Strategies for exploiting independent cloud implementations of biometric experts in multibiometric scenarios

Cloud computing represents one of the fastest growing areas of technology and offers a new computing model for various applications and services. This model is particularly interesting for the area of biometric recognition, where scalability, processing power and storage requirements are becoming a bigger and bigger issue with each new generation of recognition technology. Next to the availability of computing resources, another important aspect of cloud computing with respect to biometrics is accessability. Since biometric cloud-services are easily accessible, it is possible to combine different existing implementations and design new multi-biometric services that next to almost unlimited resources also offer superior recognition performance and, consequently, ensure improved security to its client applications. Unfortunately, the literature on the best strategies of how to combine existing implementations of cloud-based biometric experts into a multi-biometric service is virtually non-existent. In this paper we try to close this gap and evaluate different strategies for combining existing biometric experts into a multi-biometric cloud-service. We analyze the (fusion) strategies from different perspectives such as performance gains, training complexity or resource consumption and present results and findings important to software developers and other researchers working in the areas of biometrics and cloud computing. The analysis is conducted based on two biometric cloud-services, which are also presented in the paper

Remote Data Integrity Checking in Cloud Computing

Cloud computing is an internet based computing which enables sharing of services. It is very challenging part to keep safely all required data that are needed in many applica f or user in cloud. Storing our data in cloud may not be fully trustworthy. Since client doesnt have copy of all stored data, he has to depend on Cloud Service Provider. This work studies the problem of ensuring the integrity and security of data storage in Cloud Computing. This paper, proposes an effective and flexible Batch Audit sche me with dynamic data support to reduce the computation overheads. To ensure the correctness of users data the task of allowing a third party auditor (TPA), on behalf of the cloud client, to verify the integrity of the data stored in the cloud. We consider symmetric encryption for effective utilization of outsourced cloud data under the model, it achieve the storage security in multi cloud data storage. The new scheme further supports secure and efficient dynamic operation sondata blocks, including data i nserti on, update,delete and replacement. Extensive securityand performance analysis shows that the proposed sche me is highlyef ficient and resilient again st By zantinef ailure, maliciousd a ta modification at tack, and even server colliding a ttacks

Strategies for Exploiting Independent Cloud Implementations of Biometric Experts in Multibiometric Scenarios

Cloud computing represents one of the fastest growing areas of technology and offers a new computing model for various applications and services. This model is particularly interesting for the area of biometric recognition, where scalability, processing power, and storage requirements are becoming a bigger and bigger issue with each new generation of recognition technology. Next to the availability of computing resources, another important aspect of cloud computing with respect to biometrics is accessibility. Since biometric cloud services are easily accessible, it is possible to combine different existing implementations and design new multibiometric services that next to almost unlimited resources also offer superior recognition performance and, consequently, ensure improved security to its client applications. Unfortunately, the literature on the best strategies of how to combine existing implementations of cloud-based biometric experts into a multibiometric service is virtually nonexistent. In this paper, we try to close this gap and evaluate different strategies for combining existing biometric experts into a multibiometric cloud service. We analyze the (fusion) strategies from different perspectives such as performance gains, training complexity, or resource consumption and present results and findings important to software developers and other researchers working in the areas of biometrics and cloud computing. The analysis is conducted based on two biometric cloud services, which are also presented in the paper

SWOT Analysis with Novel NimbusTech Cloud Computing based Research on Regional Tourism Poverty Alleviation Development Model

Cloud computing has the potential to revolutionize microfinance by providing access to affordable and scalable computing resources. Microfinance institutions (MFIs) can use cloud computing to streamline their operations, reduce costs, and improve their services to clients. Cloud computing can also help MFIs reach new clients by providing a cost-effective platform for deploying and managing new services. Regional tourism can have a significant impact on the local economy, creating jobs and generating income for local businesses. It can also provide opportunities for cultural exchange and contribute to the preservation of natural and cultural heritage sites. A poverty alleviation development model is a framework or approach that is used to reduce poverty in a specific region or community. Effective poverty alleviation development models require collaboration between the government, non-governmental organizations, and local communities. They should also be based on an understanding of the specific needs and priorities of the target population, as well as the broader social, economic, and political context in which they operate. This paper presents a SWOT analysis of a novel cloud computing environment, called NimbusTech, through the lens of a microfinance model for poverty alleviation with a focus on regional tourism. The SWOT analysis examines the strengths, weaknesses, opportunities, and threats of using NimbusTech to support microfinance initiatives aimed at reducing poverty levels in regions that rely on tourism. The analysis highlights that NimbusTech's strengths include its scalability, flexibility, and cost-effectiveness, which make it an ideal platform for implementing microfinance programs. On the other hand, its weaknesses include data security and privacy concerns, which could undermine trust in the platform. The opportunities for NimbusTech include the potential for leveraging big data analytics to improve the effectiveness of microfinance programs, while the threats include competition from other cloud computing platforms and potential regulatory barriers. Overall, the analysis shows that NimbusTech has the potential to support microfinance initiatives and promote regional tourism as a means of reducing poverty levels, but careful attention must be paid to its weaknesses and threats to ensure its success.

