Top PDF Maintaining User Security in Public Shared Clouds

Maintaining User Security in Public Shared Clouds

Maintaining User Security in Public Shared Clouds

Cloud computing has progressed from a bold vision to massive deployments in various application domains. Howeverthe complexity of technology underlying cloud computing introduces novel security risks and challenges. A core enabling technology of IaaS is system virtualization [8], which enables hardware multiplexing and redefinition of supported hardware architectures into software abstractions. This redefinition is performed by the hypervisor, a software componentthat abstracts the hardware resources of the platform and presents a virtualized software platform where guest virtual machine (VM) instances can be deployed. In addition, the hypervisor also manages the I/O communication between VM instances and external components, including storage devices allocated to the VM instance. This is one of thevulnerable areas of IaaS environments since, as demonstrated in [6], improper allocationof block storage can lead to a breach of data confidentiality. There is a clear need for usable and cost-effective cloud platform security mechanisms suitablefor organizations that rely on cloud infrastructure. One such mechanism is platform integrity verificationfor compute hosts that support the virtualized cloud infrastructures everal large cloud vendors have signalled practicalimplementations of this mechanism, primarily to protect the cloud infrastructure from insider threats and advancedpersistent threats. We see two major improvement vectorsregarding these implementations. First, details of such proprietarysolutions are not disclosed and can thus not be implementedand improved by other cloud platforms. Second,to the best of our knowledge, none of the solutions providecloud tenants a proof regarding the integrity of computehosts supporting their slice of the cloud infrastructure.
Show more

7 Read more

A Survey on Secure Data Sharing Methods in Cloud Storage

A Survey on Secure Data Sharing Methods in Cloud Storage

Nabeel, Mohamed, and Elisa Bertino [3] explained that ,While data sharing is carried out in public clouds mostly the problem experienced is that how the selection of shared data which is based on fine-grained and attribute based access control policies are carried out and also assures confidentiality and privacy preserving of users from cloud. In this case to address the issues of data confidentiality encryption is the commonly adopted method for assuring data confidentiality. Along with encryption organizations that enforces fine grained access to data. This Control access is based on identity attributes like security relevant properties. Access control systems in this method is commonly referred to as attribute based access control (ABAC).An approach to support fine-grained selective ABAC is to identify the sets and the encryption of each set is carried out with the same encryption key. According to the access control policies each user give the key to the sets after uploading the data to the cloud. This method addresses the main issues such as data protection and assures confidentiality from the cloud. This enforces fine-grained access control policies with respect to the users whom request the data from cloud. Key management is the major issue in this approach that is with respect to the access control policies each user must be given the actual keys to the users [3] .
Show more

7 Read more

A SURVEY ON USER REVOCATION IN THE PUBLIC CLOUD FOR SHARED DATA

A SURVEY ON USER REVOCATION IN THE PUBLIC CLOUD FOR SHARED DATA

In distributed computing structural engineering information is put away midway and dealing with this incorporated information and giving security to it is exceptionally troublesome assignment. TPA is utilized as a part of this circumstance. The unwavering quality is expanded as information is taken care of by TPA however information honesty is not accomplished. TPA utilizes encryption to encode the document's substance. It checks information trustworthiness yet, there is danger of TPA itself releases client's information. Analysts of [3] indicate approach to accomplish stockpiling accuracy without Trusted Third Party (TTP). They accomplish this by utilizing secure key administration, Flexible get to right administrations and light weight honesty confirmation process for checking the unapproved change in the first information without asking for a nearby duplicate of the information.
Show more

6 Read more

Securing Infrastructure as a Service Public Clouds Using Security Onion

Securing Infrastructure as a Service Public Clouds Using Security Onion

In this article, we propose and evaluate an approach to secure customer assets (data and information) in a Cloud computing environment by implementing an open-source IDS. In particular, we study how an IDS can be positioned in an Infrastructure as a Service (IaaS) public Cloud to monitor inter-virtual machine (inter-VM) operations. The IaaS public Cloud is the most widely used Cloud model deployment. In a public Cloud, the cloud service provider (CSP) provides different services and facilities to the general public via the Internet. In an IaaS public Cloud, the Cloud user is able to deploy and run any software and operating system (OS) in the Cloud. The user is also able to deploy IDS to add a layer of security to protect its data and information. Security and privacy in public IaaS model are especially a concern due to different users can have their virtual machines (VMs) reside on the same physical machine. We also design and implement a proof-of-concept of the proposed architecture. IaaS public Cloud technologies provide networking mechanisms that are used to configure virtual switches and experiment with new functionalities, such as traffic forwarding. Consequently, we want to assess how different virtual networking techniques can be employed in the context of securing the Cloud environment.
Show more

