Jian Zhang,Yang,Yanjiao Chen,Jing Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2017.08.019

IF: 5.493

2017-01-01

Computer Networks

Abstract:With the growing popularity of cloud storage, to guarantee the security of outsourced data becomes more and more important. In this paper, we make the first attempt to explore the intrinsic relationship between secure cloud storage and homomorphic encryption scheme, based on which we present a Generic way to design a Secure Cloud Storage protocol, denoted as G-SCS, using any homomorphic encryption scheme (HES). The proposed G-SCS is secure under a definition that satisfy the security requirement of cloud storage. To address various issues in real application scenarios, we further extend the protocol to support deterministic and randomized auditing, data dynamics (i.e., data insertion, deletion and modification), as well as third-party public auditing, while preserving the efficiency and security of the protocol. By instantiating all abstract semantics in G-SCS, we construct three concrete secure cloud storage protocols using RSA-based, Paillier-based and DGHV-based HESs, which are multiplicatively, additively and fully HESs, respectively. We conduct extensive theoretical analysis and experimental evaluations to validate the practicability of the proposed protocol.

Jian Liu,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1145/2810103.2813623

2015-01-01

Abstract:Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Fauzi Adi Rafrastara,Qi DeYu

DOI: https://doi.org/10.48550/arXiv.2009.07099

2020-09-14

Abstract:Cloud storage provides the simpler way to share the files privately and publicly. A good Cloud Storage Provider (SCP) is not only measured by the access speed or file size that can be shared to others, but also regarding the security issues in file sharing itself. In this paper, we analyze the security of file sharing in 3 Chinese CSPs, which are: Baidu, Weiyun and Kanbox. Those CSPs have their own vulnerabilities that successfully revealed. We also provide some suggestions to countermeasure the weaknesses so that they can maintain the quality while improving the security.

Cryptography and Security

Li Xu,Chi-Yao Weng,Lun-Pin Yuan,Mu-En Wu,Raylin Tso,Hung-Min Sun

DOI: https://doi.org/10.1007/s11227-015-1515-8

2015-01-01

Abstract:Cloud storage is one of the most important applications in our daily lives. User can store their own data into cloud storage and remotely access the saved data. Owing to the social media develops, users can share the digital files to other users, leading to the amount of data growing rapidly and searching abilities necessarily. In the some cases, servers cannot avoid data leakage even if the server provides complete access control. The encrypted data is a best way to resolve this problem but it may eliminate original structure and searching may become impossible. Applying searchable encryption for each receiver may produce messy duplication and occupy the quota of cloud storage from each receiver. User requires keeping their shared documents belonging up to date which are compared with the latest version. To this aim, we thus propose a sharable ID-based encryption with keyword search in cloud computing environment, which enables users to search in data owners’ shared storage while preserving privacy of data. For the performance analysis, we demonstrate the compared resultant with others ID-based or ID-relative encryption. In addition to that, we show the formal proof to verify the security of our proposed.

Hong Liu,Huansheng Ning,Qingxu Xiong,Laurence T. Yang

DOI: https://doi.org/10.1109/tpds.2014.2308218

IF: 5.3

2015-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud computing is an emerging data interactive paradigm to realize users' data remotely stored in an online cloud server. Cloud services provide great conveniences for the users to enjoy the on-demand cloud applications without considering the local infrastructure limitations. During the data accessing, different users may be in a collaborative relationship, and thus data sharing becomes significant to achieve productive benefits. The existing security solutions mainly focus on the authentication to realize that a user's privative data cannot be illegally accessed, but neglect a subtle privacy issue during a user challenging the cloud server to request other users for data sharing. The challenged access request itself may reveal the user's privacy no matter whether or not it can obtain the data access permissions. In this paper, we propose a shared authority based privacy-preserving authentication protocol (SAPA) to address above privacy issue for cloud storage. In the SAPA, 1) shared access authority is achieved by anonymous access request matching mechanism with security and privacy considerations (e.g., authentication, data anonymity, user privacy, and forward security); 2) attribute based access control is adopted to realize that the user can only access its own data fields; 3) proxy re-encryption is applied to provide data sharing among the multiple users. Meanwhile, universal composability (UC) model is established to prove that the SAPA theoretically has the design correctness. It indicates that the proposed protocol is attractive for multi-user collaborative cloud applications.

