Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Jian Liu,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1145/2810103.2813623

2015-01-01

Abstract:Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

Ji-Ming Chen,Shi Chen,Xiang Wang,Lin,Li Wang

DOI: https://doi.org/10.1155/2021/2729949

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:With the rapid development of Internet of Things technology, a large amount of user information needs to be uploaded to the cloud server for computing and storage. Side-channel attacks steal the private information of other virtual machines by coresident virtual machines to bring huge security threats to edge computing. Virtual machine migration technology is currently the main way to defend against side-channel attacks. VM migration can effectively prevent attackers from realizing coresident virtual machines, thereby ensuring data security and privacy protection of edge computing based on the Internet of Things. This paper considers the relevance between application services and proposes a VM migration strategy based on service correlation. This strategy defines service relevance factors to quantify the degree of service relevance, build VM migration groups through service relevance factors, and effectively reduce communication overhead between servers during migration, design and implement the VM memory migration based on the post-copy method, effectively reduce the occurrence of page fault interruption, and improve the efficiency of VM migration.

Yuxia Cheng,Qing Wu,Bei Wang,Wenzhi Chen

DOI: https://doi.org/10.1007/978-3-319-69471-9_4

2017-01-01

Abstract:Protecting data security and privacy is one of the top concerns in the public cloud. As the cloud infrastructure is complex, and it is difficult for cloud users to gain trust. Particularly, how to guarantee the confidentiality and integrity of in-memory user private data in untrusted cloud faces big challenges. The in-memory data is typically used for online processing that requires high performance and plaintext access in CPU, therefore simple data encryption is infeasible for in-memory data security protection. In this paper, we propose a secure in-memory data cache scheme based on the memcached key-value store system and leverage the new trusted Intel SGX processors to protect sensitive operations. Firstly, we build a secure enclave and design a trusted channel protocol using remote attestation mechanism. Secondly, we propose a cache server partitioning method that decouples the sensitive key-value operations with enclave protection. Thirdly, we implement a secure client library to maintain the original cache semantics for application compatibility. The experimental result showed that the proposed solutions achieves comparable performance with the traditional key-value store systems, while improves the level of data security in untrusted cloud.

陶照平,黄皓

2012-01-01

Abstract:Through analysis of the data management of windows operating system and the technology of hardware assist virtualization,a data protection model is developed to protect the sensitive data of the application program.Then a sensitive data protection system based on hypervisor is developed.The attacks for static data are effectively blocked by pretreatment encryption technology and the physical page frame encryption technology.Hiding the plaintext of the application is achieved by double shadow page table and data execution protection technology.The system monitors the access control of page table to prevent protected area of application to be maliciously modified.

Ping Xia

DOI: https://doi.org/10.1007/978-3-030-43306-2_6

2020-01-01

Abstract:Cloud computing is another technological revolution of the Internet. It is the product of the development of the information age, which has changed the way people use data and applications. The core idea of cloud computing is to virtualize server entities into logical servers, forming a large cloud resource pool, and providing services such as common computing, parallel processing, and shared resources. However, with the continuous development of cloud computing technology, the large amount of user and application data processed on the virtual cloud server is vulnerable to various security threats. This paper mainly analyzes the data security risks of the virtual cloud server from three aspects of data transmission, data storage, and data application, and proposes corresponding data security precautions to ensure the data security of the virtual cloud server and build a good cloud service network security environment.

D. Kesavaraja,R. Balasubramanian,D. Sasireka

DOI: https://doi.org/10.48550/arXiv.1005.5606

2010-05-31

Distributed, Parallel, and Cluster Computing

Abstract:Cloud Data Servers is the novel approach for providing secure service to e-business .Millions of users are surfing the Cloud for various purposes, therefore they need highly safe and persistent services. Usually hackers target particular Operating Systems or a Particular Controller. Inspiteof several ongoing researches Conventional Web Servers and its Intrusion Detection System might not be able to detect such attacks. So we implement a Cloud Data Server with Session Controller Architecture using Redundancy and Disconnected Data Access Mechanism. In this paper, we generate the hash code using MD5 algorithm. With the help of which we can circumvent even the attacks, which are undefined by traditional Systems .we implement Cloud Data Sever using Java and Hash Code backup Management using My SQL. Here we Implement AES Algorithm for providing more Security for the hash Code. The CDS using the Virtual Controller controls and monitors the Connections and modifications of the page so as to prevent malicious users from hacking the website. In the proposed approach an activity analyzer takes care of intimating the administrator about possible intrusions and the counter measures required to tackle them. The efficiency ratio of our approach is 98.21% compared with similar approaches.