18 Read more

An Architecture for Big Data Privacy in the Hybrid Cloud

An Architecture for Big Data Privacy in the Hybrid Cloud

The tremendous increases in the amounts of data generated and gathered by computer systems constitute a growing problem, as corporations tend to invest in hardware and software infrastructure but then use only a very limited proportion of these resources. Cloud computing was created to resolve this issue, with the vast amounts of data being termed "big data". Several tools were put in place to manage these prodigious quantities of data in efficient and effective ways, with the cloud essentially enabling sharing of resources among users to increase the throughput of the system. With this "shared resources" solution, questions over security and privacy have also arisen, resulting in the creation of different classes within the cloud, such as public clouds, private clouds and so on. However, when it comes to individual users, they only wish to secure a small subset, and being on a private cloud costs more than using the public variety. Many remedies have been offered for this dilemma, most of which are targeted at specific kinds of data or certain fields or industries. In this paper, we propose a generalised architecture to solve the privacy problem in cloud computing. Our solution includes considerations of the cost of privacy and ease of use. We will also discuss in detail the various solutions already proposed and their limitations. After providing details of our architecture, we will evaluate our work and analyse the results. The paper concludes with directions for future study in areas where more research is needed.
Show more

8 Read more

Efficient User Revocation with Public Auditing for Shared Data in the Cloud

Efficient User Revocation with Public Auditing for Shared Data in the Cloud

ABSTRACT: With the advent of data storage in the cloud, users are now able to easily share and modify data in a group. Users of a particular group generate signature for each blocks in shared data to ensure data integrity. Since different blocks are updated and modified by different users of a group, the signature on each block tend to be different. To achieve security, once a user is revoked from a group due to misbehaviour, all the blocks which contains the revoked users signature must be re-signed by an existing user of the group. The upright method suggests an existing user to download the data previously signed by the revoked user and re-sign it. But due to its inefficiency this method is not preferred. In this paper, we propose an efficient method to perform user revocation along with a public auditing mechanism to ensure the integrity of shared data. By applying proxy re-signature mechanisms, the cloud is allowed to re- sign blocks during user revocation on behalf of existing users. This is so that the existing users does not have to download the data and then upload again. The paper also supports public auditing which lets a public verifier audit the integrity of shared data without having to retrieve entire data from cloud, even though some data are re-signed by the cloud. Experimental results indicate that this mechanism can improve the efficiency of user revocation significantly.
Show more

10 Read more

Index Terms: public auditing, shared data, and user revocation.

Index Terms: public auditing, shared data, and user revocation.

Cloud computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources.Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data. To securely introduce an effective third party auditor (TPA) should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user. Following steps are used 1) We motivate the public auditing system of data storage security in Cloud Computing, and propose a protocol supporting for fully dynamic data operations, especially to support block insertion, which is missing in most existing schemes.
Show more

