2,502 research outputs found
Secure Cloud Storage with Client-Side Encryption Using a Trusted Execution Environment
With the evolution of computer systems, the amount of sensitive data to be
stored as well as the number of threats on these data grow up, making the data
confidentiality increasingly important to computer users. Currently, with
devices always connected to the Internet, the use of cloud data storage
services has become practical and common, allowing quick access to such data
wherever the user is. Such practicality brings with it a concern, precisely the
confidentiality of the data which is delivered to third parties for storage. In
the home environment, disk encryption tools have gained special attention from
users, being used on personal computers and also having native options in some
smartphone operating systems. The present work uses the data sealing, feature
provided by the Intel Software Guard Extensions (Intel SGX) technology, for
file encryption. A virtual file system is created in which applications can
store their data, keeping the security guarantees provided by the Intel SGX
technology, before send the data to a storage provider. This way, even if the
storage provider is compromised, the data are safe. To validate the proposal,
the Cryptomator software, which is a free client-side encryption tool for cloud
files, was integrated with an Intel SGX application (enclave) for data sealing.
The results demonstrate that the solution is feasible, in terms of performance
and security, and can be expanded and refined for practical use and integration
with cloud synchronization services
Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials
Personal cryptographic keys are the foundation of many secure services, but
storing these keys securely is a challenge, especially if they are used from
multiple devices. Storing keys in a centralized location, like an
Internet-accessible server, raises serious security concerns (e.g. server
compromise). Hardware-based Trusted Execution Environments (TEEs) are a
well-known solution for protecting sensitive data in untrusted environments,
and are now becoming available on commodity server platforms.
Although the idea of protecting keys using a server-side TEE is
straight-forward, in this paper we validate this approach and show that it
enables new desirable functionality. We describe the design, implementation,
and evaluation of a TEE-based Cloud Key Store (CKS), an online service for
securely generating, storing, and using personal cryptographic keys. Using
remote attestation, users receive strong assurance about the behaviour of the
CKS, and can authenticate themselves using passwords while avoiding typical
risks of password-based authentication like password theft or phishing. In
addition, this design allows users to i) define policy-based access controls
for keys; ii) delegate keys to other CKS users for a specified time and/or a
limited number of uses; and iii) audit all key usages via a secure audit log.
We have implemented a proof of concept CKS using Intel SGX and integrated this
into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation
performs approximately 6,000 signature operations per second on a single
desktop PC. The latency is in the same order of magnitude as using
locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on
Security, Privacy, and Identity Management in the Cloud (SECPID) 201
An extensive research survey on data integrity and deduplication towards privacy in cloud storage
Owing to the highly distributed nature of the cloud storage system, it is one of the challenging tasks to incorporate a higher degree of security towards the vulnerable data. Apart from various security concerns, data privacy is still one of the unsolved problems in this regards. The prime reason is that existing approaches of data privacy doesn't offer data integrity and secure data deduplication process at the same time, which is highly essential to ensure a higher degree of resistance against all form of dynamic threats over cloud and internet systems. Therefore, data integrity, as well as data deduplication is such associated phenomena which influence data privacy. Therefore, this manuscript discusses the explicit research contribution toward data integrity, data privacy, and data deduplication. The manuscript also contributes towards highlighting the potential open research issues followed by a discussion of the possible future direction of work towards addressing the existing problems
Protecting Information Stored Inside the Cloud with A New CCA-EBO Protocol Designed on Hive Technology
Massively scalable facilities may be accessed online with ease due to "Cloud Computing (CC)". The CC resources are primarily characterized by the fact that "Cloud User (CU)" information is often kept on "Cloud Server (CS)" that the CU doesn't even possess or control. The CUs' apprehension about the loss of management of their information may lead to a substantial roadblock in their acceptance of CC offerings. In an attempt to highlight the effectiveness of CC security, the "Cloud Service Providers (CSP)" need to empower the CU to control and evaluate their data. The focus of this research chooses to highlight a key aspect of CC platforms employed to handle CU information on unrecognized CSs at remote locations. Concerns about compromising personal information arise from this feature's importance. In this research, a novel swarm-based "Enhanced BAT Optimization (EBO)" for key generating in "Cloud Computing Accountability (CCA)" for CC information tracking is proposed to solve security issues. Generally, this proposed hybrid CCA-EBO architecture is based on the idea of data accountability, which enables dispersed end-to-end responsibility. The information is made available to the general public, although with a limited set of permissions. The "Cloud Administrator (CA)" would specify the level of access each CU has to the data before it is made available to them. All CU accesses to data are recorded and will be found in a log file for CA to review. According to evaluation methods for the proposed CCA-EBO, existing "Hybrid Secure Cloud Storage (HSCS)", and "Advanced Distribution Verification Protocol (ADVP)", the CCA-EBO provides more security than HSCS, and ADVP in terms of "Auditing Time", "Encryption Time", "Decryption Time", and "Storage Overhead"
Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage
This is the author accepted manuscript. The final version is available from the publisher via the DOI in this record.Remote data integrity checking (RDIC) enables a
data storage server, such as a cloud server, to prove to a
verifier that it is actually storing a data ownerâs data honestly.
