5 research outputs found
Treasure Island Security framework : A Generic Security Framework for public clouds
In this thesis we introduce a generic security framework for public clouds called Treasure Island Security framework that is designed to address the issues related to cloud computing security and specifically key-management in untrusted domains. Nowadays many cloud structure and services are provided but as an inevitable concomitant to these new products, security issues increase rapidly. Availability, integrity of data, lack of trust, confidentiality as well as security issues are also of great importance to cloud computing users; they may be more skeptical of the cloud services when they feel that they might lose the control over their data or the structures that the cloud provided for them.   Because of deferred control of data from customers to cloud providers and unknown number of third parties in between, it is almost impossible to apply traditional security methods. We present our security framework, with distributed key and sequential addressing in a simple abstract mode with a master server and adequate number of chunk servers. We assume a fixed chunk size model for large files and sequentially distribution file system with 4 separated key to decrypt/encrypt file. After reviewing the process, we analyze the Distributed Key and Sequentially Addressing Distributed file system and it's Security Risk Model. The focus of this thesis is on increasing security in untrusted domain especially in the cloud key management in public cloud. We discuss cryptographic approaches in key-management and suggest a novel cryptographic method for public cloud's key-management system based on forward-secure public key encryption, which supports a non-interactive publicly verifiable secret sharing scheme through a tree access structure. We believe that Treasure Island Security Framework can provide an increased secure environment in untrusted domains, like public cloud, in which users can securely reconstruct their secret-keys (e.g. lost passphrases). Finally, we discuss the advantages and benefits of Cloud Computing Security Framework with Distributed Key and Sequentially Addressing Distributed file system and cryptographic approaches and how it helps to improve the security levels in cloud systems.  M.S
Recommended from our members
Strong Mobile Device Protection from Loss and Capture
Assistive environments employ multiple types of devices to monitor human actions and identify critical events for physical safety. Some of the devices must be wireless in order to be nonintrusive. This introduces the problem of authenticating these devices and building secure communication channels among them. The traditional way is to assign a private key to a device for digital identification. In this paper, we present an approach to protect the private key by introducing a third party and bilaterally and proactively generating a random number to refresh key shares based on Bellare and Miner's forward secure signature scheme. This improves the resilient mediated RSA solution because the entire private key is also updated periodically. In this way, if an attacker steals one key share, he only can use it for a limited period of time because it will be obsolete immediately after the next refresh operation. Even if he compromises both key shares simultaneously, the digital signatures generated by previous private keys are still secure. Our scheme is proven to be intrusion resilient based on the CDH assumption in the random oracle model. The construction is also quite efficient
Recommended from our members
Strong Mobile Device Protection from Loss and Capture
Assistive environments employ multiple types of devices to monitor human actions and identify critical events for physical safety. Some of the devices must be wireless in order to be nonintrusive. This introduces the problem of authenticating these devices and building secure communication channels among them. The traditional way is to assign a private key to a device for digital identification. In this paper, we present an approach to protect the private key by introducing a third party and bilaterally and proactively generating a random number to refresh key shares based on Bellare and Miner's forward secure signature scheme. This improves the resilient mediated RSA solution because the entire private key is also updated periodically. In this way, if an attacker steals one key share, he only can use it for a limited period of time because it will be obsolete immediately after the next refresh operation. Even if he compromises both key shares simultaneously, the digital signatures generated by previous private keys are still secure. Our scheme is proven to be intrusion resilient based on the CDH assumption in the random oracle model. The construction is also quite efficient