Ke Huang,Xiao-Song Zhang,Xiao-Fen Wang

DOI: https://doi.org/10.6688/jise.2017.33.4.2

2017-01-01

Journal of information science and engineering

Abstract:The promise of smart city leads to store massive sensitive IoT data in cloud storage from various sources. Storage burden and security concerns are the most challenging issues. Message-Locked Encryption (MLE) and Proof of Storage (PoS) are useful tools to solve these problems. MLE encrypts data meanwhile enabling deduplication on them to save storage, and PoS checks data integrity in case of any data corruptions. However, trivial combination of PoS with MLE results in additional metadata which contradicts with the aim of deduplication. Therefore, how to integrate PoS with MLE for IoT data is an interesting research problem. To solve this problem, we propose a block-level message-locked encryption scheme with polynomial commitment for IoT data, called BL-MLE-PC. We introduce a unique set of metadata called Quadruple Tags (QTs) which can serve as: block identifiers, PoW tags, PoS tags and decryption keys. In addition, we use polynomial commitment to obtain fast and efficient data auditing. Our scheme can deduplicate under block-level for fine-grained saving. We prove that our scheme is secure under predefined security models. The analysis shows our scheme is efficient.

Lei Liu,Jie Feng,Qingqi Pei,Chen Chen,Yang Ming,Bodong Shang,Mianxiong Dong

DOI: https://doi.org/10.1109/jiot.2020.3048345

IF: 10.6

2021-02-15

IEEE Internet of Things Journal

Abstract:Mobile-edge computing (MEC) plays a significant role in enabling diverse service applications by implementing efficient data sharing. However, the unique characteristics of MEC also bring data privacy and security problem, which impedes the development of MEC. Blockchain is viewed as a promising technology to guarantee the security and traceability of data sharing. Nonetheless, how to integrate blockchain into MEC system is quite challenging because of dynamic characteristics of channel conditions and network loads. To this end, we propose a secure data sharing scheme in the blockchain-enabled MEC system using an asynchronous learning approach in this article. First, a blockchain-enabled secure data sharing framework in the MEC system is presented. Then, we present an adaptive privacy-preserving mechanism according to available system resources and privacy demands of users. Next, an optimization problem of secure data sharing is formulated in the blockchain-enabled MEC system with the aim to maximize the system performance with respect to the decreased energy consumption of MEC system and the increased throughput of blockchain system. Especially, an asynchronous learning approach is employed to solve the formulated problem. The numerical results demonstrate the superiority of our proposed secure data sharing scheme when compared with some popular benchmark algorithms in terms of average throughput, average energy consumption, and reward.

computer science, information systems,telecommunications,engineering, electrical & electronic

Saiyu Qi,Wei Wei,Jianfeng Wang,Shifeng Sun,Leszek Rutkowski,Tingwen Huang,Janusz Kacprzyk,Yong Qi

DOI: https://doi.org/10.1109/tmc.2023.3263901

IF: 6.075

2023-01-01

IEEE Transactions on Mobile Computing

Abstract:Data deduplication is of vital importance for mobile cloud computing to cope with the explosive growth of outsourced mobile data. In order to ensure the privacy of sensitive mobile data against an untrusted cloud, Message-Locked Encryption (MLE) has been proposed to enable deduplication over ciphertext. However, MLE prohibits data access control since it uses deterministic content-derived encryption keys. Recently, a lightweight rekeying-aware encrypted deduplication system (REED) has been proposed to achieve dynamic access control for secure data deduplication. However, REED is vulnerable to key-retaining attack and stub-retaining attack, which leads to insecure access revocation, and thus cannot support secure dynamic access control. In response, we present AC-Dedup, an encrypted deduplication storage system that supports secure dynamic access control for mobile cloud storage. At the core of AC-Dedup are two novel encryption techniques named mixed message locked encryption and random stub re-encryption to resist the two types of attacks, respectively. To the best of our knowledge, AC-Dedup is the first practical system that achieves secure data deduplication and secure dynamic access control simultaneously. We conduct security analysis and experimental evaluation on mobile device and cloud platform with real-world IoT datasets. The results show that AC-Dedup enables secure and efficient dynamic access control while preserving deduplication effectiveness.

