Jiawei Zhang,Teng Li,Zuobin Ying,Jianfeng Ma

DOI: https://doi.org/10.1109/tcc.2022.3147226

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Cloud-Fog-Assisted Internet-of-Things (IoT) is a convincing paradigm to provide users with on-demand and low-latency services through Fog nodes in the edge of multiple clouds (Multi-Cloud). Multi-Cloud is a scalable multi-domain service-oriented net-centric system and can respond to complicated user requirements leveraging Multi-Cloud Service Composition (MCSC). However, in MCSC, user security can be easily compromised by untrusted and curious cloud service providers that may collect and violate the privacy and other essential assets of cloud users. Although many trust-based MCSC solutions have been proposed to seek a trustworthy composite service with highest trust level, most of them are vulnerable to malicious users intending to break through the clouds and inflict serious data leakage or asset damage. Considering these security concerns on both malicious users and untrusted service providers, in this article, we present a trust-based secure multi-cloud collaboration framework for Cloud-Fog-Assisted IoT systems. Specifically, to guarantee the security of users, we develop a role-based trust evaluation method to enhance the trustworthiness of MCSC. To preserve the security of services, we design an efficient user authentication scheme and a secure collaboration scheme to provide collaborative user authentication and access control mechanism for MCSC. We develop a proof of concept implementation for our framework and demonstrate its practicability by performance evaluation with extensive experiments.

computer science, information systems, theory & methods

Victor Chang,Yen-Hung Kuo,Muthu Ramachandran

DOI: https://doi.org/10.1016/j.future.2015.09.031

IF: 7.307

2016-04-01

Future Generation Computer Systems

Abstract:This article presents a cloud computing adoption framework (CCAF) security suitable for business clouds. CCAF multilayered security is based on the development and integration of three major security technologies: firewall, identity management, and encryption based on the development of enterprise file sync and share technologies. This article presents the vision, related works, and views on security framework. Core technologies have been explained in detail, and experiments were designed to demonstrate the robustness of the CCAF multilayered security. In penetration testing, CCAF multilayered security could detect and block 99.95% viruses and trojans, and could achieve ≥85% of blocking for 100 h of continuous attack. Detection and blocking took <0.012s/trojan or virus. A full CCAF multilayered security protection could block all SQL (structured query language) injection, providing real protection to data. CCAF multilayered security did not report any false alarm. All F-measures for CCAF test results were ≥99.75%. The mechanism of blending of CCAF multilayered security with policy, real services, and business activities has been illustrated. Research contributions have been justified and CCAF multilayered security can be beneficial for volume, velocity, and veracity of big data services operated in the cloud.

Yong Cui,Xiao Song,Jianwei Liu,Kai Chen,Guoqiang Shi,Junhua Zhou,G.S Tamizharasi

DOI: https://doi.org/10.1109/tnse.2021.3099579

IF: 6.6

2021-01-01

IEEE Transactions on Network Science and Engineering

Abstract:The existing Internet of Things (IoT) architectures are employed for different real-time smart city applications adaptively. The architecture's adaptability to the application depends on the robust quality of experience (QoE) granted to the end-users. This article introduces an Accessible Application-Centric Framework (AACF) for application-specific IoT architectures by considering the robust requirements of end-user applications. The framework aims to provide flexible application-service disseminations for end-user requests. The state of the application and its longevity are taken into account for satisfying the in-time need of the requests. The service requiring scalable dissemination is performed based on state learning decisions to improve the success rate and enduring responses. In this learning process, the balance between response and service dissemination is retained to pursue robust user-specific performance. The proposed AACF is assessed using the metrics response ratio, response delay, and backlogs.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Behrouz Zolfaghari,Abbas Yazdinejad,Ali Dehghantanha,Jacob Krzciok,Khodakhast Bibak

DOI: https://doi.org/10.48550/arXiv.2207.01590

2022-10-25

Abstract:In recent years, the existence of a significant cross-impact between Cloud computing and Internet of Things (IoT) has lead to a dichotomy that gives raise to Cloud-Assisted IoT (CAIoT) and IoT-Based Cloud (IoTBC). Although it is pertinent to study both technologies, this paper focuses on CAIoT, and especially its security issues, which are inherited from both Cloud computing and IoT. This study starts with reviewing existing relevant surveys, noting their shortcomings, which motivate a comprehensive survey in this area. We proceed to highlight existing approaches towards the design of Secure CAIoT (SCAIoT) along with related security challenges and controls. We develop a layered architecture for SCAIoT. Furthermore, we take a look at what the future may hold for SCAIoT with a focus on the role of Artificial Intelligence(AI).

