Towards Developing Privacy-Preserved Data Security Approach (PP-DSA) in Cloud Computing Environment

In the present scenario of rapid growth in cloud computing models, several companies and users started to share their data on cloud servers. However, when the model is not completely trusted, the data owners face several security-related problems, such as user privacy breaches, data disclosure, data corruption, and so on, during the process of data outsourcing. For addressing and handling the security-related issues on Cloud, several models were proposed. With that concern, this paper develops a Privacy-Preserved Data Security Approach (PP-DSA) to provide the data security and data integrity for the outsourcing data in Cloud Environment. Privacy preservation is ensured in this work with the Efficient Authentication Technique (EAT) using the Group Signature method that is applied with Third-Party Auditor (TPA). The role of the auditor is to secure the data and guarantee shared data integrity. Additionally, the Cloud Service Provider (CSP) and Data User (DU) can also be the attackers that are to be handled with the EAT. Here, the major objective of the work is to enhance cloud security and thereby, increase Quality of Service (QoS). The results are evaluated based on the model effectiveness, security, and reliability and show that the proposed model provides better results than existing works.     

Ciphertext-policy attribute-based encryption supporting policy-hiding and cloud auditing in smart health

Smart Health, with its flexibility and efficiency, has been widely deployed, especially during the COVID-19 pandemic. However, privacy protection mechanisms for Smart Health are not yet well established and still present a number of security issues. Ciphertext-Policy Attribute-Based Encryption (CP-ABE), is identified as the furthest potential approach for constructing privacy-preserving Smart Health. However, traditional CP-ABE is facing some new challenges. On the one hand, access policy is not encrypted, and the identity information of the user could be exposed. On the other hand, Smart Health Records (SHRs) are outsourced to the Cloud Service Providers (CSP) and may be at risk of being tampered with. In this article, we have built a CP-ABE solution (PHCA) that supports policy-hiding and cloud auditing to ensure privacy security for smart health, in which the decryption cost is constant. To ensure data integrity, we securely introduce an effective third-party auditor. In addition, we design and implement safe and effective outsourcing decryption algorithms, which significantly low the decryption costs for users. Performance comparisons and security analysis demonstrate that our solutions function effectively.     

A privacy-preserving multi-keyword ranked retrieval scheme in cloud computing

ABSTRACT

Big data and cloud computing could bring security problems. In order to ensure data security and user privacy, people would choose to store data in the cloud with ciphertext. How to search data efficiently and comprehensively without decryption has become the focus of this paper. In this paper, we propose an efficient privacy protection scheme. In this scheme, Elliptic Curve Cryptography (ECC) is adopted to encrypt the data. It can reduce the computing cost of encryption and decryption uploading the encrypted files and indexes to the cloud server. Then it can authorize users to generate trap door using hash conflict function, and send it to Cloud Service Provider (CSP) for searching for matched ciphertext. The CSP uses the Apriori algorithm to extend keywords and search index to match the ciphertext. In this paper, we will use the Apriori algorithm to extend the keywords’ semantics, match the index list based on these keywords, and return the requested file-set which is more consistent with the user’s search. Experiments show that compared with traditional methods, files can be encrypted, decrypted, and recovered more quickly when we use this method. It can also ensure the privacy of data and reduce the communication overhead.     

一种改进的基于身份广播代理重加密云存储方案

存储安全是公共云应用诸多安全问题中最关键的问题之一,对云服务的快速发展有着重大影响。结合身份加密、代理重加密以及广播加密的特点,提出了一种新的云存储方案。该方案通过条件控制,实现了用户对远程密文数据代理重加密过程中的细粒度访问控制;基于身份加密,利用用户的身份属性作为公钥,减少了证书验证过程;结合广播的思想,以用户集合为单位进行加密,减少系统的计算消耗。实验表明,文章提出的方案可以实现密文数据云存储和共享,主要函数的时间开销合理,能够保证大规模用户接入时系统高效。     

