Huifeng Wang,Zhanhuai Li,Xiaonan Zhao,Chanying Qi

DOI: https://doi.org/10.1109/SOLI.2013.6611386

2013-01-01

Abstract:Cloud storage offers great convenience to users. However, the data security concerns may impede cloud storage wide adoption. Although there are many schemes to solve the problem, they mostly focus on an aspect of data security. They have not a detailed discussion about the data security in cloud. In this paper, we proposed approach provides a scheme to allow users to check the integrity of their data in the cloud. We also present the performance criteria about the scheme, which can help the researchers to optimize their mechanism efficiently and effectively. The scheme is lightweight, efficient and robust.

Xiao Zhang,Hong-tao Du,Jian-quan Chen,Yi Lin,Lei-jie Zeng

DOI: https://doi.org/10.1109/ncis.2011.64

2011-01-01

Abstract:The cost of maintain a data center is increasing rapidly, especially for the medium data center. An economic choice is to use cloud computing and cloud storage instead of manage data center by itself. Small companies buy compute and storage service just like water and electronic. The difficulty is how to ensure their data safe in cloud storage. Cloud storage provider claims that they can protect the data, but no one believes them. In this paper, we present a framework to ensure data security in cloud storage system. In the framework, we use SLA as the common standard between user and provider. And we discuss several technologies to make the data stored in cloud safe. These technologies can be divided into three parts: storage protect, transfer protect and authorize.

Guoyou Chen,Jiajia Miao,Feng Xie,Handong Mao

DOI: https://doi.org/10.4028/www.scientific.net/amm.278-280.1767

2013-01-01

Applied Mechanics and Materials

Abstract:Cloud computing has been a hot researching area of computer network technology, since it was proposed in 2007. Cloud computing also has been envisioned as the next-generation architecture of IT Enterprise [1]. Cloud computing infrastructures enable companies to cut costs by outsourcing computations on-demand. It moves the application software and database to the large data centers, where the management of the data and services may not be fully trustworthy [2]. This poses many new security challenges. In this paper, we just focus on data storage security in the cloud, which has been the most important aspect of quality of service. To ensure the confidentiality and integrity of user's data in the cloud, and support of data dynamic operations, such as modification, insertion and deletion, we propose a framework for storage security, which includes cryptographic storage scheme and data structure. With our framework, the untrusted server cannot learn anything about the plaintext, and the dynamic operation can be finished in short time. The encryption algorithm and data storage structure is simple, and it's easy to maintain. Hence, our framework is practical to use today.

HAO Fei,WANG Lei,JING Ji-wu,CHANG Jian-guo

DOI: https://doi.org/10.3969/j.issn.1671-1122.2012.03.011

2012-01-01

Abstract:The cloud storage is a novel kind of network storage and is becoming more and more popular. Large quantities of enterprises and individual users adopt the cloud storage as their network storage mediums. So far, there are kinds of cloud storage service afforded by the famous IT enterprises, such as Simple Storage Service (S3), which is provided by Amazon. As the widespread use, the security issues of the cloud storage catch the eyes of researchers, such as data leakage and data tampering. In this paper, we proposed and implemented a security enhancement system, which is based on Amazon S3. The system is to protect users’ data through encrypting the plain texts before uploading them to Amazon S3, and when users want to download the texts, the system downloads and checks the integrity of the uploaded texts before decrypting and saving them on local file system. On this wise, we are capable of ensuring the data security while transmitting and storing, and guaranteeing the data integrity. What’s more, we proposed the fine-grained access control mechanism to achieve that many users are able to utilize the same Amazon S3 account while preserving the effective isolation of their files, and to prevent the unauthorized access to the uploaded files effectively.

Jiwu Shu,Zhirong Shen,Wei Xue,Yingxun Fu

DOI: https://doi.org/10.1109/ASPDAC.2013.6509625

2013-01-01

Abstract:With the rapid development of cloud storage, data security in storage receives great attention and becomes the top concern to block the spread development of cloud service. In this paper, we systematically study the security researches in the storage systems. We first present the design criteria that are used to evaluate a secure storage system and summarize the widely adopted key technologies. Then, we further investigate the security research in cloud storage and conclude the new challenges in the cloud environment. Finally, we give a detailed comparison among the selected secure storage systems and draw the relationship between the key technologies and the design criteria.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/iwqos.2009.5201385

2009-01-01

Abstract:Cloud computing has been envisioned as the next-generation architecture of IT enterprise. In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, however, poses many new security challenges which have not been well understood. In this article, we focus on cloud data storage security, which has always been an important aspect of quality of service. To ensure the correctness of users' data in the cloud, we propose an effective and flexible distributed scheme with two salient features, opposing to its predecessors. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server (s). Unlike most prior works, the new scheme further supports secure and efficient dynamic operations on data blocks, including: data update, delete and append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