Cryptography and Security

Shengmin Xu,Jianting Ning,Jinhua Ma,Xinyi Huang,HweeHwa Pang,Robert H. Deng

DOI: https://doi.org/10.1145/3450569.3463561

2021-01-01

Abstract:As a versatile system architecture, cloud-fog Internet-of-Things~(IoT) enables multiple resource-constrained devices to communicate and collaborate with each other. By outsourcing local data and immigrating expensive workloads to cloud service providers and fog nodes (FNs), resource-constrained devices can enjoy data services with low latency and minimal cost. To protect data security and privacy in the untrusted cloud-fog environment, many cryptographic mechanisms have been invented. Unfortunately, most of them are impractical when directly applied to cloud-fog IoT computing, mainly due to the large number of resource-constrained end-devices (EDs). In this paper, we present a secure cloud-fog IoT data sharing system with bilateral access control based on a new cryptographic tool called lightweight matchmaking encryption. Our system enforces both sender access control and receiver access control simultaneously and adapts to resource-constrained EDs by outsourcing costly workloads to FNs. We conduct extensive experiments to demonstrate the superior performance of our system to the most relevant solutions in the literature.

Jianhua Li,Jiong Jin,Lingjuan Lyu,Dong Yuan,Yingying Yang,Longxiang Gao,Chao Shen

DOI: https://doi.org/10.48550/arXiv.2011.06325

2020-11-12

Abstract:Numerous resource-limited smart objects (SOs) such as sensors and actuators have been widely deployed in smart environments, opening new attack surfaces to intruders. The severe security flaw discourages the adoption of the Internet of things in smart living. In this paper, we leverage fog computing and microservice to push certificate authority (CA) functions to the proximity of data sources. Through which, we can minimize attack surfaces and authentication latency, and result in a fast and scalable scheme in authenticating a large volume of resource-limited devices. Then, we design lightweight protocols to implement the scheme, where both a high level of security and low computation workloads on SO (no bilinear pairing requirement on the client-side) is accomplished. Evaluations demonstrate the efficiency and effectiveness of our scheme in handling authentication and registration for a large number of nodes, meanwhile protecting them against various threats to smart living. Finally, we showcase the success of computing intelligence movement towards data sources in handling complicated services.

Cryptography and Security,Networking and Internet Architecture

Mohemed Almorsy,John Grundy,Amani S. Ibrahim

DOI: https://doi.org/10.1109/cloud.2011.9

2011-07-01

Abstract:Although the cloud computing model is considered to be a very promising internet-based computing platform, it results in a loss of security control over the cloud-hosted assets. This is due to the outsourcing of enterprise IT assets hosted on third-party cloud computing platforms. Moreover, the lack of security constraints in the Service Level Agreements between the cloud providers and consumers results in a loss of trust as well. Obtaining a security certificate such as ISO 27000 or NIST-FISMA would help cloud providers improve consumers trust in their cloud platforms' security. However, such standards are still far from covering the full complexity of the cloud computing model. We introduce a new cloud security management framework based on aligning the FISMA standard to fit with the cloud computing model, enabling cloud providers and consumers to be security certified. Our framework is based on improving collaboration between cloud providers, service providers and service consumers in managing the security of the cloud platform and the hosted services. It is built on top of a number of security standards that assist in automating the security management process. We have developed a proof of concept of our framework using. NET and deployed it on a testbed cloud platform. We evaluated the framework by managing the security of a multi-tenant SaaS application exemplar.