computer science, theory & methods,engineering, electrical & electronic

Stephen S. Yau,Ho G. An

DOI: https://doi.org/10.1145/2020723.2020734

2010-01-01

International Journal of Software and Informatics

Abstract:Current cloud computing systems pose serious limitation to protecting users' data confidentiality. Since users' sensitive data is presented in unencrypted forms to remote machines owned and operated by third party service providers, the risks of unauthorized disclosure of the users' sensitive data by service providers may be quite high. There are many techniques for protecting users' data from outside attackers, but currently no effective way is available for protecting users' sensitive data from service providers in cloud computing. In this paper, an approach is presented to protecting the confidentiality of users' data from service providers, and ensures service providers cannot collect users' confidential data while the data is processed and stored in cloud computing systems. Our approach has three major aspects: (1) separating software service providers and infrastructure service providers in cloud computing, (2) hiding information about the owners of data, and (3) data obfuscation. An example to show how our approach can protect the confidentiality of users' data from service providers in cloud computing is given.

Sunaina Bagga

DOI: https://doi.org/10.55524/ijircst.2021.9.6.69

2021-11-01

Abstract:Numerous firm’s architectures management of data guarantees substantially alter method, gain access to maintain private commercial business. Occur additional facts protection problems. Existing statistics safety methods have limits in preventing records legal assaults, in particular these performed by utilizing companion diploma business executives to the cloud dealer to monitor data get right of entry to within the cloud and find out unusual records get right of entry to. Sorts require method of building a machine robust protection privateer’s statistic through files person team customer’s technique much documents. Not simply the encryption keys but also the search keys need to be utilized and consumers have to keep their keys resistant and disseminated. The cutting-edge current gadget the place the facts proprietor can solely share one key with the user, whether or not it is any kind of document, massive or small variety of documents, and the function of the person is to cross a lure in the cloud of overall performance checking out and safety evaluation of shared documents, which is an impenetrable and superb proposed gives schemes. And consumers are also extremely concerned about data sharing storage, inexplicable information leak in the cloud, and harmful attackers. In the article, an experiment is done to format a method for encryption for impenetrable statistics allocation.

Sandeep K. Sood

DOI: https://doi.org/10.1016/j.jnca.2012.07.007

IF: 7.574

2012-11-01

Journal of Network and Computer Applications

Abstract:Cloud computing is a forthcoming revolution in information technology (IT) industry because of its performance, accessibility, low cost and many other luxuries. It is an approach to maximize the capacity or step up capabilities vigorously without investing in new infrastructure, nurturing new personnel or licensing new software. It provides gigantic storage for data and faster computing to customers over the internet. It essentially shifts the database and application software to the large data centers, i.e., cloud, where management of data and services may not be completely trustworthy. That is why companies are reluctant to deploy their business in the cloud even cloud computing offers a wide range of luxuries. Security of data in cloud is one of the major issues which acts as an obstacle in the implementation of cloud computing. In this paper, a frame work comprising of different techniques and specialized procedures is proposed that can efficiently protect the data from the beginning to the end, i.e., from the owner to the cloud and then to the user. We commence with the classification of data on the basis of three cryptographic parameters presented by the user, i.e., Confidentiality (C), Availability (A) and Integrity (I).The strategy followed to protect the data utilizes various measures such as the SSL (Secure Socket Layer) 128-bit encryption and can also be raised to 256-bit encryption if needed, MAC (Message Authentication Code) is used for integrity check of data, searchable encryption and division of data into three sections in cloud for storage. The division of data into three sections renders supplementary protection and simple access to the data. The user who wishes to access the data is required to provide the owner login identity and password, before admittance is given to the encrypted data in Section 1, Section 2, and Section 3.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Geethu Thomas,Prem Jose V,P.Afsar

DOI: https://doi.org/10.48550/arXiv.1310.8392

2013-10-31

Abstract:Cloud Computing has been envisioned as the next generation architecture of IT Enterprise. The Cloud computing concept offers dynamically scalable resources provisioned as a service over the Internet. Economic benefits are the main driver for the Cloud, since it promises the reduction of capital expenditure and operational expenditure. In order for this to become reality, however, there are still some challenges to be solved. Most important among these are security and trust issues,since the users data has to be released to the Cloud and thus leaves the protection sphere of the data <a class="link-external link-http" href="http://owner.In" rel="external noopener nofollow">this http URL</a> contrast to traditional solutions, where the IT services are under proper physical,logical and personnel controls, Cloud Computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, however, poses many new security challenges which have not been well understood. Security is to save data from danger and vulnerability. There are so many dangers and vulnerabilities to be handled. Various security issues and some of their solution are explained and are concentrating mainly on public cloud security issues and their solutions. Data should always be encrypted when stored(using separate symmetric encryption keys)and transmitted. If this is implemented appropriately, even if another tenant can access the data, all that will appear is gibberish. So a method is proposed such that we are encrypting the whole data along with the cryptographic key.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Yang Yang,Yanjiao Chen,Fei Chen,Jing Chen

