Authentication Protocol for Cloud Databases Using Blockchain Mechanism

Cloud computing has made the software development process fast and flexible but on the other hand it has contributed to increasing security attacks. Employees who manage the data in cloud companies may face insider attack, affecting their reputation. They have the advantage of accessing the user data by interacting with the authentication mechanism. The primary aim of this research paper is to provide a novel secure authentication mechanism by using Blockchain technology for cloud databases. Blockchain makes it difficult to change user login credentials details in the user authentication process by an insider. The insider is not able to access the user authentication data due to the distributed ledger-based authentication scheme. Activity of insider can be traced and cannot be changed. Both insider and outsider user’s are authenticated using individual IDs and signatures. Furthermore, the user access control on the cloud database is also authenticated. The algorithm and theorem of the proposed mechanism have been given to demonstrate the applicability and correctness.The proposed mechanism is tested on the Scyther formal system tool against denial of service, impersonation, offline guessing, and no replay attacks. Scyther results show that the proposed methodology is secure cum robust

Survey of Data Confidentiality and Privacy in the Cloud Computing Environment

The objective of this research is to develop a scheme for improving cloud data confidentiality. A considerable number of people are sharing data through third-party applications in the cloud computing environment. According to reviewed literature, it has been realized that data security and privacy were the key challenges to the wider adoption of cloud services with insider threats being the most prevalent. Similarly, our online survey indicated that 53.3% of the respondents citing insider breaches as the main threat to their organizational data. The survey also confirmed that data security and privacy is one of the greatest barriers to the adoption of cloud services in their organization. Noting the flaws of Attribute-Based Encryption (ABE) and Identity-based encryption (IBE), and with the growth of computing power, applications are constantly being developed which makes them vulnerable to attacks. Since data confidentiality is essential in the provision of information security in the cloud, this paper suggested the development and the deployment of a hybrid attribute-based re-encryption scheme, which is a scheme that bridges the ABE and IBE, to secure data in the cloud computing environment. Keywords: Encryption, Cloud Computing, Data, confidentiality, Privacy DOI: 10.7176/CEIS/11-5-03 Publication date:September 30th 2020

Context-Aware Access Control Model for Cloud Computing

In view of malicious insider attacks on cloud computing environments, a new Context-Aware Access Control Model for cloud computing (CAACM) was presented. According to the characteristic of cloud computing, we take spatial state, temporal state and platform trust level as context. The model establishes mechanisms of authorization from cloud management role to objects, which enables dynamic activation of role permission by associating cloud management role with context. It also achieves fine-grained access control on cloud objects by supervising the permission of management role in full life cycle. Moreover, it introduces the concept of exclusive managerial role, which extends access control from static protection on resources to dynamic authorization on managerial roles. Further, it describes the approach of role permission activation systematically. CAACM formally proves to be safe and it lays the groundwork for the deployment of CAACM in cloud computing systems

Improved Integrity and Confidentiality by Arresting Intrusion and Insider Attacks in Public Cloud Environments

When we focus on Could Computing domain in connection to data as a service sophisticated techniques are been adopted to deal but security parameter became a crucial point to focus in order to contribute effective data services thus makes us to emphasize on privacy preserving techniques that improves  reliability. Intruder attacks have to be handled to order build tractability to data facilitators over public clouds, so that your privacy is our priority policy could be deployed effectively. To solve the problem of insider attacks on the cloud environment, we propose a novel technique to safeguard the data within the virtual machines. In the cloud environment, the machine which will have all the virtual machines is called a host machine. Hypervisor is software which will run the virtual machines. The hypervisor in general encrypts the virtual machines data and upon request in providing appropriate credentials the hypervisor decrypts the virtual machine data and makes it available to the users of public cloud. In this project we propose a novel technique in which the hypervisor keeps the cloud data in encrypted format along with the virtual machine. We elaborate this technique using a medical scenario in which the doctors and patients share data on the cloud. Thus, using this technique, the cloud infrastructure resources and data within them are protected from insider attacks. We have proposed a novel mechanism in which the virtual machines and their data on the cloud server can be safeguarded for data privacy and confidentiality with the help of hypervisors to encrypt the virtual machines data and decrypt them for the authorized people of a public cloud. We demonstrated this using medical scenario in which a patient can upload his health information in encrypted format to the cloud server. The doctor can view this health information and suggest required medicines. An insider such as an un-trusted cloud service administrator can try to modify or steal this information but that gets recorded and would be available for the cloud service provider for stringent actions

An Improved Methodology for Information Repetition in Cloud with Authorization and Security

Cloud computing is the fastest growing technology in order to providing secure, reliable and fastest storage medium. Some of the examples of cloud computing is Google drive, Sandbox etc. These mediums provide the accessibility of data anywhere in the world. To address data repetition is one of the novel techniques. Repetition helps to remove and prevent from having duplicate copies of same data. Though repetition has several benefits it adds concerns related to privacy and security of users as it can lead to insider or outsider attacks. Achieving repetition along with data security in cloud environment makes it more critical problem to solve. Objective of this paper on Optima Authorized Data Repetition in Cloud is to mention the proposed system and analysis of repetition techniques and optimal authorization measures for security along with repetition technique in cloud environmen