MidCloud: an agent‐based middleware for effective utilization of replicated Cloud services

The Cloud relies heavily on resource replication to support the demands of the clients efficiently. Replicated Cloud services are distributed across large geographic areas and are accessible via the Internet. This paper describes MidCloud; an agent‐based middleware that provides Cloud clients with dynamic load balancing and fault tolerance mechanisms for effective utilization of replicated Cloud services and resources. MidCloud can be used to connect clients with multiple replicated Cloud services and provide fast and reliable service delivery from multiple replicas. Several approaches for load balancing and fault tolerance in distributed systems were introduced; however, they require prior knowledge of the environment's operating conditions and/or constant monitoring of these conditions at run time that allows the applications to adjust the load and redistribute the tasks when operational conditions change and when failures occur. These techniques work well when there is no high communication delay. Yet, this is not true in the Cloud, where data storage and computation servers are scattered all over the world and communication delays are usually very high. MidCloud deploys approaches to reduce the negative impact of high and dynamic delays on the Cloud servers and the Internet. The experimental results show the positive effects of using MidCloud to provide efficient load balancing and fault tolerance. Copyright © 2013 John Wiley & Sons, Ltd.     

Security and Control in the Cloud

ABSTRACT

Cloud computing is a new IT delivery paradigm that offers computing resources as on-demand services over the Internet. Like all forms of outsourcing, cloud computing raises serious concerns about the security of the data assets that are outsourced to providers of cloud services. To address these security concerns, we show how today's generation of information security management systems (ISMSs), as specified in the ISO/IEC 27001:2005, must be extended to address the transfer of security controls into cloud environments. The resulting virtual ISMS is a standards-compliant management approach for developing a sound control environment while supporting the various modalities of cloud computing.

This article addresses chief security and/or information officers of cloud client and cloud provider organizations. Cloud clients will benefit from our exposition of how to manage risk when corporate assets are outsourced to cloud providers. Providers of cloud services will learn what processes and controls they can offer in order to provide superior security that differentiates their offerings in the market.     

基于加密数据的位置感知隐私保护模型

针对移动互联网基于位置的服务（LBS）的隐私安全问题,在对已有模型分析研究的基础上,提出了基于加密数据的位置感知隐私安全模型。通过第三方可信服务器对数据库进行加密,实现了服务和隐私之间的平衡。同时采用自主访问控制(DAC)策略,用户可以按照自己的意愿,在保证自己隐私的同时有选择地与其他用户共享数据。最后提出了一种改进的保序加密算法,通过数据转换、桶划分以及线性映射实现了高效的位置感知查询。实验分析表明,该模型实现了位置数据的加密查询和以用户为中心的访问控制策略,改进的算法具有更高的效率。     

A novel trusted third party based signcryption scheme

To prevent man-in-the-middle attack, Diffie-Hellman first proposed the concept of the session key exchange protocol, in which the author remove the long term keying material at the end of the session. In our scheme, we apply the session key concept of Diffie-Hellman for cloud computing in the presence of the Trusted Third Party (TTP). Our proposed scheme provides SEVEN security properties by using the session key exchange protocols as symmetric. In our scheme, TTP becomes free from a burden of activities, like to encrypt the requests (R_i) of the Cloud Service Users (CSUs) and to decrypt the services (S_i) of the Cloud Service Providers (CSPs) again and again. By using S Performance (EP) for Elliptic Curve Point Multiplication (ECPM), Hash (H), Inversion (Inv), Exclusive oR (XoR), Encryption (Enc), and Decryption (Dec) is (87.5%, 62.5%, 57.14%), (87.5% and 75%), (75%), (97.82% and ≤?1%), (92.85%) and (50%) respectively. The security requirements of our scheme are; data integrity, data confidentiality, authenticity, non-repudiation, forward secrecy, unforgeability, and untraceability. Our proposed scheme also outperformed performance in terms of flexibility, reliability, and efficiency as compared to existing schemes.