computer science, information systems,telecommunications

Ke Huang,Xiaosong Zhang,Lin Sun,Xiaofen Wang

DOI: https://doi.org/10.1109/ICBDA.2017.8078840

2017-01-01

Abstract:Big data grows fast which causes significant strain to storage. Deduplication is a practical technique to decrease storage load by deleting repeated data. However, it faces with efficiency and security issues. Efficiency is the first to consider since deduplication becomes pointless if it poses burden to cloud storage. Meanwhile, current deduplication schemes suffer from both inside and outside attacks. Concretely, malicious users may cheat to obtain ownership of data file or cause damage to it, and the server may extract privacy information from data for political or economic use. To solve this problem, we propose a Dual-Level Source-Based Deduplication with Merkle-Hash-Tree for big data, called DLSBD-MHT. Our scheme is built on Merkle-Hash-Tree (MHT) and Block-Level Message-Locked Encryption (BL-MLE). It can securely and reliably avoid identical upload, thus it increases the efficiency of big data in a safe way. We provide security proof and simulation to validate our proposal. The evidence shows our scheme is secure and efficient in use.

Jafar A. Alzubi,Ashish Singh,Tareq Mahmod Alzubi,Omar A. Alzub

DOI: https://doi.org/10.1002/nem.2240

2023-05-21

International Journal of Network Management

Abstract:A blockchain‐enabled security management framework for mobile edge computing (MEC) environments, which guarantees secure data storage in MEC environment using blockchain's security, features such as tamper‐resistance, immutability, transparency, traceability, and distributed ledger. Furthermore, it provides legitimate access with low latency and high throughput. Mobile edge computing (MEC) integrates mobile and edge computing technologies to provide efficient computing services with low latency. It includes several Internet of Things (IoT) and edge devices that process the user data at the network's edge. The architectural characteristic of MEC supports many internet‐based services, which attract more number of users, including attackers. The safety and privacy of the MEC environment, especially user information is a significant concern. A lightweight accessing and sharing protocol is required because edge devices are resource constraints. This paper addresses this issue by proposing a blockchain‐enabled security management framework for MEC environments. This approach provides another level of security and includes blockchain security features like temper resistance, immutable, transparent, traceable, and distributed ledger in the MEC environment. The framework guarantees secure data storage in the MEC environment. The contributions of this paper are twofold: (1) We propose a blockchain‐enabled security management framework for MEC environments that address the security and privacy concerns, and (2) we demonstrate through simulations that the framework has high performance and is suitable for resource‐constrained MEC devices. In addition, a smart contract‐based access and sharing mechanism is proposed. Our research uses a combination of theoretical analysis and simulation experiments to demonstrate that the proposed framework offers high security, low latency, legitimate access, high throughput, and low operations cost.

computer science, information systems,telecommunications

Jiaxing Li,Jigang Wu,Long Chen,Jin Li,Siew-Kei Lam,Siew Kei Lam

DOI: https://doi.org/10.1109/tmc.2021.3068717

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile edge computing (MEC) is a promising edge technology to provide high bandwidth and low latency shared services and resources to mobile users. However, the MEC infrastructure raises major security concerns when the shared resources involve sensitive and private data of users. This paper proposes a novel blockchain-based key management scheme for MEC that is essential for ensuring secure group communication among the mobile devices as they dynamically move from one subnetwork to another. In the proposed scheme, when a mobile device joins a subnetwork, it first generates lightweight key pairs for digital signature and communication, and broadcasts its public key to neighbouring peer users in the subnetwork blockchain. The blockchain miner in the subnetwork packs all the public key of mobile devices into a block that will be sent to other users in the subnetwork. This enables the mobile device to communicate with its peers in the subnetwork by encrypting the data with the public key stored in the blockchain. When the mobile device moves to another subnetwork in the tree network, all the mobile devices of the new subnetwork can quickly verify its identity by checking its record in the local or higher hierarchy subnetwork blockchain. Furthermore, when the mobile device leaves the subnetwork, it does not need to do anything and its records will remain in the blockchain which is an append-only database. Theoretical security analysis shows that the proposed scheme can defend against the 51 percent attack and malicious entities in the blockchain network utilizing Proof-of-Work consensus mechanism. Moreover, the backward and forward secrecy is also preserved. Experimental results demonstrate that the proposed scheme outperforms two baselines in terms of computation, communication and storage.

