J. Cindhamani,Naguboynia Punya,Rasha Ealaruvi,L. D. Dhinesh Babu

DOI: https://doi.org/10.1109/icccnt.2014.6963097

2014-07-01

Abstract:Cloud computing is an emerging and advanced technology in IT enterprise which provides services on demand. Cloud computing includes many advantages such as flexibility, improved performance and low cost. Besides its advantages, cloud has many security issues and challenges. In this paper, we propose an enhanced frame work for data security in cloud which follows the security polices such as integrity, confidentiality and availability. The data is stored in cloud by using 128 bit encryption and RSA algorithm, then we use the trust management i.e., Trusted Party Auditor (TPA) which audits the data instead of client. Thus, we show how efficiently the data can be secured related to performance analysis.

Shahnawaz Ahmad,Shabana Mehfuz,Shabana Urooj,Najah Alsubaie

DOI: https://doi.org/10.1007/s10586-024-04288-8

2024-02-19

Cluster Computing

Abstract:Ensuring the confidentiality, integrity, and availability of sensitive data in cloud environments relies heavily on the robust management of cryptographic keys. With the expansion of cloud usage and the increase in data volumes, ensuring the security and reliability of key management services is becoming an essential aspect of overall cloud security. These policies encompass various aspects, such as the lifecycle management of keys, controlling access, encryption protocols, and safeguarding keys, all of which collectively contribute to enhanced security and compliance with regulatory requirements. Two case studies demonstrate the application of existing frameworks in a financial institution and a healthcare organization. The paper concludes by highlighting potential applications and use cases across different industries. This study introduces a secure application management framework within the realm of cloud security called the secure policies of cloud security framework (SPCSF). SPCSF is built around the idea of implementing precise control over application permissions and encrypting REST API communications to enhance protection against malicious attacks. The framework is made up of two main parts: (i) a permission detection engine that determines whether an application's permissions are legitimate. By looking at permission manifests, byte codes, and cross-referencing permissions against a well-defined list of sensitive APIs, it accomplishes this. (ii) Registration Authorization Engine: this engine makes it easier for applications to register securely with the controller. It makes use of a suggested technique for safe authentication, allowing or denying applications access to requested REST APIs based on the level of danger they pose. With this strategy, approved and secure access to vital resources is guaranteed.

computer science, information systems, theory & methods

Saddek Benabied,Abdelhafid Zitouni,Mahieddine Djoudi

DOI: https://doi.org/10.1109/CloudTech.2015.7336962

2020-01-22

Abstract:Cloud computing as a potential paradigm offers tremendous advantages to enterprises. With the cloud computing, the market's entrance time is reduced, computing capabilities is augmented and computing power is really limitless. Usually, to use the full power of cloud computing, cloud users has to rely on external cloud service provider for managing their data. Nevertheless, the management of data and services are probably not fully trustworthy. Hence, data owners are uncomfortable to place their sensitive data outside their own system .i.e., in the cloud. Bringing transparency, trustworthiness and security in the cloud model, in order to fulfill client's requirements are still ongoing. To achieve this goal, our paper introduces two levels security framework: Cloud Service Provider (CSP) and Cloud Service User (CSU). Each level is responsible for a particular task of the security. The CSU level includes a proxy agent and a trust agent, dealing with the first verification. Then a second verification is performed at the CSP level. The framework incorporates a trust model to monitor users' behaviors. The use of mobile agents will exploit their intrinsic features such as mobility, deliberate localization and secure communication channel provision. This model aims to protect user's sensitive information from other internal or external users and hackers. Moreover, it can detect policy breaches, where the users are notified in order to take necessary actions when malicious access or malicious activity would occur.

