Wenjuan Li,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/iceie.2010.5559829

2010-01-01

Abstract:Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.

Chunwen Li,Xu Wu,Chuanyi Liu,Xiaqing Xie

DOI: https://doi.org/10.1007/978-3-642-35795-4_25

2013-01-01

Abstract:The hosting service model of cloud computing brings trustworthinessissue of cloud providers, which is a serious obstacle for wider adoption of cloud-based services. Based on open source components of TCG (Trusted Computing Group)and IBM's IMA (Integrity Measurement Architecture), this paper designed and implementeda remote attestation architecture and protocol to verify the trustworthiness of users' virtual machineinIaaS cloud. Meanwhile, as theverification agent, Trusted Third Partyminimized cloud configuration information disclosure, ensured the privacy of cloud.The experiments demonstratedthat this architecture brought little extra cost while provided trustworthiness guarantee. © Springer-Verlag Berlin Heidelberg 2013.

Zhiqiang Du,Wenlong Jiang,Chenguang Tian,Xiaofeng Rong,Yuchao She

DOI: https://doi.org/10.3390/electronics12092140

IF: 2.9

2023-05-08

Electronics

Abstract:Cloud computing is a disruptive technology that has transformed the way people access and utilize computing resources. Due to the diversity of services and complexity of environments, there is widespread interest in how to securely and efficiently authenticate users under the same domain. However, many traditional authentication methods involve untrusted third parties or overly centralized central authorities, which can compromise the security of the system. Therefore, it is crucial to establish secure authentication channels within trusted domains. In this context, we propose a secure and efficient authentication protocol, HIDA (Hyperledger Fabric Identity Authentication), for the cloud computing environment. Specifically, by introducing federated chain technology to securely isolate entities in the trust domain, and combining it with zero-knowledge proof technology, users' data are further secured. In addition, Subsequent Access Management allows users to prove their identity by revealing only brief credentials, greatly improving the efficiency of access. To ensure the security of the protocol, we performed a formal semantic analysis and proved that it can effectively protect against various attacks. At the same time, we conducted ten simulations to prove that the protocol is efficient and reliable in practical applications. The research results in this paper can provide new ideas and technical support for identity authentication in a cloud environment and provide a useful reference for realizing the authentication problem in cloud computing application scenarios.

engineering, electrical & electronic,computer science, information systems,physics, applied

Qi Li,Zhen Yang,Xuanmei Qin,Dehao Tao,Hongyun Pan,Yongfeng Huang

DOI: https://doi.org/10.1016/j.sysarc.2022.102436

IF: 5.836

2022-03-01

Journal of Systems Architecture

Abstract:In order to develop emerging industries such as smart healthcare and intelligent transportation, the government has established various organizations and platforms to manage the growth of industries and encourage the cooperation of companies. However, as different companies’ data are scattered on different cloud platforms, it is difficult to have a unified control and reliable accountability for the operation of cloud data, which obstructs the establishment of platforms and cooperation. In this paper, to address the problems above, we propose a Cloud–Blockchain Fusion Framework (CBFF) to achieve data accountability among multiple clouds. CBFF improves the trustworthiness of operation to cloud data by designing secure mechanisms between clouds and blockchain. It designs a unified data Naming and Addressing Mechanism to publish and locate cloud data globally in a multi-cloud environment. Also, it proposes the Operation Tracing Mechanism to achieve reliable operation logging and tracing. With CBFF, we present a prototype implementation system using Hyperledger Fabric blockchain and Alibaba Cloud Computing. Our system could provide secure data uploading, sharing, and updating among multiple clouds. Finally, we also provide experiments and analysis to demonstrate that our framework has significant efficiency and security improvements.

computer science, software engineering, hardware & architecture

Ming Yang,Li Jia,Tilei Gao,Yuanyuan He,Bin Gui,Tao Zhang

DOI: https://doi.org/10.1155/2022/5866570

2022-01-01

Wireless Communications and Mobile Computing

Abstract:Even well-known cloud platforms will have sudden credibility problems in the long-term application process. Effectively evaluating the credibility of the cloud platform and providing users with scientific evaluation results can help users reasonably choose a trusted cloud platform. However, there are often conflicting opinions or malicious assessments in the process of assessment. In addition, the personal privacy information of the users participating in the assessment is at risk of being leaked, and the data that the users have evaluated is also easy to be modified. In order to solve the above problems, this paper defines the credibility category and confidence interval of cloud platform, puts forward a quantitative assessment method combined with fuzzy theory, and realizes the fusion of different users’ assessment results based on D-S theory. On this basis, this paper further proposes an effective cloud platform credibility assessment system combined with blockchain technology. Finally, through experimental analysis, this paper shows that the credibility assessment system proposed in this paper is feasible and illustrates the characteristics of the system through method comparison. The system solves the problem of conflicting information in the assessment process, can effectively assess the credibility of the cloud platform, and effectively protects user privacy and the security of assessment data with blockchain technology.

