660 research outputs found
Flexible Yet Secure De-Duplication Service for Enterprise Data on Cloud Storage
The cloud storage services bring forth infinite storage capacity and flexible access capability to store and share
large-scale content. The convenience brought forth has attracted both individual and enterprise users to outsource data service to a cloud provider. As the survey shows 56% of the usages of cloud storage applications are for data back up and up to 68% of data backup are user assets. Enterprise tenants would need to protect their data privacy before uploading them to the cloud and expect a reasonable performance while they try to reduce the operation cost in terms of cloud storage, capacity and I/Os matter as well
as systems’ performance, bandwidth and data protection. Thus, enterprise tenants demand secure and economic data storage yet flexible access on their cloud data.
In this paper, we propose a secure de-duplication solution
for enterprise tenants to leverage the benefits of cloud storage while reducing operation cost and protecting privacy. First, the solution uses a proxy to do flexible group access control which supports secure de-duplication within a group; Second, the solution supports scalable clustering of proxies to support large-scale data access; Third, the solution can be integrated with cloud storage seamlessly. We implemented and tested our solution by integrating it with Dropbox. Secure de-duplication in a group is performed at low data transfer latency and small
storage overhead as compared to de-duplication on plaintext
A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view
Secure Cloud Storage with Client-Side Encryption Using a Trusted Execution Environment
With the evolution of computer systems, the amount of sensitive data to be
stored as well as the number of threats on these data grow up, making the data
confidentiality increasingly important to computer users. Currently, with
devices always connected to the Internet, the use of cloud data storage
services has become practical and common, allowing quick access to such data
wherever the user is. Such practicality brings with it a concern, precisely the
confidentiality of the data which is delivered to third parties for storage. In
the home environment, disk encryption tools have gained special attention from
users, being used on personal computers and also having native options in some
smartphone operating systems. The present work uses the data sealing, feature
provided by the Intel Software Guard Extensions (Intel SGX) technology, for
file encryption. A virtual file system is created in which applications can
store their data, keeping the security guarantees provided by the Intel SGX
technology, before send the data to a storage provider. This way, even if the
storage provider is compromised, the data are safe. To validate the proposal,
the Cryptomator software, which is a free client-side encryption tool for cloud
files, was integrated with an Intel SGX application (enclave) for data sealing.
The results demonstrate that the solution is feasible, in terms of performance
and security, and can be expanded and refined for practical use and integration
with cloud synchronization services
What if keys are leaked? Towards practical and secure re-encryption in deduplication-based cloud storage
By only storing a unique copy of duplicate data possessed by different data owners, deduplication can significantly reduce storage cost, and hence is used broadly in public clouds. When combining with confidentiality, deduplication will become problematic as encryption performed by different data owners may differentiate identical data which may then become not deduplicable. The Message-Locked Encryption (MLE) is thus utilized to derive the same encryption key for the identical data, by which the encrypted data are still deduplicable after being encrypted by different data owners. As keys may be leaked over time, re-encrypting outsourced data is of paramount importance to ensure continuous confidentiality, which, however, has not been well addressed in the literature. In this paper, we design SEDER, a SEcure client-side Deduplication system enabling Efficient Re-encryption for cloud storage by (1) leveraging all-or-nothing transform (AONT), (2) designing a new delegated re-encryption (DRE), and (3) proposing a new proof of ownership scheme for encrypted cloud data (PoWC). Security analysis and experimental evaluation validate security and efficiency of SEDER, respectively
Sciunits: Reusable Research Objects
Science is conducted collaboratively, often requiring knowledge sharing about
computational experiments. When experiments include only datasets, they can be
shared using Uniform Resource Identifiers (URIs) or Digital Object Identifiers
(DOIs). An experiment, however, seldom includes only datasets, but more often
includes software, its past execution, provenance, and associated
documentation. The Research Object has recently emerged as a comprehensive and
systematic method for aggregation and identification of diverse elements of
computational experiments. While a necessary method, mere aggregation is not
sufficient for the sharing of computational experiments. Other users must be
able to easily recompute on these shared research objects. In this paper, we
present the sciunit, a reusable research object in which aggregated content is
recomputable. We describe a Git-like client that efficiently creates, stores,
and repeats sciunits. We show through analysis that sciunits repeat
computational experiments with minimal storage and processing overhead.
Finally, we provide an overview of sharing and reproducible cyberinfrastructure
based on sciunits gaining adoption in the domain of geosciences
AUTHENTICATED ISOLATION IN DEDUPLICATED STORAGE
Multi-tenancy, security, and deduplication are important features for distributed storage systems for either on premise or on cloud deployments. However, implementing these features can be difficult, as the features often do not play well together when building a performant system. Presented herein is a technique to provide a seamless, transparent deduplication system that incorporates all of these features without inter-dependence and without impacting performance
Blockchain-based Cloud Data Deduplication Scheme with Fair Incentives
With the rapid development of cloud computing, vast amounts of duplicated
data are being uploaded to the cloud, wasting storage resources. Deduplication
(dedup) is an efficient solution to save storage costs of cloud storage
providers (CSPs) by storing only one copy of the uploaded data. However, cloud
users do not benefit directly from dedup and may be reluctant to dedup their
data. To motivate the cloud users towards dedup, CSPs offer incentives on
storage fees. The problems with the existing dedup schemes are that they do not
consider: (1) correctness - the incentive offered to a cloud user should be
computed correctly without any prejudice. (2) fairness - the cloud user
receives the file link and access rights of the uploaded data if and only if
the CSP receives the storage fee. Meeting these requirements without a trusted
party is non-trivial, and most of the existing dedup schemes do not apply.
Another drawback is that most of the existing schemes emphasize incentives to
cloud users but failed to provide a reliable incentive mechanism.
As public Blockchain networks emulate the properties of trusted parties, in
this paper, we propose a new Blockchain-based dedup scheme to meet the above
requirements. In our scheme, a smart contract computes the incentives on
storage fee, and the fairness rules are encoded into the smart contract for
facilitating fair payments between the CSPs and cloud users. We prove the
correctness and fairness of the proposed scheme. We also design a new incentive
mechanism and show that the scheme is individually rational and incentive
compatible. Furthermore, we conduct experiments by implementing the designed
smart contract on Ethereum local Blockchain network and list the transactional
and financial costs of interacting with the designed smart contract
- …