A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

Development of Novel Encryption for Secured Data Sharing

In cloud storage the data sharing is important one. Key-aggregate cryptosystem produce constant size cipher text . That is very efficient delegation rights of decryption for any set of cipher text are possible. Any set of secret keys can be aggregated and make them as single key, which groups all the key by making it a aggregate key. This aggregate key can be sent to the others for decryption of cipher text set and remaining .Encrypted files outside the set are remains confidential. Cloud storage could provide secured data sharin

Privacy-preserving security solution for cloud services

AbstractWe propose a novel privacy-preserving security solution for cloud services. Our solution is based on an efficient non-bilinear group signature scheme providing the anonymous access to cloud services and shared storage servers. The novel solution offers anonymous authenticationfor registered users. Thus, users' personal attributes (age, valid registration, successful payment) can be proven without revealing users' identity, and users can use cloud services without any threat of profiling their behavior. However, if a user breaks provider's rules, his access right is revoked. Our solution provides anonymous access, unlinkability and the confidentiality of transmitted data. We implement our solution as a proof of concept applicationand present the experimental results. Further, we analyzecurrent privacy preserving solutions for cloud services and group signature schemes as basic parts of privacy enhancing solutions in cloud services. We compare the performance of our solution with the related solutionsand schemes

A Cryptographic Solution to the Predefind Bound of Ciphertext Classes in KAC

In Cloud Computingsecure data sharing is an important functionality. Cloud computing is the storing of data online which is accessible from multiple and connected resources. It is the fastest growing field in computer world which serves various services to users. Using Cloud Storage, users can remotely store their data and enjoy the on-demand high quality applications and services. This paper attempts to show how data is shared among cloud users securely, efficiently, and flexibly. On cloud anyone can share data as much they want to i.e. only selected content can be shared. With cryptography users can share the data to others in safe way. So that user encrypts data and upload it on cloud server. The proposed algorithm uses a new cryptosystem that is called as Key Aggregate Cryptosystem (KAC)[1] which generates a single key for multiple files. In particular, it uses a public key encryption which releases aggregate key for set of secret keys. With this aggregate key others can decrypt ciphertext set and remaining encrypted files outside the set are remains confidential

Efficient Security Solution for Privacy Cloud Services

In this paper, we exhibit a novel protection protecting security answer for cloud services. We manage client nameless access to cloud benefits and imparted stockpiling servers. Our answer furnishes enlisted clients with unacknowledged access to cloud services. Our answer offers unacknowledged verification. This implies that clients' close to home qualities (age, legitimate enrollment, fruitful installment) can be demonstrated without uncovering clients' character. Accordingly, clients can utilize services without any risk of profiling their conduct. Then again, if clients break supplier's tenets, their right to gain entrance rights are renounced. We dissect current security safeguarding answers for cloud services and layout our answer in light of cutting edge cryptographic segments. Our answer offers nameless access, unlinkability and the privacy of transmitted information. Also, we execute our answer and we yield the trial comes about and look at the execution with related arrangements

Cloud Forensics Investigation: Tracing Infringing Sharing of Copyrighted Content in Cloud

Cloud Computing is becoming a significant technology trend nowadays, but its abrupt rise also creates a brand new front for cybercrime investigation with various challenges. One of the challenges is to track down infringing sharing of copyrighted content in cloud. To solve this problem, we study a typical type of content sharing technologies in cloud computing, analyze the challenges that the new technologies bring to forensics, formalize a procedure to get digital evidences and obtain analytical results based on the evidences to track down illegal uploader. Furthermore, we propose a reasoning model based on the probability distribution in a Bayesian Network to evaluate the analytical result of forensics examinations. The proposed method can accurately and scientifically track down the origin infringing content uploader and owner. Keywords: cloud forensics, peer to peer, file sharing, tracking, CloudFron

A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Cloud Storage

Abstract: The Data sharing is an important functionality in cloud storage. In this article, we show how to securely, efficiently, and flexibly share data with others in cloud storage. We describe new public-key cryptosystems which produce constant-size ciphertexts such that efficient delegation of decryption rights for any set of ciphertexts are possible. The novelty is that one can aggregate any set of secret keys and make them as compact as a single key, but encompassing the power of all the keys being aggregated. In other words, the secret key holder can release a constant-size aggregate key for flexible choices of ciphertext set in cloud storage, but the other encrypted files outside the set remain confidential. This compact aggregate key can be conveniently sent to others or be stored in a smart card with very limited secure storage. We provide formal security analysis of our schemes in the standard model. We also describe other application of our schemes. In particular, our schemes give the first public-key patient controlled encryption for flexible hierarchy, which was yet to be known