Xiong Li,Saru Kumari,Jian Shen,Fan Wu,Caisen Chen,SK Hafizul Islam

DOI: https://doi.org/10.1007/s11277-016-3742-6

IF: 2.017

2016-01-01

Wireless Personal Communications

Abstract:Cloud storage is a new storage mode emerged along with the development of cloud computing paradigm. By migrating the data to cloud storage, the consumers can be liberated from building and maintaining the private storage infrastructure, and they can enjoy the data storage service at anywhere and anytime with high reliability and a relatively low cost. However, the security and privacy risks, especially the confidentiality and integrity of data seem to be the biggest hurdle to the adoption of the cloud storage applications. In this paper, we consider the secure data access and sharing issues for cloud storage services. Based on the intractability of the discrete logarithm problem, we design a secure data access and data sharing scheme for cloud storage, where we utilize the user authentication scheme to deal with the data access problem. According to our analysis, through our scheme, only valid user with the correct password and biometric can access to the cloud storage provider. Besides, the authorized users can access the rightful resources and verify the validity of the shared data, but cannot transfer the permission to any other party. At the same time, the confidentiality and integrity of data can be guaranteed.

Sandeep K. Sood

DOI: https://doi.org/10.1016/j.jnca.2012.07.007

IF: 7.574

2012-11-01

Journal of Network and Computer Applications

Abstract:Cloud computing is a forthcoming revolution in information technology (IT) industry because of its performance, accessibility, low cost and many other luxuries. It is an approach to maximize the capacity or step up capabilities vigorously without investing in new infrastructure, nurturing new personnel or licensing new software. It provides gigantic storage for data and faster computing to customers over the internet. It essentially shifts the database and application software to the large data centers, i.e., cloud, where management of data and services may not be completely trustworthy. That is why companies are reluctant to deploy their business in the cloud even cloud computing offers a wide range of luxuries. Security of data in cloud is one of the major issues which acts as an obstacle in the implementation of cloud computing. In this paper, a frame work comprising of different techniques and specialized procedures is proposed that can efficiently protect the data from the beginning to the end, i.e., from the owner to the cloud and then to the user. We commence with the classification of data on the basis of three cryptographic parameters presented by the user, i.e., Confidentiality (C), Availability (A) and Integrity (I).The strategy followed to protect the data utilizes various measures such as the SSL (Secure Socket Layer) 128-bit encryption and can also be raised to 256-bit encryption if needed, MAC (Message Authentication Code) is used for integrity check of data, searchable encryption and division of data into three sections in cloud for storage. The division of data into three sections renders supplementary protection and simple access to the data. The user who wishes to access the data is required to provide the owner login identity and password, before admittance is given to the encrypted data in Section 1, Section 2, and Section 3.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Yuxia Cheng,Qing Wu,Bei Wang,Wenzhi Chen

DOI: https://doi.org/10.1007/978-3-319-69471-9_4

2017-01-01

Abstract:Protecting data security and privacy is one of the top concerns in the public cloud. As the cloud infrastructure is complex, and it is difficult for cloud users to gain trust. Particularly, how to guarantee the confidentiality and integrity of in-memory user private data in untrusted cloud faces big challenges. The in-memory data is typically used for online processing that requires high performance and plaintext access in CPU, therefore simple data encryption is infeasible for in-memory data security protection. In this paper, we propose a secure in-memory data cache scheme based on the memcached key-value store system and leverage the new trusted Intel SGX processors to protect sensitive operations. Firstly, we build a secure enclave and design a trusted channel protocol using remote attestation mechanism. Secondly, we propose a cache server partitioning method that decouples the sensitive key-value operations with enclave protection. Thirdly, we implement a secure client library to maintain the original cache semantics for application compatibility. The experimental result showed that the proposed solutions achieves comparable performance with the traditional key-value store systems, while improves the level of data security in untrusted cloud.

Lu Shen,Shifang Feng,Jinjin Sun,Zhongwei Li,Gang Wang,Xiaoguang Liu

DOI: https://doi.org/10.1007/978-3-319-27137-8_51

2016-01-01

IEICE Transactions on Information and Systems

Abstract:With the increase of data quantity, people have begun to attach importance to cloud storage, however, traditional single cloud can’t ensure the privacy of users’ data to a certain extent. To solve the security issue, we present a multi-cloud storage system called CloudS which spreads data over multiple cloud storage servers by using a new kind of XOR-based non-systematic erasure codes - Privacy Protecting Codes (PPC). For better user experiences and tradeoffs between security and performance, CloudS provides multiple levels of security by a variety of combinations of compression, encryption and coding schemes. In addition, we also put forward a novel Parallel Cyclic Encryption (PCE) scheme to achieve random secret key protection which attains high security and performance. We implement CloudS as a web application which doesn’t require users to perform complicated operations on local.

