A Safe and Resilient Cryptographic System for Dynamic Cloud Groups with Secure Data Sharing and Efficient User Revocation

Information sharing or exchange of data within entities plays a significant role in cloud storage. In cloud computing, a robust and practical methodology is developed which can be utilized by cloud users for sharing information among multiple group members in the cloud with lowered maintenance and management costs. Furthermore, a service provider in the cloud does not share data with anyone other than the Trusted Third Party (TTP) sources due to the semi-trusted characteristics of the cloud. In this way, there is no global security mechanism for dynamic group data sharing over the cloud. Subsequently, the Cloud Service Providers (CSPs) can convey different services to cloud users through powerful data centres. Hence, data is secured through the validation of users in the cloud. Meanwhile, CSPs should offer outsourced security assurance for data file sharing. Assuring privacy in data sharing is still a critical issue due to continuous change in cloud users, particularly, for unauthenticated or third party users because of the risk of collusion attacks. However, security concerns turn into a major restraint as outsourcing storage data is perhaps a delicate concern for cloud providers. Additionally, sharing information in a multi-proprietary approach while protecting information and individual security to the data from unauthorized or third party users is still a challenging task as there is a frequent change in cloud members. In this regard, previous studies are reviewed and discussed which are related to dynamic group data sharing using cloud computing.

Download Full-text

A Practical Conflicting Role-based Cloud Security Risk Evaluation Method

Recent Advances in Computer Science and Communications ◽

10.2174/2666255813666191204145140 ◽

2019 ◽

Vol 13 ◽

Author(s):

Jin Han ◽

Jing Zhan ◽

Xiaoqing Xia ◽

Xue Fan

Keyword(s):

Risk Evaluation ◽

Evaluation Method ◽

Service Providers ◽

Risk Preferences ◽

Cloud Service ◽

Cloud Security ◽

Third Party ◽

Security Evaluation ◽

Security Risk ◽

Cloud Users

Background: Currently, Cloud Service Provider (CSP) or third party usually proposes principles and methods for cloud security risk evaluation, while cloud users have no choice but accept them. However, since cloud users and cloud service providers have conflicts of interests, cloud users may not trust the results of security evaluation performed by the CSP. Also, different cloud users may have different security risk preferences, which makes it difficult for third party to consider all users' needs during evaluation. In addition, current security evaluation indexes for cloud are too impractical to test (e.g., indexes like interoperability, transparency, portability are not easy to be evaluated). Methods: To solve the above problems, this paper proposes a practical cloud security risk evaluation method of decision-making based on conflicting roles by using the Analytic Hierarchy Process (AHP) with Aggregation of Individual priorities (AIP). Results: Not only can our method bring forward a new index system based on risk source for cloud security and corresponding practical testing methods, but also can obtain the evaluation result with the risk preferences of conflicting roles, namely CSP and cloud users, which can lay a foundation for improving mutual trusts between the CSP and cloud users. The experiments show that the method can effectively assess the security risk of cloud platforms and in the case where the number of clouds increased by 100% and 200%, the evaluation time using our methodology increased by only by 12% and 30%. Conclusion: Our method can achieve consistent decision based on conflicting roles, high scalability and practicability for cloud security risk evaluation.

Download Full-text

PMAB: A Public Mutual Audit Blockchain for Outsourced Data in Cloud Storage

Security and Communication Networks ◽

10.1155/2021/9993855 ◽

2021 ◽

Vol 2021 ◽

pp. 1-11

Author(s):

Hanzhe Yang ◽

Ruidan Su ◽

Pei Huang ◽

Yuhan Bai ◽

Kai Fan ◽

...

Keyword(s):

Cloud Storage ◽

Service Providers ◽

Low Cost ◽

Cloud Service ◽

Third Party ◽

Rigorous Analysis ◽

Security Issues ◽

Outsourced Data ◽

Audit Data ◽

And Performance

With the rapid growth of data, limited by the storage capacity, more and more IoT applications choose to outsource data to Cloud Service Providers (CSPs). But, in such scenarios, outsourced data in cloud storage can be easily corrupted and difficult to be found in time, which brings about potential security issues. Thus, Provable Data Possession (PDP) protocol has been extensively researched due to its capability of supporting efficient audit for outsourced data in cloud. However, most PDP schemes require the Third-Party Auditor (TPA) to audit data for Data Owners (DOs), which requires the TPA to be trustworthy and fair. To eliminate the TPA, we present a Public Mutual Audit Blockchain (PMAB) for outsourced data in cloud storage. We first propose an audit chain architecture based on Ouroboros and an incentive mechanism based on credit to allow CSPs to audit each other mutually with anticollusion (any CSP is not willing to help other CSPs conceal data problems). Then, we design an audit protocol to achieve public audit efficiently with low cost of audit verification. Rigorous analysis explains the security of PMAB using game theory, and performance analysis shows the efficiency of PMAB using the real-world dataset.

