Selected aspects of security mechanisms for cloud computing – current solutions and development perspectives

The security aspects of cloud computing, especially the security of data, become more and more important. It is necessary to find and develop the new mechanisms to secure the cloud. The problem presented in the paper concerns the mechanisms for security of cloud computing with special attention paid to aspects of access control in clouds – the state of the art and the perspectives for the future

Enhanced Cauchy Matrix Reed-Solomon Codes and Role-Based Cryptographic Data Access for Data Recovery and Security in Cloud Environment

In computer systems ensuring proper authorization is a significant challenge, particularly with the rise of open systems and dispersed platforms like the cloud. Role-Based Access Control (RBAC) has been widely adopted in cloud server applications due to its popularity and versatility. When granting authorization access to data stored in the cloud for collecting evidence against offenders, computer forensic investigations play a crucial role. As cloud service providers may not always be reliable, data confidentiality should be ensured within the system. Additionally, a proper revocation procedure is essential for managing users whose credentials have expired.  With the increasing scale and distribution of storage systems, component failures have become more common, making fault tolerance a critical concern. In response to this, a secure data-sharing system has been developed, enabling secure key distribution and data sharing for dynamic groups using role-based access control and AES encryption technology. Data recovery involves storing duplicate data to withstand a certain level of data loss. To secure data across distributed systems, the erasure code method is employed. Erasure coding techniques, such as Reed-Solomon codes, have the potential to significantly reduce data storage costs while maintaining resilience against disk failures. In light of this, there is a growing interest from academia and the corporate world in developing innovative coding techniques for cloud storage systems. The research goal is to create a new coding scheme that enhances the efficiency of Reed-Solomon coding using the sophisticated Cauchy matrix to achieve fault toleranc

An Emerging Secure and Expressive Data Access Control for Cloud Storage

Secure cloud storage, which is an emerging cloud service, is designed to protect the confidentiality of outsourced data but also to provide flexible data access for cloud users whose data is out of physical control. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is regarded as one of the most promising techniques that may be leveraged to secure the guarantee of the service. However, the use of CP-ABE may yield an inevitable security breach which is known as the misuse of access credential (i.e. decryption rights), due to the intrinsic “all-or-nothing” decryption feature of CP-ABE. In this paper, we investigate the two main cases of access credential misuse: one is on the semi-trusted authority side, and the other is on the side of cloud user. To mitigate the misuse, we propose the first accountable authority and revocable CP-ABE based cloud storage system with white-box traceability and auditing, referred to as CryptCloud+. We also present the security analysis and further demonstrate the utility of our system via experiments

Security and Privacy Attribute Based Data Sharing in Public Cloud Storage

Public cloud storage is a cloud storage model that give services to people and associations to store, alter and oversee data. Public cloud storage benefit is otherwise called storage benefit, utility storage and online storage. Cloud storage has numerous focal points, there is still stay different difficulties among which protection and security of clients data have significant issues in public cloud storage. Attribute Based Encryption (ABE) is a cryptographic system which gives data proprietor coordinate control over their data in public cloud storage. In the customary ABE conspire include single authority to keep up attribute set which can bring a solitary point bottleneck on both security and execution. Presently we utilize edge multi-authority Cipher content Policy Attribute-Based Encryption (CP-ABE) get to control plot, name TMACS. TMACS is Threshold Multi-Authority Access Control System. In TMACS, different authority mutually deals with the entire attribute set yet nobody has full control of a particular attribute. By joining limit secret sharing (t,n) and multi-authority CP-ABE conspire, we created dynamic multiauthority get to control framework in public cloud storage

Survey on securing data storage in the cloud

Cloud Computing has become a well-known primitive nowadays; many researchers and companies are embracing this fascinating technology with feverish haste. In the meantime, security and privacy challenges are brought forward while the number of cloud storage user increases expeditiously. In this work, we conduct an in-depth survey on recent research activities of cloud storage security in association with cloud computing. After an overview of the cloud storage system and its security problem, we focus on the key security requirement triad, i.e., data integrity, data confidentiality, and availability. For each of the three security objectives, we discuss the new unique challenges faced by the cloud storage services, summarize key issues discussed in the current literature, examine, and compare the existing and emerging approaches proposed to meet those new challenges, and point out possible extensions and futuristic research opportunities. The goal of our paper is to provide a state-of-the-art knowledge to new researchers who would like to join this exciting new field

Blockchain-Coordinated Frameworks for Scalable and Secure Supply Chain Networks

Supply chains have progressed through time from being limited to a few regional traders to becoming complicated business networks. As a result, supply chain management systems now rely significantly on the digital revolution for the privacy and security of data. Due to key qualities of blockchain, such as transparency, immutability and decentralization, it has recently gained a lot of interest as a way to solve security, privacy and scalability problems in supply chains. However conventional blockchains are not appropriate for supply chain ecosystems because they are computationally costly, have a limited potential to scale and fail to provide trust. Consequently, due to limitations with a lack of trust and coordination, supply chains tend to fail to foster trust among the network’s participants. Assuring data privacy in a supply chain ecosystem is another challenge. If information is being shared with a large number of participants without establishing data privacy, access control risks arise in the network. Protecting data privacy is a concern when sending corporate data, including locations, manufacturing supplies and demand information. The third challenge in supply chain management is scalability, which continues to be a significant barrier to adoption. As the amount of transactions in a supply chain tends to increase along with the number of nodes in a network. So scalability is essential for blockchain adoption in supply chain networks. This thesis seeks to address the challenges of privacy, scalability and trust by providing frameworks for how to effectively combine blockchains with supply chains. This thesis makes four novel contributions. It first develops a blockchain-based framework with Attribute-Based Access Control (ABAC) model to assure data privacy by adopting a distributed framework to enable fine grained, dynamic access control management for supply chain management. To solve the data privacy challenge, AccessChain is developed. This proposed AccessChain model has two types of ledgers in the system: local and global. Local ledgers are used to store business contracts between stakeholders and the ABAC model management, whereas the global ledger is used to record transaction data. AccessChain can enable decentralized, fine-grained and dynamic access control management in SCM when combined with the ABAC model and blockchain technology (BCT). The framework enables a systematic approach that advantages the supply chain, and the experiments yield convincing results. Furthermore, the results of performance monitoring shows that AccessChain’s response time with four local ledgers is acceptable, and therefore it provides significantly greater scalability. Next, a framework for reducing the bullwhip effect (BWE) in SCM is proposed. The framework also focuses on combining data visibility with trust. BWE is first observed in SC and then a blockchain architecture design is used to minimize it. Full sharing of demand data has been shown to help improve the robustness of overall performance in a multiechelon SC environment, especially for BWE mitigation and cumulative cost reduction. It is observed that when it comes to providing access to data, information sharing using a blockchain has some obvious benefits in a supply chain. Furthermore, when data sharing is distributed, parties in the supply chain will have fair access to other parties’ data, even though they are farther downstream. Sharing customer demand is important in a supply chain to enhance decision-making, reduce costs and promote the final end product. This work also explores the ability of BCT as a solution in a distributed ledger approach to create a trust-enhanced environment where trust is established so that stakeholders can share their information effectively. To provide visibility and coordination along with a blockchain consensus process, a new consensus algorithm, namely Reputation-based proof-of cooperation (RPoC), is proposed for blockchain-based SCM, which does not involve validators to solve any mathematical puzzle before storing a new block. The RPoC algorithm is an efficient and scalable consensus algorithm that selects the consensus node dynamically and permits a large number of nodes to participate in the consensus process. The algorithm decreases the workload on individual nodes while increasing consensus performance by allocating the transaction verification process to specific nodes. Through extensive theoretical analyses and experimentation, the suitability of the proposed algorithm is well grounded in terms of scalability and efficiency. The thesis concludes with a blockchain-enabled framework that addresses the issue of preserving privacy and security for an open-bid auction system. This work implements a bid management system in a private BC environment to provide a secure bidding scheme. The novelty of this framework derives from an enhanced approach for integrating BC structures by replacing the original chain structure with a tree structure. Throughout the online world, user privacy is a primary concern, because the electronic environment enables the collection of personal data. Hence a suitable cryptographic protocol for an open-bid auction atop BC is proposed. Here the primary aim is to achieve security and privacy with greater efficiency, which largely depends on the effectiveness of the encryption algorithms used by BC. Essentially this work considers Elliptic Curve Cryptography (ECC) and a dynamic cryptographic accumulator encryption algorithm to enhance security between auctioneer and bidder. The proposed e-bidding scheme and the findings from this study should foster the further growth of BC strategies