     

基于图像秘密共享的密文域可逆信息隐藏算法

针对当前密文域可逆信息隐藏算法嵌入秘密信息后的携密密文图像的容错性与抗灾性不强,一旦遭受攻击或损坏就无法重构原始图像与提取秘密信息的问题,提出了一种基于图像秘密共享的密文域可逆信息隐藏算法,并分析了该算法在云环境下的应用场景。首先,将加密图像分割成大小相同的n份不同携密密文图像。然后,在分割的过程中将拉格朗日插值多项式中的随机量作为冗余信息,并建立秘密信息与多项式各项系数间的映射关系。最后,通过修改加密过程的内置参数,实现秘密信息的可逆嵌入。当收集k份携密密文图像时,可无损地恢复原始图像与提取秘密信息。实验结果表明,所提算法具有计算复杂度低、嵌入容量大和完全可逆等特点。在（3,4）门限方案中,所提算法的最大嵌入率可达4 bpp;在（4,4）门限方案中,其最大嵌入率可达6 bpp。所提算法充分发挥了秘密共享方案的容灾特性,在不降低秘密共享安全性的基础上,增强了携密密文图像的容错性与抗灾性,提高了算法的嵌入容量与云环境应用场景下的容灾能力,保证了载体图像与秘密信息的安全。     

A computational model for ranking cloud service providers using hypergraph based techniques

In a cloud marketplace, the existence of wide range of Cloud Service Providers (CSPs) makes it hard for the Cloud Users (CUs) to find an appropriate CSP based on their requirements. The design of a suitable service selection framework helps the users in the selection of a suitable CSP, while motivating the CSPs to satisfy the assured Service Level Agreement (SLA) and enhance the Quality of Service (QoS). Existing service selection models employ random assignment of weights to the QoS attributes, replacement of missing data by random values, etc. which results in an inaccurate ranking of the CSPs. Moreover, these models have high computational overhead. In this study, a novel cloud service selection architecture, Hypergraph based Computational Model (HGCM) and Minimum Distance-Helly Property (MDHP) algorithm have been proposed for ranking the cloud service providers. Helly property of the hypergraph had been used to assign weights to the attributes and reduce the complexity of the ranking model, while arithmetic residue and Expectation–Maximization (EM) algorithms were used to impute missing values. Experimental results provided by MDHP under different case studies (dataset used by various research communities and synthetic dataset) confirms the ranking algorithm to be scalable and computationally attractive.     

ARMCO: Advanced topics in resource management for ubiquitous cloud computing: An adaptive approach

Cloud Computing can be seen as one of the latest major evolution in computing offering unlimited possibility to use ICT in various domains: business, smart cities, medicine, environmental computing, mobile systems, design and implementation of cyber-infrastructures. The recent expansion of Cloud Systems has led to adapting resource management solutions for large number of wide distributed and heterogeneous datacenters. The adaptive methods used in this context are oriented on: self-stabilizing, self-organizing and autonomic systems; dynamic, adaptive and machine learning based distributed algorithms; fault tolerance, reliability, availability of distributed systems. The pay-per-use economic model of Cloud Computing comes with a new challenge: maximizing the profit for service providers, minimizing the total cost for customers and being friendly with the environment.This special issue presents advances in virtual machine assignment and placement, multi-objective and multi-constraints job scheduling, resource management in federated Clouds and in heterogeneous environments, dynamic topology for data distribution, workflow performance improvement, energy efficiency techniques and assurance of Service Level Agreements.     

