Data security in cloud storage services

Cloud Computing is considered to be the next-generation architecture for ICT where it moves the application software and databases to the centralized large data centers. It aims to offer elastic IT services where clients can benefit from significant cost savings of the pay-per-use model and can easily scale up or down, and do not have to make large investments in new hardware. However, the management of the data and services in this cloud model is under the control of the provider. Consequently, the cloud clients have less control over their outsourced data and they have to trust cloud service provider to protect their data and infrastructure from both external and internal attacks. This is especially true with cloud storage services. Nowadays, users rely on cloud storage as it offers cheap and unlimited data storage that is available for use by multiple devices (e.g. smart phones, tablets, notebooks, etc.). Besides famous cloud storage providers, such as Amazon, Google, and Microsoft, more and more third-party cloud storage service providers are emerging. These services are dedicated to offering more accessible and user friendly storage services to cloud customers. Examples of these services include Dropbox, Box.net, Sparkleshare, UbuntuOne or JungleDisk. These cloud storage services deliver a very simple interface on top of the cloud storage provided by storage service providers. File and folder synchronization between different machines, sharing files and folders with other users, file versioning as well as automated backups are the key functionalities of these emerging cloud storage services. Cloud storage services have changed the way users manage and interact with data outsourced to public providers. With these services, multiple subscribers can collaboratively work and share data without concerns about their data consistency, availability and reliability. Although these cloud storage services offer attractive features, many customers have not adopted these services. Since data stored in these services is under the control of service providers resulting in confidentiality and security concerns and risks. Therefore, using cloud storage services for storing valuable data depends mainly on whether the service provider can offer sufficient security and assurance to meet client requirements. From the way most cloud storage services are constructed, we can notice that these storage services do not provide users with sufficient levels of security leading to an inherent risk on users\u27 data from external and internal attacks. These attacks take the form of: data exposure (lack of data confidentiality); data tampering (lack of data integrity); and denial of data (lack of data availability) by third parties on the cloud or by the cloud provider himself. Therefore, the cloud storage services should ensure the data confidentiality in the following state: data in motion (while transmitting over networks), data at rest (when stored at provider\u27s disks). To address the above concerns, confidentiality and access controllability of outsourced data with strong cryptographic guarantee should be maintained. To ensure data confidentiality in public cloud storage services, data should be encrypted data before it is outsourced to these services. Although, users can rely on client side cloud storage services or software encryption tools for encrypting user\u27s data; however, many of these services fail to achieve data confidentiality. Box, for example, does not encrypt user files via SSL and within Box servers. Client side cloud storage services can intentionally/unintentionally disclose user decryption keys to its provider. In addition, some cloud storage services support convergent encryption for encrypting users\u27 data exposing it to “confirmation of a file attack. On the other hand, software encryption tools use full-disk encryption (FDE) which is not feasible for cloud-based file sharing services, because it encrypts the data as virtual hard disks. Although encryption can ensure data confidentiality; however, it fails to achieve fine-grained access control over outsourced data. Since, public cloud storage services are managed by un-trusted cloud service provider, secure and efficient fine-grained access control cannot be realized through these services as these policies are managed by storage services that have full control over the sharing process. Therefore, there is not any guarantee that they will provide good means for efficient and secure sharing and they can also deduce confidential information about the outsourced data and users\u27 personal information. In this work, we would like to improve the currently employed security measures for securing data in cloud store services. To achieve better data confidentiality for data stored in the cloud without relying on cloud service providers (CSPs) or putting any burden on users, in this thesis, we designed a secure cloud storage system framework that simultaneously achieves data confidentiality, fine-grained access control on encrypted data and scalable user revocation. This framework is built on a third part trusted (TTP) service that can be employed either locally on users\u27 machine or premises, or remotely on top of cloud storage services. This service shall encrypts users data before uploading it to the cloud and decrypts it after downloading from the cloud; therefore, it remove the burden of storing, managing and maintaining encryption/decryption keys from data owner\u27s. In addition, this service only retains user\u27s secret key(s) not data. Moreover, to ensure high security for these keys, it stores them on hardware device. Furthermore, this service combines multi-authority ciphertext policy attribute-based encryption (CP-ABE) and attribute-based Signature (ABS) for achieving many-read-many-write fine-grained data access control on storage services. Moreover, it efficiently revokes users\u27 privileges without relying on the data owner for re-encrypting massive amounts of data and re-distributing the new keys to the authorized users. It removes the heavy computation of re-encryption from users and delegates this task to the cloud service provider (CSP) proxy servers. These proxy servers achieve flexible and efficient re-encryption without revealing underlying data to the cloud. In our designed architecture, we addressed the problem of ensuring data confidentiality against cloud and against accesses beyond authorized rights. To resolve these issues, we designed a trusted third party (TTP) service that is in charge of storing data in an encrypted format in the cloud. To improve the efficiency of the designed architecture, the service allows the users to choose the level of severity of the data and according to this level different encryption algorithms are employed. To achieve many-read-many-write fine grained access control, we merge two algorithms (multi-authority ciphertext policy attribute-based encryption (MA- CP-ABE) and attribute-based Signature (ABS)). Moreover, we support two levels of revocation: user and attribute revocation so that we can comply with the collaborative environment. Last but not least, we validate the effectiveness of our design by carrying out a detailed security analysis. This analysis shall prove the correctness of our design in terms of data confidentiality each stage of user interaction with the cloud

