Co-Check: Collaborative Outsourced Data Auditing in Multicloud Environment

With the increasing demand for ubiquitous connectivity, wireless technology has significantly improved our daily lives. Meanwhile, together with cloud-computing technology (e.g., cloud storage services and big data processing), new wireless networking technology becomes the foundation infrastructure of emerging communication networks. Particularly, cloud storage has been widely used in services, such as data outsourcing and resource sharing, among the heterogeneous wireless environments because of its convenience, low cost, and flexibility. However, users/clients lose the physical control of their data after outsourcing. Consequently, ensuring the integrity of the outsourced data becomes an important security requirement of cloud storage applications. In this paper, we present Co-Check, a collaborative multicloud data integrity audition scheme, which is based on BLS (Boneh-Lynn-Shacham) signature and homomorphic tags. According to the proposed scheme, clients can audit their outsourced data in a one-round challenge-response interaction with low performance overhead. Our scheme also supports dynamic data maintenance. The theoretical analysis and experiment results illustrate that our scheme is provably secure and efficient

Methodology to obtain the security controls in multi-cloud applications

What controls should be used to ensure adequate security level during operation is a non-trivial subject in complex software systems and applications. The problem becomes even more challenging when the application uses multiple cloud services which security measures are beyond the control of the application provider. In this paper, a methodology that enables the identification of the best security controls for multicloud applications which components are deployed in heterogeneous cloud providers is presented. The methodology is based on application decomposition and modelling of threats over the components, followed by the analysis of the risks together with the capture of cloud business and security requirements. The methodology has been applied in the MUSA EU H2020 project use cases as the first step for building up the multi-cloud applications’ security-aware Service Level Agreements (SLA). The identified security controls will be included in the applications’ SLAs for their monitoring and fulfilment assurance at operation.European Commission's H202

An extensive research survey on data integrity and deduplication towards privacy in cloud storage

Owing to the highly distributed nature of the cloud storage system, it is one of the challenging tasks to incorporate a higher degree of security towards the vulnerable data. Apart from various security concerns, data privacy is still one of the unsolved problems in this regards. The prime reason is that existing approaches of data privacy doesn't offer data integrity and secure data deduplication process at the same time, which is highly essential to ensure a higher degree of resistance against all form of dynamic threats over cloud and internet systems. Therefore, data integrity, as well as data deduplication is such associated phenomena which influence data privacy. Therefore, this manuscript discusses the explicit research contribution toward data integrity, data privacy, and data deduplication. The manuscript also contributes towards highlighting the potential open research issues followed by a discussion of the possible future direction of work towards addressing the existing problems

A Scheme for Verification on Data Integrity in Mobile Multicloud Computing Environment

In order to verify the data integrity in mobile multicloud computing environment, a MMCDIV (mobile multicloud data integrity verification) scheme is proposed. First, the computability and nondegeneracy of verification can be obtained by adopting BLS (Boneh-Lynn-Shacham) short signature scheme. Second, communication overhead is reduced based on HVR (Homomorphic Verifiable Response) with random masking and sMHT (sequence-enforced Merkle hash tree) construction. Finally, considering the resource constraints of mobile devices, data integrity is verified by lightweight computing and low data transmission. The scheme improves shortage that mobile device communication and computing power are limited, it supports dynamic data operation in mobile multicloud environment, and data integrity can be verified without using direct source file block. Experimental results also demonstrate that this scheme can achieve a lower cost of computing and communications

Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage

This is the author accepted manuscript. The final version is available from the publisher via the DOI in this record.Remote data integrity checking (RDIC) enables a data storage server, such as a cloud server, to prove to a verifier that it is actually storing a data owner’s data honestly. To date, a number of RDIC protocols have been proposed in the literature, but almost all the constructions suffer from the issue of a complex key management, that is, they rely on the expensive public key infrastructure (PKI), which might hinder the deployment of RDIC in practice. In this paper, we propose a new construction of identity-based (ID-based) RDIC protocol by making use of key-homomorphic cryptographic primitive to reduce the system complexity and the cost for establishing and managing the public key authentication framework in PKI based RDIC schemes. We formalize ID-based RDIC and its security model including security against a malicious cloud server and zero knowledge privacy against a third party verifier. We then provide a concrete construction of ID-based RDIC scheme which leaks no information of the stored files to the verifier during the RDIC process. The new construction is proven secure against the malicious server in the generic group model and achieves zero knowledge privacy against a verifier. Extensive security analysis and implementation results demonstrate that the proposed new protocol is provably secure and practical in the real-world applications.This work is supported by the National Natural Science Foundation of China (61501333,61300213,61272436,61472083), Fok Ying Tung Education Foundation (141065), Program for New Century Excellent Talents in Fujian University (JA1406

Fuzzy identity-based data integrity auditing for reliable cloud storage systems

This is the author accepted manuscript. The final version is available from the publisher via the DOI in this record.As a core security issue in reliable cloud storage, data integrity has received much attention. Data auditing protocols enable a verifier to efficiently check the integrity of the outsourced data without downloading the data. A key research challenge associated with existing designs of data auditing protocols is the complexity in key management. In this paper, we seek to address the complex key management challenge in cloud data integrity checking by introducing fuzzy identity-based auditing-the first in such an approach, to the best of our knowledge. More specifically, we present the primitive of fuzzy identity-based data auditing, where a user’s identity can be viewed as a set of descriptive attributes. We formalize the system model and the security model for this new primitive. We then present a concrete construction of fuzzy identity-based auditing protocol by utilizing biometrics as the fuzzy identity. The new protocol offers the property of error-tolerance, namely, it binds private key to one identity which can be used to verify the correctness of a response generated with another identity, if and only if both identities are sufficiently close. We prove the security of our protocol based on the computational Diffie-Hellman assumption and the discrete logarithm assumption in the selective-ID security model. Finally, we develop a prototype implementation of the protocol which demonstrates the practicality of the proposal.This work is supported by the National Natural Science Foundation of China (61501333,61300213,61272436,61472083), the Fundamental Research Funds for the Central Universities under Grant ZYGX2015J05

Multifactor Authentication Key Management System based Security Model Using Effective Handover Tunnel with IPV6

In the current modern world, the way of life style is being completely changed due to the emerging technologies which are reflected in treating the patients too. As there is a tremendous growth in population, the existing e-Healthcare methods are not efficient enough to deal with numerous medical data. There is a delay in caring of patient health as communication networks are poor in quality and moreover smart medical resources are lacking and hence severe causes are experienced in the health of patient. However, authentication is considered as a major challenge ensuring that the illegal participants are not permitted to access the medical data present in cloud. To provide security, the authentication factors required are smart card, password and biometrics. Several approaches based on these are authentication factors are presented for e-Health clouds so far. But mostly serious security defects are experienced with these protocols and even the computation and communication overheads are high. Thus, keeping in mind all these challenges, a novel Multifactor Key management-based authentication by Tunnel IPv6 (MKMA- TIPv6) protocol is introduced for e-Health cloud which prevents main attacks like user anonymity, guessing offline password, impersonation, and stealing smart cards. From the analysis, it is proved that this protocol is effective than the existing ones such as Pair Hand (PH), Linear Combination Authentication Protocol (LCAP), Robust Elliptic Curve Cryptography-based Three factor Authentication (RECCTA) in terms storage cost, Encryption time, Decryption time, computation cost, energy consumption and speed. Hence, the proposed MKMA- TIPv6 achieves 35bits of storage cost, 60sec of encryption time, 50sec decryption time, 45sec computational cost, 50% of energy consumption and 80% speed

Data Auditing and Security in Cloud Computing: Issues, Challenges and Future Directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discussed

Data auditing and security in cloud computing: issues, challenges and future directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discusse