Design and Analysis of a Scalable Third-Party Storage Security Protocol

2008 ◽  
Author(s):  
Huang Jianzhong ◽  
Xie Changsheng ◽  
Zhong Haifeng
Keyword(s):  
Security Protocol ◽  
Third Party ◽  
Storage Security

Security Aspects in Cloud Computing

2018 ◽  
pp. 54-76
Author(s):  
Tabassum N. Mujawar ◽  
Ashok V. Sutagundar ◽  
Lata L. Ragha
Keyword(s):  
Cloud Computing ◽  
Service Providers ◽  
Cloud Service ◽  
Third Party ◽  
Storage Security ◽  
Security Issues ◽  
Access Control Mechanism ◽  
And Storage ◽  
Privacy Issues ◽  
Different Levels

Cloud computing is recently emerging technology, which provides a way to access computing resources over Internet on demand and pay per use basis. Cloud computing is a paradigm that enable access to shared pool of resources efficiently, which are managed by third party cloud service providers. Despite of various advantages of cloud computing security is the biggest threat. This chapter describes various security concerns in cloud computing. The clouds are subject to traditional data confidentiality, integrity, availability and various privacy issues. This chapter comprises various security issues at different levels in environment that includes infrastructure level security, data level and storage security. It also deals with the concept of Identity and Access Control mechanism.

scholarly journals Dynamic Outsourced Proofs of Retrievability Enabling Auditing Migration for Remote Storage Security

2018 ◽  
Vol 2018 ◽  
pp. 1-19 ◽  
Author(s):  
Lu Rao ◽  
Tengfei Tu ◽  
Hua Zhang ◽  
Qiaoyan Wen ◽  
Jia Xiao
Keyword(s):  
Third Party ◽  
Mobile Client ◽  
Storage Security ◽  
Outsourced Data ◽  
Static Data ◽  
Hierarchical Storage ◽  
And Performance ◽  
Data Auditing ◽  
Dynamic Updates ◽  
Proofs Of Retrievability

Remote data auditing service is important for mobile clients to guarantee the intactness of their outsourced data stored at cloud side. To relieve mobile client from the nonnegligible burden incurred by performing the frequent data auditing, more and more literatures propose that the execution of such data auditing should be migrated from mobile client to third-party auditor (TPA). However, existing public auditing schemes always assume that TPA is reliable, which is the potential risk for outsourced data security. Although Outsourced Proofs of Retrievability (OPOR) have been proposed to further protect against the malicious TPA and collusion among any two entities, the original OPOR scheme applies only to the static data, which is the limitation that should be solved for enabling data dynamics. In this paper, we design a novel authenticated data structure called bv23Tree, which enables client to batch-verify the indices and values of any number of appointed leaves all at once for efficiency. By utilizing bv23Tree and a hierarchical storage structure, we present the first solution for Dynamic OPOR (DOPOR), which extends the OPOR model to support dynamic updates of the outsourced data. Extensive security and performance analyses show the reliability and effectiveness of our proposed scheme.

scholarly journals Lightweight Accountable Privacy-Preserving Protocol Allowing the Cloud Client to Audit the Third-Party Auditor for Malicious Activities

2019 ◽  
Vol 9 (15) ◽  
pp. 3034
Author(s):  
Mohamed Ben Haj Frej ◽  
Julius Dichter ◽  
Navarun Gupta
Keyword(s):  
Cloud Computing ◽  
Time Complexity ◽  
Service Providers ◽  
Computation Time ◽  
Privacy Preserving ◽  
Research Field ◽  
Security Protocol ◽  
Third Party ◽  
New Paradigm ◽  
The Impact

Cloud computing is reserving its position in the market as the next disruptive utility paradigm. It is found on the pay-as-you-use model. Cloud computing is changing the way information technology (IT) operates for individuals as well as for companies. Cloud computing comes with different offerings to accommodate diverse applications. It comes with many successful adoption stories and a few unfortunate ones that are related to security breaches. Security concerns are what is making many companies reluctant to fully embrace the cloud realm. To enhance trust and entice adoption between cloud clients (CC) and cloud service providers (CSP), a new paradigm of depending on involving a third-party auditor (TPA) has been introduced. Hence, implementing a solution with a TPA comes with its toll in terms of trust and processing overhead. A lightweight security protocol to give the CC extra control with tools to audit the TPA and the CSP is paramount to the solution. In this paper, we are introducing a novel protocol: the lightweight accountable privacy-preserving (LAPP) protocol. Our proposed protocol is lightweight in terms of processing and communication costs. It is based on a newly introduced mathematical model along with two algorithms. We have conducted simulation experiments to measure the impact of our method. We have compared LAPP to the most eminent privacy-preserving methods in the cloud research field, using the open source cloud computing simulator GreenCloud. Our simulation results showed superiority in performance for LAPP in regard to time complexity, accuracy, and computation time on auditing. The aim of the time complexity and computation time on auditing simulations is to measure the lightweight aspect of our proposed protocol as well as to improve the quality of service.