computer science, information systems,telecommunications

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

Junhua Wu,Xiangmei Bu,Guangshun Li,Guangwei Tian

DOI: https://doi.org/10.1002/spe.3315

2024-02-23

Software Practice and Experience

Abstract:Mobile edge computing (MEC) technology is widely used for real‐time and bandwidth‐intensive services, but its underlying heterogeneous architecture may lead to a variety of security and privacy issues. Blockchain provides novel solutions for data security and privacy protection in MEC. However, the scalability of traditional blockchain is difficult to meet the requirements of real‐time data processing, and the consensus mechanism is not suitable for resource‐constrained devices. Moreover, the access control of MEC data needs to be further improved. Given the above problems, a data privacy protection model based on sharding blockchain and access control is designed in this paper. First, a privacy‐preserving platform based on a sharding blockchain is designed. Reputation calculation and improved Proof‐of‐Work (PoW) consensus mechanism are proposed to accommodate resource‐constrained edge devices. The incentive mechanism with rewards and punishments is designed to constrain node behavior. A reward allocation algorithm is proposed to encourage nodes to actively contribute to obtaining more rewards. Second, an access control strategy using ciphertext policy attribute‐based encryption (CP‐ABE) and RSA is designed. A smart contract is deployed to implement the automatic access control function. The InterPlanetary File System is introduced to alleviate the blockchain storage burden. Finally, we analyze the security of the proposed privacy protection model and statistics of the GAS consumed by the access control policy. The experimental results show that the proposed data privacy protection model achieves fine‐grained control of access rights, and has higher throughput and security than traditional blockchain.

computer science, software engineering

Shiyu Li,Yuan Zhang,Yaqing Song,Nan Cheng,Kan Yang,Hongwei Li

DOI: https://doi.org/10.1109/tc.2024.3355759

IF: 3.183

2024-01-01

IEEE Transactions on Computers

Abstract:In mobile edge computing (MEC) systems, data is frequently transmitted between MEC servers and users holding mobile devices for supporting related services. However, critical threats towards data confidentiality and authenticity are raised: adversaries always attempt to extract data content from the transmission and impersonate others to spread malicious data for profits. Furthermore, users have to store the (secret and public) keys used for data transmission locally. Consequently, only devices maintaining the keys can be utilized to access the services provided by MEC servers, and “portability” cannot be achieved. In this paper, we propose a portable authenticated data transmission scheme (dubbed Biplane) via blockchain for MEC systems. Biplane is based on two techniques. One is a blockchain-based authenticated hybrid encryption mechanism, which guarantees data authenticity and confidentiality without requiring a third party (e.g., a Certificate Authority) to assist the MEC servers in certifying users’ public keys. The other one is a blockchain-based portable key management mechanism, which enables the user to transmit data without maintaining any parameter in her/his local devices. We formally prove that Biplane achieves confidential and authenticated data transmission in the universally composable (UC) framework. We also conduct a comprehensive evaluation to demonstrate that Biplane is efficient.

Lei Zhou,Anmin Fu,Yi Mu,Huaqun Wang,Shui Yu,Yinxia Sun

DOI: https://doi.org/10.1016/j.ins.2020.08.031

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>In the era of big data, there are several insuperable research challenges in establishing Electronic Medical Record (EMR) for updating massive data with traditional methods. It is an attractive option to create the cloud-based EMR system, since cloud provides elastic and affordable data storage and management services. However, once the medical records are uploaded into the cloud, the owner will lose the control over the data, and sensitive contents might be accessed or modified by unauthorized entities. To address this issue, we propose a multicopy provable data possession for cloud-based EMR systems, which ensures the integrity and privacy of EMR data. In particular, to achieve data updates, we design a novel dynamic structure that improves the Merkle Hash Tree for multicopy storage, which achieves full dynamics efficiently and safely. Moreover, a random masking technique is employed in our proposal to generate distinguishable replica blocks of one block. Our construction prevents a verifier from obtaining medical records from challenge responses, but also eliminates exposing the content to unauthorized entities. Our security analysis shows that our scheme is provably secure. Evaluation experiments demonstrate that the proposal has lower communication and computation costs in comparison with the existing schemes.</p>

computer science, information systems

Xinlan Yu,Yao Zhu,Yulin Hu,Tong Wang,Anke Schmeink

DOI: https://doi.org/10.1109/WCSP58612.2023.10404666

2023-01-01

Abstract:Providing information security while fulfilling high-reliability and low-latency transmission is crucial for mobile edge computing (MEC). In this work, we investigate a security-enhanced MEC network operating with finite blocklength (FBL) codes, while the interdependence between tasks is considered. Particularly, we characterize the joint security-reliability performance of system by leveraging the novel metric, leakage-failure probability (LFP). Aiming to minimize the overall LFP while fulfilling the latency constraint, a blocklength allocation design is proposed. In particular, we establish the convexity property of the problem, based on which a block descend method based approach is proposed, which efficiently achieves nearly the optimal solution.