Security and Privacy Issues in Cloud Storage

Even with the vast potential that cloud computing has, so far, it has not been adopted by the consumers with the enthusiasm and pace that it be worthy; this is a very reason statement why consumers still hesitated of using cloud computing for their sensitive data and the threats that prevent the consumers from shifting to use cloud computing in general and cloud storage in particular. The cloud computing inherits the traditional potential security and privacy threats besides its own issues due to its unique structures. Some threats related to cloud computing are the insider malicious attacks from the employees that even sometime the provider unconscious about, the lack of transparency of agreement between consumer and provider, data loss, traffic hijacking, shared technology and insecure application interface. Such threats need remedies to make the consumer use its features in secure way. In this review, we spot the light on the most security and privacy issues which can be attributed as gaps that sometimes the consumers or even the enterprises are not aware of. We also define the parties that involve in scenario of cloud computing that also may attack the entire cloud systems. We also show the consequences of these threats

Insider threat : memory confidentiality and integrity in the cloud

PhD ThesisThe advantages of always available services, such as remote device backup or data storage, have helped the widespread adoption of cloud computing. However, cloud computing services challenge the traditional boundary between trusted inside and untrusted outside. A consumer’s data and applications are no longer in premises, fundamentally changing the scope of an insider threat. This thesis looks at the security risks associated with an insider threat. Specifically, we look into the critical challenge of assuring data confidentiality and integrity for the execution of arbitrary software in a consumer’s virtual machine. The problem arises from having multiple virtual machines sharing hardware resources in the same physical host, while an administrator is granted elevated privileges over such host. We used an empirical approach to collect evidence of the existence of this security problem and implemented a prototype of a novel prevention mechanism for such a problem. Finally, we propose a trustworthy cloud architecture which uses the security properties our prevention mechanism guarantees as a building block. To collect the evidence required to demonstrate how an insider threat can become a security problem to a cloud computing infrastructure, we performed a set of attacks targeting the three most commonly used virtualization software solutions. These attacks attempt to compromise data confidentiality and integrity of cloud consumers’ data. The prototype to evaluate our novel prevention mechanism was implemented in the Xen hypervisor and tested against known attacks. The prototype we implemented focuses on applying restrictions to the permissive memory access model currently in use in the most relevant virtualization software solutions. We envision the use of a mandatory memory access control model in the virtualization software. This model enforces the principle of least privilege to memory access, which means cloud administrators are assigned with only enough privileges to successfully perform their administrative tasks. Although the changes we suggest to the virtualization layer make it more restrictive, our solution is versatile enough to port all the functionality available in current virtualization viii solutions. Therefore, our trustworthy cloud architecture guarantees data confidentiality and integrity and achieves a more transparent trustworthy cloud ecosystem while preserving functionality. Our results show that a malicious insider can compromise security sensitive data in the three most important commercial virtualization software solutions. These virtualization solutions are publicly available and the number of cloud servers using these solutions accounts for the majority of the virtualization market. The prevention mechanism prototype we designed and implemented guarantees data confidentiality and integrity against such attacks and reduces the trusted computing base of the virtualization layer. These results indicate how current virtualization solutions need to reconsider their view on insider threats

Securing Cloud Data: An Enhanced Approach through Attribute-Based Access Control Mechanism

Cloud computing is considered one of the most dominant paradigms in the Information Technology (IT) industry these days. It offers new cost-effective services on-demand such as Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). However, with all of these services promising facilities and benefits, there are still a number of challenges associated with utilizing cloud computing such as data security, abuse of cloud services, malicious insider and cyber-attacks. Among all security requirements of cloud computing, access control is one of the fundamental requirements in order to avoid unauthorized access to systems and protect organizations assets. Although, various access control models and policies have been developed such as Attribute based Access Control (ABAC) and Role Based Access Control (RBAC) for different environments, these models may not fulfil cloud’s access control requirements. In this paper, an enhanced attribute-based access control based on strategy mechanism is proposed by introducing a strategy for providing access control to the users in the cloud environment

Cloud Computing Security Framework - Privacy Security

Cloud computing is an emerging style of IT delivery that intends to make the Internet the ultimate home of all computing resources- storage, computations, and accessibility. It has an important aspect for the companies and organization to build and deploy their infrastructure and application. It changed the IT roadmap essential from service seeking infrastructure to infrastructure seeking services. It holds the promise of helping organizations because of its performance, high availability, least cost and many others. But the promise of the cloud cannot be fulfilled until IT professionals have more confidence in the security and safety of the cloud. Data Storage service in the cloud computing is easy as compare to the other data storage services. At the same time, cloud security in the cloud environment is challenging task. Security issues such as service availability, massive traffic handling, application security and authentication, ranging from missing system configuration, lack of proper updates, or unwise user actions from remote data storage. It can expose user’s private data and information to unwanted access. It consider to be biggest problem in a cloud computing. The focus of this research consist on the secure cloud framework and to define a methodology for cloud that will protect user’s data and highly important information from malicious insider as well as outsider attacks by using Kerberos, and LDAP identification