Performance Evaluation of three Data Access Control Schemes for Cloud Computing

Cloud services are flourishing recently, both among computer users and business enterprises. They deliver remote, on-demand, convenient services for data storage, access and processing. While embracing the benefits brought by various cloud services, the consumers are faced with data disclosure, privacy leaks and malicious attacks. Therefore, it is important to use strong access control policies to maintain the security and confidentiality of the data stored in the cloud. This thesis studies the performance of three existing security schemes proposed for cloud data access control on the basis of trust and reputation. We implement the three schemes and conduct computation complexity analysis, security analysis and performance evaluation. This thesis introduces the implementation of a number of cryptographic algorithms applied in the above data access control schemes, including Proxy Re-encryption (PRE) and Ciphertext-Policy Attribute Based Encryption (CP-ABE), reputation generation and secure data transmission over Secure Socket Layer (SSL). We summarize the evaluation results and compare the performances in the aspects of computation and communication costs, flexibility, scalability and feasibility of practical usage. Pros and cons, as well as suitable application scenarios of the three schemes are further discussed

Cybersecurity Hygiene in the Era of Internet of Things (IoT): Best Practices and Challenges

The rapid growth of the Internet of Things (IoT) has resulted in an increasing number of interconnected devices, creating new opportunities for data collection and automation. However, this expansion also brings with it unique cybersecurity challenges. This research paper aims to investigate the best practices for maintaining cybersecurity hygiene in the IoT environment and explore the challenges that need to be addressed to ensure robust security for these connected devices. This study will delve into the vulnerabilities associated with IoT devices, their impact on overall system security, and the potential solutions that can be implemented to enhance cybersecurity hygiene in the IoT environment

A privacy‐preserving framework for smart context‐aware healthcare applications

Internet of things (IoT) is a disruptive paradigm with wide ranging applications including healthcare, manufacturing, transportation and retail. Within healthcare, smart connected wearable devices are widely used to achieve improved wellbeing, quality of life and security of citizens. Such connected devices generate significant amount of data containing sensitive information about patient requiring adequate protection and privacy assurance. Unauthorized access to an individual’s private data constitutes a breach of privacy leading to catastrophic outcomes for an individuals personal and professional life. Furthermore, breach of privacy may also lead to financial loss to the governing body such as those proposed as part of the General Data Protection Regulation (GDPR) in Europe. Furthermore, while mobility afforded by smart devices enables ease of monitoring, portability and pervasive processing, it also introduces challenges with respect to scalability, reliability and context-awareness for its applications. This paper is focused on privacy preservation within smart context-aware healthcare with a special emphasis on privacy assurance challenges within the Electronic Transfer of Prescription (ETP). To this extent, we present a case for a comprehensive, coherent, and dynamic privacypreserving system for smart healthcare to protect sensitive user data. Based on a thorough analysis of existing privacy preservation models we propose an enhancement for the widely used Salford model to achieve privacy preservation against masquerading and impersonation threats. The proposed model therefore improves privacy assurance for cutting edge IoT applications such as smart healthcare whilst addressing unique challenges with respect to context-aware mobility of such applications

A privacy-preserving framework for smart context-aware healthcare applications

Smart connected devices are widely used in healthcare to achieve improved well-being, quality of life, and security of citizens. While improving quality of healthcare, such devices generate data containing sensitive patient information where unauthorized access constitutes breach of privacy leading to catastrophic outcomes for an individual as well as financial loss to the governing body via regulations such as the General Data Protection Regulation. Furthermore, while mobility afforded by smart devices enables ease of monitoring, portability, and pervasive processing, it introduces challenges with respect to scalability, reliability, and context awareness. This paper is focused on privacy preservation within smart context-aware healthcare emphasizing privacy assurance challenges within Electronic Transfer of Prescription. We present a case for a comprehensive, coherent, and dynamic privacy-preserving system for smart healthcare to protect sensitive user data. Based on a thorough analysis of existing privacy preservation models, we propose an enhancement to the widely used Salford model to achieve privacy preservation against masquerading and impersonation threats. The proposed model therefore improves privacy assurance for smart healthcare while addressing unique challenges with respect to context-aware mobility of such applications. © 2019 John Wiley & Sons, Ltd