Comparison Between Various Available Secure Cloud Storage Techniques

Peng et al. [35] provided a clear categorization of secure cloud storage techniques and comparison between them. According to them, all available cloud storage techniques can be classified into two categories: Category A and Category B.

Category A consists of all those techniques which uses cryptographic techniques for their design purpose but are not in cryptographic theory framework. Category B refers to those cloud storage techniques which are designed using cryptographic techniques and also fall under cryptographic framework.

5.7.1 Cloud Storage Techniques of Category A

5.7.1.1 ESPAC Scheme

Barua et al. [5] designed a secure cloud storage scheme for privacy of personal health information (PHI). It consists of patient self-controlled access privilege known as ESPAC (Efficient and Secure Patient-Centric Access Control). This scheme is based on ciphertext policy, attribute, and identity-based encryption. In this scheme, the user can access the data based on the role which is assigned to them, and accordingly, different attribute set is assigned to them. This scheme comprises of two major phases. In former phase to make sure that data communication is secure, identity-based encryption is used. In later phase for realizing the data requester’s access control, attribute-based encryption is employed.

5.7.1.2 Kamara et al.’s Scheme

Kamara et al.’s [29] work was the first and most vital contribution in cloud storage security using cryptography. They make use of nonstandard cryptographic technique like searchable encryption, attributed encryption, etc. for designing secure cloud storage architecture. The architecture was designed from perspective of both cloud service provider and service user. The main component in any cloud storage implementing cryptographic security is how to make use of cryptographic technique for achieving security and privacy goals. The detailed work of Kamara et al.

gives complete discussion about how nonstandard cryptographic techniques are implemented in cloud storage for security and how it affects the security of the storage.

5.7.1.3 Key to Cloud (K2C) Scheme

Zarandioon et al. [50] used attribute-based encryption and signature. Their work proposes a user centric scheme which is privacy preserving and is a cryptographic access control protocol and named it Key to Cloud (K2C). This scheme provides the customer a protocol through which they can share, store, and manage their data securely. Figure 5.4 depicts the major participants in the K2C scheme. In case of a metadata directory, all the participates in the hierarchy have both the read access revision and write access revision. This scheme makes use of attribute-based cryptography for access control.

5.7.1.4 Cryptonite Scheme

For achieving security for data storage, Kumbhare et al. [31] have designed Cryptonite, which offers security over public cloud infrastructure. For assuring integrity of data, digital signature was deployed. Digital signature was also useful in auditing purpose. For the distribution of the keys, broadcast encryption is used by them. In order to search within a file without decrypting it, searchable encryption was implemented in it. Both these encryptions are deployed in the client library of Cryptonite which enables these encryptions on client side and faster.

Fig. 5.4 Participants in K2C

5.7.1.5 Sec²Scheme

Sec² was proposed by Somorovsky et al. [42] using extensive markup language (XML) encryption as a secure solution in the cloud storage. The architecture of Sec² is illustrated by Fig.5.5. The XML payload and the data are encrypted using XML encryption which is used in XML encryption engine.

5.7.2 Cloud Storage Techniques of Category B

5.7.2.1 Chow et al.’s Scheme

Chow et al. [9] provided a secure cloud storage scheme which supports addition of dynamic users and provides data provenance. This scheme not only proposed the cryptographic model but also provided a security model based on cryptography.

Security model consists of anonymity, traceability, and confidentiality. They make

Fig. 5.5 Architecture of Sec²

use of pairing-based cryptographic for data storage. Verifier Local Revocation (VLR) and a variant of identity-based broadcast encryption was used for designing purpose.

5.7.2.2 Cloud Storage System (CS2)

CS2 (Cloud Storage System) was proposed by Kamara et al. [29] for providing integrity, verifiability, and confidentiality. CS2 ensures all security features without compromising with the speed of the system. They make use of Symmetric Search-able Encryption (SSE) for data encryption by the client. Later on, search tokens are generated for storage providers. Cloud provider uses search authenticator for assuring that desired files are returned to the client. CS2 makes use of proofs of storage (PoS) for ensuring integrity.

Table 5.1 Comparison between various approaches for secure cloud storage

Cloud storage scheme Cryptographic technique used Functionality provided ESPAC Identity-based encryption, attribute-based

encryption

Confidentiality, access control

Kamara et al. Attribute-based encryption, searchable encryption

Confidentiality

Key to Cloud Attributed-based encryption and signature Access control Cryptonite Searchable encryption distribution of keys,

broadcast encryption

Confidentiality

Sec² XML encryption Confidentiality

Chow et al.’s Identity-based broadcast encryption, group signature

Access control

Cloud Storage System Search authenticator, searchable encryption Confidentiality, integrity Popa et al.’s scheme [36] Unique signature, broadcast encryption Attestation, access

control Feng et al.’s scheme [15] Group encryption Confidentiality Ruj et al.’s scheme [39] Sttribute-based encryption Access control

Peng et al. [35] provided a comparison among the functionality provided by various schemes and the cryptographic techniques used by them. The comparison is provided in Table5.1given above.