Achieving Cloud Security Using a Third Party Auditor and Preserving Privacy for Shared Data Over a Public Cloud

Correctness of data and efficient mechanisms for data security, while transferring the file to and from Cloud, are of paramount importance in today's cloud-centric processing. A mechanism for correctness and efficient transfer of data is proposed in this article. While processing users request data, a set of attributes are defined and checked. States with attributes at different levels are defined to prevent unauthorized access. Security is provided while storing the data using a chunk generation algorithm and verification of chunks using lightweight Third-Party Auditor (TPA). TPA uses digital signatures to verify user's data that are generated by RSA with MD5 algorithms. The metadata file of generated chunks is encrypted using a modified AES algorithm. The proposed method prevents unauthorized users from accessing the data in the cloud environment, in addition to maintaining data integrity. Results of the proposed cloud security model implementation are discussed.

Download Full-text

A Practical Conflicting Role-based Cloud Security Risk Evaluation Method

Recent Advances in Computer Science and Communications ◽

10.2174/2666255813666191204145140 ◽

2019 ◽

Vol 13 ◽

Author(s):

Jin Han ◽

Jing Zhan ◽

Xiaoqing Xia ◽

Xue Fan

Keyword(s):

Risk Evaluation ◽

Evaluation Method ◽

Service Providers ◽

Risk Preferences ◽

Cloud Service ◽

Cloud Security ◽

Third Party ◽

Security Evaluation ◽

Security Risk ◽

Cloud Users

Background: Currently, Cloud Service Provider (CSP) or third party usually proposes principles and methods for cloud security risk evaluation, while cloud users have no choice but accept them. However, since cloud users and cloud service providers have conflicts of interests, cloud users may not trust the results of security evaluation performed by the CSP. Also, different cloud users may have different security risk preferences, which makes it difficult for third party to consider all users' needs during evaluation. In addition, current security evaluation indexes for cloud are too impractical to test (e.g., indexes like interoperability, transparency, portability are not easy to be evaluated). Methods: To solve the above problems, this paper proposes a practical cloud security risk evaluation method of decision-making based on conflicting roles by using the Analytic Hierarchy Process (AHP) with Aggregation of Individual priorities (AIP). Results: Not only can our method bring forward a new index system based on risk source for cloud security and corresponding practical testing methods, but also can obtain the evaluation result with the risk preferences of conflicting roles, namely CSP and cloud users, which can lay a foundation for improving mutual trusts between the CSP and cloud users. The experiments show that the method can effectively assess the security risk of cloud platforms and in the case where the number of clouds increased by 100% and 200%, the evaluation time using our methodology increased by only by 12% and 30%. Conclusion: Our method can achieve consistent decision based on conflicting roles, high scalability and practicability for cloud security risk evaluation.

Download Full-text

Plenary Talk I: Modified AES Algorithm for Strong Encryption & Enhanced Security

2021 International Mobile, Intelligent, and Ubiquitous Computing Conference (MIUCC) ◽

10.1109/miucc52538.2021.9447649 ◽

2021 ◽

Author(s):

Dharm Singh Jat

Keyword(s):

Plenary Talk ◽

Aes Algorithm ◽

Modified Aes

Download Full-text

Potential of ontology for interoperability in e-government

Brazilian Journal of Information Science ◽

10.36311/1981-1640.2016.v10n2.06.p47 ◽

2016 ◽

Vol 10 (2) ◽

Author(s):

Edilson Ferneda ◽

Fernando William Cruz ◽

Hércules Antonio Do Prado ◽

Renato da Veiga Guadagnin ◽

Laurindo Campos Dos Santos ◽

...

Keyword(s):

European Union ◽

Electronic Government ◽

Practical Solution ◽

Semantic Level ◽

Legal Question ◽

Task Time ◽

Efficient Mechanisms ◽

Different Levels ◽

Over Time ◽

Legal Meaning

Interoperability is one of the fundamental requirements to enable electronic government. Its implementation can be classified into technical, syntactic, semantic, and organizational levels. At the semantic level, ontology is regarded as a practical solution to be considered. In this context, its adoption was identified in several countries, with different levels of maturity and so many focuses as the specific implementations. One of the main challenges to be overcome is the legal question that refers to the legislation to assure “the preservation of the legal meaning of data”. The lack of efficient mechanisms to support the deployment and use of ontologies can turn the overall task time-expensive, restricted in scope, or even unfeasible. Additionally, many initiatives are recent and need to be validated over time. This paper presents a non-exhaustive survey of the state of interoperability in e-government from the perspective of ontologies' use. The cases of Palestine, European Union, Netherlands, Estonia, and Brazil are discussed.

Download Full-text

Introduction of Blockchain to Mitigate The Trusted Third Party Auditing for Cloud Security: An Overview

2017 2nd International Conference On Emerging Computation and Information Technologies (ICECIT) ◽

10.1109/icecit.2017.8453352 ◽

2017 ◽

Cited By ~ 1

Author(s):

N Ravi ◽

N.R Sunitha

Keyword(s):

Cloud Security ◽

Third Party ◽

Trusted Third Party ◽

Third Party Auditing

Download Full-text

Security Model for Mobile Cloud Database as a Service (DBaaS)

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch038 ◽

2019 ◽

pp. 760-769

Author(s):

Kashif Munir

Keyword(s):

