A Privacy-Preserving Personalized Service Framework through Bayesian Game in Social IoT

It is enormously challenging to achieve a satisfactory balance between quality of service (QoS) and users’ privacy protection along with measuring privacy disclosure in social Internet of Things (IoT). We propose a privacy-preserving personalized service framework (Persian) based on static Bayesian game to provide privacy protection according to users’ individual security requirements in social IoT. Our approach quantifies users’ individual privacy preferences and uses fuzzy uncertainty reasoning to classify users. These classification results facilitate trustworthy cloud service providers (CSPs) in providing users with corresponding levels of services. Furthermore, the CSP makes a strategic choice with the goal of maximizing reputation through playing a decision-making game with potential adversaries. Our approach uses Shannon information entropy to measure the degree of privacy disclosure according to the probability of game mixed strategy equilibrium. Experimental results show that Persian guarantees QoS and effectively protects user privacy despite the existence of adversaries.

Download Full-text

Privacy preservation Models for Third-Party Auditor over Cloud Computing: a Survey

10.20944/preprints202109.0413.v1 ◽

2021 ◽

Author(s):

Abdul Razaque ◽

Mohamed Frej ◽

Bandar Alotaibi ◽

Munif Alotaibi

Keyword(s):

Cloud Computing ◽

Privacy Preservation ◽

Service Providers ◽

Personal Information ◽

Cloud Service ◽

Privacy Preserving ◽

Third Party ◽

Security Requirements ◽

Security Threats ◽

State Of Art

Cloud computing has become a prominent technology due to its important utility service; this service concentrates on outsourcing data to organizations and individual consumers. Cloud computing has considerably changed the manner in which individuals or organizations store, retrieve, and organize their personal information. Despite the manifest development in cloud computing, there are still some concerns regarding the level of security and issues related to adopting cloud computing that prevent users from fully trusting this useful technology. Hence, for the sake of reinforcing the trust between Cloud Clients (CC) and Cloud Service Providers (CSP), as well as safeguarding the CC’s data in the cloud, several security paradigms of cloud computing based on a Third-Party Auditor (TPA) have been introduced. The TPA, as a trusted party, is responsible for checking the integrity of the CC’s data and all the critical information associated with it. However, the TPA could become an adversary and could aim to deteriorate the privacy of the CC’s data by playing a malicious role. In this paper, we present the state-of-art of cloud computing’s privacy-preserving models (PPM) based on a TPA. Three TPA factors of paramount significance have been discussed: TPA involvement, security requirements, and security threats caused by vulnerabilities. Moreover, TPA’s privacy preserving models have been comprehensively analyzed and categorized into different classes with an emphasis on their dynamicity. Finally, we discuss the limitations of the models and present our recommendations for their improvement.

Download Full-text

Privacy Preservation Models for Third-Party Auditor over Cloud Computing: A Survey

Electronics ◽

10.3390/electronics10212721 ◽

2021 ◽

Vol 10 (21) ◽

pp. 2721

Author(s):

Abdul Razaque ◽

Mohamed Ben Haj Frej ◽

Bandar Alotaibi ◽

Munif Alotaibi

Keyword(s):

Cloud Computing ◽

Privacy Preservation ◽

Service Providers ◽

State Of The Art ◽

Personal Information ◽

Cloud Service ◽

Privacy Preserving ◽

Third Party ◽

Security Requirements ◽

Security Threats

Cloud computing has become a prominent technology due to its important utility service; this service concentrates on outsourcing data to organizations and individual consumers. Cloud computing has considerably changed the manner in which individuals or organizations store, retrieve, and organize their personal information. Despite the manifest development in cloud computing, there are still some concerns regarding the level of security and issues related to adopting cloud computing that prevent users from fully trusting this useful technology. Hence, for the sake of reinforcing the trust between cloud clients (CC) and cloud service providers (CSP), as well as safeguarding the CC’s data in the cloud, several security paradigms of cloud computing based on a third-party auditor (TPA) have been introduced. The TPA, as a trusted party, is responsible for checking the integrity of the CC’s data and all the critical information associated with it. However, the TPA could become an adversary and could aim to deteriorate the privacy of the CC’s data by playing a malicious role. In this paper, we present the state of the art of cloud computing’s privacy-preserving models (PPM) based on a TPA. Three TPA factors of paramount significance are discussed: TPA involvement, security requirements, and security threats caused by vulnerabilities. Moreover, TPA’s privacy preserving models are comprehensively analyzed and categorized into different classes with an emphasis on their dynamicity. Finally, we discuss the limitations of the models and present our recommendations for their improvement.

