State of The Art and Hot Aspects in Cloud Data Storage Security

Along with the evolution of cloud computing and cloud storage towards matu- rity, researchers have analyzed an increasing range of cloud computing security aspects, data security being an important topic in this area. In this paper, we examine the state of the art in cloud storage security through an overview of selected peer reviewed publications. We address the question of defining cloud storage security and its different aspects, as well as enumerate the main vec- tors of attack on cloud storage. The reviewed papers present techniques for key management and controlled disclosure of encrypted data in cloud storage, while novel ideas regarding secure operations on encrypted data and methods for pro- tection of data in fully virtualized environments provide a glimpse of the toolbox available for securing cloud storage. Finally, new challenges such as emergent government regulation call for solutions to problems that did not receive enough attention in earlier stages of cloud computing, such as for example geographical location of data. The methods presented in the papers selected for this review represent only a small fraction of the wide research effort within cloud storage security. Nevertheless, they serve as an indication of the diversity of problems that are being addressed

BMSQABSE: Design of a Bioinspired Model to Improve Security & QoS Performance for Blockchain-Powered Attribute-based Searchable Encryption Applications

Attribute-based searchable encryption (ABSE) is a sub-field of security models that allow intensive searching capabilities for cloud-based shared storage applications. ABSE Models require higher computational power, which limits their application to high-performance computing devices. Moreover, ABSE uses linear secret sharing scheme (LSSS), which requires larger storage when compared with traditional encryption models. To reduce computational complexity, and optimize storage cost, various researchers have proposed use of Machine Learning Models (MLMs), that assist in identification & removal of storage & computational redundancies. But most of these models use static reconfiguration, thus cannot be applied to large-scale deployments. To overcome this limitation, a novel combination of Grey Wolf Optimization (GWO) with Particle Swarm Optimization (PSO) model to improve Security & QoS performance for Blockchain-powered Attribute-based Searchable Encryption deployments is proposed in this text. The proposed model augments ABSE parameters to reduce its complexity and improve QoS performance under different real-time user request scenarios. It intelligently selects cyclic source groups with prime order & generator values to create bilinear maps that are used for ABSE operations. The PSO Model assists in generation of initial cyclic population, and verifies its security levels, QoS levels, and deployment costs under multiple real-time cloud scenarios. Based on this initial analysis, the GWO Model continuously tunes ABSE parameters in order to achieve better QoS & security performance levels via stochastic operations. The proposed BMSQABSE model was tested under different cloud configurations, and its performance was evaluated for healthcare deployments. Based on this evaluation, it was observed that the proposed model achieved 8.3% lower delay, with 4.9% lower energy consumption, 14.5% lower storage requirements when compared with standard ABSE models. It was able to mitigate Distributed Denial of Service (DDoS), Masquerading, Finney, and Sybil attacks, which assists in deploying the proposed model for QoS-aware highly secure deployments

Data Auditing and Security in Cloud Computing: Issues, Challenges and Future Directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discussed

Data auditing and security in cloud computing: issues, challenges and future directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discusse