Jiahao Jiang,Xiao Tan,Lidong Han,Qi Xie,Shengbao Wang

DOI: https://doi.org/10.1109/access.2023.3295248

IF: 3.9

2023-01-01

IEEE Access

Abstract:We propose a credible alliance-chain-based public auditing scheme (CACPA) to properly address the trust problem of third-party auditor (TPA) in the traditional audit scheme for cloud storage. Based on the non-tamperability and traceability of blockchain, we design a novel incentive mechanism to enforce honest and reliable behaviors of TPA. The basic idea is to organize TPA as a group of blockchain nodes conducting mutual surveillance. Any behavior of a TPA node will be inspected by other nodes to maintain good reputation of the group, and malicious behaviors will bring severe punishments. Accordingly, we develop system model of the proposed CACPA, as well as smart contracts to deal with transactions-related issues, such as dispute resolution. Finally, performance evaluation validates that our scheme enjoys acceptable efficiency and suits for real-world applications.

computer science, information systems,telecommunications,engineering, electrical & electronic

Linsheng Yu,Mingxing He,Hongbin Liang,Ling Xiong,Yang Liu

DOI: https://doi.org/10.3390/s23031264

2023-01-22

Abstract:Authentication and authorization constitute the essential security component, access control, for preventing unauthorized access to cloud services in mobile cloud computing (MCC) environments. Traditional centralized access control models relying on third party trust face a critical challenge due to a high trust cost and single point of failure. Blockchain can achieve the distributed trust for access control designs in a mutual untrustworthy scenario, but it also leads to expensive storage overhead. Considering the above issues, this work constructed an authentication and authorization scheme based on blockchain that can provide a dynamic update of access permissions by utilizing the smart contract. Compared with the conventional authentication scheme, the proposed scheme integrates an extra authorization function without additional computation and communication costs in the authentication phase. To improve the storage efficiency and system scalability, only one transaction is required to be stored in blockchain to record a user's access privileges on different service providers (SPs). In addition, mobile users in the proposed scheme are able to register with an arbitrary SP once and then utilize the same credential to access different SPs with different access levels. The security analysis indicates that the proposed scheme is secure under the random oracle model. The performance analysis clearly shows that the proposed scheme possesses superior computation and communication efficiencies and requires a low blockchain storage capacity for accomplishing user registration and updates.

Jiawei Zhang,Teng Li,Zuobin Ying,Jianfeng Ma

DOI: https://doi.org/10.1109/tcc.2022.3147226

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Cloud-Fog-Assisted Internet-of-Things (IoT) is a convincing paradigm to provide users with on-demand and low-latency services through Fog nodes in the edge of multiple clouds (Multi-Cloud). Multi-Cloud is a scalable multi-domain service-oriented net-centric system and can respond to complicated user requirements leveraging Multi-Cloud Service Composition (MCSC). However, in MCSC, user security can be easily compromised by untrusted and curious cloud service providers that may collect and violate the privacy and other essential assets of cloud users. Although many trust-based MCSC solutions have been proposed to seek a trustworthy composite service with highest trust level, most of them are vulnerable to malicious users intending to break through the clouds and inflict serious data leakage or asset damage. Considering these security concerns on both malicious users and untrusted service providers, in this article, we present a trust-based secure multi-cloud collaboration framework for Cloud-Fog-Assisted IoT systems. Specifically, to guarantee the security of users, we develop a role-based trust evaluation method to enhance the trustworthiness of MCSC. To preserve the security of services, we design an efficient user authentication scheme and a secure collaboration scheme to provide collaborative user authentication and access control mechanism for MCSC. We develop a proof of concept implementation for our framework and demonstrate its practicability by performance evaluation with extensive experiments.