8 Read more

Implementation of Privacy Preserving Model for Auditing Data in The cloud

Implementation of Privacy Preserving Model for Auditing Data in The cloud

Cloud computing is transforming the nature of how business and people uses information technology today. This computing paradigm shift provides a scalable environment for growing amounts of data and processes that work on various application and services by means of on demand self services. Particularly, the outsourced storage in clouds is a new profit generating area by providing a uniformly low cost, scalable, geographically location-independent platform for managing users’ data. The cloud storage services lighten the burden for storage management and maintenance. Nowadays it is a routine for most users to leverage cloud storage services to share data with others in a group, as data sharing becomes a standard features in most cloud storage offerings including Google Drives, iClouds and Dropbox. However, the exciting advantages which are provided by cloud storage services, storing data in a cloud does not give any guarantee on data integrity and availability. Users’ data is put at risk of losses or being incorrect during sharing as the cloud service providers are separate administrative distance, out of the control of users. These security risks can be caused by: the internal and external threats in clouds infrastructures, for example there are various motivations for cloud service providers to behave unfaithfully towards the clouds users as well as the dispute due to lack of trust on Cloud storage service. Cloud users may not be aware of this behaviour even if these disputes may results into users own’s improper operation [1]. Following these and related challenges, public auditing, in particular privacy preserving one is suggested by researchers as trust worthy solution to be enhanced in cloud storage service so as to check for correctness of users data. In privacy preserving public auditing, the third party auditor is resorted to publicly verify the integrity of users’ data stored in clouds before being shared among multiple users without knowing the data and users’ identities privacy. A traditional approach provides only public auditing while preserving data privacy. This conventional approach will provide public auditing while keeping private users identities from third party auditor in a dynamic group data sharing environment.
Show more

5 Read more

Public Auditing for Shared Data With Effective User Revocation in the Cloud Storage

Public Auditing for Shared Data With Effective User Revocation in the Cloud Storage

ABSTRACT: With data storage and sharing services in the cloud, users can easily modify and share data as a group. To ensure shared data integrity can be verified publicly, users in the group need to compute signatures on all the blocks in shared data. Different blocks in shared data are generally signed by different users due to data modifications performed by different users. For security reasons, once a user is revoked from the group, the blocks which were previously signed by this revoked user must be re-signed by an existing user. The straight forward method, which allows an existing user to download the corresponding part of shared data and re-sign it during user revocation, is inefficient due to the large size of shared data in the cloud. In this paper, the author proposes a novel public auditing mechanism for the integrity of shared data with efficient user revocation in mind. By utilizing the idea of proxy re-signatures, the author allows the cloud to resign blocks on behalf of existing users during user revocation, so that existing users do not need to download and re-sign blocks by themselves. In addition, a public verifier is always able to audit the integrity of shared data without retrieving the entire data from the cloud, even if some part of shared data has been re-signed by the cloud. Moreover, our mechanism is able to support batch auditing by verifying multiple auditing tasks simultaneously. Experimental results show that our mechanism can significantly improve the efficiency of user revocation.
Show more

6 Read more

ATTRIBUTE BASED SECURED STORAGE MIDDLEWARE FOR MOBILE CLOUD COMPUTING

ATTRIBUTE BASED SECURED STORAGE MIDDLEWARE FOR MOBILE CLOUD COMPUTING

A holistic security framework to secure the data storage in public clouds with the special focus on lightweight wireless devices store and retrieving data without exposing the data content to the cloud service providers is been implemented by Zhibin Zhou and Dijiang Huang [1]. To achieve this goal, the solution focuses on the following two research directions: first, it presents a novel privacy preserving cipher policy attribute-based encryption to protect user data. Lightweight devices can securely outsource heavy encryption and decryption operations to cloud service providers, without revealing the data content and used security keys. Second, it proposes an attribute based data storage system as a cryptographic access control mechanism. Furthermore to facilitate key management and cryptographic access control in an expressive and efficient way Bethencourt and Sahai have associated user with multiple attributes. Multiple users may share common attributes allowing message encrypted to specify a data access policy by composing multiple attributes through logical operators such as AND, OR, etc [2]. A model for provable data possession is proposed by Antesia & Burns that can be used for remote data checking. The model generates probabilistic proofs of possession by sampling random sets of blocks from the server, which drastically reduces I/O costs [3]. In addition, as mobile cloud computing is a new model [4], it still has an opportunity for future research expansion in the three areas: First, Security issues are still frightening and there should be an appropriate solution for it, Second, architecture for the mobile cloud diverse wireless network should be investigated, Thirdly, A single access platform for mobile cloud computing via various operating systems platforms needs to be established. In another article, research on cross-tenant trust models in Cloud computing is carried out through a systematic analysis of cross-tenant trust relations by Tang & Ravi Sandhu [5].
Show more

