Enhance Data Security Protection for Data Sharing in Cloud Storage System

Cloud computing technology can be used in all types of organizations. There are many benefits to use cloud storage. The most notable is data accessibility. Data stored in the cloud can be accessed at any time any place. Another advantage of cloud storage is data sharing between users. By sharing storage and networks with many users it is also possible for unauthorized users to access our data. To provide confidentiality of shared sensitive data, the cryptographic techniques are applied. So protect the data from unauthorized users, the cryptographic key is main challenge. In this method a data protection for cloud storage 1) The key is protected by two factors: Secret key is stored in the computer and personal security device 2) The key can be revoked efficiently by implementing proxy re-encryption and key separation techniques. 3) The data is protected in a fine grained way by adopting the attribute based encryption technique. So our proposed method provides confidentiality on data

Finding the Optimal Value for Threshold Cryptography on Cloud Computing

The objective of using threshold cryptography on cloud environment is to protect the keys, which are the most important elements in cryptographic systems. Threshold cryptography works by dividing the private key to a number of shares, according to the number of virtual machines, then distributing them each share to each virtual machine. In order to generate the key back, not all the shares are needed. Howerver, the problem is that there has been no research attemping to find a suitable threshold value for key reconstruction. Therefore, this paper presented a guildline designed and implemented that can assist to choose such value. The experiment was setup using CloudSim to simulate cloud environment and collecting time taken in key distribution and key reconstruction process to achieve the optimal threshold value

A HYBRIDIZED ENCRYPTION SCHEME BASED ON ELLIPTIC CURVE CRYPTOGRAPHY FOR SECURING DATA IN SMART HEALTHCARE

Recent developments in smart healthcare have brought us a great deal of convenience. Connecting common objects to the Internet is made possible by the Internet of Things (IoT). These connected gadgets have sensors and actuators for data collection and transfer. However, if users' private health information is compromised or exposed, it will seriously harm their privacy and may endanger their lives. In order to encrypt data and establish perfectly alright access control for such sensitive information, attribute-based encryption (ABE) has typically been used. Traditional ABE, however, has a high processing overhead. As a result, an effective security system algorithm based on ABE and Fully Homomorphic Encryption (FHE) is developed to protect health-related data. ABE is a workable option for one-to-many communication and perfectly alright access management of encrypting data in a cloud environment. Without needing to decode the encrypted data, cloud servers can use the FHE algorithm to take valid actions on it. Because of its potential to provide excellent security with a tiny key size, elliptic curve cryptography (ECC) algorithm is also used. As a result, when compared to related existing methods in the literature, the suggested hybridized algorithm (ABE-FHE-ECC) has reduced computation and storage overheads. A comprehensive safety evidence clearly shows that the suggested method is protected by the Decisional Bilinear Diffie-Hellman postulate. The experimental results demonstrate that this system is more effective for devices with limited resources than the conventional ABE when the system’s performance is assessed by utilizing standard model

Data Auditing and Security in Cloud Computing: Issues, Challenges and Future Directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discussed

Data auditing and security in cloud computing: issues, challenges and future directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discusse

Fast and Secure Updatable Encryption

Updatable encryption allows a client to outsource ciphertexts to some untrusted server and periodically rotate the encryption key. The server can update ciphertexts from an old key to a new key with the help of an update token, received from the client, which should not reveal anything about keys or plaintexts to an adversary. We provide a new and highly efficient suite of updatable encryption schemes that we collectively call SHINE. In the variant designed for short messages, ciphertext generation consists of applying one permutation and one exponentiation (per message block), while updating ciphertexts requires just one exponentiation. Variants for longer messages provide much stronger security guarantees than prior work that has comparable efficiency. We present a new confidentiality notion for updatable encryption schemes that implies prior notions. We prove that SHINE is secure under our new confidentiality definition while also providing ciphertext integrity

Efficient Ciphertext-policy Attribute Based Encryption for Cloud-Based Access Control

