desirable features and advantages as follow. Firstly, previous work has failed to construct a secure scheme to prevent malicious manager. We fill this gap and guarantee the integrity and authenticity of shared data. Secondly, our scheme constructs a novel system model to support high concurrency and massive data in the real scenario.

Ge Zhaoqiang,Li Huixun,Zhang Liang,Shao Lisong,Zhai Haibao,Liang Ye,Ge Minhui,Qu Gang

DOI: https://doi.org/10.1007/978-981-13-9779-0_71

2020-01-01

Abstract:At present, cloud computing, as a strategic emerging industry in China, has greatly promoted the development of informatization. Although State Grid Corporation of China's regulation cloud construction is steadily advancing, there is no effective security protection in the face of illegal access, virtual machine escaping, abnormal operation traceability, etc. In this paper, a security monitoring system based on the cloud platform is designed to achieve the comprehensive real-time monitoring of cloud platform security events of the hosts, virtual machines and cloud management software, timely identify of security threats with early warnings, and guarantee the operation of the cloud platform in security, through the investigating and in-depth research on the security monitoring technology of key components of the cloud platform.

Yuzhao Wu,Yongqiang Lyu,Qian Fang,Hao Yin,Geng Zheng,Yuanchun Shi

DOI: https://doi.org/10.1109/icdcsw.2017.19

2017-01-01

Abstract:Data outsourcing in cloud is emerging as a successful paradigm that benefits organizations and enterprises with high-performance, low-cost, scalable data storage and sharing services. However, this paradigm also brings forth new challenges for data confidentiality because the outsourced are not under the physic control of the data owners. The existing schemes to achieve the security and usability goal usually apply encryption to the data before outsourcing them to the storage service providers (SSP), and disclose the decryption keys only to authorized user. They cannot ensure the security of data while operating data in cloud where the third-party servicers are usually semi-trustworthy, and need lots of time to deal with the data. We construct a privacy data management system appending hierarchical access control called HAC-DMS, which can not only assure security but also save plenty of time when updating data in cloud.

Fuzhi Cang,Mingxing Zhang,Yongwei Wu,Weimin Zheng

DOI: https://doi.org/10.3969/j.issn.1673-5188.2013.04.004

2013-01-01

Abstract:Despite the multifaceted advantages of cloud computing,concerns about data leakage or abuse impedes its adoption for security-sensi tive tasks.Recent investigations have revealed that the risk of unauthorized data access is one of the biggest concerns of users of cloud-based services.Transparency and accountability for data managed in the cloud is necessary.Specifically,when using a cloudhost service,a user typically has to trust both the cloud service provider and cloud infrastructure provider to properly handling private data.This is a multi-party system.Three particular trust models can be used according to the credibility of these providers.This pa per describes techniques for preventing data leakage that can be used with these different models.

Yuan Zhang,Chunxiang Xu,Jining Zhao,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.1016/j.jisa.2015.05.001

IF: 4.96

2015-01-01

Journal of Information Security and Applications

Abstract:Cloud storage provides an efficient way for users to work together as a group by sharing data with each other. However, since shared data can be accessed and modified by multiple users and group membership may be changed frequently, this new paradigm poses many challenges for keeping integrity of shared data. Recently, Yuan et al. proposed an efficient integrity checking scheme (IEEE INFOCOM 2014, doi: 10.1109/INFOCOM.2014.6848154) for cloud data sharing with multi-user modification, which had many appealing features. They claimed that the scheme is secure and efficient, and they also provided the formal security proof and the performance evaluation. Regretfully, existing two security flaws in Yuan et al.'s scheme are pointed out in this letter. Specifically, by fooling the third-party auditor (TPA) into trusting that the data is well maintained by the cloud server, an adversary can process the following two deceiving methods. Firstly, the adversary can modify the shared data and tamper with the interaction messages between the cloud server and the TPA, thus invalidating shared data integrity checking. Secondly, an adversary, who records a fraction of the cloud-stored data, can overwrite the vast majority of the shared data by using the recorded data and passing shared data integrity verification. Furthermore, we suggest a solution to the two security flaws while retaining all the desirable features of the original scheme.

XiaoFeng Chen,Jingwei Li,Chunfu Jia,Duncan S. Wong

2015-01-01

Abstract:In the world of technical life cloud computing has become integral part and also understanding the way of business is changing and is likely to continue changing into the future. Using cloud storage services means that you and others can access and share files across a range of devices and position. Files such as photos and videos can sometimes be unmanageable to email if they are too big or you have allot of data. You can upload your data to a cloud storage provider means you can speedily circulate your data with the help of cloud service and you can share your data files with anyone you choose. Since cloud computing shares distributed resources via network in the open environment thus it makes less secured. Data security has become a major issue in data sharing on cloud. The main motto behind our system is that it secures the data and generates the key for each transaction so every user can secure our shared data by the third party i.e. unethical hacker.

