Cross-domain data cloud storage auditing scheme based on certificateless cryptography

With the development of Internet of things (IoT), more and more intelligent terminal devices outsource data to cloud servers (CSs). However, the CS is not fully trusted, and the heterogeneity among different domains makes it difficult for third-party auditor (TPA) to conduct an efficient integrity auditing of outsourced data. Therefore, the cross-domain data cloud storage auditing scheme based on certificateless cryptography is proposed, which can effectively avoid the big burden of certificate management or key escrow problems in identity-based cryptography. At the same time, TPA can effectively audit the integrity of outsourced data in different domains. Formal security proof and analysis show that the cloud storage auditing scheme satisfies the security and privacy requirements. Performance analysis demonstrates that the efficiency is acceptable.     

A secure regenerating code‐based cloud storage with efficient integrity verification

Cloud storage is gaining popularity as it relieves the data owners from the burden of data storage and maintenance cost. However, outsourcing data to third‐party cloud servers raise several concerns such as data availability, confidentiality, and integrity. Recently, regenerating codes have gained popularity because of their low repair bandwidth while ensuring data availability. In this paper, we propose a secure regenerating code‐based cloud storage (SRCCS) scheme, which utilizes the verifiable computation property of homomorphic encryption scheme to check the integrity of outsourced data. In this work, an error‐correcting code (ECC)–based homomorphic encryption scheme (HES) is employed to simultaneously provide data privacy as well as error correction while supporting efficient integrity verification. In SRCCS, server regeneration process is initiated on detection of data corruption events in order to ensure data availability. The ECC‐based HES significantly reduces the probability of server regeneration and minimizes the repair cost. Extensive theoretical analysis and simulation results validate the security, efficiency, and practicability of the proposed scheme.     

A survey on blockchain-based integrity auditing for cloud data

With the rapid advancement of cloud computing, cloud storage services have developed rapidly. One issue that has attracted particular attention in such remote storage services is that cloud storage servers are not enough to reliably save and maintain data, which greatly affects users’ confidence in purchasing and consuming cloud storage services. Traditional data integrity auditing techniques for cloud data storage are centralized, which faces huge security risks due to single-point-of-failure and vulnerabilities of central auditing servers. Blockchain technology offers a new approach to this problem. Many researchers have endeavored to employ the blockchain for data integrity auditing. Based on the search of relevant papers, we found that existing literature lacks a thorough survey of blockchain-based integrity auditing for cloud data. In this paper, we make an in-depth survey on cloud data integrity auditing based on blockchain. Firstly, we cover essential basic knowledge of integrity auditing for cloud data and blockchain techniques. Then, we propose a series of requirements for evaluating existing Blockchain-based Data Integrity Auditing (BDIA) schemes. Furthermore, we provide a comprehensive review of existing BDIA schemes and evaluate them based on our proposed criteria. Finally, according to our completed review and analysis, we explore some open issues and suggest research directions worthy of further efforts in the future.     

Secure deduplication and integrity audit system based on convergent encryption for cloud storage

Cloud storage applications quickly become the best choice of the personal user and enterprise storage with its convenience,scalability and other advantages,secure deduplication and integrity auditing are key issues for cloud storage.At first,convergent key encapsulation/decoupling algorithm based on blind signature was set up,which could securely store key and enable it to deduplicate.Besides,a BLS signature algorithm based on convergence key was provided and use TTP to store public key and proxy audit which enables signature and pubic key deduplication and reduces client storage and computing overhead.Finally,cloud-based secure deduplicaion and integrity audit system was designed and implemented.It offered user with data privacy protection,deduplication authentication,audit authentication services and lowered client and cloud computation overhead.     

Secure Disintegration Protocol for Privacy Preserving Cloud Storage

Cloud service providers offer infrastructure, network services, and software applications in the cloud. The cloud services are hosted in a data center that can be used by users with the help of network connectivity. Hence, there is a need for providing security and integrity in cloud resources. Most security instruments have a finite rate of failure, and the intrusion comes with more complex and sophisticated techniques; the security failure rates are skyrocketing. In this paper, we have proposed a secure disintegration protocol (SDP) for the protection of privacy on-site and in the cloud. The architecture presented in this paper is used for cloud storage, and it is used in conjunction with our unique data compression and encoding technique. Probabilistic analysis is used for calculating the intrusion tolerance abilities for the SDP.     

