A security evaluation framework for cloud security auditing

Cloud computing is clearly one of today’s most enticing technologies due to its scalable, flexible, and cost-efficient access to infrastructure and application services. Despite these benefits, cloud service users (CSUs) have serious concerns about the data security and privacy. Currently, there are several cloud service providers (CSPs) offering a wide range of services to their customers with varying levels of security strengths. Due to the vast diversity in the available cloud services, from the customer’s perspective, it has become difficult to decide which CSP they should use and what should be the selection criteria. Presently, there is no framework that can allow CSUs to evaluate CSPs based on their ability to meet the customer’s security requirements. We propose a framework and a mechanism that evaluate the security strength of CSPs based on the customer’s security preferences. We have shown the applicability of our security evaluation framework using a case study.     

Key Derivation Policy for data security and data integrity in cloud computing

Cloud computing is currently emerging as a promising next-generation architecture in the Information Technology (IT) industry and education sector. The encoding process of state information from the data and protection are governed by the organizational access control policies. An encryption technique protects the data confidentiality from the unauthorized access leads to the development of fine-grained access control policies with user attributes. The Attribute-Based Encryption (ABE) verifies the intersection of attributes to the multiple sets. The handling of adding or revoking the users is difficult with respect to changes in policies. The inclusion of multiple encrypted copies for the same key raised the computational cost. This paper proposes an efficient Key Derivation Policy (KDP) for improvement of data security and integrity in the cloud and overcomes the problems in traditional methods. The local key generation process in proposed method includes the data attributes. The secret key is generated from the combination of local keys with the user attribute by a hash function. The original text is recovered from the ciphertext by the decryption process. The key sharing between data owner and user validates the data integrity referred MAC verification process. The proposed efficient KDP with MAC verification analyze the security issues and compared with the Cipher Text–Attribute-Based Encryption (CP-ABE) schemes on the performance parameters of encryption time, computational overhead and the average lifetime of key generation. The major advantage of proposed approach is the updating of public information and easy handling of adding/revoking of users in the cloud.     

图书馆云存储数据安全性问题研究

云存储是在云计算上延伸的一个新的概念,主要是为用户提供数据存储服务.在分析图书馆云存储系统中数据安全隐患的基础上,提出了系统对数据的完整性、保密性和可用性的目标.针对图书馆信息传输过程中的动态数据安全、服务器上的静态数据安全、残留数据的清除和数据恢复等问题,分析了身份访问控制、数据加密存储、数据完整性校验和数据销毁/恢复等安全解决方案.     

云存储服务中支持动态数据完整性检测方法

在云存储服务中,为了让用户可以验证存储在云存储服务器上数据的完整性,提出一种支持动态更新和公开验证的云存储数据完整性检测方法.通过引入双线性对和用户随机选择待检测数据块可以无限次验证数据完整性是否完好无损;可信第三方的引入解决了云用户与云存储供应商在数据完整性问题上产生的纠纷,实现数据完整性的公开验证;然后给出该方法的正确性、安全性以及性能分析,最后通过实验验证了该方法是高效可行的.     

Data access control method for multimedia content data sharing and security based on XMDR-DAI in mobile cloud storage

Multimedia Tools and Applications - Mobile cloud storage service is used for users’ multimedia content data sharing or synchronization in effective way with several mobile devices. To save...     

Efficient integrity verification of replicated data in cloud using homomorphic encryption

The cloud computing is an emerging model in which computing infrastructure resources are provided as a service over the internet. Data owners can outsource their data by remotely storing them in the cloud and enjoy on-demand high quality services from a shared pool of configurable computing resources. However, since data owners and the cloud servers are not in the same trusted domain, the outsourced data may be at risk as the cloud server may no longer be fully trusted. Therefore, data confidentiality, availability and integrity is of critical importance in such a scenario. The data owner encrypts data before storing it on the cloud to ensure data confidentiality. Cloud should let the owners or a trusted third party to check for the integrity of their data storage without demanding a local copy of the data. Owners often replicate their data on the cloud servers across multiple data centers to provide a higher level of scalability, availability, and durability. When the data owners ask the cloud service provider (CSP) to replicate data, they are charged a higher storage fee by the CSP. Therefore, the data owners need to be strongly convinced that the CSP is storing data copies agreed on in the service level contract, and data-updates have been correctly executed on all the remotely stored copies. To deal with such problems, previous multi copy verification schemes either focused on static files or incurred huge update costs in a dynamic file scenario. In this paper, we propose a dynamic multi-replica provable data possession scheme (DMR-PDP) that while maintaining data confidentiality prevents the CSP from cheating, by maintaining fewer copies than paid for and/or tampering data. In addition, we also extend the scheme to support a basic file versioning system where only the difference between the original file and the updated file is propagated rather than the propagation of operations for privacy reasons. DMR-PDP also supports efficient dynamic operations like block modification, insertion and deletion on replicas over the cloud servers. Through security analysis and experimental results, we demonstrate that the proposed scheme is secure and performs better than some other related ideas published recently.     

