scholarly journals A novel approach to data integrity auditing in PCS: Minimising any Trust on Third Parties (DIA-MTTP)

PLoS ONE ◽  
2021 ◽  
Vol 16 (1) ◽  
pp. e0244731
Author(s):  
Reem Almarwani ◽  
Ning Zhang ◽  
James Garside
Keyword(s):  
Security Analysis ◽  
Data Integrity ◽  
Third Parties ◽  
Third Party ◽  
Distributed Data ◽  
Data Deduplication ◽  
Property A ◽  
Communication Structure ◽  
Novel Approach ◽  
Integrity Assurance

Data Integrity Auditing (DIA) is a security service for verifying the integrity of outsourced data in Public Cloud Storage (PCS) by users or by Third-Party Auditors (TPAs) on behalf of the users. This paper proposes a novel DIA framework, called DIA-MTTP. The major novelty of the framework lies in that, while providing the DIA service in a PCS environment, it supports the use of third parties, but does not require full trust in the third parties. In achieving this property, a number of ideas also have been embedded in the design. These ideas include the use of multiple third parties and a hierarchical approach to their communication structure making the service more suited to resource-constrained user devices, the provision of two integrity assurance levels to balance the trade-off between security protection levels and the costs incurred, the application of a data deduplication measure to both new data and existing data updates to minimise the number of tags (re-)generated. In supporting the dynamic data and deduplication measure, a distributed data structure, called Multiple Mapping Tables (M2T), is proposed. Security analysis indicates that our framework is secure with the use of untrusted third parties. Performance evaluation indicates that our framework imposes less computational, communication and storage overheads than related works.

A Novel Approach for Encrypted Data-Deduplication in Clouds

2020 ◽  
Vol 17 (8) ◽  
pp. 3631-3635
Author(s):  
L. Mary Gladence ◽  
Priyanka Reddy ◽  
Apoorva Shetty ◽  
E. Brumancia ◽  
Senduru Srinivasulu
Keyword(s):  
Data Transfer ◽  
Distributed Storage ◽  
Security Analysis ◽  
Test Plot ◽  
Security Model ◽  
Proof Of Concept ◽  
Data Deduplication ◽  
Encrypted Data ◽  
Novel Approach ◽  
Encryption Method

Data deduplication is one of the main techniques for copying recovery data duplicates and was widely used in distributed storage to minimize extra space and spare data transfer capacity. It was proposed that the simultaneous encryption method encode the data before re-appropriating to preserve the confidentiality of delicate data while facilitating de replication. Unlike conventional de duplication systems, consumers are therefore viewed as having differential advantages as indupli-cate tests other than the data itself. Security analysis shows that our approach is safe in terms of the values set out in the proposed security model. For this deduplication M3 encryption algorithm and DES algorithm are used. M3 encryption is to compare another with the latest technology, for more effective, security purposes, fast actions and. The second DES encryption that was used to open the file and decrypt understandable language for humans in a secure language. A model of our current accepted copy check program is revised as proof of concept by the current research and explicitly shows the tests using our model. The proposed research shows that when opposed to conventional operations, our proposed duplicate test plot creates marginal overhead.

scholarly journals Attribute-Based User Revocable Data Integrity Audit for Internet-of-Things Devices in Cloud Storage

2020 ◽  
Vol 2020 ◽  
pp. 1-10
Author(s):  
Yaowei Wang ◽  
Chen Chen ◽  
Zhenwei Chen ◽  
Jiangyong He
Keyword(s):  
Internet Of Things ◽  
Cloud Storage ◽  
Security Analysis ◽  
Data Integrity ◽  
Third Party ◽  
Iot Devices ◽  
And Performance ◽  
Data Auditing ◽  
Cloud Storage Environment ◽  
Access To Data