Achieving reliable and anti-collusive outsourcing computation and verification based on blockchain in 5G-enabled IoT

Widespread applications of 5G technology have prompted the outsourcing of computation dominated by the Internet of Things (IoT) cloud to improve transmission efficiency, which has created a novel paradigm for improving the speed of common connected objects in IoT. However, although it makes it easier for ubiquitous resource-constrained equipment that outsources computing tasks to achieve high-speed transmission services, security concerns, such as a lack of reliability and collusion attacks, still exist in the outsourcing computation. In this paper, we propose a reliable, anti-collusion outsourcing computation and verification protocol, which uses distributed storage solutions in response to the issue of centralized storage, leverages homomorphic encryption to deal with outsourcing computation and ensures data privacy. Moreover, we embed outsourcing computation results and a novel polynomial factorization algorithm into the smart contract of Ethereum, which not only enables the verification of the outsourcing result without a trusted third party but also resists collusion attacks. The results of the theoretical analysis and experimental performance evaluation demonstrate that the proposed protocol is secure, reliable, and more effective compared with state-of-the-art approaches.     

Secure Data Access and Sharing Scheme for Cloud Storage

Cloud storage is a new storage mode emerged along with the development of cloud computing paradigm. By migrating the data to cloud storage, the consumers can be liberated from building and maintaining the private storage infrastructure, and they can enjoy the data storage service at anywhere and anytime with high reliability and a relatively low cost. However, the security and privacy risks, especially the confidentiality and integrity of data seem to be the biggest hurdle to the adoption of the cloud storage applications. In this paper, we consider the secure data access and sharing issues for cloud storage services. Based on the intractability of the discrete logarithm problem, we design a secure data access and data sharing scheme for cloud storage, where we utilize the user authentication scheme to deal with the data access problem. According to our analysis, through our scheme, only valid user with the correct password and biometric can access to the cloud storage provider. Besides, the authorized users can access the rightful resources and verify the validity of the shared data, but cannot transfer the permission to any other party. At the same time, the confidentiality and integrity of data can be guaranteed.

     

支持条件身份匿名的云存储医疗数据轻量级完整性验证方案

医疗云存储服务是云计算技术的一个重要应用,同时外包医疗数据的完整性和用户的身份隐私保护已变得越来越重要。该文提出适用于无线医疗传感器网络的支持条件身份匿名的外包云存储医疗数据轻量级完整性验证方案。方案结合同态哈希函数设计了聚合签名,通过第三方审计者(TPA)对外包云存储医疗数据进行完整性验证,在TPA端存放审计辅助信息,利用同态哈希函数的同态性质将TPA端的计算优化为常量运算,大大降低了第三方审计者的计算开销,同时支持TPA对多个数据文件执行批量验证,其验证开销几乎是恒定的,与医疗数据文件的数量无关。方案有效防止了第三方审计者通过求解线性方程恢复原始医疗数据,并且设计了条件身份匿名算法,密钥生成中心(PKG)根据用户唯一标识的身份信息为用户生成匿名身份及对应的签名私钥。即使攻击者截获到用户传输的医疗数据,也无法获知拥有此数据的真实身份,有效避免了对公钥证书的复杂管理,同时使得密钥生成中心可以有效追踪医疗信息系统中具有恶意行为的用户。安全性分析与性能评估结果表明该方案能够安全高效地部署在云辅助无线医疗传感器网络。     

一个改进的云存储数据完整性验证方案

在云计算环境中,客户将数据存储在不可信的云存储服务器上.如何在本地没有数据副本的情况下,高效地对客户存储的远程数据进行完整性验证是一个亟待解决的问题,针对此问题已相继提出一系列解决方案.提出已知证据伪造攻击的概念,即拥有一定数量证据的敌手可以伪造新的合法证据.指出已有的一些数据完整性验证方案无法抵抗已知证据伪造攻击.利用基于等级的认证跳表提出一个改进方案,该方案支持完全数据更新和公开审计.     

云环境下安全的可验证多关键词搜索加密方案

云计算的高虚拟化与高可扩展性等优势,使个人和企业愿意外包加密数据到云端服务器。然而,加密后的外包数据破坏了数据间的关联性。尽管能够利用可搜索加密(SE)进行加密数据的文件检索,但不可信云服务器可能篡改、删除外包数据或利用已有搜索陷门来获取新插入文件相关信息。此外,现有单关键词搜索由于限制条件较少,导致搜索精度差,造成带宽和计算资源的浪费。为了解决以上问题,提出一种高效的、可验证的多关键词搜索加密方案。所提方案不仅能够支持多关键词搜索,也能实现搜索模式的隐私性和文件的前向安全性。此外,还能实现外包数据的完整性验证。通过严格的安全证明,所提方案在标准模型下被证明是安全的,能够抵抗不可信云服务器的离线关键词猜测攻击(KGA)。最后,通过与最近3种方案进行效率和性能比较,实验结果表明所提方案在功能和效率方面具有较好的综合性能。     