A Task Offloading Framework for Energy Saving on Mobile Devices using Cloud Computing

Over the last decade, mobile devices have become popular among people, and their number is ever growing because of the computing functionality they offer beyond primary voice communication. However, mobile devices are unable to accommodate most of the computing demand as long as they suffer the limited energy supply caused by the capacity of their small battery to store only a relatively small amount of energy. The literature describes several specialist techniques proposed in academia and industry that save the mobile device energy and solve this problem to some extent but not satisfactorily. Task offloading from mobile devices to cloud computing is a promising technique for tackling the problem especially with the emergence of high-speed wireless networks and the ubiquitous resources from the cloud computing. Since task offloading is in its nascent age, it lacks evaluation and development in-depth studies. In this dissertation, we proposed an offloading framework to make task offloading possible to save energy for mobile devices. We achieved a great deal of progress toward developing a realistic offloading framework. First, we examined the feasibility of exploiting the offloading technique to save mobile device energy using the cloud as the place to execute the task instead of executing it on the mobile device. Our evaluation study reveals that the offloading does not always save energy; in cases where the energy for the computation is less than the energy for communication no energy is saved. Therefore, the need for the offloading decision is vital to make the offloading beneficial. Second, we developed mathematical models for the energy consumption of a mobile device and its applications. These models were then used to develop mathematical models that estimate the energy consumption on the networking and the computing activities at the application level. We modelled the energy consumption of the networking activity for the Transmission Control Protocol (TCP) over Wireless Local Area Network (WLAN), the Third Generation (3G), and the Fourth Generation (4G) of mobile telecommunication networks. Furthermore, we modelled the energy consumption of the computing activity for the mobile multi-core Central Processing Unit (CPU) and storage unit. Third, we identified and classified the system parameters affecting the offloading decision and built our offloading framework based on them. In addition, we implemented and validated the proposed framework experimentally using a real mobile device, cloud, and application. The experimental results reveal that task offloading is beneficial for mobile devices given that in some cases it saves more than 70% of the energy required to execute a task. Additionally, our energy models accurately estimate the energy consumption for the networking and computing activities. This accuracy allows the offloading framework to make the correct decision as to whether or not offloading a given task saves energy. Our framework is built to be applicable to modern mobile devices and expandable by considering all system parameters that have impact on the offloading decision. In fact, the experimental validation proves that our framework is practical to real life scenarios. This framework gives researchers in the field useful tools to design energy efficient offloading systems for the coming years when the offloading will be common.4 month