HAO Fei,WANG Lei,JING Ji-wu,CHANG Jian-guo

DOI: https://doi.org/10.3969/j.issn.1671-1122.2012.03.011

2012-01-01

Abstract:The cloud storage is a novel kind of network storage and is becoming more and more popular. Large quantities of enterprises and individual users adopt the cloud storage as their network storage mediums. So far, there are kinds of cloud storage service afforded by the famous IT enterprises, such as Simple Storage Service (S3), which is provided by Amazon. As the widespread use, the security issues of the cloud storage catch the eyes of researchers, such as data leakage and data tampering. In this paper, we proposed and implemented a security enhancement system, which is based on Amazon S3. The system is to protect users’ data through encrypting the plain texts before uploading them to Amazon S3, and when users want to download the texts, the system downloads and checks the integrity of the uploaded texts before decrypting and saving them on local file system. On this wise, we are capable of ensuring the data security while transmitting and storing, and guaranteeing the data integrity. What’s more, we proposed the fine-grained access control mechanism to achieve that many users are able to utilize the same Amazon S3 account while preserving the effective isolation of their files, and to prevent the unauthorized access to the uploaded files effectively.

DOI: https://doi.org/10.1007/s11277-024-11023-4

IF: 2.017

2024-05-08

Wireless Personal Communications

Abstract:Data auditing in the cloud, along with files and authentication server Deduplication, may protect the integrity of cloud storage and substantially decrease the cloud stored data. With the rise of Smart Cities, the sector has offered plenty of potential problems. The failure in single point, Although, Cloud computing is standard in modern enterprise networks, and cloud security is a significant concern in the Cloud Integrated Smart City (CISC). However, to deal with large amounts of data created by different intelligent devices, storing and uploading all that information to the cloud servers is necessary. Therefore, cloud servers must protect the data against integrity as well as ensuring it is private. Over the last year, Cloud servers had suggested several cloud security auditing plans. Because of this, they were verifying data integrity using a third-party auditor (TPA) is crucial. Bi-linear pairing procedures are the most often used operation in the audit phase, and they require substantial effort and expense. Additionally, such approaches will not secure users' data privacy. Thus, we proposed a Artificial Bee colony and SHA algorithm for public cloud auditing system for CISC that preserves integrity and confidentiality. Security can be improved by using this proposed strategy, although the associated communication and computational costs are low National cyber security authorities may use CISC as security and privacy for auditing/scoring. A batch audit is used, as well as dynamic process data. In addition, the suggested method protects smart cities from unauthorized TPA. CISC auditing in TPA assessed the proposed system's security and performance to be strong.

telecommunications

Linbo XIANG,Chuanyi LIU

DOI: https://doi.org/10.3969/j.issn.1671-1122.2016.03.009

2016-01-01

Abstract:Cloud computing has generated signiifcant interest in both academia and industry, but the data security and privacy problem is hindering the development of cloud computing. Originated from the OpenStack open source cloud computing framework, this paper analyzes its operation and maintenance mode, and proposes using API proxy and access control to achieve internal controls of cloud platform and protect user data from insider threat in cloud platform. Experiment results show that the method in this article, which can achieve the basic need of cloud platform operation maintenance, implements the division of authority to the cloud administrator and can block malicious and illegal access requests.

Yong Yu,Lei Niu,Guomin Yang,Yi Mu,Willy Susilo

DOI: https://doi.org/10.1016/j.future.2013.05.005

IF: 7.307

2014-01-01

Future Generation Computer Systems

Abstract:Cloud computing is a novel computing model that enables convenient and on-demand access to a shared pool of configurable computing resources. Auditing services are highly essential to make sure that the data is correctly hosted in the cloud. In this paper, we investigate the active adversary attacks in three auditing mechanisms for shared data in the cloud, including two identity privacy-preserving auditing mechanisms called Oruta and Knox, and a distributed storage integrity auditing mechanism. We show that these schemes become insecure when active adversaries are involved in the cloud storage. Specifically, an active adversary can arbitrarily alter the cloud data without being detected by the auditor in the verification phase. We also propose a solution to remedy the weakness without sacrificing any desirable features of these mechanisms.