Cryptography and Security,Networking and Internet Architecture

Victor Chang,Yen-Hung Kuo,Muthu Ramachandran

DOI: https://doi.org/10.1016/j.future.2015.09.031

IF: 7.307

2016-04-01

Future Generation Computer Systems

Abstract:This article presents a cloud computing adoption framework (CCAF) security suitable for business clouds. CCAF multilayered security is based on the development and integration of three major security technologies: firewall, identity management, and encryption based on the development of enterprise file sync and share technologies. This article presents the vision, related works, and views on security framework. Core technologies have been explained in detail, and experiments were designed to demonstrate the robustness of the CCAF multilayered security. In penetration testing, CCAF multilayered security could detect and block 99.95% viruses and trojans, and could achieve ≥85% of blocking for 100 h of continuous attack. Detection and blocking took <0.012s/trojan or virus. A full CCAF multilayered security protection could block all SQL (structured query language) injection, providing real protection to data. CCAF multilayered security did not report any false alarm. All F-measures for CCAF test results were ≥99.75%. The mechanism of blending of CCAF multilayered security with policy, real services, and business activities has been illustrated. Research contributions have been justified and CCAF multilayered security can be beneficial for volume, velocity, and veracity of big data services operated in the cloud.

Victor Chang,Muthu Ramachandran

DOI: https://doi.org/10.1109/tsc.2015.2491281

IF: 11.019

2016-01-01

IEEE Transactions on Services Computing

Abstract:Offering real-time data security for petabytes of data is important for cloud computing. A recent survey on cloud security states that the security of users' data has the highest priority as well as concern. We believe this can only be able to achieve with an approach that is systematic, adoptable and well-structured. Therefore, this paper has developed a framework known as Cloud Computing Adoption Framework (CCAF) which has been customized for securing cloud data. This paper explains the overview, rationale and components in the CCAF to protect data security. CCAF is illustrated by the system design based on the requirements and the implementation demonstrated by the CCAF multi-layered security. Since our Data Center has 10 petabytes of data, there is a huge task to provide real-time protection and quarantine. We use Business Process Modeling Notation (BPMN) to simulate how data is in use. The use of BPMN simulation allows us to evaluate the chosen security performances before actual implementation. Results show that the time to take control of security breach can take between 50 and 125 hours. This means that additional security is required to ensure all data is well-protected in the crucial 125 hours. This paper has also demonstrated that CCAF multi-layered security can protect data in real-time and it has three layers of security: 1) firewall and access control; 2) identity management and intrusion prevention and 3) convergent encryption. To validate CCAF, this paper has undertaken two sets of ethical-hacking experiments involved with penetration testing with 10,000 trojans and viruses. The CCAF multi-layered security can block 9,919 viruses and trojans which can be destroyed in seconds and the remaining ones can be quarantined or isolated. The experiments show although the percentage of blocking can decrease for continuous injection of viruses and trojans, 97.43 percent of them can be quarantined. Our CCAF multi-layered security has an average of 20 percent better performance than the single-layered approach which could only block 7,438 viruses and trojans. CCAF can be more effective when combined with BPMN simulation to evaluate security process and penetrating testing results.

computer science, information systems, software engineering

Guoyou Chen,Jiajia Miao,Feng Xie,Handong Mao

DOI: https://doi.org/10.4028/www.scientific.net/amm.278-280.1767

2013-01-01

Applied Mechanics and Materials

Abstract:Cloud computing has been a hot researching area of computer network technology, since it was proposed in 2007. Cloud computing also has been envisioned as the next-generation architecture of IT Enterprise [1]. Cloud computing infrastructures enable companies to cut costs by outsourcing computations on-demand. It moves the application software and database to the large data centers, where the management of the data and services may not be fully trustworthy [2]. This poses many new security challenges. In this paper, we just focus on data storage security in the cloud, which has been the most important aspect of quality of service. To ensure the confidentiality and integrity of user's data in the cloud, and support of data dynamic operations, such as modification, insertion and deletion, we propose a framework for storage security, which includes cryptographic storage scheme and data structure. With our framework, the untrusted server cannot learn anything about the plaintext, and the dynamic operation can be finished in short time. The encryption algorithm and data storage structure is simple, and it's easy to maintain. Hence, our framework is practical to use today.