computer science, information systems, theory & methods

LIU Chuan-yi,PAN He-zhong,LIANG Lu-lu,WANG Guo-feng,FANG Bin-xing

DOI: https://doi.org/10.11959/j.issn.2096-109x.2016.00102

2016-01-01

Abstract:A ＂big clouds audited by a small cloud＂ scheme was proposed,by introducing an independent trusted third party (TTP) dealing with run-time data collection,verification,audit and evaluation remotely,in a continuous and data-driven model,compared with traditionally certification based audit.The TTP mainly adopts data flow visualization,data monitoring and encryption to protect the rights of users.It provides the basis for users to choose a trusted cloud platform and for cloud platform to prove own trusted credentials.In-depth study,the following key technologies were broken through:1) the introduction of an independent trusted third party as an intermediate layer between cloud platform and users as well as administrators; 2) continuous,real-time remote data collection and data analysis; 3) strong non-intrusive evidence gathering.

Dongdong Yue,Ruixuan Li,Yan Zhang,Wenlong Tian,Yongfeng Huang

DOI: https://doi.org/10.1016/j.jpdc.2020.06.007

IF: 4.542

2020-12-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the popularity of the Internet of Things (IoT), data integrity verification in the edge cloud storage attracts attentions from many researchers. Due to the over dependence of the Third Party Auditor (TPA) and the dynamical nature of the IoT data, the traditional data integrity verification framework for cloud storage can hardly work. To satisfy the characteristics of the IoT and avoid the over dependence of the TPA, we propose a blockchain-based framework without TPA for data integrity verification in a decentralized edge-cloud storage (ECS) scenario in this paper. In our framework, we employ the Merkle tree with random challenging numbers for data integrity verification and analyze different Merkle tree structures to optimize the system performance. To solve the problem of limited resources and high real-time requirements, we further propose sampling verification and develop rational sampling strategies to make sampling verification more effective. The overhead and precision of the verification in ECS are studied by an optimal sample size strategy. Finally, a prototype system is implemented based on our framework and we conduct a series of experiments to evaluate the effectiveness of the proposed schemes. The experimental results show that our schemes can effectively improve the performance of data integrity verification.</p>

computer science, theory & methods

Cheng Zhang,Yang Xu,Yupeng Hu,Jiajing Wu,Ju Ren,Yaoxue Zhang

DOI: https://doi.org/10.1109/tcc.2021.3057771

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Network storage services have benefited countless users worldwide due to the notable features of convenience, economy and high availability. Since a single service provider is not always reliable enough, more complex multi-cloud storage systems are developed for mitigating the data corruption risk. While a data auditing scheme is still needed in multi-cloud storage to help users confirm the integrity of their outsourced data. Unfortunately, most of the corresponding schemes rely on trusted institutions such as the centralized third-party auditor (TPA) and the cloud service organizer, and it is difficult to identify malicious service providers after service disputes. Therefore, we present a blockchain-based multi-cloud storage data auditing scheme to protect data integrity and accurately arbitrate service disputes. We not only introduce the blockchain to record the interactions among users, service providers, and organizers in data auditing process as evidence, but also employ the smart contract to detect service dispute, so as to enforce the untrusted organizer to honestly identify malicious service providers. We also use the blockchain network and homomorphic verifiable tags to achieve the low-cost batch verification without TPA. Theoretical analyses and experiments reveal that the scheme is effective in multi-cloud environments and the cost is acceptable.

Yihuai Liang,Yan Li,Byeong-Seok Shin,Liang, Yihuai

DOI: https://doi.org/10.1007/s12083-024-01668-0

IF: 3.488

2024-03-03

Peer-to-Peer Networking and Applications

Abstract:Security and availability are crucial for users who outsource computational tasks to remote servers. However, computation services provided by cloud platforms suffer outage risks, potential enforced censorship, and network latency problems due to the centralized architecture, also having monopolistic service prices.We proposed a decentralized platform for outsourced trusted computing. Compared with prior works, our platform works autonomously based on a public blockchain without reliance on a trusted third party. The platform is open and public for computation nodes of Trusted Execution Environments (TEE) to join and provide trusted computing services out of financial incentives. Moreover, we designed a novel protocol, named b-DTC. First, it prevents free-riding behaviors against users and prevents false reporting against computing nodes. Second, it supports real-time multi-round off-chain trusted computing in a pay-as-you-go manner, such that the performance of outsourced computing is not limited by the underlying blockchain. Third, for an incentive of high reliability and availability, it trustworthily measures the liveness, workload, and performance of the nodes and uses the measurement information to calculate the nodes' reputation. We analyzed and proved the security of our protocol. Extensive experiments are conducted based on two real-world scenarios: a clinical self-diagnosis system and an outsourced genetic testing application. Experimental results show that our system is feasible and the cost of introducing blockchain and TEE into our system is acceptable: Only takes about 20 seconds more than that of a cloud to finish a task that provides trusted service for 1000 users; The off-chain computing cost in our system is only about 20% more than that of the cloud.