Privacy-preserving controls for sharing mHealth data

Mobile devices allow people to collect and share health and health-related information with recipients such as health providers, family and friends, employers and insurance companies, to obtain health, emotional or financial benefits. People may consider certain health information sensitive and prefer to disclose only what is necessary. In this dissertation, we present our findings about factors that affect people’s sharing behavior, describe scenarios in which people may wish to collect and share their personal health-related information with others, but may be hesitant to disclose the information if necessary controls are not available to protect their privacy, and propose frameworks to provide the desired privacy controls. We introduce the concept of close encounters that allow users to share data with other people who may have been in spatio-temporal proximity. We developed two smartphone-based systems that leverage stationary sensors and beacons to determine whether users are in spatio-temporal proximity. The first system, ENACT, allows patients diagnosed with a contagious airborne disease to alert others retrospectively about their possible exposure to airborne virus. The second system, SPICE, allows users to collect sensor information, retrospectively, from others with whom they shared a close encounter. We present design and implementation of the two systems, analyse their security and privacy guarantees, and evaluate the systems on various performance metrics. Finally, we evaluate how Bluetooth beacons and Wi-Fi access points can be used in support of these systems for close encounters, and present our experiences and findings from a deployment study on Dartmouth campus

Comparative Study of Public-key cryptosystems in Cloud Storage

Cloud storage is a service model in which data is maintained, managed and backed up remotely and made available to users over a network (typically the Internet). Cloud storage can provide the benefits of greater accessibility and reliability. In cloud storage different members can share that data through different virtual machines but present on single physical machine. But the thing is user don’t have physical control over the outsourced data. As a result there is a need of effective method to share data securely among different users. This can be achieved using cryptography, which helps in encrypting the data to be stored in cloud storage to protect against unauthorized access. Here we introduce a public-key cryptosystem which produce ciphertexts of constant size such a way that an systematic assignment of decryption virtue for any number of ciphertexts are possible. The modernity is that one can combine a set of secret keys and make them as mini single key with holding the same ability of all the keys that are formed in each group. This compact aggregate key can be efficiently sent to others or to be stored in a smart card with little secure storage. DOI: 10.17762/ijritcc2321-8169.150314

New Security Definitions, Constructions and Applications of Proxy Re-Encryption

La externalización de la gestión de la información es una práctica cada vez más común, siendo la computación en la nube (en inglés, cloud computing) el paradigma más representativo. Sin embargo, este enfoque genera también preocupación con respecto a la seguridad y privacidad debido a la inherente pérdida del control sobre los datos. Las soluciones tradicionales, principalmente basadas en la aplicación de políticas y estrategias de control de acceso, solo reducen el problema a una cuestión de confianza, que puede romperse fácilmente por los proveedores de servicio, tanto de forma accidental como intencionada. Por lo tanto, proteger la información externalizada, y al mismo tiempo, reducir la confianza que es necesario establecer con los proveedores de servicio, se convierte en un objetivo inmediato. Las soluciones basadas en criptografía son un mecanismo crucial de cara a este fin. Esta tesis está dedicada al estudio de un criptosistema llamado recifrado delegado (en inglés, proxy re-encryption), que constituye una solución práctica a este problema, tanto desde el punto de vista funcional como de eficiencia. El recifrado delegado es un tipo de cifrado de clave pública que permite delegar en una entidad la capacidad de transformar textos cifrados de una clave pública a otra, sin que pueda obtener ninguna información sobre el mensaje subyacente. Desde un punto de vista funcional, el recifrado delegado puede verse como un medio de delegación segura de acceso a información cifrada, por lo que representa un candidato natural para construir mecanismos de control de acceso criptográficos. Aparte de esto, este tipo de cifrado es, en sí mismo, de gran interés teórico, ya que sus definiciones de seguridad deben balancear al mismo tiempo la seguridad de los textos cifrados con la posibilidad de transformarlos mediante el recifrado, lo que supone una estimulante dicotomía. Las contribuciones de esta tesis siguen un enfoque transversal, ya que van desde las propias definiciones de seguridad del recifrado delegado, hasta los detalles específicos de potenciales aplicaciones, pasando por construcciones concretas