A novel approach to manage cloud security SLA incidents

Cloud computing is increasingly playing an important role in the service provisioning domain given the economic and technological benefits it offers. The popularity of cloud services is increasing but so are their customers’ concerns about security assurance and transparency of the Cloud Service Providers (CSPs). This is especially relevant in the case of critical services that are progressively moving to the cloud. Examples include the integrated European air traffic control system or public administrations through the governmental clouds. Recent efforts aim to specify security in cloud by using security service level agreements (secSLAs). However, the paucity of approaches to actually control the fulfillment of secSLAs and to react in case of security breaches, often results in distrust in cloud services. In this paper, we present a solution to monitor and enforce the fulfillment of secSLAs. Our framework is able to (a) detect occurrences that lead to unfulfillment of commitments, and (b) also provide mitigation to the harmful events that may or do compromise the validity of secSLAs.     

Private Clouds: Secure Managed Services

ABSTRACT

The continuously evolving state of information technology and network infrastructure has created a thriving market for Managed Services (MS). More and more public sector and private companies operate in mixed-mode with internally deployed but externally hosted IT applications and resources. As a result, Managed Service Providers (MSPs) are assuming operational IT responsibility for the enterprise while the customer maintains management oversight. While this MS business model has many advantages, information security remains an inherent weakness. This has lead to the adoption of Private Clouds.     

Fast and secured cloud assisted recovery scheme for compressively sensed signals using new chaotic system

With recent advancement in Sensors technology, multimedia data has been exponentially generated every day. As a result, there is always a huge demand for fast data processing and storage. In order to effectively acquire and process such a huge amount of data, the concept of compressive sensing (CS) as well as the abundant computing and storage resources of cloud have been increasingly used nowadays. In this paper, we propose a novel secured cloud assisted recovery scheme for compressively sensed signals using a proposed new chaotic map that has wider chaotic range and better attributes when compared to existing maps. With pseudo randomness and unpredictability of the chaotic sequence, generated using the proposed chaotic map, sensing matrix for CS problem and the encryption algorithm are designed. The proposed system ensures that the data owners securely outsource the compressively sensed samples to cloud which occupies less storage. Data users then insist cloud to perform the complex reconstruction problem in an encrypted domain with substantial computational cost being shifted to cloud. Cloud performs the expensive reconstruction problem and provides the reconstructed signal in encrypted form which is later decrypted by the data users. Cloud thus gets no knowledge about the original underlying data samples ensuring privacy of the proposed system. Empirical analysis on the proposed system shows satisfactory compression and security performance on both one dimensional and two dimensional data. The simulation results prove the efficiency of the proposed cloud assisted scheme.     

分布式云灾备平台搭建及性能分析

云存储服务,作为云计算的衍生产物,目的是为网络海量数据的存储提供有效的解决方案,节约存储成本和系统资源,提供一个完善的备份、容灾的数据中心,并能够保证数据安全性、容错性.现阶段云灾备模型局限于有限的网络位置,使用虚拟化技术,依托本地服务器实现,与传统云灾备模型不同,介绍了一种基于DHT的云灾备模型,可适用于广域网的、普适的数据级灾备解决方案;最后,在本地云计算集群中对该方案进行模拟,验证该模型的可行性.     

基于微服务的分布式数据安全整合应用系统

针对分布式数据安全整合应用中数据整合操作繁琐,实时性不足,数据应用共享困难的问题,设计并实现了基于微服务的分布式数据安全整合应用系统,包含有两个子系统：数据整合子系统与数据安全应用子系统。系统基于Spring Cloud微服务架构设计,服务模块功能单一,边界明确,服务之间相互解耦,便于便捷开发,快速部署,可扩展性强,拥有强大的负载均衡策略与容错机制。数据整合子系统中提出了一种轻量级的数据整合方案,可以进行可视化的数据便捷整合,具有较好的灵活性与实时性;数据安全应用子系统中通过数据分级与用户角色划分,实现了用户对数据的安全访问控制,同时,采用证书链模型,使用数据证书来认证用户身份,有效地解决了用户角色的管理问题与网络信任问题。     