Sandeep K. Sood

DOI: https://doi.org/10.1016/j.jnca.2012.07.007

IF: 7.574

2012-11-01

Journal of Network and Computer Applications

Abstract:Cloud computing is a forthcoming revolution in information technology (IT) industry because of its performance, accessibility, low cost and many other luxuries. It is an approach to maximize the capacity or step up capabilities vigorously without investing in new infrastructure, nurturing new personnel or licensing new software. It provides gigantic storage for data and faster computing to customers over the internet. It essentially shifts the database and application software to the large data centers, i.e., cloud, where management of data and services may not be completely trustworthy. That is why companies are reluctant to deploy their business in the cloud even cloud computing offers a wide range of luxuries. Security of data in cloud is one of the major issues which acts as an obstacle in the implementation of cloud computing. In this paper, a frame work comprising of different techniques and specialized procedures is proposed that can efficiently protect the data from the beginning to the end, i.e., from the owner to the cloud and then to the user. We commence with the classification of data on the basis of three cryptographic parameters presented by the user, i.e., Confidentiality (C), Availability (A) and Integrity (I).The strategy followed to protect the data utilizes various measures such as the SSL (Secure Socket Layer) 128-bit encryption and can also be raised to 256-bit encryption if needed, MAC (Message Authentication Code) is used for integrity check of data, searchable encryption and division of data into three sections in cloud for storage. The division of data into three sections renders supplementary protection and simple access to the data. The user who wishes to access the data is required to provide the owner login identity and password, before admittance is given to the encrypted data in Section 1, Section 2, and Section 3.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/iwqos.2009.5201385

2009-01-01

Abstract:Cloud computing has been envisioned as the next-generation architecture of IT enterprise. In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, however, poses many new security challenges which have not been well understood. In this article, we focus on cloud data storage security, which has always been an important aspect of quality of service. To ensure the correctness of users' data in the cloud, we propose an effective and flexible distributed scheme with two salient features, opposing to its predecessors. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server (s). Unlike most prior works, the new scheme further supports secure and efficient dynamic operations on data blocks, including: data update, delete and append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

A.Abdo,Taghreed S. Karamany,Ahmed Yakoub

DOI: https://doi.org/10.1016/j.jksuci.2024.101999

IF: 9.006

2024-03-09

Journal of King Saud University - Computer and Information Sciences

Abstract:Cloud computing has revolutionized the way businesses and individuals manage and utilize computing resources, providing significant benefits such as scalability, flexibility, and cost-effectiveness. However, the increasing use of cloud computing to store and transmit sensitive data has raised concerns about data security. Ensuring confidentiality and data integrity while enabling effective data transmission is a significant challenge. To overcome this issue, the proposed approach integrates encryption and compression methods to enhance transmission performance in the cloud and prevent unauthorized access to confidential information. This approach applies multiple layers of robust encryption algorithms, followed by LZMA, which aims to compress data size while ensuring data security. The proposed approach is well-suited for real-time implementation and delivers high encryption quality and compression capabilities. Various performance metrics evaluate its performance, including space-saving percentage, processing time, and the NIST randomness test. It provides a substantial improvement in space-saving percentage from 58.63% to 81.8%, ensuring efficiency. The security analysis confirms that ciphertexts generated by this approach pass all NIST tests, generating a 99% confidence level regarding the randomness of the ciphertext. The proposed hybrid approach offers an effective solution for addressing the challenges of securing sensitive data while taking advantage of the benefits of cloud computing.

computer science, information systems

Stephen S. Yau,Ho G. An

DOI: https://doi.org/10.1145/2020723.2020734

2010-01-01

International Journal of Software and Informatics

Abstract:Current cloud computing systems pose serious limitation to protecting users' data confidentiality. Since users' sensitive data is presented in unencrypted forms to remote machines owned and operated by third party service providers, the risks of unauthorized disclosure of the users' sensitive data by service providers may be quite high. There are many techniques for protecting users' data from outside attackers, but currently no effective way is available for protecting users' sensitive data from service providers in cloud computing. In this paper, an approach is presented to protecting the confidentiality of users' data from service providers, and ensures service providers cannot collect users' confidential data while the data is processed and stored in cloud computing systems. Our approach has three major aspects: (1) separating software service providers and infrastructure service providers in cloud computing, (2) hiding information about the owners of data, and (3) data obfuscation. An example to show how our approach can protect the confidentiality of users' data from service providers in cloud computing is given.

