Multi-security-level cloud storage system based on improved proxy re-encryption

AbstractBased on the characteristics and data security requirements of the cloud environment, we present a scheme for a multi-security-level cloud storage system that is combined with AES symmetric encryption and an improved identity-based proxy re-encryption (PRE) algorithm. Our optimization includes support for fine-grained control and performance optimization. Through a combination of attribute-based encryption methods, we add a fine-grained control factor to our algorithm in which each authorization operation is only valid for a single factor. By reducing the number of bilinear mappings, which are the most time-consuming processes, we achieve our aim of optimizing performance. Last but not least, we implement secure data sharing among heterogeneous cloud systems. As shown in experiment, our proposed multi-security-level cloud storage system implements services such as the direct storage of data, transparent AES encryption, PRE protection that supports fine-grained and ciphertext heterogeneous transformation, and other functions such as authentication and data management. In terms of performance, we achieve time-cost reductions of 29.8% for the entire process, 48.3% for delegation and 47.2% for decryption.

Download Full-text

Research on Data Destruction Mechanism with Security Level in HDFS

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.834-836.1795 ◽

2013 ◽

Vol 834-836 ◽

pp. 1795-1798

Author(s):

Jun Qin ◽

Ya Ping Zhang ◽

Ping Zong

Keyword(s):

Data Security ◽

Cloud Storage ◽

Storage System ◽

Security Requirements ◽

Security Level ◽

Primary Concern ◽

Simulation Experiments ◽

Performance Requirements ◽

Destruction Mechanism ◽

And Performance

In cloud computing applications, the data security is a primary concern of user. In this paper, for the problem that data of the HDFS cannot be destroyed completely in open source cloud storage system, which may lead to data leakage, it designs a destruction mechanism of HDFS with multiple security level. This mechanism make data effectively destroyed by the method of data overwrite which makes a balance between security requirements and performance requirements. The Simulation experiments show that the mechanism can override a Block file in HDFS environment effectively to achieve the purpose of data destroying. At the same the overhead of different overwrite algorithm is different also which can ensure the security and efficiency is balanced.

Download Full-text

Hierarchical authority based weighted attribute encryption scheme

Computer Science and Information Systems ◽

10.2298/csis180912027t ◽

2019 ◽

Vol 16 (3) ◽

pp. 797-813

Author(s):

Qiuting Tian ◽

Dezhi Han ◽

Yanmei Jiang

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Encryption Scheme ◽

Storage Security ◽

Fine Grained ◽

Security Proof ◽

Attribute Based Encryption ◽

Encryption Schemes ◽

And Performance ◽

Cloud Storage Environment

With the development of cloud storage technology, data storage security has become increasingly serious. Aiming at the problem that existing attribute-based encryption schemes do not consider hierarchical authorities and the weight of attribute. A hierarchical authority based weighted attribute encryption scheme is proposed. This scheme will introduce hierarchical authorities and the weight of attribute into the encryption scheme, so that the authorities have a hierarchical relationship and different attributes have different importance. At the same time, the introduction of the concept of weight makes this scheme more flexible in the cloud storage environment and enables fine-grained access control. In addition, this scheme implements an online/offline encryption mechanism to improve the security of stored data. Security proof and performance analysis show that the scheme is safe and effective, and it can resist collusion attacks by many malicious users and authorization centers. It is more suitable for cloud storage environments than other schemes.

Download Full-text

Fine-Grained Access Control with Efficient Revocation in Cloud Storage

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.571-572.79 ◽

2014 ◽

Vol 571-572 ◽

pp. 79-89

Author(s):

Ting Zhong ◽

You Peng Sun ◽

Qiao Liu

Keyword(s):

Access Control ◽

Cloud Storage ◽

Storage System ◽

Fine Grained ◽

Computational Overhead ◽

Attribute Based Encryption ◽

Encrypt Data ◽

User Revocation ◽

Ciphertext Policy ◽

Access Policies

In the cloud storage system, the server is no longer trusted, which is different from the traditional storage system. Therefore, it is necessary for data owners to encrypt data before outsourcing it for sharing. Simultaneously, the enforcement of access policies and support of policies updates becomes one of the most challenging issues. Ciphertext-policy attribute-based encryption (CP-ABE) is an appropriate solution to this issue. However, it comes with a new obstacle which is the attribute and user revocation. In this paper, we propose a fine-grained access control scheme with efficient revocation based on CP-ABE approach. In the proposed scheme, we not only realize an efficient and immediate revocation, but also eliminate some burden of computational overhead. The analysis results indicate that the proposed scheme is efficient and secure for access control in cloud storage systems.

Download Full-text

Secured Cloud Data Transmission using Cross ABE Algorithm

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.c5149.029320 ◽

2020 ◽

Vol 9 (3) ◽

pp. 3803-3806

Keyword(s):