Large Scale ◽

Management Practices ◽

Third Party ◽

Digital Data ◽

Mobile Cloud ◽

Security Model ◽

Service Model ◽

Cloud Database ◽

Database As A Service ◽

Access To Data

There's a big change happening in the world of databases. The industry is buzzing about Database-as-a-Service (DBaaS), a cloud offering that allows companies to rent access to these managed digital data warehouses. Database-as-a-service (DBaaS) is a cloud computing service model that provides users with some form of access to a database without the need for setting up physical hardware, installing software or configuring for performance. Since consumers host data on the Mobile Cloud, DBaaS providers should be able to guarantee data owners that their data would be protected from all potential security threats. Protecting application data for large-scale web and mobile apps can be complex; especially with distributed and NoSQL databases. Data centers are no longer confined to the enterprise perimeter. More and more enterprises take their data to the Mobile Cloud, but forget to adjust their security management practices when doing so. Unauthorized access to data resources, misuse of data stored on third party platform, data confidentiality, integrity and availability are some of the major security challenges that ail this nascent Cloud service model, which hinders the wide-scale adoption of DBaaS. In this chapter, I propose a security model for Mobile Cloud Database as a Service (DBaaS). A user can change his/her password, whenever demanded. Furthermore, security analysis realizes the feasibility of the proposed model for DBaaS and achieves efficiency. This will help Cloud community to get an insight into state-of-the-art progress in terms of secure strategies, their deficiencies and possible future directions.

Download Full-text

Security Aspects in Cloud Computing

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch004 ◽

2018 ◽

pp. 54-76

Author(s):

Tabassum N. Mujawar ◽

Ashok V. Sutagundar ◽

Lata L. Ragha

Keyword(s):

Cloud Computing ◽

Service Providers ◽

Cloud Service ◽

Third Party ◽

Storage Security ◽

Security Issues ◽

Access Control Mechanism ◽

And Storage ◽

Privacy Issues ◽

Different Levels

Cloud computing is recently emerging technology, which provides a way to access computing resources over Internet on demand and pay per use basis. Cloud computing is a paradigm that enable access to shared pool of resources efficiently, which are managed by third party cloud service providers. Despite of various advantages of cloud computing security is the biggest threat. This chapter describes various security concerns in cloud computing. The clouds are subject to traditional data confidentiality, integrity, availability and various privacy issues. This chapter comprises various security issues at different levels in environment that includes infrastructure level security, data level and storage security. It also deals with the concept of Identity and Access Control mechanism.

Download Full-text

Using I-D maps to Represent the Adoption of Internet Applications by Local Cricket Clubs

Actor-Network Theory and Technology Innovation ◽

10.4018/978-1-60960-197-3.ch006 ◽

2011 ◽

pp. 80-94 ◽

Cited By ~ 2

Author(s):

Scott Bingley ◽

Steven Burgess

Keyword(s):

Decision Process ◽

Third Party ◽

The Internet ◽

Internet Applications ◽

Visual Aid ◽

Use Of The Internet ◽

The Uk ◽

Use Of Internet ◽

Online Statistics ◽

Different Levels

This chapter describes the development of a visual aid to depict the manner in which Internet applications are being diffused through local sporting associations. Rogers’ (2003) Innovation-Decision process stages, specifically the knowledge, persuasion, adoption and confirmation stages, are used as the theoretical basis for the aid. The chapter discusses the Innovation-Decision process as an important component of Rogers’ (2003) Innovation Diffusion approach. It then outlines the particular problem at hand, determining how best to represent different sporting (cricket) associations and their adoption and use of Internet applications across the innovation-decision process stages. Different data visualisation approaches to representing the data (such as line graphs and bar charts) are discussed, with the introduction of an aid (labelled I-D maps) used to represent the adoption of different Internet applications by cricket associations in New Zealand, Australia and the UK. The Internet applications considered are email, club websites, association and/or third party websites and the use of the Internet to record online statistics. The use of I-D maps provides instant interpretation of the different levels of adoption of Internet applications by different cricket associations.

Download Full-text

Encryption of Images Using the Modified AES Algorithm and Its Comparison with the Original AES

10.1007/978-3-030-81619-3_17 ◽

2021 ◽

pp. 154-163

Author(s):

Michael Babayan ◽

Alexander Buglak ◽

Nikita Gordov ◽

Irina Pilipenko ◽

Larisa Cherckesova ◽

...

Keyword(s):

Aes Algorithm ◽

Modified Aes

Download Full-text

CompactRIO Based Real Time Implementation of AES Algorithm for Embedded Applications

International Journal of Embedded and Real-Time Communication Systems ◽

10.4018/ijertcs.2019040102 ◽

2019 ◽

Vol 10 (2) ◽

pp. 19-36

Author(s):

El Adib Samir ◽

Raissouni Naoufal

Keyword(s):

Power Consumption ◽

Real Time ◽

Software Design ◽

System Architecture ◽

Advanced Encryption Standard ◽

Time Cost ◽

Security Applications ◽

Aes Algorithm ◽

Embedded Applications ◽

Different Levels

For real-time embedded applications, several factors (time, cost, power) that are moving security considerations from a function-centric perspective into a system architecture (hardware/software) design issue. The National Institute of Standards and Technology (NIST) adopts Advanced Encryption Standard (AES) as the most widely used encryption algorithm in many security applications. The AES algorithm specifies 10, 12 and 14 rounds offering different levels of security. Although the number of rounds determines the strength of security, the power consumption issue has risen recently, especially in real-time embedded systems. In this article, the authors present real time implementation of the AES encryption on the compactRIO platform for a different number of AES rounds. The target hardware is NI cRIO-9022 embedded real-time controller from National Instruments (NI). The real time encryption processing has been verified successfully. The power consumption and encryption time experimental results are presented graphically for 10, 12 and 14 rounds of processing.

Download Full-text