DOI: https://doi.org/10.1109/jiot.2021.3121678

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Remote data integrity auditing ensures the integrity of cloud storage. In practice, cloud users may not want their sensitive data to be exposed to others. Thus, it is meaningful to investigate how to realize data sharing with sensitive information hiding in cloud storage auditing. Up to now, cloud storage has been proven to achieve the sensitive information hiding property through a third-party sanitizer dedicated to sanitize user data, which leads to high outlays on purchasing and maintaining a special server. To meet this challenge, we design a novel cloud storage auditing protocol to support sensitive information hiding without the need of a third-party sanitizer. In addition, our scheme allows data owners to enable or disable other users to access their sensitive information with the help of the cloud that dose not deviate from the agreement during access control. To be specific, only after receiving the delegations from the data owner, the users can compute the valid warrants that can pass the access verification of the cloud. The proposed protocol is built on identity-based cryptography, thus avoiding the complex certificate management. We validate the advantages of the proposed protocol through massive theoretical analysis and experimental results.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wen-Guey Tzeng,A. Yao

2014-01-01

Abstract:S.Thivaharan Assistant Professor, Dept of Information Technology Kalaignar Karunanidhi Institute of Technology Coimbatore, India s.thivaharan@gmail.com. Abstract— Cryptography is the art and science of achieving security by encoding the message or data to make them unreadable. It is related to the aspects of network security such as privacy, reliability and accessibility of the data. A cryptosystem or cryptographic system is only the authenticated way in which user can access the encrypted data and decrypt it. The authenticated messages are shared between the authorized users. Security in cloud computing is a major concern. There are some cryptosystem techniques introduced in this security. First, Attribute Based Encryption is a public key encryption technique which is used to enable the access control over the encrypted data using qualified attributes. Second, Identity Based Encryption allows for a sender can encrypt a message to an identity without access to a public key certificate. Third, a new public key cryptosystem encrypt a message not only a public key but also under an identifier of the ciphertext classes.

Stephen S. Yau,Ho G. An,Arun Balaji Buduru

DOI: https://doi.org/10.4018/jwsr.2012070104

2012-01-01

International Journal of Web Services Research

Abstract:In current cloud computing systems, because users’ data is stored and processed by computing systems managed and operated by various service providers, users are concerned with the risks of unauthorized usage of their sensitive data by various entities, including service providers. The current cloud computing systems protect users’ data confidentiality from all entities, except service providers. In this paper, an approach is presented for improving the protection of users’ data confidentiality in cloud computing systems from all entities, including service providers. The authors’ approach has the following features: (1) separation of cloud application providers, data processing service providers and data storage providers, (2) anonymization of users’ identities, (3) grouping cloud application components and distributing their execution to distinct cloud infrastructures of data processing service providers, and (4) use of data obfuscation and cryptography for protecting the sensitive data from unauthorized access by all entities, including service providers. The proposed approach ensures that users’ sensitive data can be protected from their service providers even if the users do not have full cooperation from their service providers.

Matilda Backendal,Miro Haller,Kenny Paterson

DOI: https://doi.org/10.1109/msec.2024.3352788

IF: 3.105

2024-04-05

IEEE Security & Privacy

Abstract:End-to-end encryption is rapidly becoming the accepted security goal for personal data. In this article, we examine consumer cloud storage systems, focusing in particular on those systems that attempt to provide end-to-end security for customer data. We survey the security guarantees of current service providers and the issues they face, discuss open research questions, and highlight the challenges that impede the deployment of end-to-end secure cloud storage.

computer science, information systems, software engineering

Yoshita Sharma,Himanshu Gupta,Sunil Kumar Khatri

DOI: https://doi.org/10.1109/aicai.2019.8701398

2019-02-01

Abstract:As we all are aware that internet acts as a depository to store cyberspace data and provide as a service to its user. cloud computing is a technology by internet, where a large amount of data being pooled by different users is stored. The data being stored comes from various organizations, individuals, and communities etc. Thus, security and privacy of data is of utmost importance to all of its users regardless of the nature of the data being stored. In this research paper the use of multiple encryption technique outlines the importance of data security and privacy protection. Also, what nature of attacks and issues might arise that may corrupt the data; therefore, it is essential to apply effective encryption methods to increase data security.