Mobile crowdsensing (MCS) is a sensing paradigm exploiting the capabilities of mobile devices (Internet-of-Things devices, smartphones, etc.) to gather large volume of data. MCS has been widely used in cloud storage environment. However, MCS often faces the challenge of data integrity and user revocation issues. To solve these challenges, this paper uses attribute-based revocable signature mechanisms to construct a data integrity auditing scheme for IoT devices in the cloud storage environment. Users use attribute private keys to generate attribute signatures, and limit the user’s permission to use shared data through access policy control. Only when the user attribute is included in the global attribute set, and the attribute threshold is not less than the specified number, the user can use the attribute key for the data to generate a valid signature that can be authenticated under the control of the signature strategy. At the same time, the group manager (GM) can send secret information to a third-party auditor (TPA) to track the creator of the signature, to withdraw the user’s access to data when the business changes, and realize the safe revocation of user group membership. Formal security analysis and experimental results show that the proposed data-auditing solution is suitable for IoT devices in the cloud storage environment with respect to security and performance.

scholarly journals An Improved Blockchain-Based Secure Data Deduplication using Attribute-Based Role Key Generation with Efficient Cryptographic Methods

2021 ◽  
Author(s):  
Ruba S ◽  
A.M. Kalpana
Keyword(s):  
Cloud Storage ◽  
Data Integrity ◽  
Cloud Service ◽  
Third Party ◽  
Key Generation ◽  
Data Deduplication ◽  
Cloud Data ◽  
Redundant Data ◽  
Encrypt Data ◽  
Secure Data

Abstract Deduplication can be used as a data redundancy removal method that has been constructed to save system storage resources through redundant data reduction in cloud storage. Now a day, deduplication techniques are increasingly exploited to cloud data centers with the growth of cloud computing techniques. Therefore, many deduplication methods were presented by many researchers to eliminate redundant data in cloud storage. For secure deduplication, previous works typically have introduced third-party auditors for the data integrity verification, but it may be suffered from data leak by the third-party auditors. And also the customary methods could not face more difficulties in big data deduplication to correctly consider the two conflicting aims of high duplicate elimination ratio and deduplication throughput. In this paper, an improved blockchain-based secure data deduplication is presented with efficient cryptographic methods to save cloud storage securely. In the proposed method, an attribute-based role key generation (ARKG) method is constructed in a hierarchical tree manner to generate a role key when the data owners upload their data to cloud service provider (CSP) and to allow authorized users to download the data. In our system, the smart contract (agreement between the data owner and CSP) is done using SHA-256 (Secure Hash Algorithm-256) to generate a tamper-proofing ledger for data integrity, in which data is protected from illegal modifications, and duplication detection is executed through hash-tag that can be formed by SHA-256. Message Locked encryption (MLE) is employed to encrypt data for data uploading by the data owners to the CSP. The experimental results show that our proposed secure deduplication scheme can give higher throughput and a low duplicate elimination ratio.

Security Test by using F T M and Data Allocation Strategies on Leakage Detection

2005 ◽  
Vol 4 (2) ◽  
pp. 393-400
Author(s):  
Pallavali Radha ◽  
G. Sireesha
Keyword(s):  
Third Party ◽  
Distributed Data ◽  
Data Allocation ◽  
Security Testing ◽  
Sensitive Data ◽  
Sample Data ◽  
The One ◽  
Security Test ◽  
Data Request ◽  
Allocation Strategies

The data distributors work is to give sensitive data to a set of presumably trusted third party agents.The data i.e., sent to these third parties are available on the unauthorized places like web and or some ones systems, due to data leakage. The distributor must know the way the data was leaked from one or more agents instead of as opposed to having been independently gathered by other means. Our new proposal on data allocation strategies will improve the probability of identifying leakages along with Security attacks typically result from unintended behaviors or invalid inputs.  Due to too many invalid inputs in the real world programs is labor intensive about security testing.The most desirable thing is to automate or partially automate security-testing process. In this paper we represented Predicate/ Transition nets approach for security tests automated generationby using formal threat models to detect the agents using allocation strategies without modifying the original data.The guilty agent is the one who leaks the distributed data. To detect guilty agents more effectively the idea is to distribute the data intelligently to agents based on sample data request and explicit data request. The fake object implementation algorithms will improve the distributor chance of detecting guilty agents.

