A Certification Framework for Cloud Security Properties: The Monitoring Path

Background: Currently, Cloud Service Provider (CSP) or third party usually proposes principles and methods for cloud security risk evaluation, while cloud users have no choice but accept them. However, since cloud users and cloud service providers have conflicts of interests, cloud users may not trust the results of security evaluation performed by the CSP. Also, different cloud users may have different security risk preferences, which makes it difficult for third party to consider all users' needs during evaluation. In addition, current security evaluation indexes for cloud are too impractical to test (e.g., indexes like interoperability, transparency, portability are not easy to be evaluated). Methods: To solve the above problems, this paper proposes a practical cloud security risk evaluation method of decision-making based on conflicting roles by using the Analytic Hierarchy Process (AHP) with Aggregation of Individual priorities (AIP). Results: Not only can our method bring forward a new index system based on risk source for cloud security and corresponding practical testing methods, but also can obtain the evaluation result with the risk preferences of conflicting roles, namely CSP and cloud users, which can lay a foundation for improving mutual trusts between the CSP and cloud users. The experiments show that the method can effectively assess the security risk of cloud platforms and in the case where the number of clouds increased by 100% and 200%, the evaluation time using our methodology increased by only by 12% and 30%. Conclusion: Our method can achieve consistent decision based on conflicting roles, high scalability and practicability for cloud security risk evaluation.

Download Full-text

An Enhanced Cloud Security using Quantum Teleportation

International Journal of Distributed and Cloud Computing ◽

10.21863/ijdcc/2015.3.1.001 ◽

2015 ◽

Vol 3 (1) ◽

Author(s):

D. Sowmya ◽

S. Sivasankaran

Keyword(s):

Quantum Key Distribution ◽

Quantum Teleportation ◽

Quantum Physics ◽

Communication Channel ◽

Data Transfer ◽

Cloud Security ◽

The Other ◽

Cloud Environment ◽

Quantum Bits ◽

Quantum Parallelism

In the cloud environment, it is difficult to provide security to the monolithic collection of data as it is easily accessed by breaking the algorithms which are based on mathematical computations and on the other hand, it takes much time for uploading and downloading the data. This paper proposes the concept of implementing quantum teleportation i.e., telecommunication + transportation in the cloud environment for the enhancement of cloud security and also to improve speed of data transfer through the quantum repeaters. This technological idea is extracted from the law of quantum physics where the particles say photons can be entangled and encoded to be teleported over large distances. As the transfer of photons called qubits allowed to travel through the optical fiber, it must be polarized and encoded with QKD (Quantum Key Distribution) for the security purpose. Then, for the enhancement of the data transfer speed, qubits are used in which the state of quantum bits can be encoded as 0 and 1 concurrently using the Shors algorithm. Then, the Quantum parallelism will help qubits to travel as fast as possible to reach the destination at a single communication channel which cannot be eavesdropped at any point because, it prevents from creating copies of transmitted quantum key due to the implementation of no-cloning theorem so that the communication parties can only receive the intended data other than the intruders.

Download Full-text

Data Integrity

10.1093/oso/9780198788003.003.0006 ◽

2017 ◽

Author(s):

Keith M. Martin

Keyword(s):

Hash Function ◽

Hash Functions ◽

Data Integrity ◽

Message Authentication ◽

Authenticated Encryption ◽

Authentication Codes ◽

Basic Model ◽

Function Design ◽

Security Properties ◽

Different Levels

This chapter discusses cryptographic mechanisms for providing data integrity. We begin by identifying different levels of data integrity that can be provided. We then look in detail at hash functions, explaining the different security properties that they have, as well as presenting several different applications of a hash function. We then look at hash function design and illustrate this by discussing the hash function SHA-3. Next, we discuss message authentication codes (MACs), presenting a basic model and discussing basic properties. We compare two different MAC constructions, CBC-MAC and HMAC. Finally, we consider different ways of using MACs together with encryption. We focus on authenticated encryption modes, and illustrate these by describing Galois Counter mode.

Download Full-text

Hardware Information Flow Tracking

ACM Computing Surveys ◽

10.1145/3447867 ◽

2021 ◽

Vol 54 (4) ◽

pp. 1-39

Author(s):

Wei Hu ◽

Armaiti Ardeshiricham ◽

Ryan Kastner

Keyword(s):

Access Control ◽

Computer Security ◽

Information Flow ◽

Hardware Security ◽

Computing System ◽

Security Vulnerabilities ◽

Information Flow Tracking ◽

Side Channels ◽

Security Properties ◽

Tools And Techniques

Information flow tracking (IFT) is a fundamental computer security technique used to understand how information moves through a computing system. Hardware IFT techniques specifically target security vulnerabilities related to the design, verification, testing, manufacturing, and deployment of hardware circuits. Hardware IFT can detect unintentional design flaws, malicious circuit modifications, timing side channels, access control violations, and other insecure hardware behaviors. This article surveys the area of hardware IFT. We start with a discussion on the basics of IFT, whose foundations were introduced by Denning in the 1970s. Building upon this, we develop a taxonomy for hardware IFT. We use this to classify and differentiate hardware IFT tools and techniques. Finally, we discuss the challenges yet to be resolved. The survey shows that hardware IFT provides a powerful technique for identifying hardware security vulnerabilities, as well as verifying and enforcing hardware security properties.

Download Full-text

Publicly auditable conditional blind signatures

Journal of Computer Security ◽

10.3233/jcs-181270 ◽

2021 ◽

Vol 29 (2) ◽

pp. 229-271

Author(s):

Panagiotis Grontas ◽

Aris Pagourtzis ◽

Alexandros Zacharakis ◽

Bingsheng Zhang

Keyword(s):

Proof Of Concept ◽

Equivalence Test ◽

Zero Knowledge ◽

Private Key ◽

Blind Signatures ◽

Cryptographic Primitive ◽

Security Properties ◽

Designated Verifier

This work formalizes Publicly Auditable Conditional Blind Signatures (PACBS), a new cryptographic primitive that allows the verifiable issuance of blind signatures, the validity of which is contingent upon a predicate and decided by a designated verifier. In particular, when a user requests the signing of a message, blinded to protect her privacy, the signer embeds data in the signature that makes it valid if and only if a condition holds. A verifier, identified by a private key, can check the signature and learn the value of the predicate. Auditability mechanisms in the form of non-interactive zero-knowledge proofs are provided, so that a cheating signer cannot issue arbitrary signatures and a cheating verifier cannot ignore the embedded condition. The security properties of this new primitive are defined using cryptographic games. A proof-of-concept construction, based on the Okamoto–Schnorr blind signatures infused with a plaintext equivalence test is presented and its security is analyzed.

Download Full-text