Pengfei Dai,Chaokun Wang,Zhiwei Yu,Yongsheng Yue,Jianmin Wang

DOI: https://doi.org/10.1007/978-3-642-29253-8_23

2012-01-01

Abstract:Cloud Computing has emerged as a resource sharing platform, which allows different service providers to deliver software as services. However, for many security sensitive applications such as critical data processing and e-business, we must provide necessary security protection for mitigating the threats in the shared open cloud infrastructures. In this paper, we propose a software watermark enhanced platform to assure that only the software with authorized watermark is allowed to run on the platform. Experimental results show that our architecture could provide a great protection with a small overhead.

Sunitha Pachala,Ch. Rupa,L. Sumalatha

DOI: https://doi.org/10.1007/s12065-020-00555-w

2021-02-10

Evolutionary Intelligence

Abstract:Storing and accessing the information in the multi-cloud hosting environment becomes popular these days. It offers benefits like the assurance of data protection, preventing information corruption, unethical issues from vendors. In this paper, a hybrid approach with the multi-cloud hosting environment is designed and implemented for improved security and privacy of cloud data. The hybrid method consists of three modules (a) Byzantine protocol to tolerant security breaches to server failures cloud, which is independent. (b) DepSky architecture enhances the reliability and secrecy of data preserved in the cloud using encoding and decoding techniques (c) Shamir secret sharing procedure to improve trustiness & privacy of data storage without affecting the performance. The privacy and security issues of the hybrid approach are implemented and compared with the protocols like SAML with proxy re-encryption and Kerberos for different user service requests. The performance of the hybrid approach in terms of memory utilization, encryption/decryption time, total authentication time is improved compared to that of protocol environments SAML, SAML with proxy re-encryption and Kerberos. The results were encouraging in the Hybrid Approach in terms of encryption time/decryption time, Memory utilization and average precision values.

Xiangyang Luo,Lin Yang,Dai Hao,Fenlin Liu,Daoshun Wang

DOI: https://doi.org/10.4304/jnw.9.3.571-581

2014-01-01

Abstract:Data security and virtualization security issues are two key bottlenecks restricting the application of cloud computing promoting and applications, especially for the Cloud-based media computing system. In this paper, states of the art of the techniques on cloud computing data security issues, such as data encryption, access control, integrity authentication and other issues is surveyed, on this basis, the key technical issues of the cloud computing data security should concern about and focus on are indicated, and some corresponding countermeasures and suggestions are presented. For the virtualization security problem introduced by private cloud computing, the security risks induced by virtualization are analyzed and classified, and then based on the divide-conquer idea, for each kind of security risk, some corresponding solutions are presented.

Duane Wilson,Jeff Avery

DOI: https://doi.org/10.48550/arXiv.1606.08378

2016-06-27

Cryptography and Security

Abstract:Existing processes and methods for incident handling are geared towards infrastructures and operational models that will be increasingly outdated by cloud computing. Research has shown that to adapt incident handling to cloud computing environments, cloud customers must establish clarity about their requirements on Cloud Service Providers (CSPs) for successful handling of incidents and contract CSPs accordingly. Secondly, CSPs must strive to support these requirements and mirror them in their Service Level Agreements. Intrusion Detection Systems (IDS) have been used widely to detect malicious behaviors in network communication and hosts. Facing new application scenarios in Cloud Computing, the IDS approaches yield several problems since the operator of the IDS should be the user, not the administrator of the Cloud infrastructure. Cloud providers need to enable possibilities to deploy and configure IDS for the user - which poses its own challenges. Current research and commercial solutions primarily focus on protecting against Denial of Service attacks and attacks against the Cloud's virtual infrastructure. To counter these challenges, we propose a capability that aims to both detect and prevent the potential of data exfiltration by using a novel deception-based methodology. We also introduce a method of increasing the data protection level based on various threat conditions.