移动云服务的数据安全与隐私保护综述

移动云服务相比传统云具有移动互联、灵活终端应用和便捷数据存取等特点。然而,丰富的移动云服务应用也带来了更多的安全与隐私泄露问题。在阐述移动云服务的基本概念、应用与安全问题的基础上,给出了其安全与隐私保护体系结构,主要围绕安全协议与认证、访问控制、完整性验证、移动可信计算和基于加密、匿名、混淆的隐私保护等关键技术,分析其研究现状,论述已有技术的优势和不足,并探讨了未来的研究方向。     

一种有效率的方法用于检测云中数据的完整性(英文)

Cloud computing and storage services allow clients to move their data center and applications to centralized large data centers and thus avoid the burden of local data storage and maintenance.However,this poses new challenges related to creating secure and reliable data storage over unreliable service providers.In this study,we address the problem of ensuring the integrity of data storage in cloud computing.In particular,we consider methods for reducing the burden of generating a constant amount of metadata at the client side.By exploiting some good attributes of the bilinear group,we can devise a simple and efficient audit service for public verification of untrusted and outsourced storage,which can be important for achieving widespread deployment of cloud computing.Whereas many prior studies on ensuring remote data integrity did not consider the burden of generating verification metadata at the client side,the objective of this study is to resolve this issue.Moreover,our scheme also supports data dynamics and public verifiability.Extensive security and performance analysis shows that the proposed scheme is highly efficient and provably secure.     

Design of a Guitar Shaped UWB Antenna with Wide Band Notched Characteristics for Wireless Applications

Cloud storage is a cloud based service which delivers scalable on demand on line storage of data and eliminates the need of maintaining local data centre. Storage of data in cloud brings many advantages such as lower-cost, metered service, scalable and ubiquitous access. However, it also raises concerns to its integrity; to save the storage space cloud service provider may delete some rarely access data. Data privacy is another issue which must be addressed to increase data owner’s trust. To address above issues, many researchers have proposed public auditing schemes to validate the integrity of data using third party auditor. These schemes generate metadata using data files on the owner side and store these metadata on the cloud storage along with the file data, which helps in auditing. These schemes address many concerns which arise due to remote data storage. However, computation cost involved for metadata generation at the data owner side is not properly addressed; another issue which is not properly addressed is an iniquitous third party auditor may be the source of denial of service attack by issuing constantly large number of audit request. Our scheme solves these issues by lowering the computation cost at data owner side and controlling the number of times a third party auditor can issue an audit request to the cloud storage. Our Scheme also supports secure access of data using conditional proxy re-encryption scheme and delegation of auditing task by the authorized third party auditor to another auditor for the specified period of times in the case of unavailability of authorized third party auditor.

     

支持策略隐藏且密文长度恒定的可搜索加密方案

属性加密体制是实现云存储中数据灵活访问控制的关键技术之一,但已有的属性加密方案存在密文存储开销过大和用户隐私泄露等问题,并且不能同时支持云端数据的公开审计。为了解决这些问题,该文提出一个新的可搜索属性加密方案,其安全性可归约到q-BDHE问题和CDH问题的困难性。该方案在支持关键词搜索的基础上,实现了密文长度恒定;引入策略隐藏思想,防止攻击者获取敏感信息,确保了用户的隐私性;通过数据公开审计机制,实现了云存储中数据的完整性验证。与已有的同类方案相比较,该方案有效地降低了数据的加密开销、关键词的搜索开销、密文的存储成本与解密开销,在云存储环境中具有较好的应用前景。     

Securing Cloud Storage by Remote DataIntegrity Check with Secured Key Generation

In recent decades, a number of protocols for Remote data integrity checking (RDIC) have been proposed.Identity (ID) based RDIC protocols are constructed to guarantee cloud data integrity and data privacy. The known protocols for RDIC always assume that the Private key generator (PKG) is a trusted one, but in real-world applications by corrupt PKG, malicious Cloud server (CS) can easily cheat the third party auditor that the data owner's outsourced data are kept safe through the data has been deleted or altered. In this paper, we explore the novel model of RDIC with untrusted PKG and malicious CS, by employing the partial key method and Authentication, authorization, accounting (AAA) service. We construct a new ID-based RDIC, which provides the ID revocation and key updation. The experimental evaluations show that our scheme is more efficient than known ones.     

基于DDCT表的多副本完整性审计方案

在云存储环境下,云数据采用多副本存储已经成为一种流行的应用.针对恶意云服务提供商威胁云副本数据安全问题,提出一种基于DDCT（Dynamic Divide and Conquer Table）表的多副本完整性审计方案.首先引入DDCT表来解决数据动态操作问题,同时表中存储副本数据的块号、版本号和时间戳等信息;接下来为抵制恶意云服务商攻击,设计一种基于时间戳的副本数据签名认证算法;其次提出了包括区块头和区块体的副本区块概念,区块头存储副本数据基于时间戳识别认证的签名信息,区块体存放加密的副本数据;最后委托第三方审计机构采用基于副本时间戳的签名认证算法来审计云端多副本数据的完整性.通过安全性分析和实验对比,本方案不仅有效的防范恶意存储节点之间的攻击,而且还能防止多副本数据泄露给第三方审计机构.     

