A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

What if keys are leaked? Towards practical and secure re-encryption in deduplication-based cloud storage

By only storing a unique copy of duplicate data possessed by different data owners, deduplication can significantly reduce storage cost, and hence is used broadly in public clouds. When combining with confidentiality, deduplication will become problematic as encryption performed by different data owners may differentiate identical data which may then become not deduplicable. The Message-Locked Encryption (MLE) is thus utilized to derive the same encryption key for the identical data, by which the encrypted data are still deduplicable after being encrypted by different data owners. As keys may be leaked over time, re-encrypting outsourced data is of paramount importance to ensure continuous confidentiality, which, however, has not been well addressed in the literature. In this paper, we design SEDER, a SEcure client-side Deduplication system enabling Efficient Re-encryption for cloud storage by (1) leveraging all-or-nothing transform (AONT), (2) designing a new delegated re-encryption (DRE), and (3) proposing a new proof of ownership scheme for encrypted cloud data (PoWC). Security analysis and experimental evaluation validate security and efficiency of SEDER, respectively

Cloud Security : A Review of Recent Threats and Solution Models

The most significant barrier to the wide adoption of cloud services has been attributed to perceived cloud insecurity (Smitha, Anna and Dan, 2012). In an attempt to review this subject, this paper will explore some of the major security threats to the cloud and the security models employed in tackling them. Access control violations, message integrity violations, data leakages, inability to guarantee complete data deletion, code injection, malwares and lack of expertise in cloud technology rank the major threats. The European Union invested €3m in City University London to research into the certification of Cloud security services. This and more recent developments are significant in addressing increasing public concerns regarding the confidentiality, integrity and privacy of data held in cloud environments. Some of the current cloud security models adopted in addressing cloud security threats were – Encryption of all data at storage and during transmission. The Cisco IronPort S-Series web security appliance was among security solutions to solve cloud access control issues. 2-factor Authentication with RSA SecurID and close monitoring appeared to be the most popular solutions to authentication and access control issues in the cloud. Database Active Monitoring, File Active Monitoring, URL Filters and Data Loss Prevention were solutions for detecting and preventing unauthorised data migration into and within clouds. There is yet no guarantee for a complete deletion of data by cloud providers on client requests however; FADE may be a solution (Yang et al., 2012)

An extensive research survey on data integrity and deduplication towards privacy in cloud storage

Owing to the highly distributed nature of the cloud storage system, it is one of the challenging tasks to incorporate a higher degree of security towards the vulnerable data. Apart from various security concerns, data privacy is still one of the unsolved problems in this regards. The prime reason is that existing approaches of data privacy doesn't offer data integrity and secure data deduplication process at the same time, which is highly essential to ensure a higher degree of resistance against all form of dynamic threats over cloud and internet systems. Therefore, data integrity, as well as data deduplication is such associated phenomena which influence data privacy. Therefore, this manuscript discusses the explicit research contribution toward data integrity, data privacy, and data deduplication. The manuscript also contributes towards highlighting the potential open research issues followed by a discussion of the possible future direction of work towards addressing the existing problems

Data auditing and security in cloud computing: issues, challenges and future directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discusse

Data Auditing and Security in Cloud Computing: Issues, Challenges and Future Directions

Cloud computing is one of the significant development that utilizes progressive computational power and upgrades data distribution and data storing facilities. With cloud information services, it is essential for information to be saved in the cloud and also distributed across numerous customers. Cloud information repository is involved with issues of information integrity, data security and information access by unapproved users. Hence, an autonomous reviewing and auditing facility is necessary to guarantee that the information is effectively accommodated and used in the cloud. In this paper, a comprehensive survey on the state-of-art techniques in data auditing and security are discussed. Challenging problems in information repository auditing and security are presented. Finally, directions for future research in data auditing and security have been discussed

