Sharing in the Rain: Secure and Efficient Data Sharing for the Cloud

Cloud storage has rapidly become a cornerstone of many businesses and has moved from an early adopters stage to an early majority, where we typically see explosive deployments. As companies rush to join the cloud revolution, it has become vital to create the necessary tools that will effectively protect users' data from unauthorized access. Nevertheless, sharing data between multiple users' under the same domain in a secure and efficient way is not trivial. In this paper, we propose Sharing in the Rain – a protocol that allows cloud users' to securely share their data based on predefined policies. The proposed protocol is based on Attribute-Based Encryption (ABE) and allows users' to encrypt data based on certain policies and attributes. Moreover, we use a Key-Policy Attribute-Based technique through which access revocation is optimized. More precisely, we show how to securely and efficiently remove access to a file, for a certain user that is misbehaving or is no longer part of a user group, without having to decrypt and re-encrypt the original data with a new key or a new policy

HealthShare: Using Attribute-Based Encryption for Secure Data Sharing Between Multiple Clouds

In this invited paper, we propose HealthShare - a forward-looking approach for secure ehealth data sharing between multiple organizations that are hosting patients' data in different clouds. The proposed protocol is based on a Revocable Key-Policy Attribute-Based Encryption scheme and allows users to share encrypted health records based on a policy that has been defined by the data owner (i.e. patient, a member of the hospital, etc). Furthermore, access to a malicious or compromised user/organization can be easily revoked without the need to generate fresh encryption keys

Secure data sharing in cloud and IoT by leveraging attribute-based encryption and blockchain

“Data sharing is very important to enable different types of cloud and IoT-based services. For example, organizations migrate their data to the cloud and share it with employees and customers in order to enjoy better fault-tolerance, high-availability, and scalability offered by the cloud. Wearable devices such as smart watch share user’s activity, location, and health data (e.g., heart rate, ECG) with the service provider for smart analytic. However, data can be sensitive, and the cloud and IoT service providers cannot be fully trusted with maintaining the security, privacy, and confidentiality of the data. Hence, new schemes and protocols are required to enable secure data sharing in the cloud and IoT. This work outlines our research contribution towards secure data sharing in the cloud and IoT. For secure data sharing in the cloud, this work proposes several novel attribute-based encryption schemes. The core contributions to this end are efficient revocation, prevention of collusion attacks, and multi-group support. On the other hand, for secure data sharing in IoT, a permissioned blockchain-based access control system has been proposed. The system can be used to enforce fine-grained access control on IoT data where the access control decision is made by the blockchain-based on the consensus of the participating nodes”--Abstract, page iv

An Innovative Approach for Enhancing Cloud Data Security using Attribute based Encryption and ECC

Cloud computing is future for upcoming generations. Nowadays various companies are looking to use Cloud computing services, as it may benefit them in terms of price, reliability and unlimited storage capacity. Providing security and privacy protection for the cloud data is one of the most difficult task in recent days. One of the measures which customers can take care of is to encrypt their data before it is stored on the cloud. Recently, the attribute-based encryption (ABE) is a popular solution to achieve secure data transmission and storage in the cloud computing. In this paper, an efficient hybrid approach using attribute-based encryption scheme and ECC is proposed to enhance the security and privacy issues in cloud. Here, the proposed scheme is based on Cipher text-Policy Attribute Based Encryption (CP-ABE) without bilinear pairing operations. In this approach, the computation-intensive bilinear pairing operation is replaced by the scalar multiplication on elliptic curves. Experimental results show that the proposed scheme has good cryptographic properties, and high security level which depends in the difficulty to solve the discrete logarithm problem on elliptic curves (ECDLP)

Using Attribute-Based Access Control, Efficient Data Access in the Cloud with Authorized Search

The security and privacy issues regarding outsourcing data have risen significantly as cloud computing has grown in demand. Consequently, since data management has been delegated to an untrusted cloud server in the data outsourcing phase, data access control has been identified as a major problem in cloud storage systems. To overcome this problem, in this paper, the access control of cloud storage using an Attribute-Based Access Control (ABAC) approach is utilized. First, the data must be stored in the cloud and security must be strong for the user to access the data. This model takes into consideration some of the attributes of the cloud data stored in the authentication process that the database uses to maintain data around the recorded collections with the user\u27s saved keys. The clusters have registry message permission codes, usernames, and group names, each with its own set of benefits. In advance, the data should be encrypted and transferred to the service provider as it establishes that the data is still secure. But in some cases, the supplier\u27s security measures are disrupting. This result analysis the various parameters such as encryption time, decryption time, key generation time, and also time consumption. In cloud storage, the access control may verify the various existing method such as Ciphertext Policy Attribute-Based Encryption (CP-ABE) and Nth Truncated Ring Units (NTRU). The encryption time is 15% decreased by NTRU and 31% reduced by CP-ABE. The decryption time of the proposed method is 7.64% and 14% reduced by the existing method

Revocation in Publicly Verifiable Outsourced Computation

The combination of software-as-a-service and the increasing use of mobile devices gives rise to a considerable difference in computational power between servers and clients. Thus, there is a desire for clients to outsource the evaluation of complex functions to an external server. Servers providing such a service may be rewarded per computation, and as such have an incentive to cheat by returning garbage rather than devoting resources and time to compute a valid result. In this work, we introduce the notion of Revocable Publicly Verifiable Computation (RPVC), where a cheating server is revoked and may not perform future computations (thus incurring a financial penalty). We introduce a Key Distribution Center (KDC) to efficiently handle the generation and distribution of the keys required to support RPVC. The KDC is an authority over entities in the system and enables revocation. We also introduce a notion of blind verification such that results are verifiable (and hence servers can be rewarded or punished) without learning the value. We present a rigorous definitional framework, define a number of new security models and present a construction of such a scheme built upon Key-Policy Attribute-based Encryption.