Xuexue Jin,Lingbo Wei,Mengke Yu,Nenghai Yu,Jinyuan Sun

DOI: https://doi.org/10.1109/ICCChina.2013.6671119

2013-01-01

Abstract:Cloud computing is viewed as the next generation architecture of IT companies. As promising as it is, cloud computing also brings forth many new security issues when users outsource sensitive data to cloud servers. To keep sensitive users' data confidential against untrusted servers, existing solutions usually apply cryptographic methods. With data encryption, the same file will become different from each other, thus deduplication which is widely adopted by cloud storage service providers meets some challenges. Current method to solve the problem is to make use of some information computed from the shared file to achieve deduplication of encrypted data, say convergent encryption. But this piece of information which is computable from the file via a deterministic public algorithm is not really meant to be secret. To this end, we propose a scheme to address the deduplication of encrypted data efficiently and securely with the help of ensuring the ownership of the shared file, encrypting data using keys at user's will and realizing the anonymous store through the digital credential. We achieve this aims through proof of ownership (POW), proxy re-encryption (PRE) and digital credential.

Kaiping Xue,Weikeng Chen,Wei Li,Jianan Hong,Peilin Hong

DOI: https://doi.org/10.1109/tifs.2018.2809679

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:People endorse the great power of cloud computing, but cannot fully trust the cloud providers to host privacy-sensitive data, due to the absence of user-to-cloud controllability. To ensure confidentiality, data owners outsource encrypted data instead of plaintexts. To share the encrypted files with other users, ciphertext-policy attribute-based encryption (CP-ABE) can be utilized to conduct fine-grained and owner-centric access control. But this does not sufficiently become secure against other attacks. Many previous schemes did not grant the cloud provider the capability to verify whether a downloader can decrypt. Therefore, these files should be available to everyone accessible to the cloud storage. A malicious attacker can download thousands of files to launch economic denial of sustainability (EDoS) attacks, which will largely consume the cloud resource. The payer of the cloud service bears the expense. Besides, the cloud provider serves both as the accountant and the payee of resource consumption fee, lacking the transparency to data owners. These concerns should be resolved in real-world public cloud storage. In this paper, we propose a solution to secure encrypted cloud storages from EDoS attacks and provide resource consumption accountability. It uses CP-ABE schemes in a black-box manner and complies with arbitrary access policy of the CP-ABE. We present two protocols for different settings, followed by performance and security analysis.

Dongyang Xu,Fengying Luo,Lin Gao,Zhi Tang

DOI: https://doi.org/10.1109/intech.2013.6653703

2013-01-01

Abstract:With the rapid development of cloud computing, more and more users begin to share documents in cloud servers. Since cloud servers are not within the trusted domain of users, encryption and access control are needed to protect the digital content. Attribute-based encryption is a favorable scheme that has been used for content protection in cloud computing. It can provide “one-to-many” encryption service so that one encrypted file can be decrypted by multiple prospective recipients whose attributes conform to the access policy. Currently, all existing attribute-based encryption schemes assume that the digital content and authorized users are equally privileged; however, there are emerging application scenarios that demand digital content and users with different privileges. In this paper, we present a new attribute-based encryption scheme that can generate security keys of different class for users by integrating ciphertext-policy attribute-based encryption and hierarchical cryptographic key management. Thus, we achieve the fine-grained document sharing which means that users can preview the same document with different privileges. We use hierarchical keys derived from a chain of one-way functions. Extensive analysis shows that our proposed scheme is simple, efficient and secure. The proposed scheme can provide “one-fits-many” encryption service.

xuejiao liu,yingjie xia,yang xiang,mohammad mehedi hassan,abdulhameed alelaiwi

DOI: https://doi.org/10.1109/SocialSec2015.13

2015-01-01

Abstract:Hybrid cloud is a widely used cloud architecture in large companies that can outsource data to the publiccloud, while still supporting various clients like mobile devices. However, such public cloud data outsourcing raises serious security concerns, such as how to preserve data confidentiality and how to regulate access policies to the data stored in public cloud. To address this issue, we design a hybrid cloud architecture that supports data sharing securely and efficiently, even with resource-limited devices, where private cloud serves as a gateway between the public cloud and the data user. Under such architecture, we propose an improved construction of attribute-based encryption that has the capability of delegating encryption/decryption computation, which achieves flexible access control in the cloud and privacy-preserving in datautilization even with mobile devices. Extensive experiments show the scheme can further decrease the computational cost and space overhead at the user side, which is quite efficient for the user with limited mobile devices. In the process of delegating most of the encryption/decryption computation to private cloud, the user can not disclose any information to the private cloud. We also consider the communication securitythat once frequent attribute revocation happens, our scheme is able to resist some attacks between private cloud and data user by employing anonymous key agreement.

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/INFCOM.2010.5462174

2010-01-01

Abstract:Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.