In this paper, we define and explore proofs of retrievability (PORs). A POR scheme enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a target file F, that is, that the archive retains and reliably transmits file data sufficient for the user to recover F in its entirety.A POR may be viewed as a kind of cryptographic proof of knowledge (POK), but one specially designed to handle a large file (or bitstring) F. We explore POR protocols here in which the communication costs, number of memory accesses for the prover, and storage requirements of the user (verifier) are small parameters essentially independent of the length of F. In addition to proposing new, practical POR constructions, we explore implementation considerations and optimizations that bear on previously explored, related schemes.In a POR, unlike a POK, neither the prover nor the verifier need actually have knowledge of F. PORs give rise to a new and unusual security definition whose formulation is another contribution of our work.We view PORs as an important tool for semi-trusted online archives. Existing cryptographic techniques help users ensure the privacy and integrity of files they retrieve. It is also natural, however, for users to want to verify that archives do not delete or modify files prior to retrieval. The goal of a POR is to accomplish these checks without users having to download the files themselves. A POR can also provide quality-of-service guarantees, i.e., show that a file is retrievable within a certain time bound.

PORs: Proofs of Retrievability for Large Files

Today is the era of the Internet of Things (IoT). The recent advances in hardware and information technology have accelerated the deployment of billions of interconnected, smart and adaptive devices in critical infrastructures like health, transportation, environmental control, and home automation. Transferring data over a network without requiring any kind of human-to-computer or human-to-human interaction, brings reliability and convenience to consumers, but also opens a new world of opportunity for intruders, and introduces a whole set of unique and complicated questions to the field of Digital Forensics. Although IoT data could be a rich source of evidence, forensics professionals cope with diverse problems, starting from the huge variety of IoT devices and non-standard formats, to the multi-tenant cloud infrastructure and the resulting multi-jurisdictional litigations. A further challenge is the end-to-end encryption which represents a trade-off between users’ right to privacy and the success of the forensics investigation. Due to its volatile nature, digital evidence has to be acquired and analyzed using validated tools and techniques that ensure the maintenance of the Chain of Custody. Therefore, the purpose of this paper is to identify and discuss the main issues involved in the complex process of IoT-based investigations, particularly all legal, privacy and cloud security challenges. Furthermore, this work provides an overview of the past and current theoretical models in the digital forensics science. Special attention is paid to frameworks that aim to extract data in a privacy-preserving manner or secure the evidence integrity using decentralized blockchain-based solutions. In addition, the present paper addresses the ongoing Forensics-as-a-Service (FaaS) paradigm, as well as some promising cross-cutting data reduction and forensics intelligence techniques. Finally, several other research trends and open issues are presented, with emphasis on the need for proactive Forensics Readiness strategies and generally agreed-upon standards.

/pdf/a-survey-on-the-internet-of-things-iot-forensics-challenges-3w6jzejgc2.pdf

A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches, and Open Issues

On cloud security requirements, threats, vulnerabilities and countermeasures: A survey

Leveraging Deep Learning and IoT big data analytics to support the smart cities development: Review and future directions

Architecture and Security of SCADA Systems: A Review

Modeling continuous security: A conceptual model for automated DevSecOps using open-source software over cloud (ADOC)

This article presents a three-dimensional conceptual model that describes the relationships between factors contributing to increasing confidence in the cloud. The dimensions are: security solutions, security operations, and security compliance, which a..

Assurance of Data Security and Privacy in the Cloud: A Three-Dimensional Perspective

The incredible growth in the cloud applications and services reflects a positive swing in the thought processes of the business decision makers for cloud adoption. However, ever-evolving security and privacy issues continue to influence the decision makers to delay the cloud adoption. In this integrationist exposition, the previous publications are enriched and enhanced to holistically analyze different threats to cloud computing to conceptualize a three-dimensional model of cloud security assurance. These three dimensions, namely Security Solution, Security Operation, and Security Compliance, are interwoven to address the top threats to cloud computing, which are identified and reported by the cloud security alliance (CSA) research group in their latest and previous reports. The model will help practitioners to design and implement a security assurance system for a cloud ecosystem to strengthen trust in the cloud and accelerate its adoption to bring agility and velocity in cloud applications and services delivery in a cost-effective way.

Top Threats to Cloud: A Three-Dimensional Model of Cloud Security Assurance

In the quest of velocity in time-to-market for the cloud applications, often, the security requirements are overlooked It is mainly due to the preconceived notion that building security capabilities is very time-intensive and affects delivery timeline However, the lack of required security capabilities in the applications have cascading impact on business objectives The proposed research work addresses this issue by enabling automation in security activities This work extends our previous work to analyze security challenges in cloud-enabled, cloud-native, cloud edge IoT, and cloud big data analytics applications and conceptualize a continuous security model for cloud applications using DevSecOps The model proposes four inter-woven components: (1) principles to follow, (2) application lifecycle stages to implement, (3) practices to adopt, and (4) automation ecosystem to use These components provide security elements to consider during cloud application development, deployment, and operation phases to bring velocity in building security capabilities and providing the continuous security assurance

Rakesh Kumar

Papers

On cloud security requirements, threats, vulnerabilities and countermeasures: A survey

Modeling continuous security: A conceptual model for automated DevSecOps using open-source software over cloud (ADOC)

Assurance of Data Security and Privacy in the Cloud: A Three-Dimensional Perspective

Top Threats to Cloud: A Three-Dimensional Model of Cloud Security Assurance

When Security Meets Velocity: Modeling Continuous Security for Cloud Applications using DevSecOps