Chao Chen

2014-01-01

BioTechnology An Indian Journal

Abstract:With the rapid research and application of Internet of things, a huge amount of data will be generated. However, the traditional storage mode is out of date as it cannot guarantee dataÂ’s completeness and security any longer. Data storage and maintenance does not only require low cost, but also require good extendable performance. For the sake of an easier data management, the stored data shall be safe and clear. The proposal of cloud storage can well solve the problems in the development of Internet of things. However, cloud storage faces a big problem, i.e. how can its security be guaranteed? During the application of cloud storage, we need advanced technologies to guarantee the security and availability of cloud computing. The data security concerns national security and personal privacy. Thus storage security is crucial. In this paper, we mainly introduce key technologies of cloud storage. Under the condition of data security, compared with traditional ones, cloud storage has lower cost and larger capacity for data storage. This can meet the requirements of modern enterprise development. Cloud storage accelerates development of Internet of thins, and also provides a better solution to the data explosion.

Ying Gao,Jianlin Zheng

DOI: https://doi.org/10.1007/978-3-642-33030-8_6

2013-01-01

Abstract:Cloud Security threats have greatly hindered the development of Cloud Computing and the promotion of cloud application, so how to protect the data stored in the cloud is not only the core issue of security, but also the biggest challenge of development. As these problems above, a trust-control architecture based on the concept of Cloud Storage Service was creatively proposed. Based on the structured strategy and isolated distributed storage-framework, the architecture of cloud services can eliminate the concerns about cloud security and achieve a high degree of safe, reliable and available cloud storage. It's rather a simple and efficient way proved by experiments.

Jiwu Shu,Zhirong Shen,Wei Xue

DOI: https://doi.org/10.1016/j.jpdc.2014.06.003

IF: 4.542

2014-01-01

Journal of Parallel and Distributed Computing

Abstract:With the increasing amount of personal data stored in public storage, users are losing control of their physical data, putting their data information at risk of theft or being compromised. Traditional secure storage systems either require users to completely trust the storage provider or impose the considerable burden of managing files on file owners; such systems are inapplicable in the practical cloud environment. This paper addresses these challenging problems by proposing a new secure system architecture and implementing a stackable secure storage system named Shield, in which a proxy server is introduced to be in charge of authentication and access control. We propose a new variant of the Merkle Hash Tree to support efficient integrity checking and file content update; further, we have designed a hierarchical key organization to achieve convenient keys management and efficient permission revocation. Shield supports concurrent write access by employing a virtual linked list; it also provides secure file sharing without any modification to the underlying file systems. A series of evaluations over various real benchmarks show that Shield causes about 7%∼13% performance degradation when compared with eCryptfs but provides enhanced security for user’s data.

Lin Qinying,Gui Xiaolin,Shi Deqin,Wang Xiaoping

2011-01-01

Journal of Computer Research and Development

Abstract:Cloud storage is a future ideal way of information storage,it provides user-friendly outsourced storage space to alleviate the explosive growth of information on the mass storage needs.However,due to cloud storage users worried about their loss of data,lack of confidence in cloud storage,leading to cloud storage popularizing difficult.In this paper,we first presents a safety model for cloud storage and the storage and access strategies to solve the confidential information stored in the data security and user anonymity.And its security is analyzed.Last we point out the key technology that this system must solve.

Ruwei Huang,Si Yu,Wei Zhuang,Xiaolin Gui

DOI: https://doi.org/10.1109/gcc.2010.36

2010-01-01

Abstract:Privacy security is a key issue for cloud storage. To solve this problem, the paper proposes a privacy-preserving cloud storage framework, which includes the design of data organization structure, the generation and management of keys, the treatment of change of users' access right and dynamic operations of data, and the interaction between participants. We design an interactive protocol and an extirpation-based key derivation algorithm, which are combined with lazy revocation, multi-tree structure and symmetric encryption to form a privacy-preserving, efficient framework for cloud storage. A system is realized which is based on the framework. The paper analyzes the effectiveness of extirpation-based key derivation algorithm, the overhead of the system and the privacy security of the framework. Finally, we summarize our work and introduce our future research directions.

HAN Peiyi,LIU Chuanyi,WANG Jiahui,DUAN Shaoming,PAN Hezhong,FANG Binxing

DOI: https://doi.org/10.11959/j.issn.1000-436x.2020140

2020-01-01

Abstract:To order to address the problem of cloud storage data security,the generic proxy-based data protection system was proposed,which could automatically and transparently secure sensitive data in browser-based cloud storage applications.A novel dynamic program analysis technique was adopted based on JavaScript API function hooking for automatically extending to various cloud applications.And a novel proxy executed searchable encryption solution was presented so that it could achieve data encryption while maintaining the original functions of cloud applications.Experimental results show that the system can support a variety of typical cloud services,effectively protect sensitive data,and bring a relatively low overhead.

