Robust and flexible tunnel management for secure private cloud
TL;DR: A strong authentication with a key agreement scheme is proposed to establish the secure tunnel and the proposed framework also provides mutual authentication, session key renewal between the users and the cloud server.
Abstract: Private cloud is cloud infrastructure operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally. It provides a flexible way to extend the working environment. Since the business process that working on them could be critical, it is important to provide a secure environment for organizations to execute those processes. While user mobility has become an important feature for many systems, technologies that provide users a lower cost and flexible way in joining a secure private cloud are in a strong demand. This paper exploits the key management mechanisms to have secured tunnels with private cloud for users who might move around dynamically without carrying the same machine. A strong authentication with a key agreement scheme is proposed to establish the secure tunnel. Furthermore, the proposed framework also provides mutual authentication, session key renewal between the users and the cloud server. Several related security properties of the proposed mechanism are also presented.
Citations
More filters
01 Jun 2018
TL;DR: A SVM-based mechanism to detect the malware and normal apps, adopting the LibSVM to classify the unknown apps and results indicate the accurate rate of 99% for the correct identification of both benign and malware even for the unknown applications.
Abstract: Currently, Android phones accounted for over 85 % of all smartphone sales as of 2017. Because the system allows users to install the unofficial apps, it will be targeted by malware easily. Using general anti-virus software to scan apps usually detected a known virus species only. As for new type of unknown variant, is not detectable normally. In this paper, we present a SVM-based mechanism to detect the malware and normal apps. The proposed idea scanning and recording features for both required and used permissions of the list. We adopt the LibSVM to classify the unknown apps. The experimental results indicate the accurate rate of 99% for the correct identification of both benign and malware even for the unknown applications. We propose not only a simple but also feasible approach to detect mobile apps.
8 citations
Cites background from "Robust and flexible tunnel manageme..."
...Therefore, many researchers try to provide good protection and detection for android devices [10], [9]....
[...]
01 Jan 2013
TL;DR: In this article, an end-to-end global supply chain network information integration and collaboration cannot be solely dependent on a single technology or platform, and there are many technologies that exist and are being utilised currently in different industry sectors within the supply chain.
Abstract: End to end global supply chain network information integration and collaboration cannot be solely dependent on a single technology or platform There are many technologies that exist and are being utilised currently in different industry sectors within th
7 citations
26 Apr 2014
TL;DR: The proposed mechanism integrates IMSI identifier and identity-based remote mutual authentication scheme on elliptic curve cryptography (ECC) and supports flawless two-factor and mutual authentication of participants and agreement of session key.
Abstract: This paper presents a two-factor authentication with key agreement scheme for smart living applications. The proposed mechanism integrates IMSI identifier and identity-based remote mutual authentication scheme on elliptic curve cryptography (ECC). It supports flawless two-factor and mutual authentication of participants and agreement of session key. The proposed mechanism does not require modifying the software of clients; thus, it is highly flexibly. We believe the proposed mechanism is usable for smart living applications.
6 citations
Cites background from "Robust and flexible tunnel manageme..."
...Besides, it is well known that multi-factor authentication is preferable to defend social engineering attacks....
[...]
Patent•
AT&T1
TL;DR: In this paper, the authors describe methods and systems associated with fabric tunnels that assist in traffic flow through a tunnel that aggregates a plurality of virtual local area networks across a core network.
Abstract: Methods and systems associated with fabric tunnels may assist in traffic flow through a tunnel that aggregates a plurality of virtual local area networks across a core network.
4 citations
01 Dec 2017
TL;DR: This paper tries to provide a cost-aware scheme for tier-based hybrid storage and can provide a proper placement for data, so users and venders can use lower cost to get the performance that they need.
Abstract: Object-based storage is a storage architecture that manages data as objects, as opposed to other storage architectures like file systems which manage data as a file hierarchy and block storage which manages data as blocks within sectors and tracks. In general, each object typically includes the data itself, a variable amount of metadata, and a globally unique identifier. Object storage seeks to enable capabilities not addressed by other storage architectures such as data replication and data distribution at object-level granularity. A distributed data store is a computer network where information is stored on more than one node, often in a replicated fashion. Recently, there are many excellent researches target on energy aware, performance-aware, and trade-of on cloud storage. However, less on the scheduling on the cost-efficient designs. This paper, aims to evaluate the data storage performance with hybrid storage. We try to provide a cost-aware scheme for tier-based hybrid storage. Our scheme can provide a proper placement for data. Thus, users and venders can use lower cost to get the performance that they need.