scholarly journals Data Security Protocol with Blind Factor in Cloud Environment

Information ◽  
2021 ◽  
Vol 12 (9) ◽  
pp. 340
Author(s):  
Ping Zhang ◽  
Huanhuan Chi ◽  
Jiechang Wang ◽  
Youlin Shang
Keyword(s):  
Data Security ◽  
Security Protocol ◽  
Third Party ◽  
Cloud Environment ◽  
Security Threat ◽  
Trusted Third Party ◽  
Traditional System ◽  
User Data ◽  
Chosen Ciphertext Attack ◽  
Positive Results

Compared with the traditional system, cloud storage users have no direct control over their data, so users are most concerned about security for their data stored in the cloud. One security requirement is to resolve any threats from semi-trusted key third party managers. The proposed data security for cloud environment with semi-trusted third party (DaSCE) protocol has solved the security threat of key managers to some extent but has not achieved positive results. Based on this, this paper proposes a semi-trusted third-party data security protocol (ADSS), which can effectively remove this security threat by adding time stamp and blind factor to prevent key managers and intermediaries from intercepting and decrypting user data. Moreover, the ADSS protocol is proved to provide indistinguishable security under a chosen ciphertext attack. Finally, the performance evaluation and simulation of the protocol show that the ADSS security is greater than DaSCE, and the amount of time needed is lower than DaSCE.

scholarly journals A Secure Fair Exchange for SMS-Based Mobile Payment Protocols Based on Symmetric Encryption Algorithms with Formal Verification

2018 ◽  
Vol 2018 ◽  
pp. 1-21 ◽  
Author(s):  
Chalee Thammarat ◽  
Werasak Kurutach
Keyword(s):  
Information Security ◽  
Information Disclosure ◽  
Security Protocol ◽  
Third Party ◽  
Mobile Payment ◽  
Short Message ◽  
Fair Exchange ◽  
Session Key ◽  
Message Service ◽  
Crucial Part

Information security and fair exchange are essential to creating trust among all the parties participating in any sale transaction. However, implementing them in any mobile commerce is challenging due to the limitation of resources on mobile devices. Numerous m-commerce protocols that have been proposed so far still lack those two important aspects. In this paper, we propose mobile payment (m-payment) protocols, a crucial part of m-commerce, that incorporate both information security and fair exchange while retaining their own lightweight property. To allow convenience of use, the proposed protocols can be implemented on the existing Short Message Service (SMS) infrastructure. Our approach is based on the secure session key generation technique to enhance information security under lightweight conditions and involves a trusted third party to guarantee fair exchange without information disclosure. We have formally proven that our protocols are more effective and efficient than others in terms of fairness, security, and lightweight properties. In addition, the soundness and completeness of the protocols have been analyzed and proven using BAN logic and an automated security protocol proof tool named Scyther.

Security Aspects in Cloud Computing

2017 ◽  
pp. 320-342 ◽  
Author(s):  
Tabassum N. Mujawar ◽  
Ashok V. Sutagundar ◽  
Lata L. Ragha
Keyword(s):  
Cloud Computing ◽  
Service Providers ◽  
Cloud Service ◽  
Third Party ◽  
Storage Security ◽  
Security Issues ◽  
Access Control Mechanism ◽  
And Storage ◽  
Privacy Issues ◽  
Different Levels

Cloud computing is recently emerging technology, which provides a way to access computing resources over Internet on demand and pay per use basis. Cloud computing is a paradigm that enable access to shared pool of resources efficiently, which are managed by third party cloud service providers. Despite of various advantages of cloud computing security is the biggest threat. This chapter describes various security concerns in cloud computing. The clouds are subject to traditional data confidentiality, integrity, availability and various privacy issues. This chapter comprises various security issues at different levels in environment that includes infrastructure level security, data level and storage security. It also deals with the concept of Identity and Access Control mechanism.

Archiving

2016 ◽  
Keyword(s):  
Third Party ◽  
Electronic Data ◽  
Storage Security ◽  
Reference Guide ◽  
Long Term Storage ◽  
Environmental Controls ◽  
Term Storage ◽  
The Eu

This chapter discusses the importance of archiving the data. As well as regulatory advice the requirements of the most useful reference guide, ISO11799, is reviewed. Practical advice on issues such as location, storage, security, and environmental controls is given. The management of the archive from preparation to transfer of data is described. Methods of indexing and cataloguing together with tracking are detailed and systems for retrieval of data are explored. The role of the archivist in audits and inspections is discussed as the content of the TMF will be assessed during audit to ensure a clear audit trail is maintained. Retention times for essential documents are reviewed in the EU the regulation stipulates that data has to be kept for 25 years. As more and more information has to be archived the use of off-site or commercial archives is becoming more common and the additional requirements for a third party service provider are described. The introduction of eArchiving and the associated problems with long term storage of electronic data are discussed along with the various methods that may be used. The FDA issued guidance for electronic data and compliance with this guidance, CFR21 part 11, is vital. CFR 21 part 11 is widely followed within Europe and the standard is frequently referred to by the regulatory inspectors.

Sign in / Sign up

Export Citation Format

Share Document