Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

PRE+: dual of proxy re-encryption for secure cloud data sharing service

With the rapid development of very large, diverse, complex, and distributed datasets generated from internet transactions, emails, videos, business information systems, manufacturing industry, sensors and internet of things etc., cloud and big data computation have emerged as a cornerstone of modern applications. Indeed, on the one hand, cloud and big data applications are becoming a main driver for economic growth. On the other hand, cloud and big data techniques may threaten people and enterprises’ privacy and security due to ever increasing exposure of their data to massive access. In this paper, aiming at providing secure cloud data sharing services in cloud storage, we propose a scalable and controllable cloud data sharing framework for cloud users (called: Scanf). To this end, we introduce a new cryptographic primitive, namely, PRE+, which can be seen as the dual of traditional proxy re-encryption (PRE) primitive. All the traditional PRE schemes until now require the delegator (or the delegator and the delegatee cooperatively) to generate the re-encryption keys. We observe that this is not the only way to generate the re-encryption keys, the encrypter also has the ability to generate re-encryption keys. Based on this observation, we construct a new PRE+ scheme, which is almost the same as the traditional PRE scheme except the re-encryption keys generated by the encrypter. Compared with PRE, our PRE+ scheme can easily achieve the non-transferable property and message-level based fine-grained delegation. Thus our Scanf framework based on PRE+ can also achieve these two properties, which is very important for users of cloud storage sharing service. We also roughly evaluate our PRE+ scheme’s performance and the results show that our scheme is efficient and practica for cloud data storage applications.Peer ReviewedPostprint (author's final draft

Controlled secure social cloud data sharing based on a novel identity based proxy re-encryption plus scheme

Currently we are witnessing a rapid integration of social networks and cloud computing, especially on storing social media contents on cloud storage due to its cheap management and easy accessing at any time and from any place. However, how to securely store and share social media contents such as pictures/videos among social groups is still a very challenging problem. In this paper, we try to tackle this problem by using a new cryptographic primitive: identity based proxy re-encryption plus (IBPRE ), which is a variant of proxy re-encryption (PRE). In PRE, by using re-encryption keys, a ciphertext computed for Alice can be transferred to a new one for Bob. Recently, the concept of PRE plus (PRE) was introduced by Wang et al. In PRE, all the algorithms are almost the same as traditional PRE, except the re-encryption keys are generated by the encrypter instead of the delegator. The message-level based fine-grained delegation property and the weak non-transferable property can be easily achieved by PRE , while traditional PRE cannot achieve them. Based on the 3-linear map, we first propose a new IBE scheme and a new IBPRE scheme, we prove the security of these schemes and give the properties and performance analysis of the new IBPRE scheme. Finally, we propose a new framework based on this new primitive for secure cloud social data sharingPeer ReviewedPostprint (author's final draft

Data Service Outsourcing and Privacy Protection in Mobile Internet

Mobile Internet data have the characteristics of large scale, variety of patterns, and complex association. On the one hand, it needs efficient data processing model to provide support for data services, and on the other hand, it needs certain computing resources to provide data security services. Due to the limited resources of mobile terminals, it is impossible to complete large-scale data computation and storage. However, outsourcing to third parties may cause some risks in user privacy protection. This monography focuses on key technologies of data service outsourcing and privacy protection, including the existing methods of data analysis and processing, the fine-grained data access control through effective user privacy protection mechanism, and the data sharing in the mobile Internet

PRTA: a Proxy Re-encryption based Trusted Authorization Scheme for Nodes on CloudIoT

In CloudIoT platform, the data is collected and shared by different nodes of Internet of Things(IoT), and data is processed and stored based on cloud servers. It has increased the abilities of IoT on information computation. Meanwhile, it also has enriched the resource in cloud and improved integration of the Internet and human world. All of this offer advantages as well as the new challenges of information security and privacy protection. As the energy limitation of the nodes in IoT, they are particularly vulnerable. It is much easier to hijack the nodes than to attack the data center for hackers. Thus, it is a crucial and urgent issue to realize the trusted update of authorization of nodes. When some nodes are hijacked, both of the behaviors to upload data to servers and to download information from servers should be forbidden. Otherwise, it might cause the serious damage to the sensitive data and privacy of servers. In order to solve this problem, we proposed a Proxy Re-encryption based Trusted Authorization scheme for nodes on CloudIoT(PRTA). PRTA is based on the proxy re-encryption (PRE), and the cloud server will play the roles of data storing and re-encrypting, which would reach the full potential of cloud computing and reduce the cost of nodes. The node’s status is taken as one of the parameters for data re-encryption and it is under the authorization servers’ control, which could ensure the security and reliability of the data and be beneficial for the privacy protection in CloudIoT. Also, the authorization servers are divided into the downloading and uploading kinds, which will make the application range much wider

Intelligent conditional collaborative private data sharing

With the advent of distributed systems, secure and privacy-preserving data sharing between different entities (individuals or organizations) becomes a challenging issue. There are several real-world scenarios in which different entities are willing to share their private data only under certain circumstances, such as sharing the system logs when there is indications of cyber attack in order to provide cyber threat intelligence. Therefore, over the past few years, several researchers proposed solutions for collaborative data sharing, mostly based on existing cryptographic algorithms. However, the existing approaches are not appropriate for conditional data sharing, i.e., sharing the data if and only if a pre-defined condition is satisfied due to the occurrence of an event. Moreover, in case the existing solutions are used in conditional data sharing scenarios, the shared secret will be revealed to all parties and re-keying process is necessary. In this work, in order to address the aforementioned challenges, we propose, a “conditional collaborative private data sharing” protocol based on Identity-Based Encryption and Threshold Secret Sharing schemes. In our proposed approach, the condition based on which the encrypted data will be revealed to the collaborating parties (or a central entity) could be of two types: (i) threshold, or (ii) pre-defined policy. Supported by thorough analytical and experimental analysis, we show the effectiveness and performance of our proposal

PROXY RE-ENCRYPTION SCHEMES FOR SECURE CLOUD DATA AND APPLICATIONS: A SURVEY

This paper shows an overview on Proxy re-encryption procedures concerning secure cloud information and its application. To keep delicate client information secret against untrusted servers, crypto-realistic strategies are utilized to give security and access control in mists. As the information is shared over the system, it is should have been encoded. There are numerous encryption conspires that give security and access control over the network.Proxy re-encryption empowers the semi-confided in intermediary server to re-scramble the figure content encoded under Alice's open key to another ciphertext en-crypted under Bob's open key. The re-encryption is finished without the server having the capacity to decode the ciphertext.Cloud administrations and applications ought to take after the standard safety efforts in-cluding information secrecy, integrity,privacy, power and access control.In this paper the intermediary re-encryption(PRE) plans, Con-ditional PRE,Identity based PRE and Broadcast PRE,Type based PRE, Key private PRE,Attribute based PRE,Threshold PRE and its part in anchoring the cloud information are clarified