Willy Susilo,Peng Jiang,Jianchang Lai,Fuchun Guo,Guomin Yang,Robert H. Deng

DOI: https://doi.org/10.1109/tdsc.2021.3058132

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cloud computing is considered as one of the most prominent paradigms in the information technology industry, since it can significantly reduce the costs of hardware and software resources in computing infrastructure. This convenience has enabled corporations to efficiently use the cloud storage as a mechanism to share data among their employees. At the first sight, by merely storing the shared data as plaintext in the cloud storage and protect them using an appropriate access control would be a nice solution. This is assuming that the cloud is fully trusted for not leaking any information, which is impractical as the cloud is owned by a third party. Therefore, encryption is mandatory, and the shared data will need to be stored as a ciphertext using an appropriate access control. However, in practice, some of these employees may be malicious and may want to deviate from the required sharing policy. The existing protection in the literature has been explored to allow only legitimate recipients to decrypt the contents stored in the cloud storage, but unfortunately, no existing work deals with issues raised due to the presence of malicious data publishers. Malicious data publishers construct data following the given policy, but the ciphertexts can actually be decrypted by unauthorized users without valid keys, or simply, anyone else who is unauthorized. The impact of the involvement of malicious data publishers is detrimental, as it may damage intellectual properties from the corporations. Therefore, it remains an elusive research problem on how to enable a sound approach to resolve the issue when malicious data publishers are involved in the system, which is a very practical question. In this work, we present a new direction of research that can cope with the presence of malicious data publishers. We resolve the aforementioned problem by proposing the notion of Sanitizable Access Control System (SACS), which is designed for a secure cloud storage that can also resist against malicious data publishers. We define the threat model and its formal security model, as well as its design and scheme which is based on q-Parallel Bilinear Diffie-Hellman Exponent Assumption. We provide the security proof of our construction as well as its performance analysis. We believe that this work has opened a new area of research which has never been explored before, even though it is very practical. Therefore, this work will enhance the adoption of secure cloud storage in practice.

Pengfei Dai,Chaokun Wang,Zhiwei Yu,Yongsheng Yue,Jianmin Wang

DOI: https://doi.org/10.1007/978-3-642-29253-8_23

2012-01-01

Abstract:Cloud Computing has emerged as a resource sharing platform, which allows different service providers to deliver software as services. However, for many security sensitive applications such as critical data processing and e-business, we must provide necessary security protection for mitigating the threats in the shared open cloud infrastructures. In this paper, we propose a software watermark enhanced platform to assure that only the software with authorized watermark is allowed to run on the platform. Experimental results show that our architecture could provide a great protection with a small overhead.

Fang Cui,Mohan Su,Chen Guo

DOI: https://doi.org/10.1109/ISPDS58840.2023.10235362

2023-07-14

Abstract:This paper conducts in-depth research and discussion on data storage security in cloud computing environment. This study collected 1000 dummy data from different organizations as the basic data set for the study. This data covers various types of sensitive information, including personally identifiable information, financial data, and medical records. We generate these data using appropriate data generation methods to ensure realistic characteristics and distributions. Based on existing backup technologies and algorithms, we evaluate the impact of different backup strategies on data security. Experimental results show that our data backup and recovery strategy and the application of encryption technology effectively improve the security of data in cloud storage. By selecting backup strategies and recovery mechanisms reasonably, we can ensure data availability and integrity. At the same time, employing a proper encryption scheme can protect data from the risk of unauthorized access and disclosure.

Computer Science

Chunlu Wang,Jun Ni,Tao Xu,Dapeng Ju

DOI: https://doi.org/10.1109/csc.2013.14

2013-01-01

Abstract:In this paper, we describe a COM between the interior enterprise application and public cloud storage platform which is closer to the client we called-Cloudkey, which is designed to take responsible for enterprise data backup business. Cloudkey stores data persistently in a cloud storage provider such as Amazon S3 [1] or Windows Azure [2], allowing users to take advantages of the reliability and large storage capacity of cloud providers, also avoiding the need for dedicated server hardware. Clients access to the storage through Cloudkey running on-site, which provide lower-latency responses and additional opportunities for optimization through caches data. We describe some of the optimizations which are necessary for achieving good performance and low costs, including separation of metadata and data, database optimization and connection pool technology, and also encryption before data transmission. Cloudkey supports multiple protocols both NFS and CIFS and is portable to different providers.