Hezam Akram Abdulghani,Anastasija Collen,Niels Alexander Nijdam

DOI: https://doi.org/10.3390/s23084174

2023-04-21

Abstract:Internet of Things (IoT) faces security concerns different from existing challenges in conventional information systems connected through the Internet because of their limited resources and heterogeneous network setups. This work proposes a novel framework for securing IoT objects, the key objective of which is to assign different Security Level Certificates (SLC) for IoT objects according to their hardware capabilities and protection measures implemented. Objects with SLCs, therefore, will be able to communicate with each other or with the Internet in a secure manner. The proposed framework is composed of five phases, namely: classification, mitigation guidelines, SLC assignment, communication plan, and legacy integration. The groundwork relies on the identification of a set of security attributes, termed security goals. By performing an analysis on common IoT attacks, we identify which of these security goals are violated for specific types of IoT. The feasibility and application of the proposed framework is illustrated at each phase using the smart home as a case study. We also provide qualitative arguments to demonstrate how the deployment of our framework solves IoT specific security challenges.

Xiaochen Liu,Chunhe Xia,Jiajin Cao,Jinghua Gao,Zhao Wei

DOI: https://doi.org/10.14257/ijsia.2014.8.6.32

2014-01-01

International Journal of Security and Its Applications

Abstract:Cloud services have become state of the art of resource sharing and interoperability among different service providers. The federated cloud seek to reduce costs and maximize efficiency, provide flexible and reliable services composed of various external cloud service and internal services, but this would introduce a risk of security due to outsourcing. For organization which provide an integrity cloud service must rely on SLA to illustrate the capacity of risk and performance, the various providers involved in the federations or services compositions should effectively distribute the organizational responsibilities and SLA. To solve the fears and deal with the threats associated with outsourcing, new method for selection of outsourcing cloud service providers(CSP) based on assessment of security and performance is urgently needed. This paper presents an approach on how to select the proper CSP to guarantee organizational SLA, which quantify the SLA terms and calculate a security weight, the organization can choose the appropriate CSP based on security weight, meanwhile minimize the business cost. This paper make contribution on modeling the capacity of the CSP, considering the business cost and historical performance. The proposed approach is validated through case study that shows selected CSP through our approach can best meet the organizational security and cost needs.

Zhongwen Guo,Chao Liu,Yuan Feng,Feng Hong

DOI: https://doi.org/10.1109/csc.2012.12

2012-01-01

Abstract:Sensor network systems have received amounts of attention and become a common practice in many fields. These systems are commonly developed by non-standard technologies, which bring lots of difficulties in system integration and interoperability. To figure out this problem, an integrated sensor network system architecture based on Cloud computing is proposed, which offers anytime service to access different kinds of systems. By abstracting the general model of sensor network system, we present a new architecture and describe the detail model design. In order to confirm the feasibility of the architecture, a Cloud computing service system has been developed to integrate two existing systems. The result shows that the proposed architecture is effective and feasible.

Shengsheng Yao,Mingwei Xu,Qi Li,Jiahao Cao,Qiyang Song

DOI: https://doi.org/10.1109/globecom38437.2019.9013473

2019-01-01

Abstract:To reduce the management costs, outsourcing network function (NF) to the cloud becomes prevalent in enterprises. This trend is increasing with the advent of network function virtualization (NFV). However, such outsourcing cannot guarantee the order and security of service function chains(SFCs) as the cloud is susceptible to attacks. In this paper, we introduce credible SFC (cSFC), a practical scheme to build secure service function chains on the untrusted cloud, cooperating with encrypted transport protocols. cSFC simultaneously shields NFs from an untrusted cloud and preserves the order of SFC sequence. Meanwhile, this scheme supports a wide range of NF functionalities and preserves the privacy of session data. We implement the cSFC prototype, and the evaluation result shows that it is practical with acceptable performance.