4 citations
Cites background from "Robust and flexible tunnel manageme..."
...Despite the fact that current technologies in cloud computing alleviate a large number of problems associated with workload offloading, resource allocation, utilization and management, clouding computing systems are still facing many challenges in their flexibility, coverage, dependability and security [17], [15], [24]....
[...]
References
More filters
TL;DR: This paper proposes introducing a Trusted Third Party, tasked with assuring specific security characteristics within a cloud environment, and presents a horizontal level of service, available to all implicated entities, that realizes a security mesh, within which essential trust is maintained.
1,728 citations
TL;DR: A simple, efficient protocol referred to as the station-to-station (STS) protocol is introduced, examined in detail, and considered in relation to existing protocols.
Abstract: We discuss two-party mutual authentication protocols providing authenticated key exchange, focusing on those using asymmetric techniques. A simple, efficient protocol referred to as the station-to-station (STS) protocol is introduced, examined in detail, and considered in relation to existing protocols. The definition of a secure protocol is considered, and desirable characteristics of secure protocols are discussed.
1,270 citations
TL;DR: The factors affecting Cloud computing adoption, vulnerabilities and attacks are surveyed, and relevant solution directives to strengthen security and privacy in the Cloud environment are identified.
Abstract: Cloud computing offers scalable on-demand services to consumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existing in these protocols as well as threats introduced by newer architectures raise many security and privacy concerns. In this paper, we survey the factors affecting Cloud computing adoption, vulnerabilities and attacks, and identify relevant solution directives to strengthen security and privacy in the Cloud environment.
376 citations
17 Oct 2011
TL;DR: NoHype eliminates the hypervisor attack surface by enabling the guest VMs to run natively on the underlying hardware while maintaining the ability to run multiple VMs concurrently, and is a significant advance in the security of cloud computing.
Abstract: Cloud computing is quickly becoming the platform of choice for many web services Virtualization is the key underlying technology enabling cloud providers to host services for a large number of customers Unfortunately, virtualization software is large, complex, and has a considerable attack surface As such, it is prone to bugs and vulnerabilities that a malicious virtual machine (VM) can exploit to attack or obstruct other VMs -- a major concern for organizations wishing to move to the cloud In contrast to previous work on hardening or minimizing the virtualization software, we eliminate the hypervisor attack surface by enabling the guest VMs to run natively on the underlying hardware while maintaining the ability to run multiple VMs concurrently Our NoHype system embodies four key ideas: (i) pre-allocation of processor cores and memory resources, (ii) use of virtualized I/O devices, (iii) minor modifications to the guest OS to perform all system discovery during bootup, and (iv) avoiding indirection by bringing the guest virtual machine in more direct contact with the underlying hardware Hence, no hypervisor is needed to allocate resources dynamically, emulate I/O devices, support system discovery after bootup, or map interrupts and other identifiers NoHype capitalizes on the unique use model in cloud computing, where customers specify resource requirements ahead of time and providers offer a suite of guest OS kernels Our system supports multiple tenants and capabilities commonly found in hosted cloud infrastructures Our prototype utilizes Xen 40 to prepare the environment for guest VMs, and a slightly modified version of Linux 26 for the guest OS Our evaluation with both SPEC and Apache benchmarks shows a roughly 1% performance gain when running applications on NoHype compared to running them on top of Xen 40 Our security analysis shows that, while there are some minor limitations with cur- rent commodity hardware, NoHype is a significant advance in the security of cloud computing
301 citations
TL;DR: It is shown that the improved smart card authentication scheme proposed by Xu-Zhu-Feng is vulnerable to internal and impersonation attacks, and an improvement of their solution is proposed, and a new efficient strong smart card Authentication protocol is presented.
290 citations