Shanshan Li,Chunxiang Xu,Yuan Zhang

DOI: https://doi.org/10.1016/j.jisa.2019.03.015

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:As digital data are explosively generated nowadays, data management becomes a critical problem, which makes cloud storage services important and popular. In reality, the storage overhead can be reduced significantly by performing date deduplication. Among the outsourced data, some of them are very personal and sensitive, and should be prevented for any leakage. Generally, if clients conventionally encrypt the data, deduplication is lost. Message-locked encryption (MLE) is a cryptographic primitive supporting encrypted data deduplication. A secure client-side deduplication scheme can be built upon MLE to reduce both communication and computation overhead for cloud storage systems, where a client interacts with the cloud server to check the duplicate data and only the data which has not been outsourced by other clients before is required to be uploaded. However, existing client-side encrypted data deduplication schemes are confronted with brute-force attacks that can recover files falling into a known set. Furthermore, existing schemes are vulnerable to illegal content distribution attacks, where the adversary can distribute data to other users via the cloud server without detecting. In this paper, we propose a secure and efficient client-side encrypted data deduplication scheme (CSED). In CSED, a dedicated key server is introduced in generating MLE keys to resist brute-force attacks. We propose a Bloom filter-based proofs of ownership (PoW) mechanism and integrate it into CSED to resist illegal content distribution attacks. Moreover, a hierarchical storage architecture is employed to improve the I/O efficiency on the cloud server. Security analysis and performance evaluation demonstrate that CSED is secure and efficient.

Bei Gong,Chong Guo,Yi-Jing Liu,Qian Wang

DOI: https://doi.org/10.1109/mnet.2023.3317109

IF: 10.294

2023-01-01

IEEE Network

Abstract:As the next-generation internet paradigm, Web 3.0 aims to build a free, equal and decentralized Internet. Different from the data monopoly of the Internet oligarchy in Web 2.0, users in Web 3.0 are fairly endowed with the right to store, share, access and manage data. However, as data leakage, tampering and loss may result in a forfeiture of users’ data control, the security of data storage has become a key and essential prerequisite to safeguard users’ data rights. Blockchain has gained widespread acknowledgment as a prospective technology for solving data security. Nonetheless, its primary suitability for large-scale datasets is limited, owing to the substantial communication and storage overheads. Fortunately, a distributed data storage network (DDSN) can compensate for accommodating large-scale datasets by providing sizeable and inexpensive storage space. In this article, we first summarize the data storage advantages of blockchain and DDSN, and analyze their security challenges in terms of access control, authenticity and confidentiality. To address these challenges, we propose a general and versatile data security storage framework, where we adopt ciphertext-policy attribute-based encryption (CP-ABE) to enable user-centric fine-grained access control and decentralized authorization. Furthermore, to reduce storage costs while protecting data authenticity, we propose a ciphertext split storage model for CP-ABE. In this model, the CP-ABE ciphertext is divided into the attribute component and the data component based on functional structure to realize on-chain/off-chain split storage. In addition, by embedding the ambiguity factor required for decryption and the attributes in the access policy into the index, we design an efficient attribute-based keyword search mechanism to resolve the conflict between confidentiality and availability caused by encryption. Finally, we demonstrate the effective performance of the proposed framework through numerical results.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Haifeng Li,Caihui Lan,Xingbing Fu,Caifen Wang,Fagen Li,He Guo

DOI: https://doi.org/10.3390/s20174720

IF: 3.9

2020-01-01

Sensors

Abstract:With the explosion of various mobile devices and the tremendous advancement in cloud computing technology, mobile devices have been seamlessly integrated with the premium powerful cloud computing known as an innovation paradigm named Mobile Cloud Computing (MCC) to facilitate the mobile users in storing, computing and sharing their data with others. Meanwhile, Attribute Based Encryption (ABE) has been envisioned as one of the most promising cryptographic primitives for providing secure and flexible fine-grained “one to many” access control, particularly in large scale distributed system with unknown participators. However, most existing ABE schemes are not suitable for MCC because they involve expensive pairing operations which pose a formidable challenge for resource-constrained mobile devices, thus greatly delaying the widespread popularity of MCC. To this end, in this paper, we propose a secure and lightweight fine-grained data sharing scheme (SLFG-DSS) for a mobile cloud computing scenario to outsource the majority of time-consuming operations from the resource-constrained mobile devices to the resource-rich cloud servers. Different from the current schemes, our novel scheme can enjoy the following promising merits simultaneously: (1) Supporting verifiable outsourced decryption, i.e., the mobile user can ensure the validity of the transformed ciphertext returned from the cloud server; (2) resisting decryption key exposure, i.e., our proposed scheme can outsource decryption for intensive computing tasks during the decryption phase without revealing the user’s data or decryption key; (3) achieving a CCA security level; thus, our novel scheme can be applied to the scenarios with higher security level requirement. The concrete security proof and performance analysis illustrate that our novel scheme is proven secure and suitable for the mobile cloud computing environment.

