Provable Data Possession (PDP) and Proofs of Retrievability (POR) of Current Big User Data

AbstractA growing trend over the last few years is storage outsourcing, where the concept of third-party data warehousing has become more popular. This trend prompts several interesting privacy and security issues. One of the biggest concerns with third-party data storage providers is accountability. This article, critically reviews two schemas/algorithms that allow users to check the integrity and availability of their outsourced data on untrusted data stores (i.e., third-party data storages). The reviewed schemas are provable data possession (PDP) and proofs of retrievability (POR). Both are cryptographic protocols designed to provide clients the assurance that their data are secure on the untrusted data storages. Furthermore, a conceptual framework is proposed to mitigate the weaknesses of the current storage solutions.

Download Full-text

An enhanced security tree to secure cloud data

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i1.1.8925 ◽

2017 ◽

Vol 7 (1.1) ◽

pp. 64 ◽

Cited By ~ 1

Author(s):

S. Renu ◽

S.H. Krishna Veni

Keyword(s):

Data Storage ◽

Binary Tree ◽

Data Encryption ◽

Third Party ◽

Data Outsourcing ◽

Cloud Data ◽

Security Issues ◽

Security Services ◽

Computing Services ◽

User Data

The Cloud computing services and security issues are growing exponentially with time. All the CSPs provide utmost security but the issues still exist. Number of technologies and methods are emerged and futile day by day. In order to overcome this situation, we have also proposed a data storage security system using a binary tree approach. Entire services of the binary tree are provided by a Trusted Third Party (TTP) .TTP is a government or reputed organization which facilitates to protect user data from unauthorized access and disclosure. The security services are designed and implemented by the TTP and are executed at the user side. Data classification, Data Encryption and Data Storage are the three vital stages of the security services. An automated file classifier classify unorganized files into four different categories such as Sensitive, Private, Protected and Public. Applied cryptographic techniques are used for data encryption. File splitting and multiple cloud storage techniques are used for data outsourcing which reduces security risks considerably. This technique offers file protection even when the CSPs compromise.

Download Full-text

A New Hybrid Automated Security Framework to Cloud Storage System

Cryptography ◽

10.3390/cryptography5040037 ◽

2021 ◽

Vol 5 (4) ◽

pp. 37

Author(s):

Noha E. El-Attar ◽

Doaa S. El-Morshedy ◽

Wael A. Awad

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Data Privacy ◽

High Performance ◽

Storage System ◽

Third Party ◽

File Size ◽

Cloud Data ◽

Security Issues ◽

User Data

The need for cloud storage grows day after day due to its reliable and scalable nature. The storage and maintenance of user data at a remote location are severe issues due to the difficulty of ensuring data privacy and confidentiality. Some security issues within current cloud systems are managed by a cloud third party (CTP), who may turn into an untrustworthy insider part. This paper presents an automated Encryption/Decryption System for Cloud Data Storage (AEDS) based on hybrid cryptography algorithms to improve data security and ensure confidentiality without interference from CTP. Three encryption approaches are implemented to achieve high performance and efficiency: Automated Sequential Cryptography (ASC), Automated Random Cryptography (ARC), and Improved Automated Random Cryptography (IARC) for data blocks. In the IARC approach, we have presented a novel encryption strategy by converting the static S-box in the AES algorithm to a dynamic S-box. Furthermore, the algorithms RSA and Twofish are used to encrypt the generated keys to enhance privacy issues. We have evaluated our approaches with other existing symmetrical key algorithms such as DES, 3DES, and RC2. Although the two proposed ARC and ASC approaches are more complicated, they take less time than DES, DES3, and RC2 in processing the data and obtaining better performance in data throughput and confidentiality. ARC outperformed all of the other algorithms in the comparison. The ARC’s encrypting process has saved time compared with other algorithms, where its encryption time has been recorded as 22.58 s for a 500 MB file size, while the DES, 3DES, and RC2 have completed the encryption process in 44.43, 135.65, and 66.91 s, respectively, for the same file size. Nevertheless, when the file sizes increased to 2.2 GB, the ASC proved its efficiency in completing the encryption process in less time.

