Dynamic Access Control In Cloud Computing Using Encryption/Decryption

Cloud computing has emerged as one of the most important paradigms in the IT industry for last few years. In general data owners and service providers are not in the same trusted domain in cloud computing. Service providers should not be a trusted one anyhow they are all third party. The system focuses on a novel technique to Hierarchical Attribute Set Based Encryption (HASBE); it is driven by the Cipher Policy attribute based encryption (CPABE) with a  hierarchic al structure of cloud users. Cloud computing is known as “Utility”. Cloud Computing enabling users to remotely store their data in a server and provide services on demand. Since this new computing technology requires user to entrust their valuable data to cloud providers, there have been increasing security and privacy concerns on outsourced data. We can increase security on access of the data in the cloud. Morever we can provide encryption on the data so third party can not use the data. In this paper we will be reviewing various encryption based access control model for enhancing cloud security along with their limitations. We will be concluding with a proposed access control model to enhance cloud security. The proposed work focuses CRM (Customer Relationship Management) for business model that is driven by the category of Software as a Service (Saas) method in cloud. Using this scheme it achieves the flexible, scalable and fine grained access control of data. It also achieves high secure and effective user revocation in cloud environment.

Towards QoS-Oriented SLA Guarantees for Online Cloud Services

International audienceCloud Computing provides a convenient means of remote on-demand and pay-per-use access to computing resources. However, its ad hoc management of quality-of-service and SLA poses significant challenges to the performance, dependability and costs of online cloud services. The paper precisely addresses this issue and makes a threefold contribution. First, it introduces a new cloud model, the SLAaaS (SLA aware Service) model. SLAaaS enables a systematic integration of QoS levels and SLA into the cloud. It is orthogonal to other cloud models such as SaaS or PaaS, and may apply to any of them. Second, the paper introduces CSLA, a novel language to describe QoS-oriented SLA associated with cloud services. Third, the paper presents a control-theoretic approach to provide performance, dependability and cost guarantees for online cloud services, with time-varying workloads. The proposed approach is validated through case studies and extensive experiments with online services hosted in clouds such as Amazon EC2. The case studies illustrate SLA guarantees for various services such as a MapReduce service, a cluster-based multi-tier e-commerce service, and a low-level locking service

Data Mobility as a Service

© 2016 IEEE. Cloud computing and cloud services provide an alternative IT infrastructure and service models for users. The users use cloud to store their data, delegate the management of the data, and deploy their services cost-effectively. This usage model, however, raised a number of concerns relating to data control, data protection and data mobility: 1) users may lose control of their resource, 2) data protection schemes are not adequate when data is moved to a new cloud, 3) tracking and tracing changes of data location as well as accountability of data operations are not well supported. To address these issues, this paper proposes a novel cloud service for data mobility from two aspects: data mobility and data protection. A data mobility service is designed and implemented to manage data mobility and data traceability. A Location Register Database (LRD) is also developed to support the service. Furthermore, data is protected by a data security service CPRBAC (Cloud-based Privacy-Aware Role Based Access Control) and an Auditing service that are capable of verifying data operations and triggering alarms on data violations in the Cloud environment

A novel Hash-Based File Clustering scheme for efficient distributing, storing and retrieving of large scale Health Records

Cloud computing has been adopted as an efficient computing infrastructure model for provisioning resources and providing services to users. Several distributed resource models such as Hadoop and parallel databases have been deployed in healthcare-related services to manage electronic health records (EHR). However, these models are inefficient for managing a large number of small files and hence they are not widely deployed in Healthcare Information Systems. This paper proposed a novel Hash-Based File Clustering Scheme (HBFC) to distribute, store and retrieve EHR efficiently in cloud environments. The HBFC possesses two distinctive features: it utilizes hashing to distribute files into clusters in a control way and it utilizes P2P structures for data management. HBFC scheme is demonstrated to be effective in handling big health data that comprises of a large number of small files in various formats. It allows users to retrieve and access data records efficiently. The initial implementation results demonstrate that the proposed scheme outperforms original P2P system in term of data lookup latency

Managing Big Data with Information Flow Control

Concern about data leakage is holding back more widespread adoption of cloud computing by companies and public institutions alike. To address this, cloud tenants/applications are traditionally isolated in virtual machines or containers. But an emerging requirement is for cross-application sharing of data, for example, when cloud services form part of an IoT architecture. Information Flow Control (IFC) is ideally suited to achieving both isolation and data sharing as required. IFC enhances traditional Access Control by providing continuous, data-centric, cross- application, end-to-end control of data flows. However, large-scale data processing is a major requirement of cloud computing and is infeasible under standard IFC. We present a novel, enhanced IFC model that subsumes standard models. Our IFC model supports ‘Big Data’ processing, while retaining the simplicity of standard IFC and enabling more concise, accurate and maintainable expression of policy.Engineering and Applied Science