Cláusulas de franquicia o deducible en seguros de responsabilidad civil en el Derecho español: Naturaleza y efectos respecto de terceros perjudicados

2018 ◽  
pp. 101
Author(s):  
Rafael Lara González
Keyword(s):  
Civil Liability ◽  
Third Parties ◽  
Insurance Contract ◽  
Third Party ◽  
Liability Insurance ◽  
Legal Doctrine ◽  
Insurance Contracts ◽  
Spanish Law ◽  
Palabras Clave ◽  
Legal Nature

ResumenPese a su ubicuidad en la práctica contractual, las cláusulas de franquicia han recibido tratamiento incidental en la doctrina. La discusión sobre ellas se ha enfocado en los contratos de seguros de responsabilidad civil, y en la interpretación del artículo 76 de la Ley española de Contrato de Seguro. En este contexto se ha tratado de establecer si el asegurador puede o no oponer la cláusula de franquicia al tercero perjudicado. El presente trabajo analiza la cláusula de franquicia en la obligación principal del asegurador, su naturaleza jurídica, y examina su relación con los terceros perjudicados. La consideración principal a este respecto estará en si nos encontramos ante un seguro obligatorio o ante un seguro voluntario de responsabilidad civil. Palabras clave: Contrato de seguro; Cláusula de franquicia; Terceroperjudicado; Responsabilidad civil.AbstractDespite their ubiquity in contractual praxis, deductible clauses have received only incidental treatment in legal doctrine. Discussion on them has focused on civil liability insurance contracts, and the interpretation of article 76 of the Spanish Law of Insurance Contracts. In this context it has been attempted to establish whether the insurer can invoke the clause to oppose the injured third party's claim. This article examines the deductible clause included in the insurer's main obligation, its legal nature, and its relation to injured third parties. The main consideration in this regard will be whether the insurance contract is of a mandatory or voluntary nature.Keywords: Insurance contract; Deductible clause; Injured third party; Civil liability.

Formation of Contract and Third Parties in Cambodia

2018 ◽  
Author(s):  
Ly Tayseng
Keyword(s):  
Academic Writing ◽  
Case Law ◽  
Civil Code ◽  
Third Parties ◽  
Third Party ◽  
The Third ◽  
Contract Formation ◽  
The Law ◽  
The Right ◽  
Formal Requirements

This chapter gives an overview of the law on contract formation and third party beneficiaries in Cambodia. Much of the discussion is tentative since the new Cambodian Civil Code only entered into force from 21 December 2011 and there is little case law and academic writing fleshing out its provisions. The Code owes much to the Japanese Civil Code of 1898 and, like the latter, does not have a requirement of consideration and seldom imposes formal requirements but there are a few statutory exceptions from the principle of freedom from form. For a binding contract, the agreement of the parties is required and the offer must be made with the intention to create a legally binding obligation and becomes effective once it reaches the offeree. The new Code explicitly provides that the parties to the contract may agree to confer a right arising under the contract upon a third party. This right accrues directly from their agreement; it is not required that the third party declare its intention to accept the right.

Contracts for the Benefit of Third Parties Under the Taiwan Civil Code

2018 ◽  
Author(s):  
Sheng-Lin JAN
Keyword(s):  
Civil Code ◽  
Third Parties ◽  
Third Party ◽  
The Third ◽  
Legal Relationship ◽  
The Third Party ◽  
Privity Of Contract

This chapter discusses the position of third party beneficiaries in Taiwan law where the principle of privity of contract is well established. Article 269 of the Taiwan Civil Code confers a right on the third party to sue for performance as long as the parties have at least impliedly agreed. This should be distinguished from a ‘spurious contract’ for the benefit of third parties where there is no agreement to permit the third party to claim. Both the aggrieved party and the third party beneficiary can sue on the contract, but only for its own loss. The debtor can only set off on a counterclaim arising from its legal relationship with the third party. Where the third party coerces the debtor into the contract, the contract can be avoided, but where the third party induces the debtor to contract with the creditor by misrepresentation, the debtor can only avoid the contract if the creditor knows or ought to have known of the misrepresentation.