Automated Biometric Authentication with Cloud Computing

The convenience provided by cloud computing has led to an increasing trend of many business organizations, government agencies and individual customers to migrate their services and data into cloud environments. However, once clients’ data is migrated, the overall security control will be immedicably shifted form data owners to the hand of cloud service providers. In fact, most cloud clients do not even know where their data is physically stored, and therefore the question of how to limit data access to authorized users has been one of the biggest challenges in cloud environments. Although security tokens and passwords are widely used form of remote user authentication, they can be lost or stolen as they are not linked with the identity of data owner. Therefore, biometric based authentication can potentially offer a practical and reliable option for remote access control. This chapter starts with a brief introduction that covers the fundamental concepts of cloud computing and biometric based authentication. It then provides and in-depth discussions on authentication challenges for the cloud computing environment and the limitation of traditional solutions. This leads to the key sections related to biometric solutions for cloud computing in which we present state-of-art approaches that offer convenient and privacy-preserving authentication needed for cloud environment. The chapter argues that addressing privacy concerns surrounding the use of biometrics in cloud computing is one of the key challenges that has to be an integral part of any viable solution for any biometric-based authentication. It also argues that assuring cloud clients that their biometric templates will not be used without their permission to, for example, track them is not enough. Such solutions should make it technically infeasible to do so even if a cloud service provider wants to. This chapter explains a number of interesting solutions that have been recently proposed to improve security and, at the same time, maintain user privacy. Finally, we identify some challenges that still need to be addressed and highlight relevant Research Directions

BLA2C2: Design of a Novel Blockchain-based Light-Weight Authentication & Access Control Layer for Cloud Deployments

Cloud deployments are consistently under attack, from both internal and external adversaries. These attacks include, but are not limited to brute force, masquerading, improper access, session hijacking, cross site scripting (XSS), etc. To mitigate these attacks, a wide variety of authentication & access control models are proposed by researchers, and each of them vary in terms of their internal implementation characteristics. It was observed that these models are either highly complex, or lack in terms of security under multiple attacks, which limits their applicability for real-time deployments. Moreover, some of these models are not flexible and cannot be deployed under dynamic cloud scenarios (like constant reconfigurations of Virtual Machines, dynamic authentication use-cases, etc.). To overcome these issues, this text proposes design of a novel blockchain-based Light-weight authentication & access control layer that can be used for dynamic cloud deployments. The proposed model initially applies a header-level light-weight sanitization layer that removes Cross Site Scripting, SQL Injection, and other data-level attacks. This is followed by a light-weight authentication layer, that assists in improving login-level security for external attacks. The authentication layer uses IP matching with reverse geolocation mapping in order to estimate outlier login attempts. This layer is cascaded with an efficient blockchain-based access control model, which assists in mitigating session hijacking, masquerading, sybil and other control-level attacks. The blockchain model is developed via integration of Grey Wolf Optimization (GWO) to reduce unnecessary complexities, and provides faster response when compared with existing blockchain-based security deployments. Efficiency of the model was estimated in terms of accuracy of detection for different attack types, delay needed for detection of these attacks, and computational complexity during attack mitigation operations. This performance was compared with existing models, and it was observed that the proposed model showcases 8.3% higher accuracy, with 10.5% lower delay, and 5.9% lower complexity w.r.t. standard blockchain-based & other security models. Due to these enhancements, the proposed model was capable of deployment for a wide variety of large-scale scenarios

A Hybrid Secure Cloud Platform Maintenance Based on Improved Attribute-Based Encryption Strategies

In the modern era, Cloud Platforms are the most needed port to maintain documents remotely with proper security norms. The concept of cloud environments is similar to the network channel. Still, the Cloud is considered the refined form of network, in which the data can easily be stored into the server without any range restrictions. The data maintained into the remote server needs a high-security feature, and the processing power of data should be high to retrieve the data back from the respective server. In the past, there were several security schemes available to protect the remote cloud server reasonably. However, the attack possibilities over the cloud platform remain; only all the researchers continuously work on this platform without any delay. This paper introduces a hybrid data security scheme called the Improved Attribute-Based Encryption Scheme (IABES). This IABES combines two powerful data security algorithms: Advanced Encryption Standard (AES) and Attribute-Based Encryption (ABE) algorithm. These two algorithms are combined to provide massive support to the proposed approach of data maintenance over the remote cloud server with high-end security norms. This hybrid data security algorithm assures the data cannot be attacked over the server by the attacker or intruder in any case because of its robustness. The essential generation process generates a credential for the users. It cannot be identified or visible to anyone as well as the generated certificates cannot be extracted even if the corresponding user forgets the credentials. The only way to get back the certification is resetting the credential. The obtained results prove the accuracy level of the proposed cypher security schemes compared with the regular cloud security management scheme, and the proposed algorithm essential generation process is unique. No one can guess or acquire it. Even the person may be the service provider or server administrator. For all, the proposed system assures data maintenance over the cloud platform with a high level of security and robustness in Quality of Service