computer science, information systems,telecommunications

Shengsheng Yao,Mingwei Xu,Qi Li,Jiahao Cao,Qiyang Song

DOI: https://doi.org/10.1109/globecom38437.2019.9013473

2019-01-01

Abstract:To reduce the management costs, outsourcing network function (NF) to the cloud becomes prevalent in enterprises. This trend is increasing with the advent of network function virtualization (NFV). However, such outsourcing cannot guarantee the order and security of service function chains(SFCs) as the cloud is susceptible to attacks. In this paper, we introduce credible SFC (cSFC), a practical scheme to build secure service function chains on the untrusted cloud, cooperating with encrypted transport protocols. cSFC simultaneously shields NFs from an untrusted cloud and preserves the order of SFC sequence. Meanwhile, this scheme supports a wide range of NF functionalities and preserves the privacy of session data. We implement the cSFC prototype, and the evaluation result shows that it is practical with acceptable performance.

Wang Han-zhang,Huang Liu-sheng

DOI: https://doi.org/10.1109/iccasm.2010.5622643

2010-01-01

Abstract:Security and privacy are two prime barriers to adoption of the cloud computing. To address this problem on Infrastructure-as-a-Service model, a trusted cloud computing platform model has been proposed to provide a closed box execution environment that guarantees confidential execution of guest virtual machines. However this model has significant drawbacks that it relies on the trusted third party outside of the cloud circumstance too much. In this paper we show how to address this issue based on the neutral feature of the Trusted Platform Module. By moving the responsibility of managing trusted platforms from the trusted third party to the trusted platforms of Infrastructure-as-a-Service model, our improved TCCP model achieves higher availability, reliability and safety.

Chuanyi Liu,Jie Lin,Binxing Fang

DOI: https://doi.org/10.1587/transinf.e96.d.2344

2013-01-01

IEICE Transactions on Information and Systems

Abstract:However, in cloud computing mode, customers lose the direct control of their data and applications hosted by the cloud providers, which leads to the trustworthiness issue of the cloud providers, hindering the widespread use of cloud computing. This paper proposes a trustworthiness verification and audit mechanism on cloud providers called T-YUN. It introduces a trusted third party to cyclically attest the remote clouds, which are instrumented with the trusted chain covering the whole architecture stack. According to the main operations of the clouds, remote verification protocols are also proposed in T-YUN, with a dedicated key management scheme. This paper also implements a proof-of-concept emulator to validate the effectiveness and performance overhead of T-YUN. The experimental results show that T-YUN is effective and the extra overhead incurred by it is acceptable.

Wu Luo,Wei Liu,Yang Luo,Anbang Ruan,Qingni Shen,Zhonghai Wu

DOI: https://doi.org/10.1109/trustcom.2016.0058

2016-01-01

Abstract:In recent years, the rapid development of virtualization and container technology brings unprecedented impact on traditional IT architecture. Trusted Computing devotes to provide a solution to protect the integrity of the target platform and introduces a virtual TPM to adapt to the challenges that virtualization brings. However, the traditional integrity measurement solution and remote attestation has limitations due to the challenges such as large of measurement and attestation cost and overexposure of configurations details. In this paper, we propose the Partial Attestation Model. The basic idea of Partial Attestation Model is to reconstruct the Chain of Trust by dividing them into several separated ones. Our model therefore enables the challenger to attest the specified security requirements of the target platform, instead of acquiring and verifying the complete detailed configurations. By ignoring components not related to the target requirements, our model reduces the attestation costs. In addition, we further implement an attestation protocol to prevent overexposure of the target platform's configuration details. We build a use case to illustrate the implementation of our model, and the evaluations on our prototype show that our model achieves better efficiency than the existing remote attestation scheme.