To date, a number of RDIC protocols have been proposed in
the literature, but almost all the constructions suffer from the
issue of a complex key management, that is, they rely on the
expensive public key infrastructure (PKI), which might hinder
the deployment of RDIC in practice. In this paper, we propose
a new construction of identity-based (ID-based) RDIC protocol
by making use of key-homomorphic cryptographic primitive
to reduce the system complexity and the cost for establishing
and managing the public key authentication framework in PKI
based RDIC schemes. We formalize ID-based RDIC and its
security model including security against a malicious cloud server
and zero knowledge privacy against a third party verifier. We
then provide a concrete construction of ID-based RDIC scheme
which leaks no information of the stored files to the verifier
during the RDIC process. The new construction is proven secure
against the malicious server in the generic group model and
achieves zero knowledge privacy against a verifier. Extensive
security analysis and implementation results demonstrate that
the proposed new protocol is provably secure and practical in
the real-world applications.This work is supported by
the National Natural Science Foundation of China
(61501333,61300213,61272436,61472083), Fok Ying Tung
Education Foundation (141065), Program for New Century
Excellent Talents in Fujian University (JA1406
Recommended from our members
Cyberattacks and security of cloud computing: a complete guideline
Cloud computing is an innovative technique that offers shared resources for stock cache and server management. Cloud computing saves time and monitoring costs for any organization and turns technological solutions for large-scale systems into server-to-service frameworks. However, just like any other technology, cloud computing opens up many forms of security threats and problems. In this work, we focus on discussing different cloud models and cloud services, respectively. Next, we discuss the security trends in the cloud models. Taking these security trends into account, we move to security problems, including data breaches, data confidentiality, data access controllability, authentication, inadequate diligence, phishing, key exposure, auditing, privacy preservability, and cloud-assisted IoT applications. We then propose security attacks and countermeasures specifically for the different cloud models based on the security trends and problems. In the end, we pinpoint some of the futuristic directions and implications relevant to the security of cloud models. The future directions will help researchers in academia and industry work toward cloud computing security
A Scheduling Genetic Algorithm For Real-Time Data Freshness And Cloud Data Security Over Keywords Searching
Cloud storage services allow customers to ingress data stored from any device at any time. The growth of the Internet helps the number of users who need to access online databases without a deep understanding of the schema or query. The languages have risen dramatically, allowing users to search secured data and retrieve desired data from cloud storage using keywords. On the other hand, there are fundamental difficulties such as security, which must be provided to secure user'spersonal information. A hybrid scheduling genetic algorithm (SGA) is proposed in this research. SGA technique enhances the security level and provides data freshness. For evaluation and comparison, parameters such as execution time throughputs are used. According to experimental results, the proposed technique ensures the security of user data from unauthorized parties. Furthermore, SGA is strong and more effective when compared to a set of parameters to the existing algorithm like Data Encryption Standard (DES), Blowfish, and AdvancedEncryption Standard (AES)
Certificateless public auditing with data privacy preserving for cloud-based smart grid data
As the promising next generation power system, smart grid can collect and analyze the grid information in real time, which greatly improves the reliability and efficiency of the grid. However, as smart grid coverage expands, more and more data is being collected. To store and manage the massive amount of smart grid data, the data owners choose to upload the grid data to the cloud for storage and regularly check the integrity of their data. However, traditional public auditing schemes are mostly based on Public Key Infrastructure (PKI) or Identity Based Cryptography (IBC) system, which will lead to complicated certificate management and inherent key escrow problems. We propose a certificateless public auditing scheme for cloud-based smart grid data, which can avoid the above two problems. In order to prevent the disclosure of the private data collected by the smart grid during the phase of auditing, we use the random masking technology to protect data privacy. The security analysis and the performance evaluation show that the proposed scheme is secure and efficient
- âŠ