Sandeep K. Sood

DOI: https://doi.org/10.1016/j.jnca.2012.07.007

IF: 7.574

2012-11-01

Journal of Network and Computer Applications

Abstract:Cloud computing is a forthcoming revolution in information technology (IT) industry because of its performance, accessibility, low cost and many other luxuries. It is an approach to maximize the capacity or step up capabilities vigorously without investing in new infrastructure, nurturing new personnel or licensing new software. It provides gigantic storage for data and faster computing to customers over the internet. It essentially shifts the database and application software to the large data centers, i.e., cloud, where management of data and services may not be completely trustworthy. That is why companies are reluctant to deploy their business in the cloud even cloud computing offers a wide range of luxuries. Security of data in cloud is one of the major issues which acts as an obstacle in the implementation of cloud computing. In this paper, a frame work comprising of different techniques and specialized procedures is proposed that can efficiently protect the data from the beginning to the end, i.e., from the owner to the cloud and then to the user. We commence with the classification of data on the basis of three cryptographic parameters presented by the user, i.e., Confidentiality (C), Availability (A) and Integrity (I).The strategy followed to protect the data utilizes various measures such as the SSL (Secure Socket Layer) 128-bit encryption and can also be raised to 256-bit encryption if needed, MAC (Message Authentication Code) is used for integrity check of data, searchable encryption and division of data into three sections in cloud for storage. The division of data into three sections renders supplementary protection and simple access to the data. The user who wishes to access the data is required to provide the owner login identity and password, before admittance is given to the encrypted data in Section 1, Section 2, and Section 3.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Shantanu Pal,Sunirmal Khatua,Nabendu Chaki,Sugata Sanyal

DOI: https://doi.org/10.48550/arXiv.1108.4100

2011-08-20

Cryptography and Security

Abstract:In order to determine the user's trust is a growing concern for ensuring privacy and security in a cloud computing environment. In cloud, user's data is stored in one or more remote server(s) which poses more security challenges for the system. One of the most important concerns is to protect user's sensitive information from other users and hackers that may cause data leakage in cloud storage. Having this security challenge in mind, this paper focuses on the development of a more secure cloud environment, to determine the trust of the service requesting authorities by using a novel VM (Virtual Machine) monitoring system. Moreover, this research aims towards proposing a new trusted and collaborative agent-based two-tier framework, titled WAY (Who Are You?), to protect cloud resources. The framework can be used to provide security in network, infrastructure, as well as data storage in a heterogeneous cloud platform. If the trust updating policy is based on network activities, then the framework can provide network security. Similarly, it provides storage security by monitoring unauthorized access activities by the Cloud Service Users (CSU). Infrastructure security can be provided by monitoring the use of privileged instructions within the isolated VMs. The uniqueness of the proposed security solution lies in the fact that it ensures security and privacy both at the service provider level as well as at the user level in a cloud environment.

D. Praveena,P. Rangarajan

DOI: https://doi.org/10.1007/s11042-018-6339-0

IF: 2.577

2018-07-04

Multimedia Tools and Applications

Abstract:Cloud computing facilitates the enormous support of the public, business and emerging applications such as healthcare and nature disasters. Based on their services and characteristics, it can be classified as private cloud and public cloud. In this scenario, we need these two kinds of cloud services for an organization to provide the better service to the society. For that purpose, introduced a new cloud service called hybrid cloud service which is the combination of both private and public cloud. Security to the cloud environment is a challenging issue today especially for the hybrid cloud due to the combination of both. Many security mechanisms available in the literature but these are not achieved the sufficient level of security. For this purpose, we propose a new machine learning application for providing security to the hybrid cloud networks while storing the data and retrieving or accessing the data from the cloud. This proposed algorithm combines an existing Enhanced C4.5, newly proposed deduplication processing algorithm and the newly proposed dynamic access control mechanism. Moreover, we introduce a new deduplication processing algorithm for secure storage and retrieval without duplication or redundancy. In addition, a newly proposed dynamic access control mechanism called Dynamic Spatial Role Based Access Control Algorithm is also used in the proposed security framework. The proposed security framework has been implemented and also evaluated that the security level of the hybrid cloud while storing, retrieving and accessing the data from the cloud database.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Wenjuan Li,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/iceie.2010.5559829

2010-01-01

Abstract:Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.

