Certificateless public auditing with data privacy preserving for cloud-based smart grid data

As the promising next generation power system, smart grid can collect and analyze the grid information in real time, which greatly improves the reliability and efficiency of the grid. However, as smart grid coverage expands, more and more data is being collected. To store and manage the massive amount of smart grid data, the data owners choose to upload the grid data to the cloud for storage and regularly check the integrity of their data. However, traditional public auditing schemes are mostly based on Public Key Infrastructure (PKI) or Identity Based Cryptography (IBC) system, which will lead to complicated certificate management and inherent key escrow problems. We propose a certificateless public auditing scheme for cloud-based smart grid data, which can avoid the above two problems. In order to prevent the disclosure of the private data collected by the smart grid during the phase of auditing, we use the random masking technology to protect data privacy. The security analysis and the performance evaluation show that the proposed scheme is secure and efficient

Secure data storage and retrieval in cloud computing

Nowadays cloud computing has been widely recognised as one of the most inuential information technologies because of its unprecedented advantages. In spite of its widely recognised social and economic benefits, in cloud computing customers lose the direct control of their data and completely rely on the cloud to manage their data and computation, which raises significant security and privacy concerns and is one of the major barriers to the adoption of public cloud by many organisations and individuals. Therefore, it is desirable to apply practical security approaches to address the security risks for the wide adoption of cloud computing

Data auditing and security in cloud computing: issues, challenges and future directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discusse

Data Auditing and Security in Cloud Computing: Issues, Challenges and Future Directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discussed

Trustworthiness in Mobile Cyber Physical Systems

Computing and communication capabilities are increasingly embedded in diverse objects and structures in the physical environment. They will link the ‘cyberworld’ of computing and communications with the physical world. These applications are called cyber physical systems (CPS). Obviously, the increased involvement of real-world entities leads to a greater demand for trustworthy systems. Hence, we use "system trustworthiness" here, which can guarantee continuous service in the presence of internal errors or external attacks. Mobile CPS (MCPS) is a prominent subcategory of CPS in which the physical component has no permanent location. Mobile Internet devices already provide ubiquitous platforms for building novel MCPS applications. The objective of this Special Issue is to contribute to research in modern/future trustworthy MCPS, including design, modeling, simulation, dependability, and so on. It is imperative to address the issues which are critical to their mobility, report significant advances in the underlying science, and discuss the challenges of development and implementation in various applications of MCPS

On the Secure and Resilient Design of Connected Vehicles: Methods and Guidelines

Vehicles have come a long way from being purely mechanical systems to systems that consist of an internal network of more than 100 microcontrollers and systems that communicate with external entities, such as other vehicles, road infrastructure, the manufacturer’s cloud and external applications. This combination of resource constraints, safety-criticality, large attack surface and the fact that millions of people own and use them each day, makes securing vehicles particularly challenging as security practices and methods need to be tailored to meet these requirements.This thesis investigates how security demands should be structured to ease discussions and collaboration between the involved parties and how requirements engineering can be accelerated by introducing generic security requirements. Practitioners are also assisted in choosing appropriate techniques for securing vehicles by identifying and categorising security and resilience techniques suitable for automotive systems. Furthermore, three specific mechanisms for securing automotive systems and providing resilience are designed and evaluated. The first part focuses on cyber security requirements and the identification of suitable techniques based on three different approaches, namely (i) providing a mapping to security levels based on a review of existing security standards and recommendations; (ii) proposing a taxonomy for resilience techniques based on a literature review; and (iii) combining security and resilience techniques to protect automotive assets that have been subject to attacks. The second part presents the design and evaluation of three techniques. First, an extension for an existing freshness mechanism to protect the in-vehicle communication against replay attacks is presented and evaluated. Second, a trust model for Vehicle-to-Vehicle communication is developed with respect to cyber resilience to allow a vehicle to include trust in neighbouring vehicles in its decision-making processes. Third, a framework is presented that enables vehicle manufacturers to protect their fleet by detecting anomalies and security attacks using vehicle trust and the available data in the cloud