Download Full-text

ECS: An Enhanced Cloud Security Algorithm

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.b2314.078219 ◽

2019 ◽

Vol 8 (2) ◽

pp. 6408-6412

Keyword(s):

Cloud Computing ◽

Service Providers ◽

Cloud Service ◽

Cloud Security ◽

Third Party ◽

Cloud Environment ◽

Security Issues ◽

Security Algorithm ◽

Cryptographic Techniques ◽

Cloud Users

Cloud computing is a technology where it provides software, platform, infrastructure, security and everything as a service. But this technology faces many security issues because all the data or information are stored in the hands of the third party. The cloud users unable to know where the data are store in the cloud environment and also it is very difficult to analyze the trustworthiness of the cloud service providers. In this technology providing security is a very big challenging task. This challenge was overcome by developing different cloud security algorithms using cryptographic techniques. Recently many researchers identified that if the cryptographic algorithms are combined in a hybrid manner it will increase the security in the cloud environment. Even though, many research works are still carried out to improve security in the cloud computing environment. In this research article, a new step was taken to develop a new cloud security algorithm

Download Full-text

Integrity Audit of Shared Cloud Data with Identity Tracking

Security and Communication Networks ◽

10.1155/2019/1354346 ◽

2019 ◽

Vol 2019 ◽

pp. 1-11 ◽

Cited By ~ 8

Author(s):

Yun Xue Yan ◽

Lei Wu ◽

Wen Yu Xu ◽

Hao Wang ◽

Zhao Man Liu

Keyword(s):

Service Providers ◽

Cloud Service ◽

Distribution Center ◽

Third Party ◽

Cloud Data ◽

Shared Data ◽

User Groups ◽

Using Data ◽

Cloud Storage Environment ◽

Cloud Users

More and more users are uploading their data to the cloud without storing any copies locally. Under the premise that cloud users cannot fully trust cloud service providers, how to ensure the integrity of users’ shared data in the cloud storage environment is one of the current research hotspots. In this paper, we propose a secure and effective data sharing scheme for dynamic user groups. (1) In order to realize the user identity tracking and the addition and deletion of dynamic group users, we add a new role called Rights Distribution Center (RDC) in our scheme. (2) To protect the privacy of user identity, when performing third party audit to verify data integrity, it is not possible to determine which user is a specific user. Therefore, the fairness of the audit can be promoted. (3) Define a new integrity audit model for shared cloud data. In this scheme, the user sends the encrypted data to the cloud and the data tag to the Rights Distribution Center (RDC) by using data blindness technology. Finally, we prove the security of the scheme through provable security theory. In addition, the experimental data shows that our proposed scheme is more efficient and scalable than the state-of-the-art solution.

Download Full-text

‏An Enhanced Approach to Improve the Security and Performance for Deduplication

Turkish Journal of Computer and Mathematics Education (TURCOMAT) ◽

10.17762/turcomat.v12i6.5797 ◽

2021 ◽

Vol 12 (6) ◽

pp. 2866-2882

Author(s):

Nourah Almrezeq Et al.

Keyword(s):

Service Providers ◽

Cloud Service ◽

Third Party ◽

Hard Problem ◽

Brute Force ◽

Cloud Service Providers ◽

Computationally Expensive ◽

And Performance ◽

Cloud Users

Cloud service providers providing users with efficient and effective storage and transmission of data. To reduce storage costs and save bandwidth, cloud service providers are attracted to use data de-duplication feature. Cloud users are interested in using the cloud safely and privately to protect the data they share on the cloud. Therefore, they encrypt the data before uploading it to the cloud. Since the intent of encryption conflicts with the de-duplication function, the data de-duplication feature becomes a hard problem. Existing de-duplication methods are ineffective in terms of both security and efficiency. They are either vulnerable to brute force attacks that enable the attacker to retrieve files, or they are computationally expensive. That is what drives us to suggest a method for removing duplicate data that is both performance and security effective. We'll start with a description of the implementations and functionality of de-duplication strategies, then move on to the literature that proposes various approaches to de-duplication and the security and efficiency problems that existing approaches face. Via the use of the AES-CBC algorithm and hashing functions, we have proposed an enhancement to improves the performance and protection of data de-duplication for users. Without the involvement of a third party, users' keys are created in a consistent and safe manner. We prove the efficacy of the recommended solution by putting it into practice and comparison with the existing techniques.

Download Full-text

Improved Proofs Of Retrievability And Replication For Data Availability In Cloud Storage

The Computer Journal ◽

10.1093/comjnl/bxz151 ◽

2020 ◽

Vol 63 (8) ◽

pp. 1216-1230 ◽

Cited By ~ 2

Author(s):

Wei Guo ◽

Sujuan Qin ◽

Jun Lu ◽

Fei Gao ◽

Zhengping Jin ◽

...