Data security in cloud storage services

Cloud Computing is considered to be the next-generation architecture for ICT where it moves the application software and databases to the centralized large data centers. It aims to offer elastic IT services where clients can benefit from significant cost savings of the pay-per-use model and can easily scale up or down, and do not have to make large investments in new hardware. However, the management of the data and services in this cloud model is under the control of the provider. Consequently, the cloud clients have less control over their outsourced data and they have to trust cloud service provider to protect their data and infrastructure from both external and internal attacks. This is especially true with cloud storage services. Nowadays, users rely on cloud storage as it offers cheap and unlimited data storage that is available for use by multiple devices (e.g. smart phones, tablets, notebooks, etc.). Besides famous cloud storage providers, such as Amazon, Google, and Microsoft, more and more third-party cloud storage service providers are emerging. These services are dedicated to offering more accessible and user friendly storage services to cloud customers. Examples of these services include Dropbox, Box.net, Sparkleshare, UbuntuOne or JungleDisk. These cloud storage services deliver a very simple interface on top of the cloud storage provided by storage service providers. File and folder synchronization between different machines, sharing files and folders with other users, file versioning as well as automated backups are the key functionalities of these emerging cloud storage services. Cloud storage services have changed the way users manage and interact with data outsourced to public providers. With these services, multiple subscribers can collaboratively work and share data without concerns about their data consistency, availability and reliability. Although these cloud storage services offer attractive features, many customers have not adopted these services. Since data stored in these services is under the control of service providers resulting in confidentiality and security concerns and risks. Therefore, using cloud storage services for storing valuable data depends mainly on whether the service provider can offer sufficient security and assurance to meet client requirements. From the way most cloud storage services are constructed, we can notice that these storage services do not provide users with sufficient levels of security leading to an inherent risk on users\u27 data from external and internal attacks. These attacks take the form of: data exposure (lack of data confidentiality); data tampering (lack of data integrity); and denial of data (lack of data availability) by third parties on the cloud or by the cloud provider himself. Therefore, the cloud storage services should ensure the data confidentiality in the following state: data in motion (while transmitting over networks), data at rest (when stored at provider\u27s disks). To address the above concerns, confidentiality and access controllability of outsourced data with strong cryptographic guarantee should be maintained. To ensure data confidentiality in public cloud storage services, data should be encrypted data before it is outsourced to these services. Although, users can rely on client side cloud storage services or software encryption tools for encrypting user\u27s data; however, many of these services fail to achieve data confidentiality. Box, for example, does not encrypt user files via SSL and within Box servers. Client side cloud storage services can intentionally/unintentionally disclose user decryption keys to its provider. In addition, some cloud storage services support convergent encryption for encrypting users\u27 data exposing it to “confirmation of a file attack. On the other hand, software encryption tools use full-disk encryption (FDE) which is not feasible for cloud-based file sharing services, because it encrypts the data as virtual hard disks. Although encryption can ensure data confidentiality; however, it fails to achieve fine-grained access control over outsourced data. Since, public cloud storage services are managed by un-trusted cloud service provider, secure and efficient fine-grained access control cannot be realized through these services as these policies are managed by storage services that have full control over the sharing process. Therefore, there is not any guarantee that they will provide good means for efficient and secure sharing and they can also deduce confidential information about the outsourced data and users\u27 personal information. In this work, we would like to improve the currently employed security measures for securing data in cloud store services. To achieve better data confidentiality for data stored in the cloud without relying on cloud service providers (CSPs) or putting any burden on users, in this thesis, we designed a secure cloud storage system framework that simultaneously achieves data confidentiality, fine-grained access control on encrypted data and scalable user revocation. This framework is built on a third part trusted (TTP) service that can be employed either locally on users\u27 machine or premises, or remotely on top of cloud storage services. This service shall encrypts users data before uploading it to the cloud and decrypts it after downloading from the cloud; therefore, it remove the burden of storing, managing and maintaining encryption/decryption keys from data owner\u27s. In addition, this service only retains user\u27s secret key(s) not data. Moreover, to ensure high security for these keys, it stores them on hardware device. Furthermore, this service combines multi-authority ciphertext policy attribute-based encryption (CP-ABE) and attribute-based Signature (ABS) for achieving many-read-many-write fine-grained data access control on storage services. Moreover, it efficiently revokes users\u27 privileges without relying on the data owner for re-encrypting massive amounts of data and re-distributing the new keys to the authorized users. It removes the heavy computation of re-encryption from users and delegates this task to the cloud service provider (CSP) proxy servers. These proxy servers achieve flexible and efficient re-encryption without revealing underlying data to the cloud. In our designed architecture, we addressed the problem of ensuring data confidentiality against cloud and against accesses beyond authorized rights. To resolve these issues, we designed a trusted third party (TTP) service that is in charge of storing data in an encrypted format in the cloud. To improve the efficiency of the designed architecture, the service allows the users to choose the level of severity of the data and according to this level different encryption algorithms are employed. To achieve many-read-many-write fine grained access control, we merge two algorithms (multi-authority ciphertext policy attribute-based encryption (MA- CP-ABE) and attribute-based Signature (ABS)). Moreover, we support two levels of revocation: user and attribute revocation so that we can comply with the collaborative environment. Last but not least, we validate the effectiveness of our design by carrying out a detailed security analysis. This analysis shall prove the correctness of our design in terms of data confidentiality each stage of user interaction with the cloud

