Security Enhancement in Cloud Environment using Secure Secret Key Sharing

Securing the data in distributed cloud system is considered one of the major concern for the cloud customers who faces security risks. The data leakage or data tampering are widely used by attackers to extract the private information of other users who shares the confidential data through virtualization. This paper presents Secure Secret Sharing (SSS) technique which is being recognized as one of the leading method to secure the sensitive data. It shares encrypted data over cloud and generated secret key is split into different parts distributed to qualified participants (Qn) only which is analyzed by malicious checkers. It verifies the clients based on their previous performances, whether these users proved to be authorized participant or not. The key computation is evaluated by the Key handler (KH) called trusted party which manages authorized control list, encryption/decryption and reconstruction of key shares. The Lagrange’s interpolation method is used to reconstruct the secret from shares. The experimental results shows that the proposed secure data sharing algorithm not only provides excellent security and performance, but also achieves better key management and data confidentiality than previous countermeasures. It improves the security by using secure VM placement and evaluated based on time consumption and probability computation to prove the efficacy of our algorithm. Experiments are performed on cloudsim based on following parameters i.e. time computation of key generation; response time and encryption/decryption. The experimental results demonstrate that this method can effectively reduce the risks and improves the security and time consumption up to 27.81% and 43.61% over existing algorithms

Ideal Tightly Couple (t,m,n) Secret Sharing

As a fundamental cryptographic tool, (t,n)-threshold secret sharing ((t,n)-SS) divides a secret among n shareholders and requires at least t, (t<=n), of them to reconstruct the secret. Ideal (t,n)-SSs are most desirable in security and efficiency among basic (t,n)-SSs. However, an adversary, even without any valid share, may mount Illegal Participant (IP) attack or t/2-Private Channel Cracking (t/2-PCC) attack to obtain the secret in most (t,n)-SSs.To secure ideal (t,n)-SSs against the 2 attacks, 1) the paper introduces the notion of Ideal Tightly cOupled (t,m,n) Secret Sharing (or (t,m,n)-ITOSS ) to thwart IP attack without Verifiable SS; (t,m,n)-ITOSS binds all m, (m>=t), participants into a tightly coupled group and requires all participants to be legal shareholders before recovering the secret. 2) As an example, the paper presents a polynomial-based (t,m,n)-ITOSS scheme, in which the proposed k-round Random Number Selection (RNS) guarantees that adversaries have to crack at least symmetrical private channels among participants before obtaining the secret. Therefore, k-round RNS enhances the robustness of (t,m,n)-ITOSS against t/2-PCC attack to the utmost. 3) The paper finally presents a generalized method of converting an ideal (t,n)-SS into a (t,m,n)-ITOSS, which helps an ideal (t,n)-SS substantially improve the robustness against the above 2 attacks

Explicit Wiretap Channel Codes via Source Coding, Universal Hashing, and Distribution Approximation, When the Channels' Statistics are Uncertain

We consider wiretap channels with uncertainty on the eavesdropper channel under (i) noisy blockwise type II, (ii) compound, or (iii) arbitrarily varying models. We present explicit wiretap codes that can handle these models in a unified manner and only rely on three primitives, namely source coding with side information, universal hashing, and distribution approximation. Our explicit wiretap codes achieve the best known single-letter achievable rates, previously obtained non-constructively, for the models considered. Our results are obtained for strong secrecy, do not require a pre-shared secret between the legitimate users, and do not require any symmetry properties on the channel. An extension of our results to compound main channels is also derived via new capacity-achieving polar coding schemes for compound settings.Comment: 16 pages, two-column, 3 figures, accepted to IEEE Transactions on Information Forensics and Securit