Achieving Cloud Security Using a Third Party Auditor and Preserving Privacy for Shared Data Over a Public Cloud
01 Jan 2020-International Journal of Knowledge and Systems Science (IGI Global)-Vol. 11, Iss: 1, pp 77-95
TL;DR: The proposed method prevents unauthorized users from accessing the data in the cloud environment, in addition to maintaining data integrity, and results of the proposed cloud security model implementation are discussed.
Abstract: Correctness of data and efficient mechanisms for data security, while transferring the file to and from Cloud, are of paramount importance in today's cloud-centric processing. A mechanism for correctness and efficient transfer of data is proposed in this article. While processing users request data, a set of attributes are defined and checked. States with attributes at different levels are defined to prevent unauthorized access. Security is provided while storing the data using a chunk generation algorithm and verification of chunks using lightweight Third-Party Auditor (TPA). TPA uses digital signatures to verify user's data that are generated by RSA with MD5 algorithms. The metadata file of generated chunks is encrypted using a modified AES algorithm. The proposed method prevents unauthorized users from accessing the data in the cloud environment, in addition to maintaining data integrity. Results of the proposed cloud security model implementation are discussed.
Citations
More filters
16 Mar 2022
TL;DR: The carbon footprint produced by cloud infrastructures is analyzed and the compelling need for Green cloud computing is suggested.
Abstract: Energy usage increased in tandem with the growth of cloud computing. This proliferation in energy usage has consequently resulted in a humongous increase in the surrounding carbon footprint. Furthermore, the exponential rise of 'data servers' and other infrastructure is driving up energy consumption. As a result, a reduction in energy use will result in a lesser carbon footprint in the surrounding environment. Green-computing in "cloud computing" is the finding and development of energy-saving digital solutions for reducing carbon pollution in the atmosphere. Green Cloud computing intends to accomplish effective processing and computing infrastructure use and reduce energy usage. In this paper, the carbon footprint produced by cloud infrastructures is analyzed and the compelling need for Green cloud computingis suggested. It is critical to ensure that the foreseeable growth of cloud computing is economically sound.
4Â citations
TL;DR: This work proposes a new scheme based on redactable signature, where the cloud server can transform the signature directly without the additional sanitizer while sharing sensitive data, and the signature transformation does not influence the integrity checking of the stored data.
Abstract: To guarantee data security, the data owner needs to check the integrity of data stored remotely in the cloud server with the public auditing technique. However, the auditing result will be invalid if the data have been modified dynamically in the process of data anonymization when sharing data to others with sensitive information. In existing solutions, a data sanitizer is needed to anonymize the data and transform the signature. However, such data sanitizers introduce new security risks, and the static anonymous strategy is not flexible to different application scenarios. Therefore, we propose a new scheme based on redactable signature. In our proposed scheme, the cloud server can transform the signature directly without the additional sanitizer while sharing sensitive data. The signature transformation does not influence the integrity checking of the stored data. The signature not only can be used to authenticate the source of sharing data, but can also be used to check the integrity of the stored data in the cloud. Both the security proof and experimental analysis show that our proposed scheme is secure and more efficient than the existing schemes.
1Â citations
01 Jan 2022
TL;DR: In this paper , the authors provide detailed information on the characteristics of cloud computing and also provide information about flaws and breaches, which makes cloud computing insecure to use due to virtualization.
Abstract: AbstractIn cloud computing, there are several security concerns. The security concern may increase due to one of the important techniques of virtualization. Cloud computing is also having several important characteristics which are used for its improvement and to provide several services to its end user. Some of the essential and important characteristics are on-demand self-service, broad network access, rapid elasticity, resource pooling, and measured services. By using these characteristics, cloud computing satisfies the needs of its end users, but the base to these characteristics is the virtualization technique. These observations depict the reason for several attacks and especially DoS and DDoS attacks or brute-force attacks. This article provides detailed information on these characteristics and also provides information about flaws and breaches. The reason is virtualization, which makes cloud computing insecure to use. Several techniques and algorithms are used to improve the cloud computing system, but flaws in their application have been discovered. These algorithms may degrade the quality of cloud computing system and may also makes cloud computing insecure to its end users.KeywordsCloud computingSoftware-defined networkSecuring cloud computingProperties of cloud computing
1Â citations
TL;DR: Wang et al. as mentioned in this paper proposed a new scheme based on redactable signature, where the cloud server can transform the signature directly without the additional sanitizer while sharing sensitive data.
Abstract: To guarantee data security, the data owner needs to check the integrity of data stored remotely in the cloud server with the public auditing technique. However, the auditing result will be invalid if the data have been modified dynamically in the process of data anonymization when sharing data to others with sensitive information. In existing solutions, a data sanitizer is needed to anonymize the data and transform the signature. However, such data sanitizers introduce new security risks, and the static anonymous strategy is not flexible to different application scenarios. Therefore, we propose a new scheme based on redactable signature. In our proposed scheme, the cloud server can transform the signature directly without the additional sanitizer while sharing sensitive data. The signature transformation does not influence the integrity checking of the stored data. The signature not only can be used to authenticate the source of sharing data, but can also be used to check the integrity of the stored data in the cloud. Both the security proof and experimental analysis show that our proposed scheme is secure and more efficient than the existing schemes.
1Â citations
16 Mar 2022
TL;DR: In this article , the carbon footprint produced by cloud infrastructures is analyzed and the compelling need for green cloud computing is suggested and it is critical to ensure that the foreseeable growth of Cloud computing is economically sound.