Download Full-text

Study and Survey on Blockchain Privacy and Security Issues

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch007 ◽

2021 ◽

pp. 169-191

Author(s):

Sourav Banerjee ◽

Debashis Das ◽

Manju Biswas ◽

Utpal Biswas

Keyword(s):

Data Storage ◽

Security And Privacy ◽

Sensitive Information ◽

Privacy And Security ◽

Unauthorized Access ◽

Security Issues ◽

Blockchain Technology ◽

Targeted Attacks ◽

Wide Range ◽

Financial Transactions

Blockchain-based technology is becoming increasingly popular and is now used to solve a wide range of tasks. And it's not all about cryptocurrencies. Even though it's based on secure technology, a blockchain needs protection as well. The risks of exploits, targeted attacks, or unauthorized access can be mitigated by the instant incident response and system recovery. Blockchain technology relies on a ledger to keep track of all financial transactions. Ordinarily, this kind of master ledger would be a glaring point of vulnerability. Another tenet of security is the chain itself. Configuration flaws, as well as insecure data storage and transfers, may cause leaks of sensitive information. This is even more dangerous when there are centralized components within the platform. In this chapter, the authors will demonstrate where the disadvantages of security and privacy in blockchain are currently and discuss how blockchain technology can improve these disadvantages and outlines the requirements for future solution.

Download Full-text

Dynamic Outsourced Proofs of Retrievability Enabling Auditing Migration for Remote Storage Security

Wireless Communications and Mobile Computing ◽

10.1155/2018/4186243 ◽

2018 ◽

Vol 2018 ◽

pp. 1-19 ◽

Cited By ~ 2

Author(s):

Lu Rao ◽

Tengfei Tu ◽

Hua Zhang ◽

Qiaoyan Wen ◽

Jia Xiao

Keyword(s):

Third Party ◽

Mobile Client ◽

Storage Security ◽

Outsourced Data ◽

Static Data ◽

Hierarchical Storage ◽

And Performance ◽

Data Auditing ◽

Dynamic Updates ◽

Proofs Of Retrievability

Remote data auditing service is important for mobile clients to guarantee the intactness of their outsourced data stored at cloud side. To relieve mobile client from the nonnegligible burden incurred by performing the frequent data auditing, more and more literatures propose that the execution of such data auditing should be migrated from mobile client to third-party auditor (TPA). However, existing public auditing schemes always assume that TPA is reliable, which is the potential risk for outsourced data security. Although Outsourced Proofs of Retrievability (OPOR) have been proposed to further protect against the malicious TPA and collusion among any two entities, the original OPOR scheme applies only to the static data, which is the limitation that should be solved for enabling data dynamics. In this paper, we design a novel authenticated data structure called bv23Tree, which enables client to batch-verify the indices and values of any number of appointed leaves all at once for efficiency. By utilizing bv23Tree and a hierarchical storage structure, we present the first solution for Dynamic OPOR (DOPOR), which extends the OPOR model to support dynamic updates of the outsourced data. Extensive security and performance analyses show the reliability and effectiveness of our proposed scheme.

Download Full-text

Securing Open Banking with Model-View-Controller Architecture and OWASP

Wireless Communications and Mobile Computing ◽

10.1155/2021/8028073 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Deina Kellezi ◽

Christian Boegelund ◽

Weizhi Meng

Keyword(s):