Outsourcing data to some cloud servers enables a massive, flexible usage of cloud computing resources and it is typically held by different organizations and data owners. However, various security concerns have been raised due to hosting sensitive data on an untrusted cloud environment, and the control over such data by their owners is lost after uploading to the cloud. Access control is the first defensive line that forbids unauthorized access to the stored data. Moreover, fine-grained access control on the untrusted cloud can be enforced using advanced cryptographic mechanisms. Some schemes have been proposed to deliver such access control using Ciphertext-policy attribute based encryption (CP-ABE) that can enforce data owners’ access policies to achieve such cryptographic access control and tackle the majority of those concerns. However, some challenges are still outstanding due to the complexity of frequently changing the cryptographic enforcements of the owners’ access policies in the hosted cloud data files, which poses computational and communicational overheads to data owners. These challenges are: 1) making dynamic decisions to grant access rights to the cloud resources, 2) solving the issue of the revocation process that is considered as a performance killer, and 3) building a collusion resistant system. The aim of our work is to construct an access control scheme that provides secure storing and sharing sensitive data on the cloud and suits limited-resources devices. In this thesis, we analyse some of the existing, related issues and propose a scheme that extends the relevant existing techniques to resolve the inherent problems in CP-ABE without incurring heavy computation overhead. In particular, most existing revocation techniques require re-issuing many private keys for all non-revoked users as well as re-encrypting the related ciphertexts. Our proposed scheme offers a solution to perform a novel technique that dynamically changes the access privileges of legitimate users. The scheme drives the access privileges in a specific way by updating the access policy and activating a user revocation property. Our technique assigns processing-intensive tasks to cloud servers without any information leakage to reduce the computation cost on resource-limited computing devices. Our analytical theoretical and experimental findings and comparisons of our work with related existing systems indicate that our scheme is efficient, secure and more practical compared to the current related systems, particularly in terms of policy updating and ciphertext re-encryption. Therefore, our proposed scheme is suited to Internet of Things (IoT) applications that need a practical, secure access control scheme. Moreover, to achieve secure, public cloud storage and minimise the limitations of CP-ABE which mainly supports storing data only on a private cloud storage system managed by only one single authority, our proposed access control scheme is extended to a secure, critical access control scheme with multiple authorities. This scheme ought to be carefully designed to achieve fine-grained access control and support outsourced-data confidentiality. In addition, most existing multi-authority access control schemes do not properly consider the revocation issue due to the difficulty of addressing it in distributed settings. Therefore, building a multi-authority CP-ABE scheme along with addressing changes to policy attributes and users, have motivated many researchers to develop more suitable schemes with limited success. By leveraging the existing work, in this thesis, we propose a second CP-ABE scheme that tackles most of the existing work’s limitations and allows storing data securely on a public cloud storage system by employing multiple authorities which manage a joint set of attributes. Furthermore, the proposed scheme efficiently maintains the revocation by adapting the two techniques used in the first proposed single authority access control scheme to allow dynamic policy update and invalidate a revoked user’s secret key that eliminates collusion attacks. In terms of computation overhead, the proposed multi-authority scheme outsources expensive operations of encryption and decryption to a cloud server to mitigate the burden on a data owner and data users, respectively. Our scheme analysis and the theoretical and implemented results demonstrate that our scheme is scalable and efficient

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

Identity-Based Key Aggregate Cryptosystem from Multilinear Maps

The key-aggregate cryptosystem~(KAC) proposed by Chu et al. in 2014 offers a solution to the flexible access delegation problem in shared data environments such as the cloud. KAC allows a data owner, owning $N$ classes of encrypted data, to securely grant access to any subset $S$ of these data classes among a subset $\hat{S}$ of data users, via a single low overhead \emph{aggregate key} $K_{\mathcal{S}}$. Existing constructions for KAC are efficient in so far they achieve constant size ciphertexts and aggregate keys. But they resort to a public parameter that has size linear in the number of data classes $N$, and require $O(M\u27M)$ secure channels for distribution of aggregate keys in a system with $M\u27$ data owners and $M$ data users. In this paper, we propose three different multilinear-map based KAC constructions that have at most polylogarithmic overhead for both ciphertexts and public parameters, and generate constant size aggregate keys. We further demonstrate how the aggregate keys may be efficiently broadcast among any arbitrary size subset of $M$ data users using only $O(M\u27+M)$ secure channels, in a system with $M\u27$ data owners. Our constructions are secure in the generic multilinear group model and are fully collusion resistant against any number of colluding parties. In addition, they naturally give rise to \emph{identity based} secure access delegation schemes