The Decentralized Probabilistic Method for Resource Sharing and Encrypted Data Stored In the Cloud

Cloud computing services have turned into the worldview of vast scale framework where a provider gives shared virtual computing and storage assets to a customer. The service provider infrastructure converts into cost diminishments for the customer who does not put resources into framework and support. Be that as it may, the arrangement of Service Level Agreements (SLAs) in Infrastructure-as-a-Service (IaaS) in the cloud remains a testing issue. To ensure the confidentiality of touchy data while supporting the AES Encryption strategy has been proposed to encode the data previously outsourcing. To better ensure data security, this paper makes the principal endeavor to formally address the issue of approved data. Not quite the same as customary frameworks, the differential benefits of clients are additionally considered in other than the data itself. We additionally exhibit a few new supporting approved copy check in a cloud engineering. Security investigation shows that our plan is secure as far as the definitions determined in the proposed security model. As a proof of idea, we accomplish a model of our proposed approved plan and direct proving ground tests utilizing our model. We demonstrate that our proposed approved check conspire brings about insignificant overhead contrasted with typical processes

Securing Access to Cloud Computing for Critical Infrastructure

Cloud computing offers cost effective services on-demand which encourage critical infrastructure providers to consider migrating to the cloud. Critical infrastructures are considered as a backbone of modern societies such as power plants and water. Information in cloud computing is likely to be shared among different entities, which could have various degrees of sensitivity. This requires robust isolation and access control mechanisms. Although various access control models and policies have been developed, they cannot fulfil requirements for a cloud based access control system. The reason is that cloud computing has a diverse sets of security requirements and unique security challenges such as multi-tenant and heterogeneity of security policies, rules and domains. This thesis provides a detailed study of cloud computing security challenges and threats, which were used to identify security requirements for various critical infrastructure providers. We found that an access control system is a crucial security requirement for the surveyed critical infrastructure providers. Furthermore, the requirement analysis was used to propose a new criteria to evaluate access control systems for cloud computing. Moreover, this work presents a new cloud based access control model to meet the identified cloud access control requirements. The model does not only ensure the secure sharing of resources among potential untrusted tenants, but also has the capacity to support different access permissions for the same cloud user. Our focused in the proposed model is the lack of data isolation in lower levels (CPU caches), which could lead to bypass access control models to gain some sensitive information by using cache side-channel attacks. Therefore, the thesis investigates various real attack scenarios and the gaps in existing mitigation approaches. It presents a new Prime and Probe cache side-channel attack, which can give detailed information about addresses accessed by a virtual machine with no need for any information about cache sets accessed by the virtual machine. The design, implementation and evaluation of a proposed solution preventing cache side-channel attacks are also presented in the thesis. It is a new lightweight solution, which introduces very low overhead (less than 15,000 CPU cycles). It can be applied in any operating system and prevents cache side-channel attacks in cloud computing. The thesis also presents a new detecting cache side-channel attacks solution. It focuses on the infrastructure used to host cloud computing tenants by counting cache misses caused by a virtual machine. The detection solutions has 0% false negative and 15% false positive

Enterprise Cloud Adoption - Cloud Maturity Assessment Model

The introduction and use of cloud computing by an organization has the promise of significant benefits that include reduced costs, improved services, and a pay-per-use model. Organizations that successfully harness these benefits will potentially have a distinct competitive edge, due to their increased agility and flexibility to rapidly respond to an ever changing and complex business environment. However, as cloud technology is a relatively new phenomenon, there is still a lot to learn about the adoption and use of cloud, including issues such as security, data protection, interoperability, service maturity, and return on investment. These issues need to be considered,and if possible remediated,toenablean organization to effectivelymanage itscloud adoption journey. This paper describesan assessmentmodelthat was developed by the Innovation Value Institute (IVI) using a multi method, two-phasedapproach. The first phase involveda review of the currentacademic and practitioner literature in the area of cloud.Based on the key insights identified, together with inputs from a workgroup of industry experts anonline cloud adoption assessmentinstrumentwas developed. This assessmentinstrument aimedto provide organizations with a management structure to understand and assess their Enterprise IT capability maturity to evaluate, introduce,and manage cloud services. The second phase employed the principles of design science and open innovation to pilot, test, validate, and refine the cloud adoption assessment in collaboration with industry-based practitioners.As companies continue to grapple with the issues posed by cloud, the cloud adoption assessment willallow an organization to clearly determine their ability to manage:•Cloud security•Compliance•Dataprotection•Cloud service provider(s)•Costs•Impact on business and IT•The interoperability and integration between existing in-houseand cloud-basedservicesBy using the assessmentmodel, the level of maturity will identify areas of strengthand weakness within the organization and serve asthe basis for an improvement roadmap,to ensure the successful adoption andon-going management of cloud