From security to assurance in the cloud: a survey

The cloud computing paradigm has become a mainstream solution for the deployment of business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provisioned to tenants (i.e., customers and service providers) on a pay-as-you-go basis. Cloud tenants can use cloud resources at lower prices, and higher performance and flexibility, than traditional on-premises resources, without having to care about infrastructure management. Still, cloud tenants remain concerned with the cloud's level of service and the nonfunctional properties their applications can count on. In the last few years, the research community has been focusing on the nonfunctional aspects of the cloud paradigm, among which cloud security stands out. Several approaches to security have been described and summarized in general surveys on cloud security techniques. The survey in this article focuses on the interface between cloud security and cloud security assurance. First, we provide an overview of the state of the art on cloud security. Then, we introduce the notion of cloud security assurance and analyze its growing impact on cloud security approaches. Finally, we present some recommendations for the development of next-generation cloud security and assurance solutions

Data storage security and privacy in cloud computing: A comprehensive survey

Cloud Computing is a form of distributed computing wherein resources and application platforms are distributed over the Internet through on demand and pay on utilization basis. Data Storage is main feature that cloud data centres are provided to the companies/organizations to preserve huge data. But still few organizations are not ready to use cloud technology due to lack of security. This paper describes the different techniques along with few security challenges, advantages and also disadvantages. It also provides the analysis of data security issues and privacy protection affairs related to cloud computing by preventing data access from unauthorized users, managing sensitive data, providing accuracy and consistency of data store

Secure Remote Storage of Logs with Search Capabilities

Dissertação de Mestrado em Engenharia InformáticaAlong side with the use of cloud-based services, infrastructure and storage, the use of application logs in business critical applications is a standard practice nowadays. Such application logs must be stored in an accessible manner in order to used whenever needed. The debugging of these applications is a common situation where such access is required. Frequently, part of the information contained in logs records is sensitive. This work proposes a new approach of storing critical logs in a cloud-based storage recurring to searchable encryption, inverted indexing and hash chaining techniques to achieve, in a unified way, the needed privacy, integrity and authenticity while maintaining server side searching capabilities by the logs owner. The designed search algorithm enables conjunctive keywords queries plus a fine-grained search supported by field searching and nested queries, which are essential in the referred use case. To the best of our knowledge, the proposed solution is also the first to introduce a query language that enables complex conjunctive keywords and a fine-grained search backed by field searching and sub queries.A gerac¸ ˜ao de logs em aplicac¸ ˜oes e a sua posterior consulta s˜ao fulcrais para o funcionamento de qualquer neg´ocio ou empresa. Estes logs podem ser usados para eventuais ac¸ ˜oes de auditoria, uma vez que estabelecem uma baseline das operac¸ ˜oes realizadas. Servem igualmente o prop´ osito de identificar erros, facilitar ac¸ ˜oes de debugging e diagnosticar bottlennecks de performance. Tipicamente, a maioria da informac¸ ˜ao contida nesses logs ´e considerada sens´ıvel. Quando estes logs s˜ao armazenados in-house, as considerac¸ ˜oes relacionadas com anonimizac¸ ˜ao, confidencialidade e integridade s˜ao geralmente descartadas. Contudo, com o advento das plataformas cloud e a transic¸ ˜ao quer das aplicac¸ ˜oes quer dos seus logs para estes ecossistemas, processos de logging remotos, seguros e confidenciais surgem como um novo desafio. Adicionalmente, regulac¸ ˜ao como a RGPD, imp˜oe que as instituic¸ ˜oes e empresas garantam o armazenamento seguro dos dados. A forma mais comum de garantir a confidencialidade consiste na utilizac¸ ˜ao de t ´ecnicas criptogr ´aficas para cifrar a totalidade dos dados anteriormente `a sua transfer ˆencia para o servidor remoto. Caso sejam necess´ arias capacidades de pesquisa, a abordagem mais simples ´e a transfer ˆencia de todos os dados cifrados para o lado do cliente, que proceder´a `a sua decifra e pesquisa sobre os dados decifrados. Embora esta abordagem garanta a confidencialidade e privacidade dos dados, rapidamente se torna impratic ´avel com o crescimento normal dos registos de log. Adicionalmente, esta abordagem n˜ao faz uso do potencial total que a cloud tem para oferecer. Com base nesta tem´ atica, esta tese prop˜oe o desenvolvimento de uma soluc¸ ˜ao de armazenamento de logs operacionais de forma confidencial, integra e autˆ entica, fazendo uso das capacidades de armazenamento e computac¸ ˜ao das plataformas cloud. Adicionalmente, a possibilidade de pesquisa sobre os dados ´e mantida. Essa pesquisa ´e realizada server-side diretamente sobre os dados cifrados e sem acesso em momento algum a dados n˜ao cifrados por parte do servidor..