Cloud Storage ◽

Storage System ◽

Security Level ◽

Cloud Data ◽

Malicious Activity ◽

Attribute Based Encryption ◽

Key Policy ◽

Ciphertext Policy ◽

The Cost ◽

Common Application

Cloud security is becoming more essential than ever with the tremendous development of delicate cloud data. The cloud information and services are located in massively scalable data centers and can be accessed anywhere. Unfortunately, the development of cloud users has been followed by an increase in cloud malicious activity. More and more vulnerabilities are being found, and fresh safety advisories are being released almost every day. Millions of customers surf the cloud for different reasons, so they need extremely secure and persistent services. The cloud storage system interconnect with the a load of potential security risks. So the cross encryption of Ciphertext Policy Attribute Based Encryption (CPAB) and Key Policy Attribute-based encryption algorithm which increases the security level in the encryption side. A segmentation part helps in splitting the encrypted file in storing the data in the cloud side, the Desegmentation part in the receiver side can easily combines spitted data into the single file for validation examine an authentication level in the received data. Here the cloud storage easily with the file fragmentation processes. This processes research over the storing mass amount of data on off- site installation, which can eliminate the cost in maintaining the physical hardware. Cloud's future includes a much greater degree of privacy and authentication, particularly in extending the variety of apps. We suggest a straightforward data protection model where data is encrypted before it is introduced in the cloud using key policy attribute-based encryption to ensure data confidentiality and safety. The storing data is the most common application for the cloud server.

Download Full-text

A Study on Cloud Storage Security Method Using Data Classification

Journal of University of Shanghai for Science and Technology ◽

10.51201/jusst/21/09657 ◽

2021 ◽

Vol 23 (09) ◽

pp. 1105-1121

Author(s):

Dr. Ashish Kumar Tamrakar ◽

◽

Dr. Abhishek Verma ◽

Dr. Vishnu Kumar Mishra ◽

Dr. Megha Mishra ◽

...

Keyword(s):

Cloud Storage ◽

Storage Systems ◽

Data Classification ◽

Data Encryption ◽

Security Requirements ◽

Security And Privacy ◽

Security Level ◽

Distributed Resources ◽

Storage Security ◽

Public Data

Cloud computing is a new model for providing diverse services of software and hardware. This paradigm refers to a model for enabling on-demand network access to a shared pool of configurable computing resources, that can be rapidly provisioned and released with minimal service provider interaction .It helps the organizations and individuals deploy IT resources at a reduced total cost. However, the new approaches introduced by the clouds, related to computation outsourcing, distributed resources and multi-tenancy concept, increase the security and privacy concerns and challenges. It allows users to store their data remotely and then access to them at any time from any place .Cloud storage services are used to store data in ways that are considered cost saving and easy to use. In cloud storage, data are stored on remote servers that are not physically known by the consumer. Thus, users fear from uploading their private and confidential files to cloud storage due to security concerns. The usual solution to secure data is data encryption, which makes cloud users more satisfied when using cloud storage to store their data. Motivated by the above facts; we have proposed a solution to undertake the problem of cloud storage security. In cloud storage, there are public data that do not need any security measures, and there are sensitive data that need applying security mechanisms to keep them safe. In that context, data classification appears as the solution to this problem. The classification of data into classes, with different security requirements for each class is the best way to avoid under security and over security situation. The existing cloud storage systems use the same Journal of University of Shanghai for Science and Technology ISSN: 1007-6735 Volume 23, Issue 9, September – 2021 Page-1105 key size to encrypt all data without taking into consideration its confidentiality level. Treating the low and high confidential data with the same way and at the same security level will add unnecessary overhead and increase the processing time. In our proposal, we have combined the K-NN (K Nearest Neighbors) machine learning method and the goal programming decision-making method, to provide an efficient method for data classification. This method allows data classification according to the data owner security needs. Then, we introduce the user data to the suitable security mechanisms for each class. The use of our solution in cloud storage systems makes the data security process more flexible, besides; it increases the cloud storage system performance and decreases the needed resources, which are used to store the data.

Download Full-text

Traceable Attribute-Based Secure Data Sharing with Hidden Policies in Mobile Health Networks

Mobile Information Systems ◽

10.1155/2020/3984048 ◽

2020 ◽

Vol 2020 ◽

pp. 1-12

Author(s):

Xueyan Liu ◽

Yukun Luo ◽

Xiaotao Yang

Keyword(s):

Bilinear Pairing ◽

Health Networks ◽

Access Policy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Data Owner ◽

Data User ◽

Efficient Scheme ◽

And Performance ◽

The One

The growing need to store, share, and manage medical and health records has resulted in electronic medical health sharing system (mHealth), which provides intelligent medical treatment for people. Attribute-based encryption (ABE) is regarded as a new cryptology to enhance fine-grained access control over encrypted sharing data in mHealth. However, some existing attribute-based mHealth systems not only violate the one-to-many application characteristics of attribute-based encryption mechanism but also destroy the anonymity of user. In this study, an efficient scheme is proposed to tackle the above defaults and offer two-way anonymity of data owner and data user by introducing a pseudoidentity. The computation of hidden access policy is reduced by removing the bilinear pairing, whereas the interaction between cloud storage and data user is avoided to save bandwidth during trapdoor generation. We also consider the temporal factor of the uploaded information by introducing access validity. Security and performance analyses show that the proposed scheme is efficient without reducing security.

Download Full-text

Efficient Attribute-Based Data Sharing Scheme with Hidden Access Structures

The Computer Journal ◽

10.1093/comjnl/bxz052 ◽

2019 ◽

Vol 62 (12) ◽

pp. 1748-1760 ◽

Cited By ~ 2

Author(s):

Yang Chen ◽

Wenmin Li ◽

Fei Gao ◽

Wei Yin ◽

Kaitai Liang ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Inner Product ◽

Access Structure ◽

Online Data ◽

Fine Grained ◽

Access Structures ◽

Attribute Based Encryption ◽

And Performance ◽

Ciphertext Policy

AbstractOnline data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user’s privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Download Full-text