7 Read more

A Survey on Public Auditing for Shared Data with Efficient User Revocation in the Cloud

A Survey on Public Auditing for Shared Data with Efficient User Revocation in the Cloud

ABSTRACT: Distributed computing has as of late developed as another worldview for facilitating and conveying administrations over the Internet. Distributed computing is appealing to entrepreneurs as it kills the prerequisite for clients to arrange ahead for provisioning, and permits undertakings to begin from the little and expansion assets just when there is an ascent in administration request. In any case, regardless of the way that distributed computing offers immense chances to the IT business, the improvement of distributed computing innovation is at present at its early stages, with numerous issues still to be tended to. With information stockpiling and sharing administrations in the cloud, clients can undoubtedly adjust and share information as a gathering. To guarantee shared information respectability can be checked freely, clients in the gathering need to register marks on every one of the pieces in shared information. Diverse squares in shared information are for the most part marked by various clients because of information changes performed by various clients. For security reasons, once a client is disavowed from the gathering, the squares which were already marked by this denied client must be re-marked by a current client. The straight forward system, which permits a current client to download the comparing a portion of shared information and re-sign it amid client disavowal, is wasteful because of the extensive size of shared information in the cloud. In this paper, we propose a novel open examining system for the uprightness of imparted information to proficient client renouncement personality a top priority. What's more, an open verifier is constantly ready to review the uprightness of shared information without recovering the whole information from the cloud, regardless of the possibility that some piece of shared information has been re-marked by the cloud.
Show more

8 Read more

Privacy-Preserving Public Auditingfor Shared data With Efficient User Revocation

Privacy-Preserving Public Auditingfor Shared data With Efficient User Revocation

Abstract- Users in a particular group need to compute signatures on the blocks in shared data,so that the shared data integrity can be confirmed publicly,.Various blocks in shared data are usually signed by various vast number of users due to data alterations performed by different users. Once a user is revoked from the group, an existing user must resign the data blocks of the revoked user in order to ensure the security of data. Due to the massive size of shared data in the cloud, the usual process, which permits an existing user to download the corresponding part of shared data and re-sign it during user revocation, is inefficient. With our mechanism, the identity of the signer on each block in shared data is kept private from public verifiers, who are able to efficiently verify shared data integrity without retrieving the entire file. In addition, our mechanism is able to perform multiple auditing tasks simultaneously instead of verifying them one by one. Our experimental results demonstrate the effectiveness and efficiency of our mechanism when auditing shared data integrity.
Show more

5 Read more

Improving Security Techniques for Shared Data in Cloud Computing

Improving Security Techniques for Shared Data in Cloud Computing

Authentication and Access Control (AAC) is the process of verification and confirmation on user’s identity to connect, to access and use the cloud resources. In enterprise computing, the credentials are stored in the server in the form of Active Directory (AD) or Lightweight Directory Access Protocol (LDAP).Authentication done virtually through private network in private cloud. In public cloud, customers use the internet to connect to CSP(Cloud Service Provider), applications from different users can co- exist with the same CSP(Cloud Service Provider) (resource pooling) and CSC(Cloud Service Consumer) can access the applications from anywhere through any devices. So In public cloud, authentication is too weak and without protection than private cloud . A Password-based authentication does not provide effective security for the public cloud. Passwords can be cracked using many methods such as a brute force attack, dictionary attack, phishing or social engineering attack. So it is very important that the CSP (Cloud Service Provider) should include highly secured authentication methods in a public cloud. Customers connected to cloud services in cloud computing through APIs and API’s are designed to accept tokens compare to passwords. In cloud computing, authentication applies to not only users but also to machines. Machines need to authorize certain automated actions like online backup, patching and updating systems and remote monitoring system. Since the cloud applications are accessed through various devices, there should be a strong authentication method like RSA token, OTP over the phone, smart card / PKI, biometrics, etc., for original identification confirmation and show their value.. This will enable identifiers and attributes with a strong level of authentication to be passed on to the cloud application and the risk decisions can be made for access management. There are a number of methods and standards available to avoid security issues related to AAC.
Show more