Identity-based public data integrity verification scheme in cloud storage system via blockchain

The Journal of Supercomputing - Almost all existing data integrity verification schemes upload outsourced files and tags set to the CSP simultaneously. Thus, in this paper, we provide a novel idea...     

Enhancing cloud storage security against a new replay attack with an efficient public auditing scheme

The Journal of Supercomputing - The cloud storage service becomes a popular tendency based on the cloud computing, which can solve user’s storage bottleneck problem. Data security problems...     

云存储中利用TPA的数据隐私保护公共审计方案

针对云存储中用户数据完整性和私密性易受破坏的问题,提出了一种能够保证云数据完整性和私密性的高效方法。首先定义了隐私保护公共审计算法,然后采用第三方审计方法为用户进行数据审计,最后在随机oracle模型上验证了方案具有较高的安全性和隐私性。计算开销分析表明,相比其他审计方案,所提出方案在服务计算方面更加高效。     

Secure and efficient privacy-preserving public auditing scheme for cloud storage

Cloud computing poses many challenges on integrity and privacy of users’ data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.     

BSS: block-based sharing scheme for secure data storage services in mobile cloud environment

For the last few years, academia and research organizations are continuously investigating and resolving the security and privacy issues of mobile cloud computing environment. The additional consideration in designing security services for mobile cloud computing environment should be the resource-constrained mobile devices. The execution of computationally intensive security services on mobile device consumes battery’s charging quickly. In this regard, the study presents a novel energy-efficient block-based sharing scheme that provides confidentiality and integrity services for mobile users in the cloud environment. The block-based sharing scheme is compared with the existing schemes on the basis of energy consumption, CPU utilization, memory utilization, encryption time, decryption time, and turnaround time. The experimental results show that the block-based sharing scheme consumes less energy, reduces the resources utilization, improves response time, and provides better security services to the mobile users in the presence of fully untrusted cloud server(s) as compared to the existing security schemes.     

Improved security of a dynamic remote data possession checking protocol for cloud storage

Cloud storage offers the users with high quality and on-demand data storage services and frees them from the burden of maintenance. However, the cloud servers are not fully trusted. Whether the data stored on cloud are intact or not becomes a major concern of the users. Recently, Chen et al. proposed a remote data possession checking protocol to address this issue. One distinctive feature of their protocol support data dynamics, meaning that users are allowed to modify, insert and delete their outsourced data without the need to re-run the whole protocol. Unfortunately, in this paper, we find that this protocol fails to achieve its purpose since it is vulnerable to forgery attack and replace attack launched by a malicious server. Specifically, we show how a malicious cloud server can deceive the user to believe that the entire file is well-maintained by using the meta-data related to the file alone, or with only part of the file and its meta-data. Then, we propose an improved protocol to fix the security flaws and formally proved that our proposal is secure under a well-known security model. In addition, our improvement keeps all the desirable features of the original protocol.     

云环境中数据存储的安全机制研究

本文针对因网络的广泛应用而产生的数据存储的安全问题,在云计算技术的基础上,从数据及身份的保密性、完整性保护和用户身份及操作的隐私保护两个方面归纳出了在云环境下数据存储的安全机制,并总结了其安全问题的解决方法。     

Privacy-preserving public auditing for educational multimedia data in cloud computing

Nowadays, as distance learning is being widly used, multimedia data becomes an effective way for delivering educational contents in online educational systems. To handle the educational multimedia data efficiently, many distance learning systems adopt a cloud storage service. Cloud computing and storage services provide a secure and reliable access to the outsourced educational multimedia contents for users. However, it brings challenging security issues in terms of data confidentiality and integrity. The straightforward way for the integrity check is to make the user download the entire data for verifying them. But, it is inefficient due to the large size of educational multimedia data in the cloud. Recently many integrity auditing protocols have been proposed, but most of them do not consider the data privacy for the cloud service provider. Additionally, the previous schemes suffer from dynamic management of outsourced data. In this paper, we propose a public auditing protocol for educational multimedia data outsourced in the cloud storage. By using random values and a homomorphic hash function, our proposed protocol ensures data privacy for the cloud and the third party auditor (TPA). Also, it is secure against lose attack and temper attack. Moreover, our protocol is able to support fully dynamic auditing. Security and performance analysis results show that the proposed scheme is secure while guaranteeing minimum extra computation costs.     