Seoungmo An,Taehoon Eom,Jong Sou Park,Jin B. Hong,Armstrong Nhlabatsi,Noora Fetais,Khaled M. Khan,Dong Seong Kim

DOI: https://doi.org/10.48550/arXiv.1903.04271

2019-03-11

Abstract:Cloud computing has been adopted widely, providing on-demand computing resources to improve perfornance and reduce the operational costs. However, these new functionalities also bring new ways to exploit the cloud computing environment. To assess the security of the cloud, graphical security models can be used, such as Attack Graphs and Attack Trees. However, existing models do not consider all types of threats, and also automating the security assessment functions are difficult. In this paper, we propose a new security assessment tool for the cloud named CloudSafe, an automated security assessment for the cloud. The CloudSafe tool collates various tools and frameworks to automate the security assessment process. To demonstrate the applicability of the CloudSafe, we conducted security assessment in Amazon AWS, where our experimental results showed that we can effectively gather security information of the cloud and carry out security assessment to produce security reports. Users and cloud service providers can use the security report generated by the CloudSafe to understand the security posture of the cloud being used/provided.

Cryptography and Security

Xuanyu Duan,Mengmeng Ge,Triet Huynh Minh Le,Faheem Ullah,Shang Gao,Xuequan Lu,M. Ali Babar

DOI: https://doi.org/10.1109/prdc53464.2021.00016

2021-12-01

Abstract:Internet of Things (IoT) based applications face an increasing number of potential security risks, which need to be systematically assessed and addressed. Expert-based manual assessment of IoT security is a predominant approach, which is usually inefficient. To address this problem, we propose an automated security assessment framework for IoT networks. Our framework first leverages machine learning and natural language processing to analyze vulnerability descriptions for predicting vulnerability metrics. The predicted metrics are then input into a two-layered graphical security model, which consists of an attack graph at the upper layer to present the network connectivity and an attack tree for each node in the network at the bottom layer to depict the vulnerability information. This security model automatically assesses the security of the IoT network by capturing potential attack paths. We evaluate the viability of our approach using a proof-of-concept smart building system model which contains a variety of real-world IoT devices and poten-tial vulnerabilities. Our evaluation of the proposed framework demonstrates its effectiveness in terms of automatically predicting the vulnerability metrics of new vulnerabilities with more than 90% accuracy, on average, and identifying the most vulnerable attack paths within an IoT network. The produced assessment results can serve as a guideline for cybersecurity professionals to take further actions and mitigate risks in a timely manner.

Victor Chang,Muthu Ramachandran

DOI: https://doi.org/10.1109/tsc.2015.2491281

IF: 11.019

2016-01-01

IEEE Transactions on Services Computing

Abstract:Offering real-time data security for petabytes of data is important for cloud computing. A recent survey on cloud security states that the security of users' data has the highest priority as well as concern. We believe this can only be able to achieve with an approach that is systematic, adoptable and well-structured. Therefore, this paper has developed a framework known as Cloud Computing Adoption Framework (CCAF) which has been customized for securing cloud data. This paper explains the overview, rationale and components in the CCAF to protect data security. CCAF is illustrated by the system design based on the requirements and the implementation demonstrated by the CCAF multi-layered security. Since our Data Center has 10 petabytes of data, there is a huge task to provide real-time protection and quarantine. We use Business Process Modeling Notation (BPMN) to simulate how data is in use. The use of BPMN simulation allows us to evaluate the chosen security performances before actual implementation. Results show that the time to take control of security breach can take between 50 and 125 hours. This means that additional security is required to ensure all data is well-protected in the crucial 125 hours. This paper has also demonstrated that CCAF multi-layered security can protect data in real-time and it has three layers of security: 1) firewall and access control; 2) identity management and intrusion prevention and 3) convergent encryption. To validate CCAF, this paper has undertaken two sets of ethical-hacking experiments involved with penetration testing with 10,000 trojans and viruses. The CCAF multi-layered security can block 9,919 viruses and trojans which can be destroyed in seconds and the remaining ones can be quarantined or isolated. The experiments show although the percentage of blocking can decrease for continuous injection of viruses and trojans, 97.43 percent of them can be quarantined. Our CCAF multi-layered security has an average of 20 percent better performance than the single-layered approach which could only block 7,438 viruses and trojans. CCAF can be more effective when combined with BPMN simulation to evaluate security process and penetrating testing results.