5 Read more

Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revocation

Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revocation

Abstract: Cloud computing is the protracted revelation of computing as effectiveness, where data owners can remotely store their data. The essential service presents by the Cloud is Data Storage. On the other hand, it is a tricky task for sharing data in multi-owner manner anywhere group admin and all group members can store and alter data while protecting data and identity privacy from an untrusted cloud server, due to the frequen t change of the membership. So secure multi-owner data sharing scheme for dynamic groups in the cloud computing have been projected which absorb addition of group signature and broadcast encryption techniques. However this system also recognized some boundaries in terms of competence and security. since multi-owner data storing and sharing in a dynamic surroundings dumps enormous amount of data files in the cloud, which leftovers in cloud for imprecise period of time. The confidential information stored may changed by service providers. To maintain cloud file’s security and privacy regular elimination of unwanted files is needed. To determine this drawback we propose new framework which is Reliable and Scalable Secure Method to Store and Share Secrete Data for groups in Cloud i.e MONA that remove unnecessary files automatically when the predefined time period for sharing specified by data owner has been run out which improve performance of the system in terms of security and efficiency. Also this method decreases the overhead at the time of upload and download file in the cloud. At last proposed method by name Multi Owner Data Sharing Over Cloud (MODOC) declares required efficiency and most importantly security. We apply a working prototype of the MODOC method and assess its performance based on the time addicted during various operations The results give you an idea about that MODOC has the prospective to be effectively used for secure data sharing in the cloud.
Show more

7 Read more

Efficient User Revocation for Shared Data in the Public Cloud

Efficient User Revocation for Shared Data in the Public Cloud

C. CongWang,et.al.(2013),Privacy-Preserving Public Auditing for Secure Cloud Storage; Using cloud storage, users can remotely store their data and enjoy the on-demand high-quality applications and services from a shared pool of configurable computing resources, without the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the outsourced data makes the data integrity protection in cloud computing a formidable task, especially for users with constrained computing resources. Moreover, users should be able to just use the cloud storage as if it is local, without worrying about the need to verify its integrity. Thus, enabling public audit ability for cloud storage is of critical importance so that users can resort to a third-party auditor (TPA) to check the integrity of outsourced data and be worry free. To securely introduce an effective TPA, the auditing process should bring in no new vulnerabilities toward user data privacy, and introduce no additional online burden to user. In this paper, they propose a secure cloud storage system supporting privacy-preserving public auditing. They further extend those result to enable the TPA to perform audits for multiple users simultaneously and efficiently. Extensive security and performance analysis show the proposed schemes are provably secure and highly efficient. Those preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.
Show more

6 Read more

System Approach for Single Keyword Search for Encrypted Data Files Guarantees in Public Infrastructure Clouds

System Approach for Single Keyword Search for Encrypted Data Files Guarantees in Public Infrastructure Clouds

In this paper, we have proposed an system architecture about providing user security guarantees in public infrastructure clouds and single keyword search scheme to search the encrypted data files efficient and also the data security over the cloud. However, some extensions are still possible of our current work remaining. In future, We would like to propose a multi-keyword search scheme as our OPE algorithm is a simple one, another extension is to find a powerful algorithm which will not harm the efficiency

5 Read more

User Security Guarantees in Public Infrastructure Clouds

User Security Guarantees in Public Infrastructure Clouds

The infrastructure cloud (IaaS) service model offers tenants with an improved assets flexibility and availability, where they are encased from the trivial details of hardware maintenance, rent computing resources to be utilized and operate complex systems. Many organizations work on delicate data to avoid relocation and replication of operations to IaaS platforms due to defense concerns. In this paper we use Order-preserving encryption (OBP) to achieve efficiency and security of data stored in a cloud, we also use another techniques like auditing protocols and third party assistance for the key management updates into a cloud by which the accessing becomes easier and the security is guaranteed and the violation of the data decreases. The industry has invested for strict security and they suggest best practices [5].The main aim of this project is to through light on IaaS. It is in its simplified form, and exposes to its users that it is coherent platform as it supports the hosts of clouds who operates VM guests can communicate by a virtual network by providing the basic requirements
Show more