Abstract: Energy usage increased in tandem with the growth of cloud computing. This proliferation in energy usage has consequently resulted in a humongous increase in the surrounding carbon footprint. Furthermore, the exponential rise of 'data servers' and other infrastructure is driving up energy consumption. As a result, a reduction in energy use will result in a lesser carbon footprint in the surrounding environment. Green-computing in "cloud computing" is the finding and development of energy-saving digital solutions for reducing carbon pollution in the atmosphere. Green Cloud computing intends to accomplish effective processing and computing infrastructure use and reduce energy usage. In this paper, the carbon footprint produced by cloud infrastructures is analyzed and the compelling need for Green cloud computingis suggested. It is critical to ensure that the foreseeable growth of cloud computing is economically sound.
1Â citations
References
More filters
28 Oct 2007
TL;DR: The provable data possession (PDP) model as discussed by the authors allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it.
Abstract: We introduce a model for provable data possession (PDP) that allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. The model generates probabilistic proofs of possession by sampling random sets of blocks from the server, which drastically reduces I/O costs. The client maintains a constant amount of metadata to verify the proof. The challenge/response protocol transmits a small, constant amount of data, which minimizes network communication. Thus, the PDP model for remote data checking supports large data sets in widely-distributed storage system.We present two provably-secure PDP schemes that are more efficient than previous solutions, even when compared with schemes that achieve weaker guarantees. In particular, the overhead at the server is low (or even constant), as opposed to linear in the size of the data. Experiments using our implementation verify the practicality of PDP and reveal that the performance of PDP is bounded by disk I/O and not by cryptographic computation.
2,238Â citations
Posted Content•
TL;DR: Ateniese et al. as discussed by the authors introduced the provable data possession (PDP) model, which allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it.
Abstract: We introduce a model for provable data possession (PDP) that allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. The model generates probabilistic proofs of possession by sampling random sets of blocks from the server, which drastically reduces I/O costs. The client maintains a constant amount of metadata to verify the proof. The challenge/response protocol transmits a small, constant amount of data, which minimizes network communication. Thus, the PDP model for remote data checking supports large data sets in widely-distributed storage systems. We present two provably-secure PDP schemes that are more efficient than previous solutions, even when compared with schemes that achieve weaker guarantees. In particular, the overhead at the server is low (or even constant), as opposed to linear in the size of the data. Experiments using our implementation verify the practicality of PDP and reveal that the performance of PDP is bounded by disk I/O and not by cryptographic computation.
2,127Â citations
04 May 2003
TL;DR: In this article, Boneh, Lynn, and Shacham introduced the concept of an aggregate signature, presented security models for such signatures, and gave several applications for aggregate signatures.
Abstract: An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verifier that the n users did indeed sign the n original messages (i.e., user i signed message Mi for i = 1, . . . , n). In this paper we introduce the concept of an aggregate signature, present security models for such signatures, and give several applications for aggregate signatures. We construct an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham. Aggregate signatures are useful for reducing the size of certificate chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols such as SBGP. We also show that aggregate signatures give rise to verifiably encrypted signatures. Such signatures enable the verifier to test that a given ciphertext C is the encryption of a signature on a given message M. Verifiably encrypted signatures are used in contract-signing protocols. Finally, we show that similar ideas can be used to extend the short signature scheme to give simple ring signatures.
1,859Â citations
TL;DR: This paper proposes a mechanism that combines data deduplication with dynamic data operations in the privacy preserving public auditing for secure cloud storage and shows that the proposed mechanism is highly efficient and provably secure.
Abstract: Using cloud storage, users can remotely store their data and enjoy the on-demand high-quality applications and services from a shared pool of configurable computing resources, without the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the outsourced data makes the data integrity protection in cloud computing a formidable task, especially for users with constrained computing resources. Moreover, users should be able to just use the cloud storage as if it is local, without worrying about the need to verify its integrity. Thus, enabling public auditability for cloud storage is of critical importance so that users can resort to a third-party auditor (TPA) to check the integrity of outsourced data and be worry free. To securely introduce an effective TPA, the auditing process should bring in no new vulnerabilities toward user data privacy, and introduce no additional online burden to user. In this paper, we propose a secure cloud storage system supporting privacy-preserving public auditing. We further extend our result to enable the TPA to perform audits for multiple users simultaneously and efficiently. Extensive security and performance analysis show the proposed schemes are provably secure and highly efficient. Our preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.
982Â citations
TL;DR: This paper designs an auditing framework for cloud storage systems and proposes an efficient and privacy-preserving auditing protocol, which is efficient and provably secure in the random oracle model and extends the protocol to support the data dynamic operations.
Abstract: In cloud computing, data owners host their data on cloud servers and users (data consumers) can access the data from cloud servers. Due to the data outsourcing, however, this new paradigm of data hosting service also introduces new security challenges, which requires an independent auditing service to check the data integrity in the cloud. Some existing remote integrity checking methods can only serve for static archive data and, thus, cannot be applied to the auditing service since the data in the cloud can be dynamically updated. Thus, an efficient and secure dynamic auditing protocol is desired to convince data owners that the data are correctly stored in the cloud. In this paper, we first design an auditing framework for cloud storage systems and propose an efficient and privacy-preserving auditing protocol. Then, we extend our auditing protocol to support the data dynamic operations, which is efficient and provably secure in the random oracle model. We further extend our auditing protocol to support batch auditing for both multiple owners and multiple clouds, without using any trusted organizer. The analysis and simulation results show that our proposed auditing protocols are secure and efficient, especially it reduce the computation cost of the auditor.
572Â citations