Balasubramanian Prabhu Kavin,Sannasi Ganapathy,U. Kanimozhi,Arputharaj Kannan

DOI: https://doi.org/10.1007/s11277-020-07613-7

IF: 2.017

2020-06-20

Wireless Personal Communications

Abstract:In this paper, we propose an enhanced security framework for securing the cloud users data in the cloud environment. This new security framework consists of access control methodology, encryption/decryption technique and digital signature algorithms. Here, a new Elliptic Curve Cryptography based key generation algorithm is proposed for generating highly secured keys. Moreover, a new Identity based Elliptic curve Access Control mechanism (Id-EAC) is also proposed in this paper for restricting the cloud user’s data accessibility over the different kind of data. In addition, a new binary value based two phase encryption and decryption algorithm that referred the elliptic curve cryptographic based key values is introduced to secure the cloud user’s data in the cloud environment. Finally, a new modulo function based Lightweight Digital Signature Algorithm is also proposed to ensure the data integrity in this proposed security framework. This security framework is provided the high data security, accessibility and integrity for the user data. The experimental results show that the efficiency of the proposed algorithms in this security framework is proved as better than other existing algorithms in terms of security and performance.

telecommunications

Rajeev Bedi,Mohit Marwaha,Tajinder Singh,Harwinder Singh,Amritpal Singh

DOI: https://doi.org/10.48550/arXiv.1205.2738

2012-01-14

Cryptography and Security

Abstract:Privacy Security of data in Cloud Storage is one of the main issues. Many Frameworks and Technologies are used to preserve data security in cloud storage. [1] Proposes a framework which includes the design of data organization structure, the generation and management of keys, the treatment of change of user's access right and dynamic operations of data, and the interaction between participants. It also design an interactive protocol and an extirpation-based key derivation algorithm, which are combined with lazy revocation, it uses multi-tree structure and symmetric encryption to form a privacy-preserving, efficient framework for cloud storage. [2] Proposes a framework which design a privacy-preserving cloud storage framework in which he designed an interaction protocol among participants, use key derivation algorithm to generate and manage keys, use both symmetric and asymmetric encryption to hide the sensitive data of users, and apply Bloom filter for cipher text retrieval. A system based on this framework is realized. This paper analyzes both the frameworks in terms of the feasibility of the frameworks, running overhead of the system and the privacy security of the frameworks.

Khalid Al-hammuri,Fayez Gebali,Awos Kanan

2023-11-29

Abstract:Managing access between large numbers of distributed medical devices has become a crucial aspect of modern healthcare systems, enabling the establishment of smart hospitals and telehealth infrastructure. However, as telehealth technology continues to evolve and Internet of Things (IoT) devices become more widely used, they are also becoming increasingly exposed to various types of vulnerabilities and medical errors. In healthcare information systems, about 90\% of vulnerabilities emerged from misuse cases and human errors. As a result, there is a need for additional research and development of security tools to prevent such attacks. This article proposes a zero-trust-based context-aware framework for managing access to the main components of the cloud ecosystem, including users, devices and output data. The main goal and benefit of the proposed framework is to build a scoring system to prevent or alleviate misuse cases while using distributed medical devices in cloud-based healthcare information systems. The framework has two main scoring schemas to maintain the chain of trust. First, it proposes a critical trust score based on cloud-native micro-services of authentication, encryption, logging, and authorizations. Second, creating a bond trust scoring to assess the real-time semantic and syntactic analysis of attributes stored in a healthcare information system. The analysis is based on a pre-trained machine learning model to generate the semantic and syntactic scores. The framework also takes into account regulatory compliance and user consent to create a scoring system. The advantage of this method is that it is applicable to any language and adapts to all attributes as it relies on a language model, not just a set of predefined and limited attributes. The results show a high F1 score of 93.5%, which proves that it is valid for detecting misuse cases.