Secure Data Sharing in Cloud Computing: A Comprehensive Review

Cloud Computing is an emerging technology, which relies on sharing computing resources. Sharing of data in the group is not secure as the cloud provider cannot be trusted. The fundamental difficulties in distributed computing of cloud suppliers is Data Security, Sharing, Resource scheduling and Energy consumption. Key-Aggregate cryptosystem used to secure private/public data in the cloud. This key is consistent size aggregate for adaptable decisions of ciphertext in cloud storage. Virtual Machines (VMs) provisioning is effectively empowered the cloud suppliers to effectively use their accessible resources and get higher benefits. The most effective method to share information resources among the individuals from the group in distributed storage is secure, flexible and efficient. Any data stored in different cloud data centers are corrupted, recovery using regenerative coding. Security is provided many techniques like Forward security, backward security, Key-Aggregate cryptosystem, Encryption and Re-encryption etc. The energy is reduced using Energy-Efficient Virtual Machines Scheduling in Multi-Tenant Data Centers

Secure data sharing in cloud computing: a comprehensive review

Cloud Computing is an emerging technology, which relies on sharing computing resources. Sharing of data in the group is not secure as the cloud provider cannot be trusted. The fundamental difficulties in distributed computing of cloud suppliers is Data Security, Sharing, Resource scheduling and Energy consumption. Key-Aggregate cryptosystem used to secure private/public data in the cloud. This key is consistent size aggregate for adaptable decisions of ciphertext in cloud storage. Virtual Machines (VMs) provisioning is effectively empowered the cloud suppliers to effectively use their accessible resources and get higher benefits. The most effective method to share information resources among the individuals from the group in distributed storage is secure, flexible and efficient. Any data stored in different cloud data centers are corrupted, recovery using regenerative coding. Security is provided many techniques like Forward security, backward security, Key-Aggregate cryptosystem, Encryption and Re-encryption etc. The energy is reduced using Energy-Efficient Virtual Machines Scheduling in Multi-Tenant Data Centers

Privacy Preserving Enforcement of Sensitive Policies in Outsourced and Distributed Environments

The enforcement of sensitive policies in untrusted environments is still an open challenge for policy-based systems. On the one hand, taking any appropriate security decision requires access to these policies. On the other hand, if such access is allowed in an untrusted environment then confidential information might be leaked by the policies. The key challenge is how to enforce sensitive policies and protect content in untrusted environments. In the context of untrusted environments, we mainly distinguish between outsourced and distributed environments. The most attractive paradigms concerning outsourced and distributed environments are cloud computing and opportunistic networks, respectively. In this dissertation, we present the design, technical and implementation details of our proposed policy-based access control mechanisms for untrusted environments. First of all, we provide full confidentiality of access policies in outsourced environments, where service providers do not learn private information about policies. We support expressive policies and take into account contextual information. The system entities do not share any encryption keys. For complex user management, we offer the full-fledged Role-Based Access Control (RBAC) policies. In opportunistic networks, we protect content by specifying expressive policies. In our proposed approach, brokers match subscriptions against policies associated with content without compromising privacy of subscribers. As a result, unauthorised brokers neither gain access to content nor learn policies and authorised nodes gain access only if they satisfy policies specified by publishers. Our proposed system provides scalable key management in which loosely-coupled publishers and subscribers communicate without any prior contact. Finally, we have developed a prototype of the system that runs on real smartphones and analysed its performance.Comment: Ph.D. Dissertation. http://eprints-phd.biblio.unitn.it/1124