Kui Ren,Cong Wang

2012-01-01

Abstract:Cloud computing economically enables a fundamental paradigm of data service outsourcing, which provides lower up-front capital costs and less hands-on management. However, outsourcing data services to the commercial public cloud deprives customers' control over the systems that manage their data, raising security and privacy as the primary obstacles to the adoption of the cloud. To address these challenges, in this dissertation we explore the problem of secure and privacy-assured data service outsourcing in cloud computing. We aim at deploying the most fundamental data services including data storage, search, and sharing on the commercial public cloud, with built-in security and privacy assurance as well as high level service performance, usability, and scalability. Our contributions are as follows: Firstly, we focus on privacy-preserving secure cloud storage auditing to maintain strong storage correctness guarantee, given the difficulty that data files are no longer locally possessed by data owners. We first develop a random-masking sampling approach to allow a third party auditor to perform on-demand privacy-preserving storage correctness auditing on behalf of data owners, without violating owners' data privacy. For storage correctness assurance with data dynamics, we further investigate a novel sequence-enforced Merkle Hash Tree and manipulate it with the random sampling approach to support fully dynamic data operations. Secondly, we focus on privacy-assured and effective cloud data search services with strong privacy-assurance, while enjoying high service-level performance inherently demanded by the large number of data users and huge amount data files. We first investigate a widely applicable fuzzy/similarity keyword search problem, and develop a brand new symbol-based trie-traverse searching approach, where transformed fuzzy keywords extracted from data files are stored using a multi-way tree structure, while protecting keyword privacy. To enable search result relevance ranking, we further investigate secure ranked search, which facilitates efficient server-side result ranking without leaking any keyword related information. Thirdly, we study how to enable scalable and owner-controlled cloud data sharing services, given the challenge that data no longer resides on owners' trusted domain. We first associate data with a set of meaningful attributes, use logical composition of attributes to reflect fine-grained data access, and enforce owner's control via attribute-based encryption. For the inherent scalability requirement of cloud system, we further leverage the cloud as a mediated proxy, to which data owners can delegate most cumbersome data/user management workload, without affecting the underlying data confidentiality.

Guoyou Chen,Jiajia Miao,Feng Xie,Handong Mao

DOI: https://doi.org/10.4028/www.scientific.net/amm.278-280.1767

2013-01-01

Applied Mechanics and Materials

Abstract:Cloud computing has been a hot researching area of computer network technology, since it was proposed in 2007. Cloud computing also has been envisioned as the next-generation architecture of IT Enterprise [1]. Cloud computing infrastructures enable companies to cut costs by outsourcing computations on-demand. It moves the application software and database to the large data centers, where the management of the data and services may not be fully trustworthy [2]. This poses many new security challenges. In this paper, we just focus on data storage security in the cloud, which has been the most important aspect of quality of service. To ensure the confidentiality and integrity of user's data in the cloud, and support of data dynamic operations, such as modification, insertion and deletion, we propose a framework for storage security, which includes cryptographic storage scheme and data structure. With our framework, the untrusted server cannot learn anything about the plaintext, and the dynamic operation can be finished in short time. The encryption algorithm and data storage structure is simple, and it's easy to maintain. Hence, our framework is practical to use today.

DOI: https://doi.org/10.30534/ijeter/2022/051042022

2022-04-07

International Journal of Emerging Trends in Engineering Research

Abstract:Cloud computing is a term, which involves virtualization, distributed computing, networking, software and web services. A cloud consists of several elements such as clients, data center and distributed servers. It includes fault tolerance, high availability, scalability, flexibility, reduced overhead for users, reduced cost of ownership, on demand services etc.Cloud Computing offers better computing through improved utilization and reduced administration and infrastructure costs. Cloud Computing is the sum of Software as a Service (SaaS) and Utility Computing. Cloud Computing is still at its infant stage and a very new technology. Therefore, most of the users are not very confident to adopt it.The main issue that faced the cloud computing is “security”. In this paper, we try to find out what countermeasures best strengthen the confidentiality, integrity and availability (CIA) of the implementation of cloud computing within the DOD This will be done by analyzing threats and countermeasures within the context of the ten domains comprising the Certified Information System Security Professional (CISSP) Common Body of Knowledge (CBK). The ten domains include access control; telecommunications and network security; information security governance and risk management; application security; cryptography; security architecture and design; operations security; business continuity planning and disaster planning; legal regulations, compliance, and investigation; and physical security. The results will provide a comprehensive guide for any Department of DefenseDoD entity attempting to secure its cloud solution.