Secure query processing against encrypted XML data using Query-Aware Decryption

Dissemination of XML data on the internet could breach the privacy of data providers unless access to the disseminated XML data is carefully controlled. Recently, the methods using encryption have been proposed for such access control. However, in these methods, the performance of processing queries has not been addressed. A query processor cannot identify the contents of encrypted XML data unless the data are decrypted. This limitation incurs overhead of decrypting the parts of the XML data that would not contribute to the query result. In this paper, we propose the notion of Query-Aware Decryption for efficient processing of queries against encrypted XML data. Query-Aware Decryption allows us to decrypt only those parts that would contribute to the query result. For this purpose, we disseminate an encrypted XML index along with the encrypted XML data. This index, when decrypted, informs us where the query results are located in the encrypted XML data, thus preventing unnecessary decryption for other parts of the data. Since the size of this index is much smaller than that of the encrypted XML data, the cost of decrypting this index is negligible compared with that for unnecessary decryption of the data itself. The experimental results show that our method improves the performance of query processing by up to six times compared with those of existing methods. Finally, we formally prove that dissemination of the encrypted XML index does not compromise security.     

Analyzing Hadoop power consumption and impact on application QoS

Energy efficiency is often identified as one of the key reasons for migrating to Cloud environments. It is stated that a data center hosting the Cloud environment is likely to achieve greater energy efficiency (at a reduced cost) compared to a local deployment. With increasing energy prices, it is also estimated that a large percentage of operational costs within a Cloud environment can be attributed to energy. In this work, we investigate and measure energy consumption of a number of virtual machines running the Hadoop system, over an OpenNebula Cloud. Our workload is based on sentiment analysis undertaken over Twitter messages. Our objective is to understand the tradeoff between energy efficiency and performance for such a workload. From our results we generalize and speculate on how such an analysis could be used as a basis to establish a Service Level Agreement (SLA) with a Cloud provider—especially where there is likely to be a high level of variability (both in performance and energy use) over multiple runs of the same application (at different times). Among the service level objectives that might be included in a SLA, Quality of Service (QoS) related metrics (i.e., latency) are one of the most challenging to support. This work provides some insight on the relationship between power consumption and QoS related metrics, describing how a combined consideration of these two metrics could be supported for a particular workload.     

Taking back control of privacy: a novel framework for preserving cloud-based firewall policy confidentiality

As the cloud computing paradigm evolves, new types of cloud-based services have become available, including security services. Some of the most important and most commonly adopted security services are firewall services. These cannot be easily deployed in a cloud, however, because of a lack of mechanisms preserving firewall policy confidentiality. Even if they were provided, the customer traffic flowing through the Cloud Service Provider infrastructure would still be exposed to eavesdropping and information gaining by performing analysis. To bypass these issues, the following article introduces a novel framework, known as the Ladon Hybrid Cloud, for preserving cloud-based firewall policy confidentiality. It is shown that in this framework, a high level of privacy is provided thanks to leveraging an anonymized firewall approach and a hybrid cloud model. A number of optimization techniques, which help to further improve the Ladon Hybrid Cloud privacy level, are also introduced. Finally, analysis performed on the framework shows that it is possible to find a trade-off between the Ladon Hybrid Cloud privacy level, its congestion probability, and efficiency. This argument has been demonstrated through the results of conducted experiments.     

A secure re‐encryption scheme for data services in a cloud computing environment

Cloud computing as a promising technology and paradigm can provide various data services, such as data sharing and distribution, which allows users to derive benefits without the need for deep knowledge about them. However, the popular cloud data services also bring forth many new data security and privacy challenges. Cloud service provider untrusted, outsourced data security, hence collusion attacks from cloud service providers and data users become extremely challenging issues. To resolve these issues, we design the basic parts of secure re‐encryption scheme for data services in a cloud computing environment, and further propose an efficient and secure re‐encryption algorithm based on the EIGamal algorithm, to satisfy basic security requirements. The proposed scheme not only makes full use of the powerful processing ability of cloud computing but also can effectively ensure cloud data security. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security model. Copyright © 2015 John Wiley & Sons, Ltd.