Universal privacy‐preserving platform for SecaaS services

With the rapid growth of the Security‐as‐a‐Service market, concerns about privacy in exposing customer security policies to Cloud Service Providers have become critical. To resolve these issues, several solutions have been proposed over the past few years, each for a different kind of security service. However, as the number of security services outsourced into a cloud continues to grow, the need for a unified solution has become significant. This article introduces and presents a universal privacy‐preserving platform for SecaaS services that is based on a hybrid cloud architecture for maintaining the confidentiality of the customer's security policy. It is shown that this platform can be applied to all security services whose security policies can be represented in the form of a decision tree. This includes the vast majority of existing cloud‐based security services. With the small number of computationally‐expensive operations performed in a private cloud, the solution also does not require the implementation of a performant security engine on the customer's premises, allowing full advantage to be taken of private cloud offloading. It is also shown that the platform achieves better performance results than other existing solutions of this type. These findings were confirmed by experimental results.     

A survey of mobile cloud computing: architecture,applications, and approaches

Together with an explosive growth of the mobile applications and emerging of cloud computing concept, mobile cloud computing (MCC) has been introduced to be a potential technology for mobile services. MCC integrates the cloud computing into the mobile environment and overcomes obstacles related to the performance (e.g., battery life, storage, and bandwidth), environment (e.g., heterogeneity, scalability, and availability), and security (e.g., reliability and privacy) discussed in mobile computing. This paper gives a survey of MCC, which helps general readers have an overview of the MCC including the definition, architecture, and applications. The issues, existing solutions, and approaches are presented. In addition, the future research directions of MCC are discussed. Copyright © 2011 John Wiley & Sons, Ltd.     

SRGH: A secure and robust group‐based handover AKA protocol for MTC in LTE‐A networks

Machine‐type communication (MTC) is defined as an automatic aggregation, processing, and exchange of information among intelligent devices without humans intervention. With the development of immense embedded devices, MTC is emerging as the leading communication technology for a wide range of applications and services in the Internet of Things (IoT). For achieving the reliability and to fulfill the security requirements of IoT‐based applications, researchers have proposed some group‐based handover authentication and key agreement (AKA) protocols for mass MTCDs in LTE‐A networks. However, the realization of secure handover authentication for the group of MTCDs in IoT enabled LTE‐A network is an imminent issue. Whenever mass MTCDs enter into the coverage area of target base‐station simultaneously, the protocols incur high signaling congestion. In addition, the existing group‐based handover protocols suffer from the huge network overhead and numerous identified problems such as lack of key forward/backward secrecy, privacy‐preservation. Moreover, the protocols fail to avoid the key escrow problem and vulnerable to malicious attacks. To overcome these issues, we propose a secure and robust group‐based handover (SRGH) AKA protocol for mass MTCDs in LTE‐A network. The protocol establishes the group key update mechanism with forward/backward secrecy. The formal security proof demonstrates that the protocol achieves all the security properties including session key secrecy and data integrity. Furthermore, the formal verification using the AVISPA tool shows the correctness and informal analysis discusses the resistance from various security problems. The performance evaluation illustrates that the proposed protocol obtains substantial efficiency compared with the existing group‐based handover AKA protocols.     

Identity‐and‐data privacy forward security public auditing protocol in the standard model

To ensure the intactness of the stored data in cloud, numerous data public auditing mechanisms have been presented. However, most of these existing solutions suffer from several flaws: (a) identity privacy and data privacy of data owner are inevitably revealed to the auditor in the auditing process; (b) the existing public auditing mechanisms with resisting key exposure are only proved in the random oracle model. To address the problems above, in this paper, we propose an achieving identity‐and‐data privacy public auditing protocol with forward security in the standard model by incorporating knowledge proof signature, ring signature, and forward security technique. And then, we formalize the security model of forward security and anonymity of identity, in which the adversary is allowed to query private keys of some ring members. It can provide stronger security. Thus, our proposed scheme can not only achieve data owner's identity privacy and data privacy but also provide forward security for data owner's secret key. To the best of our knowledge, it is the first preserving privacy of identity‐and‐data public auditing scheme with forward security that is provably secure in the standard model. The security of the scheme is related to the computational Diffie–Hellman (CDH) problem and the subgroup decision problem. Finally, our scheme is simulatively tested; experimental results demonstrate that our mechanism is very efficient in terms of overall performance.