Suhui Liu,Jiguo Yu,Liquan Chen,Baobao Chai

DOI: https://doi.org/10.1109/tnsm.2022.3185237

2022-01-01

IEEE Transactions on Network and Service Management

Abstract:Public clouds have drawn increasing attention from academia and industry due to their high computational and storage performance. Attribute-based encryption (ABE) is the most promising technology to simultaneously achieve confidentiality and fine-grained access control of the cloud-stored data. However, traditional ABE that relies on centralized authority faces several key management issues, such as the key escrow, key distribution, key tracking, key update, and heavy communication and computing overhead for users, which will cause security concerns and impede its widespread application. On the other hand, blockchain technology preserves distributed ledgers to ensure the immutability and transparency of data, which can further solve the security vulnerabilities caused by system centralization. This paper proposes a blockchain-assisted transformation method to solve all the key management problems mentioned above in ciphertext-policy ABE by utilizing technologies such as secret sharing protocols. In addition, our transformation method realizes two additional benefits: outsourced decryption and efficient user revocation, which are extremely valuable for practical implementations. We simulate a demonstration by adopting the most popular permissioned blockchain, Hyperledger Fabric. The security and efficiency analysis reveals that the scheme obtained from our transformation method can achieve replayable chosen-ciphertext security with extremely efficient decryption.

computer science, information systems

Kurt Thomas,Sarah Meiklejohn,Michael A. Specter,Xiang Wang,Xavier Llorà,Stephan Somogyi,David Kleidermacher

2023-04-06

Abstract:With the accelerated adoption of end-to-end encryption, there is an opportunity to re-architect security and anti-abuse primitives in a manner that preserves new privacy expectations. In this paper, we consider two novel protocols for on-device blocklisting that allow a client to determine whether an object (e.g., URL, document, image, etc.) is harmful based on threat information possessed by a so-called remote enforcer in a way that is both privacy-preserving and trustworthy. Our protocols leverage a unique combination of private set intersection to promote privacy, cryptographic hashes to ensure resilience to false positives, cryptographic signatures to improve transparency, and Merkle inclusion proofs to ensure consistency and auditability. We benchmark our protocols -- one that is time-efficient, and the other space-efficient -- to demonstrate their practical use for applications such as email, messaging, storage, and other applications. We also highlight remaining challenges, such as privacy and censorship tensions that exist with logging or reporting. We consider our work to be a critical first step towards enabling complex, multi-stakeholder discussions on how best to provide on-device protections.

Cryptography and Security

Yukun Zhou,Dan Feng,Yu Hua,Wen Xia,Min Fu,Fangting Huang,Yucheng Zhang

DOI: https://doi.org/10.1016/j.future.2017.10.014

IF: 7.307

2017-01-01

Future Generation Computer Systems

Abstract:Data deduplication has been widely used in the cloud to reduce storage space. To protect data security, users encrypt data with message-locked encryption (MLE) to enable deduplication over ciphertexts. However, existing secure deduplication schemes suffer from security weakness (i.e., brute-force attacks) and fail to support flexible access control. The process of chunk-level MLE key generation and sharing exists potential privacy issues and heavy computation consumption.& para;& para;We propose EDedup, a similarity-aware encrypted deduplication scheme that supports flexible access control with revocation. Specifically, EDedup groups files into segments and performs server-aided MLE at segment-level, which exploits similarity via a representative hash (e.g., the min-hash) to reduce computation consumption. This nevertheless faces a new attack that an attacker gets keys by guessing the representative hash. And hence EDedup combines source-based similar-segment detection and target-based duplicate-chunk checking to resist attacks and guarantee deduplication efficiency. Furthermore, EDedup generates message-derived file keys for duplicate files to manage metadata. EDedup encrypts file keys via proxy-based attribute-based encryption, which reduces metadata storage overheads and implements flexible access control with revocation. Evaluation results demonstrate that EDedup improves the speed of MLE up to 10.9X and 0.36X compared with DupLESS-chunk and SecDep respectively. EDedup reduces metadata storage overheads by 39.9%-65.7% relative to REED. (C) 2017 Elsevier B.V. All rights reserved.