Data security in cloud storage services

Cloud Computing is considered to be the next-generation architecture for ICT where it moves the application software and databases to the centralized large data centers. It aims to offer elastic IT services where clients can benefit from significant cost savings of the pay-per-use model and can easily scale up or down, and do not have to make large investments in new hardware. However, the management of the data and services in this cloud model is under the control of the provider. Consequently, the cloud clients have less control over their outsourced data and they have to trust cloud service provider to protect their data and infrastructure from both external and internal attacks. This is especially true with cloud storage services. Nowadays, users rely on cloud storage as it offers cheap and unlimited data storage that is available for use by multiple devices (e.g. smart phones, tablets, notebooks, etc.). Besides famous cloud storage providers, such as Amazon, Google, and Microsoft, more and more third-party cloud storage service providers are emerging. These services are dedicated to offering more accessible and user friendly storage services to cloud customers. Examples of these services include Dropbox, Box.net, Sparkleshare, UbuntuOne or JungleDisk. These cloud storage services deliver a very simple interface on top of the cloud storage provided by storage service providers. File and folder synchronization between different machines, sharing files and folders with other users, file versioning as well as automated backups are the key functionalities of these emerging cloud storage services. Cloud storage services have changed the way users manage and interact with data outsourced to public providers. With these services, multiple subscribers can collaboratively work and share data without concerns about their data consistency, availability and reliability. Although these cloud storage services offer attractive features, many customers have not adopted these services. Since data stored in these services is under the control of service providers resulting in confidentiality and security concerns and risks. Therefore, using cloud storage services for storing valuable data depends mainly on whether the service provider can offer sufficient security and assurance to meet client requirements. From the way most cloud storage services are constructed, we can notice that these storage services do not provide users with sufficient levels of security leading to an inherent risk on users\u27 data from external and internal attacks. These attacks take the form of: data exposure (lack of data confidentiality); data tampering (lack of data integrity); and denial of data (lack of data availability) by third parties on the cloud or by the cloud provider himself. Therefore, the cloud storage services should ensure the data confidentiality in the following state: data in motion (while transmitting over networks), data at rest (when stored at provider\u27s disks). To address the above concerns, confidentiality and access controllability of outsourced data with strong cryptographic guarantee should be maintained. To ensure data confidentiality in public cloud storage services, data should be encrypted data before it is outsourced to these services. Although, users can rely on client side cloud storage services or software encryption tools for encrypting user\u27s data; however, many of these services fail to achieve data confidentiality. Box, for example, does not encrypt user files via SSL and within Box servers. Client side cloud storage services can intentionally/unintentionally disclose user decryption keys to its provider. In addition, some cloud storage services support convergent encryption for encrypting users\u27 data exposing it to “confirmation of a file attack. On the other hand, software encryption tools use full-disk encryption (FDE) which is not feasible for cloud-based file sharing services, because it encrypts the data as virtual hard disks. Although encryption can ensure data confidentiality; however, it fails to achieve fine-grained access control over outsourced data. Since, public cloud storage services are managed by un-trusted cloud service provider, secure and efficient fine-grained access control cannot be realized through these services as these policies are managed by storage services that have full control over the sharing process. Therefore, there is not any guarantee that they will provide good means for efficient and secure sharing and they can also deduce confidential information about the outsourced data and users\u27 personal information. In this work, we would like to improve the currently employed security measures for securing data in cloud store services. To achieve better data confidentiality for data stored in the cloud without relying on cloud service providers (CSPs) or putting any burden on users, in this thesis, we designed a secure cloud storage system framework that simultaneously achieves data confidentiality, fine-grained access control on encrypted data and scalable user revocation. This framework is built on a third part trusted (TTP) service that can be employed either locally on users\u27 machine or premises, or remotely on top of cloud storage services. This service shall encrypts users data before uploading it to the cloud and decrypts it after downloading from the cloud; therefore, it remove the burden of storing, managing and maintaining encryption/decryption keys from data owner\u27s. In addition, this service only retains user\u27s secret key(s) not data. Moreover, to ensure high security for these keys, it stores them on hardware device. Furthermore, this service combines multi-authority ciphertext policy attribute-based encryption (CP-ABE) and attribute-based Signature (ABS) for achieving many-read-many-write fine-grained data access control on storage services. Moreover, it efficiently revokes users\u27 privileges without relying on the data owner for re-encrypting massive amounts of data and re-distributing the new keys to the authorized users. It removes the heavy computation of re-encryption from users and delegates this task to the cloud service provider (CSP) proxy servers. These proxy servers achieve flexible and efficient re-encryption without revealing underlying data to the cloud. In our designed architecture, we addressed the problem of ensuring data confidentiality against cloud and against accesses beyond authorized rights. To resolve these issues, we designed a trusted third party (TTP) service that is in charge of storing data in an encrypted format in the cloud. To improve the efficiency of the designed architecture, the service allows the users to choose the level of severity of the data and according to this level different encryption algorithms are employed. To achieve many-read-many-write fine grained access control, we merge two algorithms (multi-authority ciphertext policy attribute-based encryption (MA- CP-ABE) and attribute-based Signature (ABS)). Moreover, we support two levels of revocation: user and attribute revocation so that we can comply with the collaborative environment. Last but not least, we validate the effectiveness of our design by carrying out a detailed security analysis. This analysis shall prove the correctness of our design in terms of data confidentiality each stage of user interaction with the cloud