Keyword(s):

Service Providers ◽

Cloud Service ◽

Data Availability ◽

Forgery Attack ◽

Common Strategy ◽

Comparable Performance ◽

Replication Scheme ◽

High Level ◽

Cloud Users ◽

Proofs Of Retrievability

Abstract For a high level of data availability and reliability, a common strategy for cloud service providers is to rely on replication, i.e. storing several replicas onto different servers. To provide cloud users with a strong guarantee that all replicas required by them are actually stored, many multi-replica integrity auditing schemes were proposed. However, most existing solutions are not resource economical since users need to create and upload replicas of their files by themselves. A multi-replica solution called Mirror is presented to overcome the problems, but we find that it is vulnerable to storage saving attack, by which a dishonest provider can considerably save storage costs compared to the costs of storing all the replicas honestly—while still can pass any challenge successfully. In addition, we also find that Mirror is easily subject to substitution attack and forgery attack, which pose new security risks for cloud users. To address the problems, we propose some simple yet effective countermeasures and an improved proofs of retrievability and replication scheme, which can resist the aforesaid attacks and maintain the advantages of Mirror, such as economical bandwidth and efficient verification. Experimental results show that our scheme exhibits comparable performance with Mirror while achieving high security.

Download Full-text

Security of the Cloud

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Emerging Research in Cloud Distributed Computing Systems ◽

10.4018/978-1-4666-8213-9.ch012 ◽

2015 ◽

pp. 363-404 ◽

Cited By ~ 1

Author(s):

Khalid Al-Begain ◽

Michal Zak ◽

Wael Alosaimi ◽

Charles Turyagyenda

Keyword(s):

Service Providers ◽

Denial Of Service ◽

Cloud Service ◽

Future Research ◽

Cloud Environment ◽

Ddos Attacks ◽

Security Attacks ◽

Edos Attacks ◽

Future Research Directions ◽

Cloud Users

The chapter presents current security concerns in the Cloud Computing Environment. The cloud concept and operation raise many concerns for cloud users since they have no control of the arrangements made to protect the services and resources offered. Additionally, it is obvious that many of the cloud service providers will be subject to significant security attacks. Some traditional security attacks such as the Denial of Service attacks (DoS) and distributed DDoS attacks are well known, and there are several proposed solutions to mitigate their impact. However, in the cloud environment, DDoS becomes more severe and can be coupled with Economical Denial of Sustainability (EDoS) attacks. The chapter presents a general overview of cloud security, the types of vulnerabilities, and potential attacks. The chapter further presents a more detailed analysis of DDoS attacks' launch mechanisms and well-known DDoS defence mechanisms. Finally, the chapter presents a DDoS-Mitigation system and potential future research directions.

Download Full-text

Security of the Cloud

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch075 ◽

2018 ◽

pp. 1511-1554

Author(s):

Khalid Al-Begain ◽

Michal Zak ◽

Wael Alosaimi ◽

Charles Turyagyenda

Keyword(s):

Service Providers ◽

Denial Of Service ◽

Cloud Service ◽

Future Research ◽

Cloud Environment ◽

Ddos Attacks ◽

Security Attacks ◽

Edos Attacks ◽

Future Research Directions ◽

Cloud Users

The chapter presents current security concerns in the Cloud Computing Environment. The cloud concept and operation raise many concerns for cloud users since they have no control of the arrangements made to protect the services and resources offered. Additionally, it is obvious that many of the cloud service providers will be subject to significant security attacks. Some traditional security attacks such as the Denial of Service attacks (DoS) and distributed DDoS attacks are well known, and there are several proposed solutions to mitigate their impact. However, in the cloud environment, DDoS becomes more severe and can be coupled with Economical Denial of Sustainability (EDoS) attacks. The chapter presents a general overview of cloud security, the types of vulnerabilities, and potential attacks. The chapter further presents a more detailed analysis of DDoS attacks' launch mechanisms and well-known DDoS defence mechanisms. Finally, the chapter presents a DDoS-Mitigation system and potential future research directions.

Download Full-text

Security Aspects in Cloud Computing

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch004 ◽

2018 ◽

pp. 54-76

Author(s):

Tabassum N. Mujawar ◽

Ashok V. Sutagundar ◽

Lata L. Ragha

Keyword(s):

Cloud Computing ◽

Service Providers ◽

Cloud Service ◽

Third Party ◽

Storage Security ◽

Security Issues ◽

Access Control Mechanism ◽

And Storage ◽

Privacy Issues ◽

Different Levels

Cloud computing is recently emerging technology, which provides a way to access computing resources over Internet on demand and pay per use basis. Cloud computing is a paradigm that enable access to shared pool of resources efficiently, which are managed by third party cloud service providers. Despite of various advantages of cloud computing security is the biggest threat. This chapter describes various security concerns in cloud computing. The clouds are subject to traditional data confidentiality, integrity, availability and various privacy issues. This chapter comprises various security issues at different levels in environment that includes infrastructure level security, data level and storage security. It also deals with the concept of Identity and Access Control mechanism.

Download Full-text