Mecanismos dinâmicos de segurança para redes softwarizadas e virtualizadas

The relationship between attackers and defenders has traditionally been asymmetric, with attackers having time as an upper hand to devise an exploit that compromises the defender. The push towards the Cloudification of the world makes matters more challenging, as it lowers the cost of an attack, with a de facto standardization on a set of protocols. The discovery of a vulnerability now has a broader impact on various verticals (business use cases), while previously, some were in a segregated protocol stack requiring independent vulnerability research. Furthermore, defining a perimeter within a cloudified system is non-trivial, whereas before, the dedicated equipment already created a perimeter. This proposal takes the newer technologies of network softwarization and virtualization, both Cloud-enablers, to create new dynamic security mechanisms that address this asymmetric relationship using novel Moving Target Defense (MTD) approaches. The effective use of the exploration space, combined with the reconfiguration capabilities of frameworks like Network Function Virtualization (NFV) and Management and Orchestration (MANO), should allow for adjusting defense levels dynamically to achieve the required security as defined by the currently acceptable risk. The optimization tasks and integration tasks of this thesis explore these concepts. Furthermore, the proposed novel mechanisms were evaluated in real-world use cases, such as 5G networks or other Network Slicing enabled infrastructures.A relação entre atacantes e defensores tem sido tradicionalmente assimétrica, com os atacantes a terem o tempo como vantagem para conceberem uma exploração que comprometa o defensor. O impulso para a Cloudificação do mundo torna a situação mais desafiante, pois reduz o custo de um ataque, com uma padronização de facto sobre um conjunto de protocolos. A descoberta de uma vulnerabilidade tem agora um impacto mais amplo em várias verticais (casos de uso empresarial), enquanto anteriormente, alguns estavam numa pilha de protocolos segregados que exigiam uma investigação independente das suas vulnerabilidades. Além disso, a definição de um perímetro dentro de um sistema Cloud não é trivial, enquanto antes, o equipamento dedicado já criava um perímetro. Esta proposta toma as mais recentes tecnologias de softwarização e virtualização da rede, ambas facilitadoras da Cloud, para criar novos mecanismos dinâmicos de segurança que incidem sobre esta relação assimétrica utilizando novas abordagens de Moving Target Defense (MTD). A utilização eficaz do espaço de exploração, combinada com as capacidades de reconfiguração de frameworks como Network Function Virtualization (NFV) e Management and Orchestration (MANO), deverá permitir ajustar dinamicamente os níveis de defesa para alcançar a segurança necessária, tal como definida pelo risco actualmente aceitável. As tarefas de optimização e de integração desta tese exploram estes conceitos. Além disso, os novos mecanismos propostos foram avaliados em casos de utilização no mundo real, tais como redes 5G ou outras infraestruturas de Network Slicing.Programa Doutoral em Engenharia Informátic