Secure Data Sharing in Cloud Computing: A Comprehensive Review

Cloud Computing is an emerging technology, which relies on sharing computing resources. Sharing of data in the group is not secure as the cloud provider cannot be trusted. The fundamental difficulties in distributed computing of cloud suppliers is Data Security, Sharing, Resource scheduling and Energy consumption. Key-Aggregate cryptosystem used to secure private/public data in the cloud. This key is consistent size aggregate for adaptable decisions of ciphertext in cloud storage. Virtual Machines (VMs) provisioning is effectively empowered the cloud suppliers to effectively use their accessible resources and get higher benefits. The most effective method to share information resources among the individuals from the group in distributed storage is secure, flexible and efficient. Any data stored in different cloud data centers are corrupted, recovery using regenerative coding. Security is provided many techniques like Forward security, backward security, Key-Aggregate cryptosystem, Encryption and Re-encryption etc. The energy is reduced using Energy-Efficient Virtual Machines Scheduling in Multi-Tenant Data Centers

Secure data sharing in cloud computing: a comprehensive review

Cloud Computing is an emerging technology, which relies on sharing computing resources. Sharing of data in the group is not secure as the cloud provider cannot be trusted. The fundamental difficulties in distributed computing of cloud suppliers is Data Security, Sharing, Resource scheduling and Energy consumption. Key-Aggregate cryptosystem used to secure private/public data in the cloud. This key is consistent size aggregate for adaptable decisions of ciphertext in cloud storage. Virtual Machines (VMs) provisioning is effectively empowered the cloud suppliers to effectively use their accessible resources and get higher benefits. The most effective method to share information resources among the individuals from the group in distributed storage is secure, flexible and efficient. Any data stored in different cloud data centers are corrupted, recovery using regenerative coding. Security is provided many techniques like Forward security, backward security, Key-Aggregate cryptosystem, Encryption and Re-encryption etc. The energy is reduced using Energy-Efficient Virtual Machines Scheduling in Multi-Tenant Data Centers

Extending the Exposure Score of Web Browsers by Incorporating CVSS

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Yet its content differs from one browser to another. Despite the privacy and security risks of User-Agent strings, very few works have tackled this problem. Our previous work proposed giving Internet browsers exposure relative scores to aid users to choose less intrusive ones. Thus, the objective of this work is to extend our previous work through: first, conducting a user study to identify its limitations. Second, extending the exposure score via incorporating data from the NVD. Third, providing a full implementation, instead of a limited prototype. The proposed system: assigns scores to users’ browsers upon visiting our website. It also suggests alternative safe browsers, and finally it allows updating the back-end database with a click of a button. We applied our method to a data set of more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available here [4].</p

BALANCING PRIVACY, PRECISION AND PERFORMANCE IN DISTRIBUTED SYSTEMS

Privacy, Precision, and Performance (3Ps) are three fundamental design objectives in distributed systems. However, these properties tend to compete with one another and are not considered absolute properties or functions. They must be defined and justified in terms of a system, its resources, stakeholder concerns, and the security threat model. To date, distributed systems research has only considered the trade-offs of balancing privacy, precision, and performance in a pairwise fashion. However, this dissertation formally explores the space of trade-offs among all 3Ps by examining three representative classes of distributed systems, namely Wireless Sensor Networks (WSNs), cloud systems, and Data Stream Management Systems (DSMSs). These representative systems support large part of the modern and mission-critical distributed systems. WSNs are real-time systems characterized by unreliable network interconnections and highly constrained computational and power resources. The dissertation proposes a privacy-preserving in-network aggregation protocol for WSNs demonstrating that the 3Ps could be navigated by adopting the appropriate algorithms and cryptographic techniques that are not prohibitively expensive. Next, the dissertation highlights the privacy and precision issues that arise in cloud databases due to the eventual consistency models of the cloud. To address these issues, consistency enforcement techniques across cloud servers are proposed and the trade-offs between 3Ps are discussed to help guide cloud database users on how to balance these properties. Lastly, the 3Ps properties are examined in DSMSs which are characterized by high volumes of unbounded input data streams and strict real-time processing constraints. Within this system, the 3Ps are balanced through a proposed simple and efficient technique that applies access control policies over shared operator networks to achieve privacy and precision without sacrificing the systems performance. Despite that in this dissertation, it was shown that, with the right set of protocols and algorithms, the desirable 3P properties can co-exist in a balanced way in well-established distributed systems, this dissertation is promoting the use of the new 3Ps-by-design concept. This concept is meant to encourage distributed systems designers to proactively consider the interplay among the 3Ps from the initial stages of the systems design lifecycle rather than identifying them as add-on properties to systems

Enhanced Security and Privacy for Blockchain-enabled Electronic Medical Records in eHealth.