Download Full-text

Improvement of Privacy and Security in Hybrid Cloud with Attribute Group Based Access Control

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit19518 ◽

2019 ◽

pp. 57-61

Author(s):

Kayalvili S ◽

Sowmitha V

Keyword(s):

Cloud Computing ◽

Access Control ◽

Data Storage ◽

Service Providers ◽

Cloud Service ◽

Security Requirements ◽

Security And Privacy ◽

Data Outsourcing ◽

Privacy And Security ◽

Control Approach

Cloud computing enables users to accumulate their sensitive data into cloud service providers to achieve scalable services on-demand. Outstanding security requirements arising from this means of data storage and management include data security and privacy. Attribute-based Encryption (ABE) is an efficient encryption system with fine-grained access control for encrypting out-sourced data in cloud computing. Since data outsourcing systems require flexible access control approach Problems arises when sharing confidential corporate data in cloud computing. User-Identity needs to be managed globally and access policies can be defined by several authorities. Data is dual encrypted for more security and to maintain De-Centralization in Multi-Authority environment.

Download Full-text

Privacy-Protection Scheme of a Credit-Investigation System Based on Blockchain

Entropy ◽

10.3390/e23121657 ◽

2021 ◽

Vol 23 (12) ◽

pp. 1657

Author(s):

Ke Yuan ◽

Yingjie Yan ◽

Tong Xiao ◽

Wenchao Zhang ◽

Sufang Zhou ◽

...

Keyword(s):

Privacy Protection ◽

Service Providers ◽

Security Analysis ◽

Cloud Service ◽

Identity Authentication ◽

Protection Scheme ◽

Blockchain Technology ◽

Searchable Symmetric Encryption ◽

Verification Time ◽

Identity Privacy

In response to the rapid growth of credit-investigation data, data redundancy among credit-investigation agencies, privacy leakages of credit-investigation data subjects, and data security risks have been reported. This study proposes a privacy-protection scheme for a credit-investigation system based on blockchain technology, which realizes the secure sharing of credit-investigation data among multiple entities such as credit-investigation users, credit-investigation agencies, and cloud service providers. This scheme is based on blockchain technology to solve the problem of islanding of credit-investigation data and is based on zero-knowledge-proof technology, which works by submitting a proof to the smart contract to achieve anonymous identity authentication, ensuring that the identity privacy of credit-investigation users is not disclosed; this scheme is also based on searchable-symmetric-encryption technology to realize the retrieval of the ciphertext of the credit-investigation data. A security analysis showed that this scheme guarantees the confidentiality, the availability, the tamper-proofability, and the ciphertext searchability of credit-investigation data, as well as the fairness and anonymity of identity authentication in the credit-investigation data query. An efficiency analysis showed that, compared with similar identity-authentication schemes, the proof key of this scheme is smaller, and the verification time is shorter. Compared with similar ciphertext-retrieval schemes, the time for this scheme to generate indexes and trapdoors and return search results is significantly shorter.

Download Full-text

Privacy-Preserving Broker-ABE Scheme for Multiple Cloud-Assisted Cyber Physical Systems

Sensors ◽

10.3390/s19245463 ◽

2019 ◽

Vol 19 (24) ◽

pp. 5463 ◽

Cited By ~ 1

Author(s):

Po-Wen Chi ◽

Ming-Hung Wang

Keyword(s):

Data Privacy ◽

Service Providers ◽

Real Life ◽

Data Communication ◽

Physical Space ◽

Cloud Service ◽

Cyber Physical Systems ◽

Privacy Preserving ◽

Sensor Data ◽

Physical Systems

Cloud-assisted cyber–physical systems (CCPSs) integrate the physical space with cloud computing. To do so, sensors on the field collect real-life data and forward it to clouds for further data analysis and decision-making. Since multiple services may be accessed at the same time, sensor data should be forwarded to different cloud service providers (CSPs). In this scenario, attribute-based encryption (ABE) is an appropriate technique for securing data communication between sensors and clouds. Each cloud has its own attributes and a broker can determine which cloud is authorized to access data by the requirements set at the time of encryption. In this paper, we propose a privacy-preserving broker-ABE scheme for multiple CCPSs (MCCPS). The ABE separates the policy embedding job from the ABE task. To ease the computational burden of the sensors, this scheme leaves the policy embedding task to the broker, which is generally more powerful than the sensors. Moreover, the proposed scheme provides a way for CSPs to protect data privacy from outside coercion.

Download Full-text

A Privacy-Preserving Outsourcing Data Storage Scheme with Fragile Digital Watermarking-Based Data Auditing

Journal of Electrical and Computer Engineering ◽

10.1155/2016/3219042 ◽

2016 ◽

Vol 2016 ◽

pp. 1-7 ◽

Cited By ~ 3

Author(s):

Xinyue Cao ◽

Zhangjie Fu ◽

Xingming Sun

Keyword(s):

Data Storage ◽

Digital Watermarking ◽

Service Providers ◽

Logistic Map ◽

Cloud Service ◽

Privacy Preserving ◽

Good Effect ◽

Operation Speed ◽

Storage Scheme ◽

Data Auditing

Cloud storage has been recognized as the popular solution to solve the problems of the rising storage costs of IT enterprises for users. However, outsourcing data to the cloud service providers (CSPs) may leak some sensitive privacy information, as the data is out of user’s control. So how to ensure the integrity and privacy of outsourced data has become a big challenge. Encryption and data auditing provide a solution toward the challenge. In this paper, we propose a privacy-preserving and auditing-supporting outsourcing data storage scheme by using encryption and digital watermarking. Logistic map-based chaotic cryptography algorithm is used to preserve the privacy of outsourcing data, which has a fast operation speed and a good effect of encryption. Local histogram shifting digital watermark algorithm is used to protect the data integrity which has high payload and makes the original image restored losslessly if the data is verified to be integrated. Experiments show that our scheme is secure and feasible.

Download Full-text

Privacy enforcement on subscribers data in cloud computing

Nigerian Journal of Technology ◽

10.4314/njt.v40i2.17 ◽

2021 ◽

Vol 40 (2) ◽

pp. 308-320

Author(s):

S.A. Akinboro ◽

U.J. Asanga ◽

M.O. Abass

Keyword(s):

Cloud Computing ◽

Service Providers ◽

Cloud Service ◽

Cloud Provider ◽

Sensitive Information ◽

Secure Socket Layer ◽

Brute Force ◽

User Privacy ◽

Platform As A Service ◽

High Level

Data stored in the cloud are susceptible to an array of threats from hackers. This is because threats, hackers and unauthorized access are not supported by the cloud service providers as implied. This study improves user privacy in the cloud system, using privacy with non-trusted provider (PNTP) on software and platform as a service model. The subscribers encrypt the data using user’s personal Advanced Encryption Standard (AES) symmetric key algorithm and send the encrypted data to the storage pool of the Cloud Service Provider (CSP) via a secure socket layer. The AES performs a second encryption on the data sent to the cloud and generates for the subscriber a key that will be used for decryption of previously stored data. The encryption and decryption keys are managed by the key server and have been hardcoded into the PNTP system. The model was simulated using the Stanford University multimedia dataset and benchmarked with a Privacy with Trusted cloud Provider (PTP) model using encryption time, decryption time and efficiency (brute force hacking) as parameters. Results showed that it took a longer time to access the user files in PNTP than in the PTP system. The brute force hacking took a longer time (almost double) to access data stored on the PNTP system. This will give subscribers a high level of control over their data and increase the adoption of cloud computing by businesses and organizations with highly sensitive information.