Wu Luo,Anbang Ruan,Qingni Shen,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-94289-6_5

2018-01-01

Abstract:With the rapid development of cloud computing, system and data security become concerns due to user losing control of his machines and internal attacks. Provenance is an essential approach to establish data and system trustworthiness for cloud computing services, as it summarizes the history of objects and the actions performed on them. However, the current existing provenance-aware solutions either depend on applications in the user-space or fail to convey a genuine provenance information to a cloud user to do a further analysis. Thus they are vulnerable to a malicious privileged administrator or adversary attacking in an untrusted network. In order to solve these problems, we design TProv to establish a trusted provenance-aware service with the help of Trusted Computing. In addition, we introduce Merkle Hash Tree to reduce the length of Chain of Trust and enable parallel validation for the trustworthiness of provenance information, thus TProv decreases the overhead of the huge size of provenance information and the cost of operating trusted hardware, e.g. Trusted Platform Module. The experimental results reflect TProv's effectiveness and efficiency.

Victor Chang,Yen-Hung Kuo,Muthu Ramachandran

DOI: https://doi.org/10.1016/j.future.2015.09.031

IF: 7.307

2016-04-01

Future Generation Computer Systems

Abstract:This article presents a cloud computing adoption framework (CCAF) security suitable for business clouds. CCAF multilayered security is based on the development and integration of three major security technologies: firewall, identity management, and encryption based on the development of enterprise file sync and share technologies. This article presents the vision, related works, and views on security framework. Core technologies have been explained in detail, and experiments were designed to demonstrate the robustness of the CCAF multilayered security. In penetration testing, CCAF multilayered security could detect and block 99.95% viruses and trojans, and could achieve ≥85% of blocking for 100 h of continuous attack. Detection and blocking took &lt;0.012s/trojan or virus. A full CCAF multilayered security protection could block all SQL (structured query language) injection, providing real protection to data. CCAF multilayered security did not report any false alarm. All F-measures for CCAF test results were ≥99.75%. The mechanism of blending of CCAF multilayered security with policy, real services, and business activities has been illustrated. Research contributions have been justified and CCAF multilayered security can be beneficial for volume, velocity, and veracity of big data services operated in the cloud.

Fuxiao Zhou,Haopeng Chen,Zhijian Jiang

DOI: https://doi.org/10.1007/978-3-030-67540-0_31

2020-01-01

Abstract:With the ever-increasing scale of data, IP traffic of data centers will gradually suffer from a serious shortage. Centralized clouds may no longer deliver satisfactory storage services. To alleviate network pressure, transmitting source data to the edge of network instead of the remote cloud is becoming more and more important. Based on the blockchain technology, we propose a decentralized cloud storage service with tamper-resistant function. Our service provides users with metadata storage and management capabilities. In order to overcome the inherent defects of blockchain, in our design, the blockchain network has a layered and collaborative structure. After the storage capacity problem is solved, our service allows users to upload digests of source data to make the query function more user-friendly. For privacy protection, we subjoin the access management function as well. Finally, the experimental results show that the performance and availability of the blockchain network are able to support our service to provide efficient functions to users.

Zhimin Gao,Lei Xu,Lin Chen,Xi Zhao,Yang Lu,Weidong Shi

DOI: https://doi.org/10.1007/s11390-018-1816-5

IF: 1.871

2018-03-01

Journal of Computer Science and Technology

Abstract:Modern supply chain is a complex system and plays an important role for different sectors under the globalization economic integration background. Supply chain management system is proposed to handle the increasing complexity and improve the efficiency of flows of goods. It is also useful to prevent potential frauds and guarantee trade compliance. Currently, most companies maintain their own IT systems for supply chain management. However, it is hard for these isolated systems to work together and provide a global view of the status of the highly distributed supply chain system. Using emerging decentralized ledger/blockchain technology, which is a special type of distributed system in essence, to build supply chain management system is a promising direction to go. Decentralized ledger usually suffers from low performance and lack of capability to protect information stored on the ledger. To overcome these challenges, we propose CoC (supply chain on blockchain), a novel supply chain management system based on a hybrid decentralized ledger with a novel two-step block construction mechanism. We also design an efficient storage scheme and information protection method that satisfy requirements of supply chain management. These techniques can also be applied to other decentralized ledger based applications with requirements similar to supply chain management.

computer science, software engineering, hardware & architecture