computer science, information systems, software engineering

Shujun Wang,Jianting Ning,Shengmin Xu,Jiguo Li,Kai Zhang

DOI: https://doi.org/10.1109/jiot.2024.3436081

2024-01-01

Abstract:In the digital era, one of the most significant changes in the IoT world is the popularity of digital subscriptions, where service providers upload encrypted service information to the cloud for sharing. In practice, the untrustworthy service providers may intentionally leak their private keys used to encrypt service information (for profits), allowing unauthorized subscribers to enjoy valuable service. The malicious behavior described above has become a severe obstacle to the widespread application of IoT-based digital subscriptions. To address this issue, we propose a fine-grained and sanitizable access control system (FSAC), in which service information could only be accessed by authorized subscribers. To thwart potential threats from malicious service providers, we design a sanitizable mechanism to transform the original ciphertext, ensuring that a subscriber is unable to decrypt the sanitized ciphertext solely using the leaked key of the service provider. For resource-constrained IoT devices, we further extend FSAC with outsourced decryption (FSACO) that relieves subscribers from the burden of decryption. In particular, FSACO allows subscribers to perform two exponentiation operations rather than time-consuming paring operations (as that in FSAC) to decrypt sanitized ciphertext. We conduct rigorous security analysis of our systems and demonstrate their efficient performance through extensive experiments. Specifically, the enhanced system FSACO has a minimum decryption time of approximately 0.08 ms.

Khalid Haseeb,Ahmad Almogren,Ikram Ud Din,Naveed Islam,Ayman Altameem

DOI: https://doi.org/10.3390/s20092468

IF: 3.9

2020-04-27

Sensors

Abstract:Nowadays, the integration of Wireless Sensor Networks (WSN) and the Internet of Things (IoT) provides a great concern for the research community for enabling advanced services. An IoT network may comprise a large number of heterogeneous smart devices for gathering and forwarding huge data. Such diverse networks raise several research questions, such as processing, storage, and management of massive data. Furthermore, IoT devices have restricted constraints and expose to a variety of malicious network attacks. This paper presents a Secure Sensor Cloud Architecture (SASC) for IoT applications to improve network scalability with efficient data processing and security. The proposed architecture comprises two main phases. Firstly, network nodes are grouped using unsupervised machine learning and exploit weighted-based centroid vectors for the development of intelligent systems. Secondly, the proposed architecture makes the use of sensor-cloud infrastructure for boundless storage and consistent service delivery. Furthermore, the sensor-cloud infrastructure is protected against malicious nodes by using a mathematically unbreakable one-time pad (OTP) encryption scheme to provide data security. To evaluate the performance of the proposed architecture, different simulation experiments are conducted using Network Simulator (NS3). It has been observed through experimental results that the proposed architecture outperforms other state-of-the-art approaches in terms of network lifetime, packet drop ratio, energy consumption, and transmission overhead.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Y. Matseniuk,A. Partyka

DOI: https://doi.org/10.23939/csn2024.01.108

2024-06-01

Computer systems and network

Abstract:The primary objective of this research is to develop an advanced automated method for configuring and managing public cloud accounts and subscriptions on prominent platforms such as AWS GCP and Azure. This method involves the application of standardized configurations to ensure optimal performance and security compliance. A significant component of this methodology is the intermittent scanning of the infrastructure of these cloud accounts and subscriptions. This scanning is meticulously designed to identify and address any deviations or non-compliance issues with globally recognized security standards including NIST 800-53 ISO 27001 HIPAA and PCIDSS. The approach leverages cutting-edge automation technologies to streamline the deployment and management of cloud resources. By automating the application of configurations the method aims to reduce manual effort minimize the likelihood of human error and enhance operational efficiency. This automation extends to the continuous monitoring and auditing processes enabling real-time detection of configuration drifts or security vulnerabilities. Furthermore the research delves into the development of a dynamic responsive system capable of adapting to the evolving requirements of cloud security. The automated scanning component plays a pivotal role in this aspect providing ongoing assurance that the cloud environments adhere to the strictest security protocols and standards. Continuous compliance monitoring is critical in today's ever-changing digital landscape where threats to data security and privacy are increasingly sophisticated. By integrating these automated processes the proposed method promises not only to bolster the security posture of cloud environments but also to offer a scalable efficient solution for cloud infrastructure management. This automated approach is poised to set a new standard in cloud management aligning with best practices in IT security and compliance and paving the way for more secure manageable and efficient cloud computing practices. Keywords: Hosting security standards automation cloud technologies cloud service models.