6 Read more

Maintaining Integrity and Security for the Data Shared in the Cloud

Maintaining Integrity and Security for the Data Shared in the Cloud

In [2] authors proposed a method called Provable Data Possession (PDP) which allowed a public verifier to check the correctness of data which was being stored by the user or a client on an untrusted server. Even though, it offered high privacy for data of the user, it was good for only the static data. An extension to the PDP was introduced in [5]. In this extension model, authors implemented PDP using some symmetric keys which could provide support for the dynamic data. But it couldn’t do much for verifying the integrity of data as verifier could only provide limited number of verification request. Later, introduced the Merkel Hash Tree for supporting the public auditing mechanism by providing a complete support for fully dynamic operations.Users or clients who share the data on a storage space were so much worried about how to maintain the integrity of data, as the data became larger and larger the idea of checking the integrity of data by users itself need to get changed and authors suggested the idea to bring the Third Party Auditor (TPA) in [3] to overcome the workload or complexity felt by the users or clients to a greater extent. But protecting the private or confidential data of users from TPA came forward as an issue, but Wang solved it in a better way by random masking. In [8] authors proposed a model “Oruta” which could help in identifying the each of the signers who have signed on the data blocks being shared in that storage space and keep the signer’s identity private form the public verifiers and thus provide integrity of shared data without retrieving the entire file. Apart from the other previously discussed mechanisms this could perform multiple auditing tasks. And in [9] authors proposed another model called “Knox”. Even if there is large number of users, it is not affecting the auditing of large amounts of data shared by a client
Show more

11 Read more

A Secure Key for Cloud using Threshold Cryptography in Kerberos

A Secure Key for Cloud using Threshold Cryptography in Kerberos

The Kerberos protocol is designed to provide reliable authentication over open and insecure networks where communications between the hosts belonging to it may be intercepted. Kerberos is a computer network authentication protocol which works on the basis of ‘ticket’ to allow nodes communicating over a non secure network to prove there identity to one another in a secure manner. It is beneficial because it provides mutual authentication- both the user and the server verify each other’s identity. Because of some limitations of Kerberos it is restricted by some well known organizations. When the Kerberos server is down due to any physical or environmental attack, no one can log-in. This can be resolved by using multiple server instead of single server. Another limitation with Kerberos is Kerberos assumes that each user is trusted but is using an un-trusted host on an un- trusted network. Its primary goal is to prevent unencrypted passwords from being sent across that network. However, if anyone else than the proper user has access to the one host that issues tickets used for authentication called the key distribution center (KDC) the entire Kerberos authentication system is at risk. Since all authentication is controlled by centralized KDS, compromise of this authentication infrastructure will allow an attacker to impersonate any user. This will reduce the security of Kerberos authentication model. For avoiding these all limitations we are providing a new approach for more secure Kerberos authentication model.
Show more

7 Read more

Research on Security Architecture in Mobile Cloud Computing to Prevent Adaptive Anomaly Attacks

Research on Security Architecture in Mobile Cloud Computing to Prevent Adaptive Anomaly Attacks

The main topic of our study is mobile cloud computing. Cloud computing is a modern technology developed where users can use the system to upload huge amount of data and retrieve it later anytime anywhere. The system has been developed recently so it has some loop holes as of now and the major one out of them is data security. Although we, the end users find it very attractive in our day to day lives while using cloud storage we have to pioneer to the fact that companies need to develop their security of cloud storage more. There has been huge amount of research going on data security in cloud and still researchers are coming up with new ideas. But the major part is their implementation. Moreover the increasing securities risks that cloud computing are inheriting these days are a major concern. In Anomaly attacks, intermittent user intrusion is some of the factors which are up and about to destroy the cloud storage integrity these days. Thus the security privileges should be increased as data integrity is very important when it comes to data management of big companies where privacy of the data stored is very important. At last to conclude cloud storage is revolutionizing the way data is stored now a days and with the inclusion of companies like Google cloud storage is ready to reach new heights and if used the right way in the future would be replacing all kinds of physical data like hard disk, floppy drives, USB etc. which have higher rate of intrusion of privacy than cloud storage.
Show more

6 Read more

Show all 10000 documents...