PhD Theses.Electronic medical records (EMRs) as part of an eHealth system are vital assets centrally managed by medical institutions and used to maintain up to date patients' medical histories. Such centralised management of EMRs may result in an increased risk of EMR damage or loss to medical institutions. In addition, it is di cult to monitor and control who can access their EMRs and for what reasons as eHealth may increasingly involve the use of IoT devices such as eHealth wearables and distributed networks. Blockchain is proposed as a promising method applied to support distributed data storage to maintain and share EMRs using its inherent immutability (forgery resistance). However, the original blockchain design cannot restrict unauthenticated or unauthorised data access for use as part of EMR management. Therefore, two novel authorisation schemes to enhance the security and privacy of blockchain use for EMRs are proposed in this work. The rst one can omit the agent layer (gateway) to authorise users' access to blockchain-enabled EMRs with block level gran- ularity, whilst maintaining compatibility with the underlying Blockchain data structure. Then, an improved scheme is proposed to implement multiple levels of granularity autho- risation, whilst supporting exible data queries. This scheme dispenses with the need to use a public key infrastructure (PKI) in authorisation and hence reduces the resource cost of computation and communication. Furthermore, to realise privacy preservation during authorisation, a challenge-response anonymous authorisation is proposed that avoids the disclosure of users' credentials when authorising data access requests. Compared with the baseline schemes, the proposed authorisation schemes can decrease the time consumption of computation and data transmission and reduce the transmitted data size so that they can be used in low-resource IoT devices applied to blockchain- enabled EMRs as demonstrated in performance experiments. In addition, theoretical i validations of correctness demonstrate that the proposed authorisation schemes work correctly

Cryptographic techniques for privacy and access control in cloud-based applications

Digitization is one of the key challenges for today’s industries and society. It affects more and more business areas and also user data and, in particular, sensitive information. Due to its sensitivity, it is important to treat personal information as secure and private as possible yet enabling cloud-based software to use that information when requested by the user. In this thesis, we focus on the privacy-preserving outsourcing and sharing of data, the querying of outsourced protected data, and the usage of personal information as an access control mechanism for rating platforms, which should be protected from coercion attacks. In those three categories, we present cryptographic techniques and protocols that push the state of the art. In particular, we first present multi-client oblivious RAM (ORAM), which augments standard ORAM with selective data sharing through access control, confidentiality, and integrity. Second, we investigate on recent work in frequency-hiding order-preserving encryption and show that the state of the art misses rigorous treatment, allowing for simple attacks against the security of the existing scheme. As a remedy, we show how to fix the security definition and that the existing scheme, slightly adapted, fulfills it. Finally, we design and develop a coercion-resistant rating platform. Coercion-resistance has been dealt with mainly in the context of electronic voting yet also affects other areas of digital life such as rating platforms.Die Digitalisierung ist eine der größten Herausforderungen für Industrie und Gesellschaft. Neben vielen Geschäftsbereichen betrifft diese auch, insbesondere sensible, Nutzerdaten. Daher sollten persönliche Informationen so gut wie möglich gesichert werden. Zugleich brauchen Cloud-basierte Software-Anwendungen, die der Nutzer verwenden möchte, Zugang zu diesen Daten. Diese Dissertation fokussiert sich auf das sichere Auslagern und Teilen von Daten unter Wahrung der Privatsphäre, auf das Abfragen von geschützten, ausgelagerten Daten und auf die Nutzung persönlicher Informationen als Zugangsberechtigung für erpressungsresistente Bewertungsplattformen. Zu diesen drei Themen präsentieren wir kryptographische Techniken und Protokolle, die den Stand der Technik voran treiben. Der erste Teil stellt Multi-Client Oblivious RAM (ORAM) vor, das ORAM durch die Möglichkeit, Daten unter Wahrung von Vertraulichkeit und Integrität mit anderen Nutzern zu teilen, erweitert. Der zweite Teil befasst sich mit Freuquency-hiding Order-preserving Encryption. Wir zeigen, dass dem Stand der Technik eine formale Betrachtung fehlt, was zu Angriffen führt. Um Abhilfe zu schaffen, verbessern wir die Sicherheitsdefinition und beweisen, dass das existierende Verschlüsselungsschema diese durch minimale Änderung erfüllt. Abschließend entwickeln wir ein erpressungsresistentes Bewertungsportal. Erpressungsresistenz wurde bisher hauptsächlich im Kontext von elektronischen Wahlen betrachtet

Trustworthy Federated Learning: A Survey

Federated Learning (FL) has emerged as a significant advancement in the field of Artificial Intelligence (AI), enabling collaborative model training across distributed devices while maintaining data privacy. As the importance of FL increases, addressing trustworthiness issues in its various aspects becomes crucial. In this survey, we provide an extensive overview of the current state of Trustworthy FL, exploring existing solutions and well-defined pillars relevant to Trustworthy . Despite the growth in literature on trustworthy centralized Machine Learning (ML)/Deep Learning (DL), further efforts are necessary to identify trustworthiness pillars and evaluation metrics specific to FL models, as well as to develop solutions for computing trustworthiness levels. We propose a taxonomy that encompasses three main pillars: Interpretability, Fairness, and Security & Privacy. Each pillar represents a dimension of trust, further broken down into different notions. Our survey covers trustworthiness challenges at every level in FL settings. We present a comprehensive architecture of Trustworthy FL, addressing the fundamental principles underlying the concept, and offer an in-depth analysis of trust assessment mechanisms. In conclusion, we identify key research challenges related to every aspect of Trustworthy FL and suggest future research directions. This comprehensive survey serves as a valuable resource for researchers and practitioners working on the development and implementation of Trustworthy FL systems, contributing to a more secure and reliable AI landscape.Comment: 45 Pages, 8 Figures, 9 Table

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed