A Ciphertext Policy Attributes-based Encryption Scheme with Policy Revocation

There are a lot of data exchanges among the parties by using cloud computing. So data protection is very important in cloud security environment. Especially, data protection is needed for all organization by security services against unauthorized accesses. There are many security mechanisms for data protection. Attributes-based Encryption (ABE) is a one-to-many encryption to encrypt and decrypt data based on user attributes in which the secret key of a user and the ciphertext are dependent upon attributes. Ciphertext policy attributes-based encryption (CP-ABE), an improvement of ABE schemes performs an access control of security mechanisms for cloud storage. In this paper, sensitive parts of personal health records (PHRs) are encrypted by ABE with the help of CP-ABE. Moreover, an attributes-based policy revocation case is considered as well as user revocation and it needs to generate a new secret key. In proposed policy revocation case, PHRs owner changes attributes policy to update available user lists. A trusted authority (TA) is used to issue secret keys as a third party. This paper emphasizes on key management and it also improves attributes policy management and user revocation. Proposed scheme provides a full control on data owner as much as he changes policy. It supports a flexible policy revocation in CP-ABE and it saves time consuming by comparing with traditional CP-ABE

Securing multi-tenancy systems through multi DB instances and multiple databases on different physical servers

Use of the same application by multiple users through internet as a service is supported by cloud computing system. Both the user and attacker stay in the same machine as both of them are users of the same application creating an in-secure environment. Service must ensure secrecy both at the application and data layer level. Data isolation and Application isolation are two basic aspects that must be ensured to cater for security as desired by the clients that accesses the service. In this paper a more secured mechanism has been presented that help ensuring data isolation and security when Multi-tenancy of the users to the same service has been implemented