Data Storage ◽

Web Applications ◽

Service Providers ◽

Third Party ◽

Security Level ◽

The European Union ◽

Security Measures ◽

Security Issues ◽

Separation Of Concern ◽

The Right

In 2015, the European Union passed the PSD2 regulation, with the aim of transferring ownership of bank accounts to the private person. As a result, Open Banking has become an emerging concept, which provides third-party financial service providers open access to bank APIs, including consumer banking, transaction, and other financial data. However, such openness may also incur many security issues, especially when the data can be exposed by an API to a third party. Focused on this challenge, the primary goal of this work is to develop one innovative web solution to the market. We advocate that the solution should be able to trigger transactions based on goals and actions, allowing users to save up money while encouraging positive habits. In particular, we propose a solution with an architectural model that ensures clear separation of concern and easy integration with Nordea’s (the largest bank in the Nordics) Open Banking APIs (sandbox version), and a technological stack with the microframework Flask, the cloud application platform Heroku, and persistent data storage layer using Postgres. We analyze and map the web application’s security threats and determine whether or not the technological frame can provide suitable security level, based on the OWASP Top 10 threats and threat modelling methodology. The results indicate that many of these security measures are either handled automatically by the components offered by the technical stack or are easily preventable through included packages of the Flask Framework. Our findings can support future developers and industries working with web applications for Open Banking towards improving security by choosing the right frameworks and considering the most important vulnerabilities.

Download Full-text

AN EFFICIENT APPROACH TO IMPLEMENT FEDERATED CLOUDS

Asian Journal of Pharmaceutical and Clinical Research ◽

10.22159/ajpcr.2017.v10s1.19543 ◽

2017 ◽

Vol 10 (13) ◽

pp. 40

Author(s):

Pappu Sowmya ◽

R Kumar

Keyword(s):

Cloud Computing ◽

Data Storage ◽

Low Cost ◽

Cloud Service ◽

Cloud Services ◽

The Internet ◽

Security Model ◽

Privacy And Security ◽

Security Issues ◽

Internet Users

Cloud computing is one of the trending technologies that provide boundless virtualized resources to the internet users as an important services through the internet, while providing the privacy and security. By using these cloud services, internet users get many parallel computing resources at low cost. It predicted that till 2016, revenues from the online business management spent $4 billion for data storage. Cloud is an open source platform structure, so it is having more chances to malicious attacks. Privacy, confidentiality, and security of stored data are primary security challenges in cloud computing. In cloud computing, ‘virtualization’ is one of the techniques dividing memory into different blocks. In most of the existing systems there is only single authority in the system to provide the encrypted keys. To fill the few security issues, this paper proposed a novel authenticated trust security model for secure virtualization system to encrypt the files. The proposed security model achieves the following functions: 1) allotting the VSM(VM Security Monitor) model for each virtual machine; 2) providing secret keys to encrypt and decrypt information by symmetric encryption.The contribution is a proposed architecture that provides a workable security that a cloud service provider can offer to its consumers. Detailed analysis and architecture design presented to elaborate security model.

Download Full-text

A Review of Security Challenges in Cloud Storage of Big Data

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch073 ◽

2019 ◽

pp. 1440-1459

Author(s):

Sara Usmani ◽

Faiza Rehman ◽

Sajid Umair ◽

Safdar Abbas Khan

Keyword(s):

Information Technology ◽

Cloud Computing ◽

Big Data ◽

Data Storage ◽

Cloud Storage ◽

Personal Data ◽

Security And Privacy ◽

Privacy And Security ◽

Security Issues ◽

The People

The novel advances in the field of Information Technology presented the people pleasure, luxuries and ease. One of the latest expansions in the Information Technology (IT) industry is Cloud Computing, a technology that uses the internet for storage and access of data. It is also known as on-demand computing. The end user can access personal data and applications anywhere any time with a device having internet. Cloud Computing has gained an enormous attention but it results in the issues of data security and privacy as the data is scattered on different machines in different places across the globe which is a serious threat to the technology. It has many advantages like flexibility, efficiency and scalability but many of the companies are hesitant to invest in it due to privacy concerns. In this chapter, the objective is to review the privacy and security issues in cloud storage of Big Data and to enhance the security in cloud environment so that end users can enjoy a trustworthy and reliable data storage and access.