Download Full-text

Cloud Security - A Semantic Approach in End to End Security Compliance

Engineering International ◽

10.18034/ei.v5i2.586 ◽

2017 ◽

Vol 5 (2) ◽

pp. 97-106

Author(s):

VNS Surendra Chimakurthi

Keyword(s):

Security Policy ◽

Service Providers ◽

Cloud Service ◽

Cloud Security ◽

Cloud Services ◽

Security Requirements ◽

Security And Privacy ◽

Cloud Service Providers ◽

Compliance Requirements ◽

Cloud Users

Many firms are seeing the benefits of moving to the cloud. For the sake of their customers' data, cloud service providers are required by law to maintain the highest levels of data security and privacy. Most cloud service providers employ a patchwork of security and privacy safeguards while industry standards are being created. The upshot is that customers of cloud services are unsure whether or not the security protections supplied by these services are enough to meet their specific security and compliance requirements. In this article, we have discussed the many threats cloud users face and emphasized the compliance frameworks and security processes that should be in place to minimize the risk. To categorize cloud security measures, risks, and compliance requirements, we developed an ontology. We needed to design software to identify the high-level policy rules that must be applied in response to each danger as part of this initiative. Additionally, the program provides a list of cloud service providers that now satisfy specific security requirements. Even if they aren't familiar with the underlying technology, cloud users may utilize our system to build up their security policy and identify compatible providers.

Download Full-text

An Enterprise Mashup Integration Service Framework for Clouds

International Journal of Cloud Applications and Computing ◽

10.4018/ijcac.2012040103 ◽

2012 ◽

Vol 2 (2) ◽

pp. 31-40

Author(s):

Siddesh G. M. ◽

Srinivasa K. G.

Keyword(s):

Ad Hoc ◽

Service Providers ◽

Cloud Service ◽

End Users ◽

Cloud Platform ◽

End User ◽

Integration Framework ◽

Dynamic Composition ◽

Integration Service ◽

Service Framework

With an advent of gaining popularity in cloud computing, there is a huge demand in ad-hoc services by the end users. These ad-hoc services cannot fully be provided by a service provider; hence Cloud mashup is a solution for this requirement. Cloud mashup is technology where end users can integrate different services of cloud service providers and create their own customized ad-hoc services. This paper proposes an efficient enterprise cloud mashup framework which supports dynamic composition of services to create a new service to the end users. The proposed framework is composed of an adapter, widgets, widget library and a mashup constructor module. Even a non technical end user can easily generate their own customized service on a cloud platform. Experiments reveal that the proposed framework is an efficient enterprise with cloud mashup service integration framework.

Download Full-text

Data Partitioning and Reduplication for Providing Integrity to Data in the Cloud

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.9021 ◽

2020 ◽

Vol 17 (9) ◽

pp. 4070-4074

Author(s):

H. M. Nishkala ◽

S. H. Anu ◽

D. A. Bindushree ◽

S. L. Manoj

Keyword(s):

Data Security ◽

Privacy Protection ◽

Service Providers ◽

Cloud Service ◽

Major Elements ◽

Data Partitioning ◽

Security And Privacy ◽

Data Loss ◽

Cloud Data ◽

Cloud Service Providers

Cloud Computing is a boon to the field of information and technology. The two major elements of client worries are Data security and Privacy Protection. Data may be revised and improved when client stores the information in the cloud so there might be danger of data loss. Therefore client information is moved to the data hub which cannot be controlled by the clients. Hence high safety efforts are required to secure data inside the cloud. Here data is divided into fragments and they are converted into encrypted file. This encrypted file is issued to arbitrarily chosen cloud service providers by the cloud data owners. Even after the successful attack, attackers do not get the meaning full information. If cloud data clients access to get any document that relating to encrypted file is regenerated from the fragments and clients must download it. When the applicant coordinates the strategy with the original details, then only file can be decoded. Therefore it demonstrates that prospective strategy improves the data integrity and confidentiality.

Download Full-text