Um estudo sobre a segurança e privacidade no armazenamento de dados em nuvens

Orientador: Marco Aurélio Amaral HenriquesDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Armazenamento de dados na nuvem é um serviço que traz diversas vantagens aos seus usuários. Contudo, em sistemas de nuvens públicas, os riscos envolvidos na terceirização do armazenamento de dados pode ser uma barreira para a adoção deste serviço por aqueles preocupados com sua privacidade. Vários provedores de serviços em nuvem que afirmam proteger os dados do usuário não atendem alguns requisitos considerados essenciais em um serviço seguro, confiável e de fácil utilização, levantando questionamentos sobre a segurança efetivamente obtida. Apresentamos neste trabalho um estudo relacionado aos requisitos de privacidade dos usuários e de segurança de seus dados em nuvens públicas. O estudo apresenta algumas técnicas normalmente usadas para atender tais requisitos, juntamente com uma análise de seus benefícios e custos relativos. Além disso, ele faz uma avaliação destes requisitos em vários sistemas de nuvens públicas. Depois de comparar estes sistemas, propomos um conjunto de requisitos e apresentamos, como prova de conceito, uma aplicação baseada nos mesmos, a qual melhora a segurança dos dados e a privacidade dos usuários. Nós mostramos que é possível proteger os dados armazenados nas nuvens contra o acesso por terceiros (incluindo os administradores das nuvens) sem sobrecarregar o usuário com protocolos ou procedimentos complexos de segurança, tornando o serviço de armazenamento em nuvens uma escolha mais confiável para usuários preocupados com sua privacidadeAbstract: Cloud data storage is a service that brings several advantages for its users. However, in public cloud systems, the risks involved in the outsourcing of data storage can be a barrier to the adoption of this service by those concerned with privacy. Several cloud service providers that claim to protect user's data do not fulfill some requirements considered essential in a secure, reliable and easy to use service, raising questions about the effective security obtained. We present here a study related to user's privacy and data security requirements on public clouds. The study presents some techniques normally used to fulfill those requirements, along with an analysis of their relative costs and benefits. Moreover, it makes an evaluation of them in several public cloud systems. After comparing those systems, we propose a set of requirements and present a proof of concept application based on them, which improves data security and user privacy in public clouds. We show that it is possible to protect cloud stored data against third party (including cloud administrators) access without burdening the user with complex security protocols or procedures, making the public cloud storage service a more reliable choice to privacy concerned usersMestradoEngenharia de ComputaçãoMestre em Engenharia Elétrica153392/2014-2CNP

Survey on securing data storage in the cloud

Cloud Computing has become a well-known primitive nowadays; many researchers and companies are embracing this fascinating technology with feverish haste. In the meantime, security and privacy challenges are brought forward while the number of cloud storage user increases expeditiously. In this work, we conduct an in-depth survey on recent research activities of cloud storage security in association with cloud computing. After an overview of the cloud storage system and its security problem, we focus on the key security requirement triad, i.e., data integrity, data confidentiality, and availability. For each of the three security objectives, we discuss the new unique challenges faced by the cloud storage services, summarize key issues discussed in the current literature, examine, and compare the existing and emerging approaches proposed to meet those new challenges, and point out possible extensions and futuristic research opportunities. The goal of our paper is to provide a state-of-the-art knowledge to new researchers who would like to join this exciting new field

An Application for Decentralized Access Control Mechanism on Cloud Data using Anonymous Authentication

In the last few years, Cloud computing has gained a lot of popularity and technology analysts believe it will be the future, but only if the security problems are solved from time-to-time. For those who are unfamiliar with cloud computing, it is a practice wherein users can access the data from the servers that are located in remote places. Users can do so through the Internet to manage, process and store the relevant data, instead of depending on the personal computer or a local server. Many firms and organizations are using cloud computing, which eventually is faster, cheaper and easy to maintain. Even the regular Internet users are also relying on cloud computing services to access their files whenever and wherever they wish. There are also numerous challenges associated with cloud computing like abuse of cloud services, data security and cyber-attacks. When clients outsource sensitive data through cloud servers, access control is one of the fundamental requirements among all security requirements which ensures that no unauthorized access to secured data will be avoided. Hence, cloud computing has to build a feature that provides privacy, access control challenges and security to the user data. A suitable and reliable encryption technique with enhanced key management should be developed and applied to the user data before loading into the cloud with the goal to achieve secured storage. It also has to support file access control and all other files related functions in a policy-based manner for any file stored in a cloud environment. This research paper proposes a decentralized access control mechanism for the data storage security in clouds which also provides anonymous authentication. This mechanism allows the decryption of the stored information only by the valid users, which is an additional feature of access control. Access control mechanism are decentralized which makes it robust when compared to centralized access control schemes meant for clouds