Jia Xu,Jia Yan,Liang He,Purui Su,Dengguo Feng

DOI: https://doi.org/10.1109/CloudCom.2010.16

2010-01-01

Abstract:Massive Internet invasions implemented through the distributed platform fabricated by rapid diffusion of malwares, has become a significant issue in network security. We argue that the notion of “Collaborative Security” is an emerging trend in resisting distributed attacks originated from malware. Therefore, this paper proposes a new architecture: CloudSEC, for composing collaborative security-related services in clouds, such as correlated intrusion analysis, anti-spam, anti-DDOS, automated malware detection and containment. CloudSEC is modeled as a dynamic peer-to-peer overlay hierarchy with three types of top-down architectural components. Based on, this architecture, both data distribution and task scheduling overlays can be simultaneously implemented in a loosely coupled fashion, which can efficiently retrieve data resources from heterogeneous network security facilities, and harness distributed collection of computational resources to process data-intensive tasks. Hence, CloudSEC endues the network security infrastructure with the capability of dynamic adaptation and collaboration on an inter-organizational scale. The results of preliminary evaluation demonstrate that, CloudSEC not only delivers a sample service of distributed intrusion correlation with high scalability and robustness, but also achieves remarkable effectiveness in data sharing and task scheduling.

Yuchen Wong,Chen Yan,Shengfang Zhai,Cong Li,Qingni Shen

DOI: https://doi.org/10.1109/icassp48485.2024.10448244

2024-01-01

Abstract:The rise of new industries, such as the Internet of Things and Smart Healthcare, has brought many cross-cloud business opportunities for cloud computing and posed new challenges to the cloud security. Traditionally, security can be assessed by compliance checking when selecting cloud services. However, when facing cross-cloud security requirements, even if passing the compliance checking, it cannot prove that different clouds have the same security level since they pass different standards. Therefore, security equivalence assessment of different security standards is a fundamental issue. In order to solve the issue automatically, we first transform it into the problem of mapping between control items with respect to different standards. Then, we define three tasks to work out the mapping problem: a task for mapping searching and two for new mapping establishing. Next, we collect, organize, and expand a dataset of mappings between control items containing 21 standards and more than 100,000 pieces of mapping data. Subsequently, we experiment with four well-known models for each task to test their performance on the dataset of mappings: TF-IDF, Word2vec, BERT, and GPT-Neo. Experimental results indicate that the current models can perform very well on the first two tasks but need to be better on the last task.

Chunwen Li,Xu Wu,Chuanyi Liu,Xiaqing Xie

DOI: https://doi.org/10.1007/978-3-642-35795-4_25

2013-01-01

Abstract:The hosting service model of cloud computing brings trustworthinessissue of cloud providers, which is a serious obstacle for wider adoption of cloud-based services. Based on open source components of TCG (Trusted Computing Group)and IBM's IMA (Integrity Measurement Architecture), this paper designed and implementeda remote attestation architecture and protocol to verify the trustworthiness of users' virtual machineinIaaS cloud. Meanwhile, as theverification agent, Trusted Third Partyminimized cloud configuration information disclosure, ensured the privacy of cloud.The experiments demonstratedthat this architecture brought little extra cost while provided trustworthiness guarantee. © Springer-Verlag Berlin Heidelberg 2013.