Download Full-text

Cloud Security Issues and Challenges

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch005 ◽

2018 ◽

pp. 77-92 ◽

Cited By ~ 1

Author(s):

Srinivas Sethi ◽

Sai Sruti

Keyword(s):

Cloud Computing ◽

Data Privacy ◽

Cloud Service ◽

Cloud Security ◽

Third Party ◽

Service Users ◽

Privacy And Security ◽

Security Issues ◽

Model Cloud ◽

The Cost

Cloud computing refers to the basic setup for an emerging model of service delivery, that has the advantage of decreasing the cost by sharing computing, infrastructure including storage resources. This can be combined with on-demand delivery mechanism relying on a pay-per-use model. Cloud computing offers an added level of risk because of essential services provided by it to a third party, which makes it difficult to maintain data privacy and security. Security in cloud computing is a critical aspect, which has various issues and challenges related to it. Cloud service providers/ brokers and the cloud service users should make aware of safety cloud. That is the cloud is safe enough from all kinds of the threats, so that the users do not face any problem like; loss of data or data theft. There is a possibility that, a malicious user can enters the cloud by imitating an authentic user, thus corrupt the entire cloud. It can affect many users who are sharing these types of clouds. This chapter mentions the list of parameters that disturb the security of the cloud. This also explores the cloud security issues and challenges faced by cloud service provider/brokers and cloud service users like; data, privacy, and infected application. Finally, it discusses the countermeasure for handling these issues and its challenges.

Download Full-text

Cloud-Based Smart City Using Internet of Things

Integration and Implementation of the Internet of Things Through Cloud Computing - Advances in Web Technologies and Engineering ◽

10.4018/978-1-7998-6981-8.ch007 ◽

2021 ◽

pp. 133-154

Author(s):

Indu Malik ◽

Sandhya Tarar

Keyword(s):

Cloud Computing ◽

Data Storage ◽

Traffic Control ◽

Smart City ◽

High Speed ◽

Third Party ◽

Resource Location ◽

Building Maintenance ◽

User Data ◽

Virtual Mode

The cloud-based smart city is a way to provide resources and data on demand. Two technologies used to build cloud-based smart city, IoT, and cloud computing are explored. Using smart sensors can capture the movement of the environment, humans, and city infrastructure like building maintenance, traffic control, transportation, pollution monitoring. This is possible through IoT. Future movement could be predicted based on present and past data. Cloud computing is used for cloud storage. Using cloud, users can access resources in virtual mode at any time or anywhere. It can be accessed at different locations at the same time through high speed internet. Cloud is managed by a third party. Users don't have any knowledge regarding resource location and data, such as where user data is stored. Users use cloud service in virtual mode. Basically, cloud is a service provider platform that provides resources and data storage facility in a virtual way; users don't need to purchase resources.

Download Full-text

A Survey on Android Malwares and Defense Techniques

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.8937 ◽

2020 ◽

Vol 17 (4) ◽

pp. 1557-1565

Author(s):

Abdesselam Beroual ◽

Imad Fakhri Al-Shaikhli

Keyword(s):

Point Of View ◽

Third Party ◽

Android Security ◽

Market Place ◽

Privacy And Security ◽

Security Issues ◽

Android Os ◽

Android Applications ◽

Application Developers ◽

Google Play

Since the last few years, Android is by far the most widely utilized as an operating system for mobile devices, and this is accompanied by the development in terms of number and variety of different Android applications. Android offers a centralized market place maintained by Google named “Google Play Store,” where official and third party application developers can submit their Android applications to make them available for users. The high popularity of Android OS and its market place is becoming a worthy target by hackers and attackers to violate users’ privacy and security. Malwares were also growing in parallel with Android applications growth. It is necessary as a first step to have a solid understanding of malwares’ characteristics to help preventing potential harmful consequences. Whithin this paper, we initially present the general overview for Android OS architecture with application structure, then we highlight the popular Android security issues and focus on the existing solutions to detect and prevent Android malwares, finally, we present our point of view and suggestion for future works on the best solution to overcome the Android malwares.

Download Full-text