Cryptography and Security

Zhang Jiawei,Lu Ning,Ma Jianfeng,Wang Ruixiao,Shi Wenbo

DOI: https://doi.org/10.1007/s11036-021-01839-w

2021-01-01

Mobile Networks and Applications

Abstract:Cloud operating system (Cloud OS) is the heart of cloud management platform that takes control of various cloud resources. Therefore, it attracts numerous attacks, especially unauthorized access. Many existing works adopt role-based access control (RBAC) model for Cloud OS access control and token-based approaches as user credentials of sessions or transactions between users and cloud, but they fail to resist privilege abuse caused by RBAC policy rules tampering or token hijacking. To addresses this challenging problem, we propose a secure access control framework suitable for resource-centric Cloud OS. For one thing, we propose a new authorization model with cryptographically protected RBAC policy rules. To solve the policy decision problem caused by encrypted policy rules in this model, an approach is developed to transform it into permission searching problem and we further propose a policy decision scheme based on this. For another thing, we achieve user token unlinkability and token-replay-attack resistance by introducing randomization mechanism and leveraging one-show token technique. A proof of concept implementation has been developed and the proposed scheme is proven secure and efficient by security analysis and the performance evaluation.

Anurag Kumar,Prof. Bibha Kumari

DOI: https://doi.org/10.55041/ijsrem37051

2024-08-12

INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT

Abstract:Cloud-based deployment architectures have emerged as the preferred model for Big Data operations due to their scalability, flexibility, and cost-effectiveness. However, this shift raises new security concerns as data is no longer directly under the user's control. Securing Big Data in cloud environments is crucial for widespread adoption, but developing a comprehensive security plan is challenging without a thorough analysis of potential vulnerabilities.To address this, a novel security-by-design framework for Big Data deployment on cloud computing, termed Big Cloud, is proposed in this article. The framework leverages systematic security analysis methodologies and automated assessment tools to map domain-specific security knowledge to design best practices. Validation of the framework was conducted through an Apache Hadoop stack use case, demonstrating its effectiveness in enhancing security awareness and reducing design time.The study also evaluates the framework's strengths and limitations, identifying key challenges in the Big Cloud domain.

D. Kalaiyarasi,R. Priscilla Joy,M. Victor Jose,P. Sridhar

DOI: https://doi.org/10.1007/s11276-024-03843-w

IF: 2.701

2024-11-23

Wireless Networks

Abstract:Cloud computing (CC) is the rapid utilization of network resources, specifically processing power and data storage, without the need for extra or direct customer management. One of the crucial and difficult problems facing the scientific and business user communities is ensuring security and trust between users ( ) and Cloud Service Providers (CSP) from malicious users. As a result, it is important to trust and cloud resources before using them. In this research, a novel two-phase Access Control (AC) mechanism based on Deep learning (DL) has been proposed to confirm the reliability of the cloud and the trust of the in the cloud environment. In the first phase, the Mamdani fuzzy method with Trapezoid fuzzy logic (TFL) is applied to assess the trust value (TV) of based on Bogus Requests (BR), Unauthorized Requests (UR), Forbidden Requests (FR), Not Found Requests (NFR), and User Behavior (UB). In the second phase, the ghost net is used for attribute matching for deciding to access or deny the user request based on TV. The efficacy of the developed methodology is examined by employing several parameters, such as Time, Accuracy (Acc), recall, F-measure, and precision. The overall accuracy of the proposed model is 1.41%, 2.61%, and 5.14% better than the Multidimensional Dynamic Trust Evaluation Scheme (MDTES), Evolutionary Genetic Algorithm with Intelligent Rules (EGAIR), and Task-Role Based Access Control (T-RBAC) respectively. In comparison to existing methodologies, the proposed method showed improved efficiency in terms of Acc, and prediction time.

computer science, information systems,telecommunications,engineering, electrical & electronic