Uncertainty-aware authentication model for fog computing in IoT

Since the term 'Fog Computing' has been coined by Cisco Systems in 2012, security and privacy issues of this promising paradigm are still open challenges. Among various security challenges, Access Control is a crucial concern for all cloud computing-like systems (e.g. Fog computing, Mobile edge computing) in the IoT era. Therefore, assigning the precise level of access in such an inherently scalable, heterogeneous and dynamic environment is not easy to perform. This work defines the uncertainty challenge for authentication phase of the access control in fog computing because on one hand fog has a number of characteristics that amplify uncertainty in authentication and on the other hand applying traditional access control models does not result in a flexible and resilient solution. Therefore, we have proposed a novel prediction model based on the extension of Attribute Based Access Control (ABAC) model. Our data-driven model is able to handle uncertainty in authentication. It is also able to consider the mobility of mobile edge devices in order to handle authentication. In doing so, we have built our model using and comparing four supervised classification algorithms namely as Decision Tree, Naïve Bayes, Logistic Regression and Support Vector Machine. Our model can achieve authentication performance with 88.14% accuracy using Logistic Regression

Cloud-based charging management of heterogeneous electric vehicles in a network of charging stations : price incentive vs. capacity expansion

This paper presents a novel cloud-based charging management system for electric vehicles (EVs). Two levels of cloud computing, i.e., local and remote cloud, are employed to meet the different latency requirements of the heterogeneous EVs while exploiting the lower-cost computing in remote clouds. Specifically, we consider time-sensitive EVs at highway exit charging stations and EVs with relaxed timing constraints at parking lot charging stations. We propose algorithms for the interplay among EVs, charging stations, system operator, and clouds. Considering the contention-based random access for EVs to a 4G Long-Term Evolution network, and the quality of service metrics (average waiting time and blocking probability), the model is composed of: queuing-based cloud server planning, capacity planning in charging stations, delay analysis, and profit maximization. We propose and analyze a price-incentive method that shifts heavy load from peak to off-peak hours, a capacity expansion method that accommodates the peak demand by purchasing additional electricity, and a hybrid method of prince-incentive and capacity expansion that balances the immediate charging needs of customers with the alleviation of the peak power grid load through price-incentive based demand control. Numerical results demonstrate the effectiveness of the proposed methods and elucidate the tradeoffs between the methods

Blowfish Algorithm with Verifiable Outsourced using Cryptography

Cloud Computing is an emerging paradigm in our day to day world. As good as it is, this technique also bring forth many new trails for data security and access control when users outsource sensitive data for sharing on cloud.Attribute-based encryption (ABE) is a promising strategy for ?ne-grained access control of scrambled information in a distributed storage, nonetheless, unscrambling included in the ABEs is generally excessively costly for asset compelled front-end clients, which incredibly blocks it’s down to earth fame. Keeping in mind the end goal to decrease the decoding overhead for a client to recuperate the plaintext wereoutsourced most of the unscrambling work without uncovering really information or private keys. Here a novel technique is proposed to build an ABE with Veri?able outsourced decryption based on a blowfish encryption. It provides a unified model, which can be considered in both key-policy (KP) and cipher text-policy (CP) settings. In verifiability,it guarantees the correctness of the transformation done between the original cipher text and the simplified cipher text. A major issue is the absence of access control rights. So, it considered an access key structure for improving the security and performance by specifying access rights for the authorized user. Access control rights, restrictions and privileges for an individual are established. The access control rights is validated and results shows increased security level

Privacy-preserving key-value store

Cloud computing is arguably the foremost delivery platform for data storage and data processing. It turned computing into a utility based service that provides consumers and enterprises with on-demand access to computing resources. Although advantageous, there is an inherent lack of control over the hardware in the cloud computing model, this may constitute an increased privacy and security risk. Multiple encrypted database systems have emerged in recent years, they provide the functionality of regular databases but without compromising data confidentiality. These systems leverage novel encryption schemes such as homomorphic and searchable encryp tion. However, many of these proposals focus on extending existing centralized systems that are very difficult to scale, and offer poor performance in geo-replicated scenarios. We propose a scalable, highly available, and geo-replicated privacy-preserving key value store. A system that provides its users with secure data types meant to be replicated, along with a rich query interface with configurable privacy that enables one to issue secure and somewhat complex queries. We accompany our proposal with an implementation of a privacy-preserving client library for AntidoteDB, a geo-replicated key-value store. We also extend the AntidoteDB’s query language interface by adding support for secure SQL-like queries with configurable privacy. Experimental evaluations show that our proposals offer a feasible solution to practical applications that wish to improve their privacy and confidentiality