Contracts for the Benefit of Third Parties in Japan

2018 ◽  
Author(s):  
Masami Okino
Keyword(s):  
Case Analysis ◽  
Case Law ◽  
Contract Law ◽  
Civil Code ◽  
Third Parties ◽  
Third Party ◽  
German Model ◽  
Recent Debate ◽  
The Law

This chapter discusses the law on third party beneficiaries in Japan; mostly characterized by adherence to the German model that still bears an imprint on Japanese contract law. Thus, there is neither a doctrine of consideration nor any other justification for a general doctrine of privity, and contracts for the benefit of third parties are generally enforceable as a matter of course. Whether an enforceable right on the part of a third party is created is simply a matter of interpretation of the contract which is always made on a case-by-case analysis but there are a number of typical scenarios where the courts normally find the existence (or non-existence) of a contract for the benefit of a third party. In the recent debate on reform of Japanese contract law, wide-ranging suggestions were made for revision of the provisions on contracts for the benefit of third parties in the Japanese Civil Code. However, it turned out that reform in this area was confined to a very limited codification of established case law.

scholarly journals DCSS Protocol for Data Caching and Sharing Security in a 5G Network

Network ◽  
2021 ◽  
Vol 1 (2) ◽  
pp. 75-94
Author(s):  
Ed Kamya Kiyemba Edris ◽  
Mahdi Aiash ◽  
Jonathan Loo
Keyword(s):  
Mobile Networks ◽  
Service Providers ◽  
Security Analysis ◽  
Mobile Network ◽  
End Users ◽  
Third Party ◽  
Control Mechanisms ◽  
Security Measures ◽  
Data Caching ◽  
Pi Calculus

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

scholarly journals Comparable Encryption Scheme over Encrypted Cloud Data in Internet of Everything

2017 ◽  
Vol 2017 ◽  
pp. 1-11
Author(s):  
Qian Meng ◽  
Jianfeng Ma ◽  
Kefei Chen ◽  
Yinbin Miao ◽  
Tengfei Yang
Keyword(s):  
Model Performance ◽  
Data Integrity ◽  
Cloud Service ◽  
Third Party ◽  
Encryption Scheme ◽  
Cloud Data ◽  
Practical Applications ◽  
Internet Of Everything ◽  
Window Method ◽  
Comparable Encryption

User authentication has been widely deployed to prevent unauthorized access in the new era of Internet of Everything (IOE). When user passes the legal authentication, he/she can do series of operations in database. We mainly concern issues of data security and comparable queries over ciphertexts in IOE. In traditional database, a Short Comparable Encryption (SCE) scheme has been widely used by authorized users to conduct comparable queries over ciphertexts, but existing SCE schemes still incur high storage and computational overhead as well as economic burden. In this paper, we first propose a basic Short Comparable Encryption scheme based on sliding window method (SCESW), which can significantly reduce computational and storage burden as well as enhance work efficiency. Unfortunately, as the cloud service provider is a semitrusted third party, public auditing mechanism needs to be furnished to protect data integrity. To further protect data integrity and reduce management overhead, we present an enhanced SCESW scheme based on position-aware Merkle tree, namely, PT-SCESW. Security analysis proves that PT-SCESW and SCESW schemes can guarantee completeness and weak indistinguishability in standard model. Performance evaluation indicates that PT-SCESW scheme is efficient and feasible in practical applications, especially for smarter and smaller computing devices in IOE.

Sign in / Sign up

Export Citation Format

Share Document