面向云存储的非结构化数据存储研究

云存储是网格、并行和分布式计算等众多技术发展和延伸,云存储实现了存储的完全虚拟化,提供更强大的存储及共享功能[1].非机构化数据包括文本、图像、音频、视频、PDF、电子表格等.非结构化数据的存储通常有两种方式,一种是使用文件系统以文件的方式存储,将文件的路径或者链接存储在关系型数据库表中;另一种是将这些数据存储在传统的数据库表的大对象字段中.文章主要研究非结构化数据的存储方式,结合非结构化数据的特点,云存储的优势以及MongoDB的数据存储特性,提出非结构化数据云存储的必要性.     

BB-tree based secure and dynamic public auditing convergence for cloud storage

Cloud computing is a current phrase in marketing for an idea which has been recognized for years: Outsourcing. Cloud computing provides a large amount of gratuities for each customer and enterprise agency. “Cloud model” is a more of a notion in which the data are hosted online and accessed in a time-anywhere manner, on a pay-per-use model. However, the users may not fully trust the cloud service providers (CSPs) in that environment. So, it is hard to decide whether the CSP meet their expectations to provide the proper secrecy to shared data. Moreover, in the environment of outsourcing, users have no longer control and ownership of data which may cause serious major issues related to data integrity. Previously, many researchers have committed themselves to draft auditing protocols for attaining proper public verification schemes through third-party auditor (TPA). On the other hand, these schemes may leak identity or data value to the third-party auditor. Therefore, to deal with these problems, we introduce an efficient public auditing protocol by constructing binary binomial tree (BBT)-like data structure with Boneh–Lynn–Shacham signature-based Homomorphic Verifiable Authenticator (BLS-HVA). This model also consists an index hash table (IHT), situated at TPA to record the information about the data block’s properties for auditing procedure. This model supports sampling blockless verification, batch auditing, and dynamic updating operations. Moreover, with such novel dynamic data structure, the proposed model guarantees that user’s group can easily trace any type of data changes through the designated BBT. Along with this, the users can also easily recover the accurate data blocks whenever the current data blocks are corrupted. The experimental results demonstrate that the proposed auditing model efficiently attains secure auditing for the cloud environment and outperforms the existing models in terms of communication and computation overhead.

     

移动网络中心云计算存储数据访问安全自动监测系统设计

为了提高移动网络中心云计算存储数据访问和安全监测能力,提出一种基于深度学习和交叉编译控制的移动网络中心云计算存储数据访问安全自动监测系统设计方法。采用混合属性数据模糊加权聚类方法进行移动网络中心云计算存储数据的优化访问控制模型设计,根据云计算存储数据之间的属性相似度进行离散化数值属性分解,提取移动网络中心云计算存储数据的混合属性特征量,根据最小化云存储数据访问成本为代价进行移动网络中心云计算存储数据访问的安全监测。结合深度学习方法进行数据访问的自适应控制,在交叉编译环境下实现云计算存储数据访问安全自动监测系统开发设计。测试结果表明,采用该方法进行移动网络中心云计算存储数据访问的安全性较好,自动化控制能力较强。     

Data error locations reported by public auditing in cloud storage service

Public auditing is an important issue in cloud storage service because a cloud service provider may try to hide management mistakes and system errors from users or even steal or tamper with a user’s data for monetary reasons. Without the protection of a proper auditing mechanism, cloud users would have to run high risks of having their legal rights and interests spoiled without their knowledge. Therefore, many data integrity, assurance, and correctness schemes have been proposed for data auditing. Most of these schemes work by randomly sampling and aggregating signatures from bilinear maps (for more efficiency) to check whether the cloud storage service is honest and whether the data stored in the cloud is correct. Although aggregating signatures can reduce the auditor’s computing overhead and time, unfortunately, none of these schemes have offered any workable solution to giving detailed information on where the errors are when the cloud data as a whole fails the auditing. To fix this problem, we shall propose a new public auditing scheme with a mechanism integrated into it especially to locate the problematic data blocks when they exist. With efficiency, the proposed scheme is capable not only of giving an accurate pass/fail report but also providing detailed information on the locations of the errors detected.