Jiahao Chen,Jingwei Wang,Xinchun Yin,Jianting Ning

DOI: https://doi.org/10.1155/2022/3923597

2022-01-01

Wireless Communications and Mobile Computing

Abstract:With the fantastic development of cloud computing technology, cloud storage has been widely applied in the field of medical data sharing due to its efficiency and flexibility. Attribute-based encryption (ABE), as a promising technology, plays an important role in the fine-grained sharing of medical data. However, there are two issues: (1) an access policy specified in the encryption phase may need to be updated after a period of time, and (2) the considerable decryption overhead in ABE is too heavy for resource-limited devices. To address these issues, a fine-grained medical data sharing scheme with ciphertext reencryption is proposed. Users with decryption permission can produce reencryption keys and cloud server can reencrypt initial ciphertext. The cloud server can predecrypt ciphertext, which reduces user’s decryption overhead. Moreover, the traditional centralized server is replaced with a decentralized blockchain that performs system initialization, key management, and user revocation. We compared the proposed scheme with some existing schemes in terms of function and efficiency; the results show that the efficiency of the proposed scheme outperforms other related schemes. The security analysis shows that the proposed scheme is security and correctness.

GU Bolun,XU Zikai,LI Weihai,YU Nenghai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2024055

2024-01-01

Abstract:With the rapid development and application of the Internet, traditional storage resources have been found unable to meet the growing demand for massive data storage. An increasing number of users have attempted to upload their data to third-party cloud servers for unified storage. Efficient deduplication and secure file sharing in the cloud have emerged as critical concerns. Moreover, users have always preferred to customize their passwords for encrypting and decrypting files, only sharing encrypted files when necessary. Based on this preference, a deterministic stepwise encryption algorithm was first designed. It was such that when the keys for the two steps of encryption satisfied a certain relationship, the two steps of encryption could be equivalent to a single encryption process. A novel key-customizable encrypted deduplication scheme with access control for cloud storage was proposed, utilizing the deterministic stepwise encryption algorithm to encrypt files and a ciphertext-policy attribute-based encryption algorithm to encrypt file keys. This scheme not only offered the flexibility to customize encryption and decryption keys for different users with the same files, but also ensured secure file sharing through a dynamic access control mechanism. Moreover, the optional access control component was made compatible with the majority of existing ciphertext-policy attribute-based encryption (CP-ABE) schemes, even allowing for different CP-ABE schemes within different attribute groups. Security analysis results show that the proposed scheme achieves the highest level of security under the current encrypted deduplication paradigm. Experimental and analytical results indicate that it effectively meets the practical needs of cloud service providers and users, and also achieves acceptable efficiency.

Mohammed Y. Shakor,Mustafa Ibrahim Khaleel,Mejdl Safran,Sultan Alfarhood,Michelle Zhu

DOI: https://doi.org/10.1109/access.2024.3351119

IF: 3.9

2024-02-28

IEEE Access

Abstract:In the rapidly evolving realm of cloud computing security, this paper introduces an innovative solution to address persistent challenges. The proliferation of cloud technology has brought forth heightened concerns regarding data security, necessitating novel approaches to safeguarding sensitive information. The issue centers on the vulnerability of cloud-stored data, usually necessitating enhanced encryption and key management strategies. Traditional methods usually fall short in mitigating risks associated with compromised encryption keys and centralized key storage. To combat these challenges, our proposed solution encompasses a two-phase approach. In the first phase, dynamic Advanced Encryption Standard (AES) keys are generated, ensuring each file's encryption with a unique and ever-changing key. This approach significantly enhances file-level security, curtailing an attacker's ability to decrypt multiple files even if a key is compromised. The second phase introduces blockchain technology, where keys are securely stored with accompanying metadata, bolstering security and data integrity. Elliptic Curve Cryptography (ECC) public key encryption enhances security during transmission and storage, while also facilitating secure file sharing. In conclusion, this comprehensive approach enhances cloud security, providing robust encryption, decentralized key management, and protection against unauthorized access. Its scalability and adaptability make it a valuable asset in contemporary cloud security paradigms, assuring users of data security in the cloud.

computer science, information systems,telecommunications,engineering, electrical & electronic