Fuzhi Cang,Mingxing Zhang,Yongwei Wu,Weimin Zheng

DOI: https://doi.org/10.3969/j.issn.1673-5188.2013.04.004

2013-01-01

Abstract:Despite the multifaceted advantages of cloud computing,concerns about data leakage or abuse impedes its adoption for security-sensi tive tasks.Recent investigations have revealed that the risk of unauthorized data access is one of the biggest concerns of users of cloud-based services.Transparency and accountability for data managed in the cloud is necessary.Specifically,when using a cloudhost service,a user typically has to trust both the cloud service provider and cloud infrastructure provider to properly handling private data.This is a multi-party system.Three particular trust models can be used according to the credibility of these providers.This pa per describes techniques for preventing data leakage that can be used with these different models.

Victor Chang,Muthu Ramachandran

DOI: https://doi.org/10.1109/tsc.2015.2491281

IF: 11.019

2016-01-01

IEEE Transactions on Services Computing

Abstract:Offering real-time data security for petabytes of data is important for cloud computing. A recent survey on cloud security states that the security of users' data has the highest priority as well as concern. We believe this can only be able to achieve with an approach that is systematic, adoptable and well-structured. Therefore, this paper has developed a framework known as Cloud Computing Adoption Framework (CCAF) which has been customized for securing cloud data. This paper explains the overview, rationale and components in the CCAF to protect data security. CCAF is illustrated by the system design based on the requirements and the implementation demonstrated by the CCAF multi-layered security. Since our Data Center has 10 petabytes of data, there is a huge task to provide real-time protection and quarantine. We use Business Process Modeling Notation (BPMN) to simulate how data is in use. The use of BPMN simulation allows us to evaluate the chosen security performances before actual implementation. Results show that the time to take control of security breach can take between 50 and 125 hours. This means that additional security is required to ensure all data is well-protected in the crucial 125 hours. This paper has also demonstrated that CCAF multi-layered security can protect data in real-time and it has three layers of security: 1) firewall and access control; 2) identity management and intrusion prevention and 3) convergent encryption. To validate CCAF, this paper has undertaken two sets of ethical-hacking experiments involved with penetration testing with 10,000 trojans and viruses. The CCAF multi-layered security can block 9,919 viruses and trojans which can be destroyed in seconds and the remaining ones can be quarantined or isolated. The experiments show although the percentage of blocking can decrease for continuous injection of viruses and trojans, 97.43 percent of them can be quarantined. Our CCAF multi-layered security has an average of 20 percent better performance than the single-layered approach which could only block 7,438 viruses and trojans. CCAF can be more effective when combined with BPMN simulation to evaluate security process and penetrating testing results.

computer science, information systems, software engineering

Stephen S. Yau,Ho G. An,Arun Balaji Buduru

DOI: https://doi.org/10.4018/jwsr.2012070104

2012-01-01

International Journal of Web Services Research

Abstract:In current cloud computing systems, because users’ data is stored and processed by computing systems managed and operated by various service providers, users are concerned with the risks of unauthorized usage of their sensitive data by various entities, including service providers. The current cloud computing systems protect users’ data confidentiality from all entities, except service providers. In this paper, an approach is presented for improving the protection of users’ data confidentiality in cloud computing systems from all entities, including service providers. The authors’ approach has the following features: (1) separation of cloud application providers, data processing service providers and data storage providers, (2) anonymization of users’ identities, (3) grouping cloud application components and distributing their execution to distinct cloud infrastructures of data processing service providers, and (4) use of data obfuscation and cryptography for protecting the sensitive data from unauthorized access by all entities, including service providers. The proposed approach ensures that users’ sensitive data can be protected from their service providers even if the users do not have full cooperation from their service providers.

Qingni Shen,Yahui Yang,Zhonghai Wu,Dandan Wang,Min Long

DOI: https://doi.org/10.1504/ijguc.2013.057118

2013-01-01

International Journal of Grid and Utility Computing

Abstract:With the growth of business, an enterprise would like to make its PSC private storage cloud approach an infrastructure service in a partner/public cloud. In such PSCs, there are some new data security issues, First, how to keep the data rest in the PSC isolated from internal and external attackers; second, how to make secure intra-cloud data migration within the enterprise; third, how to secure inter-cloud data migrating between the PSC and the partner/public cloud. In this paper, we propose an architecture design for enforcing data security services on the layer of HDFS in the PSC, including secure data isolation service, secure intra-cloud data migration service, and secure inter-cloud data migration service. Finally, it gives the prototype implemented as pluggable security modules in accord with our custom security policies through AOP Aspect-Oriented Programming method. The time cost is given and evaluated efficiently.