F. Niyasudeen,M. Mohan

DOI: https://doi.org/10.3233/jifs-233462

2023-12-16

Journal of Intelligent & Fuzzy Systems

Abstract:With the growing reliance on cloud computing, ensuring robust security and data protection has become a pressing concern. Traditional cryptographic methods face potential vulnerabilities in the post-quantum era, necessitating the development of advanced security frameworks. This paper presents a fuzzy-enhanced adaptive multi-layered cloud security framework that leverages artificial intelligence, quantum-resistant cryptography, and fuzzy systems to provide comprehensive protection in cloud environments. The proposed framework incorporates data encryption, access control, and intrusion detection mechanisms, with fuzzy logic systems augmenting the decision-making process for threat detection and response. The integration of artificial intelligence and quantum-resistant cryptographic techniques enhances the framework's adaptability and resilience against emerging threats. The implementation of fuzzy systems further improves the accuracy and efficiency of the security mechanisms, ensuring robust protection in the face of uncertainty and evolving attack vectors. The fuzzy-enhanced adaptive multi-layered cloud security framework offers a comprehensive, adaptable, and efficient solution for securing cloud infrastructures, safeguarding sensitive data, and mitigating the risks associated with the post-quantum era.

N. Jayapandian,Rahman,S. Radhikadevi,M. Koushikaa,A. M. J. Md. Zubair Rahman

DOI: https://doi.org/10.1109/startup.2016.7583904

2016-02-01

Abstract:Cloud is a modern business sharing data or information with great effectiveness of infrastructures it plays a major role in world wide. As in the information technology sector defines cloud security is the evolving sub domain of computer security and information security. Here the organization uses the cloud as a many service model (Saas, Pass and Iass)and deployment model (private, public, hybrid and community). In this type of model the responsibilities more for secure the information of the customer, So the organization ensures the different way to monitor and secure the data and information from hacking. They offer suspicious activity for their customer data by enhancing the data with encryption and decryption. Encryption makes the access method of proving the original data to be duplicated form and then the client can also be constructed with the proper decryption of the data to prevent the information from eavesdroppers from accessing Symmetric keys encryption or secret key encryption. The Key should be distributed before transmission between entities, then key play vital role for security. DES is In Asymmetric key encryption or public key encryption on that private and public keys are used in the encryption level on cloud. The Public key is used for encrypting the file and private key is used to decrypt the file. Because user tends to use two keys public this is known to public and private who is known to the user a type of algorithm such as RSA. Here we analysis the document is encrypted and then which efficient in that way of approach.

Ihsen Nakouri,Mohamed Hamdi,Tai-Hoon Kim

DOI: https://doi.org/10.1109/iwcmc.2017.7986318

2017-01-01

Abstract:Cloud computing is a paradigm that is redrawing the information technology landscape by outsourcing the computation and data storage services to public cloud service providers. Over the last years, cloud storage services revealed an unprecedented opportunity for Internet users to profit from online storage services. Thanks to their enriched toolbox for file sharing and syncing, cloud storage platforms provide organizations and individuals with a reliable and cost-effective collaborative workspace. However, in addition to the traditional security issues, cloud storage services introduce new security concerns that are mainly related to the insecure state in which the files are while being synchronized. Recent publications highlighted the significant impact of the security flaws that exist in the syncing protocols used by the most popular cloud storage application. In this paper, we consider the Man in the Cloud (MitC) attack demonstrated in 2015 which allows accessing the files stored in a private repository without the possession of the authentication and authorization credentials. To address this issue, we propose a biometric-based framework for cloud storage services aiming to impede intruders from launching MitC attacks. Our framework is based on our previously published technique to combine chaotic maps and fuzzy extractors. The experiments performed on real biometric features confirm the potential brought by our framework to implement strong authentication in cloud storage applications.

Subarna Shakya

DOI: https://doi.org/10.36548/jaicn.2019.1.006

2019-09-28

Journal of Artificial Intelligence and Capsule Networks

Abstract:Cloud computing is advantageous in several applications. Data migration is constantly carried out to hybrid or public cloud. Certain large enterprises will not move their business-critical data and applications to the cloud. This is due to the concerns regarding data security and privacy protection. In this paper, we provide a data security analysis and solution for privacy protection framework during data migration. A Secure Socket Layer (SSL) is established and migration tickets with minimum privilege is introduced. Further, data encryption is done using Prediction Based Encryption (PBE). This system will be of use for healthcare systems and e-commerce systems that can store data regarding credit card details. We provide a strict separation between sensitive and non-sensitive data and provide encryption for the sensitive data.