Cloud Data security and privacy in IAAS model

Size: px
Start display at page:

Download "Cloud Data security and privacy in IAAS model"

Transcription

1 Cloud Data security and privacy in IAAS model Aurelia Delfosse Numergy Department of security 25 rue Madeleine Vionnet Aubervilliers France Vincent Malguy Numergy Department of security 25 rue Madeleine Vionnet Aubervilliers France Jeremy Fanton Numergy Department of security 25 rue Madeleine Vionnet Aubervilliers France Nargisse Marine Numergy Department of architecture 25 rue Madeleine Vionnet Aubervilliers France Thierry Floriani Numergy Department of security 25 rue Madeleine Vionnet Aubervilliers France Cedric Tavernier Numergy Department of security 25 rue Madeleine Vionnet Aubervilliers France Abstract: Cloud security is again a top concern for citizens and organizations alike. Despite the benefits to consumers using IaaS (Infrastructure as a Service), as compelling case for cost savings, agility and operational efficiency, there are downsides; among them being the security of data stored in cloud computing environments and protecting these data has been challenging in the past. Hense, we propose a complete security architecture for the data protection. Another challenge is key management because the Cloud computing has been defined to accomodate a huge number of consumers. Using a standard PKI along with symmetric encryption is not enough, we believe that such system is weakly scalable and we propose an asymmetric key management powered by identity based cryptography. Also, cryptography cannot solve all problems, in particular new techniques have to be considered to solve privacy issues. Key Words: Cloud Computing, Privacy, Security, Cryptography, PKI, IBE, PIR. 1 Introduction Cloud computing is a computing and storage concept in which dynamically scalable and virtualized ressources are provided as a service. As a relatively new business model in the computing world, cloud computing is defined as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. In recent years, this innovative computing technology has drawn much attention in the fields of industry and academy. The great flexibility and economic saving of cloud computing are motivating all kinds of users, such as customers, enterprises, and even government organizations, to adopt cloud. Cloud computing is an emerging paradigm, but its security and privacy risks has been attracting significant attentions of cloud users and cloud providers. One of the important reasons is that cloud users have to trust the security mechanisms and configuration of the cloud provider and the cloud provider itself. In the community of industry and academy, cryptographic technique is currently treated as one of the key techniques to solve security and privacy problems existing in cloud computing environment. In the past few years, many types of cryptography-based solutions for cloud computing, mainly focusing on secure storage [6 14], secure computations [15 21] and secure service usage [22] have been proposed in [23]. It is well known that cloud storage is a specific sub-offering within IaaS of cloud computing [24]. With cloud storage technology, private data of users is stored on multiple third-party providers, rather than on the dedicated providers used in traditional networked data storage. The providers supply data storage service through the Internet to users themselves and others [25]. The basic requirements for cloud storage systems include mass storage and low expense. However, users are reluctant to move important and sen- ISBN:

2 sitive data to cloud unless security and privacy issues can be well solved. To deal with this problem, lots of secure cloud storage architectures have been designed and proposed in recent years, and most of them are based on cryptographic techniques [9, 26]. In this paper, we focus on the field of secure cloud storage and privacy. We try to review existing solution and propose a combination of existing secure cloud storages solution in which cryptographic techniques have been employed to design them. We also compare these cloud storages from different standpoints. This work aims to get a better understanding about what type of cryptographic techniques can be applied in secure cloud storage. Cryptographic techniques play an important role in the security protection of cloud storage, and in return the demand on secure cloud storage can promote the research of cryptography. We hope this review can give some helps for future researches, and more secure cloud storages by using cryptographic techniques can be proposed in the near future. Nevertheless cryptography cannot solve every problem, in particular customers require more and more privacy. Few years ago they required that nobody can guess who communicate with whom. This problem could be solved by methods like onion routing network protocols like TOR [50]. A new requirement appears now: when a customer queries a database, he does not want the database to know the object of its research. In fact this problem appears few years ago and is known as PIR (private information retrieval) [51, 52]. The rest of this paper is organized as follows. Sect. 2 introduces the definition of Cloud computing and their security problems, we address in this section the different problem that could be solved by symmetric cryptography. We first ommit the identity management issues and the key management because it will be considered in section 4. Sect. 3 is dedicated to present solutions to provide confidentiality while using cloud storage facilities. We review in this section solution based on operating system encryption and different techniques to transport data securely. Different solutions exist on the market today but the challenge is choosing the solution that respects the minimum level of security and the efficiency that should not impact the customer: we want a transparent solution for the user. Sect. 4 concerns the key management. In cloud computing solution based simply on private keys is simply not realistic because such solution is not scalable and very difficult to manage. Among the basic functions of any key management system, we find the registration of users, the revocation for the users that leave the system, the management of the different crypto periodes etc... The most standard solution to do this task consists in using a PKI (Public key infrastructure) and in distributing certificates to users. Sect. 5 reviews techniques to insure the privacy in the cloud environement. 2 Cloud and Security According the definition of NIST [78], Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. 2.1 Essential Characteristics 1. On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. 2. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). 3. Resource pooling. The providers computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth. 4. Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time. 5. Measured service. Cloud systems automatically control and optimize resource use by leveraging ISBN:

3 a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. 2.2 Service Models 1. Software as a Service (SaaS). The capability provided to the consumer is to use the providers applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based ), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited userspecific application configuration settings. 2. Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. 3. Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls). 2.3 Deployment Models 1. Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. 2. Community cloud. The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. 3. Public cloud. The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. 4. Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). 2.4 Security issues associated with the cloud There are a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers (organizations providing software, platform, or infrastructure-as-a-service via the cloud) and security issues faced by their customers. In most cases, the provider must ensure that their infrastructure is secure and that their clients data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information. The extensive use of virtualization in implementing cloud infrastructure brings unique security concerns for customers or tenants of a public cloud service. Virtualization alters the relationship between the OS and underlying hardware - be it computing, storage or even networking. This introduces an additional layer of virtualization that itself must be properly configured, managed and secured. Specific concerns include the potential to compromise the virtualization software, or hypervisor. While these concerns are largely theoretical, they do exist. For example, a breach in the administrator workstation with the management software of the virtualization software can cause the whole datacenter to go down or be reconfigured to an attacker s whish. We can summarize threats as follows: ISBN:

4 Table 1: Threats Summary for Iaas [64] Iaas component Threats / Challenges Service Level Agreement Monitoring and enforc- (SLA) ing SLA. Monitor QoS attributes. Utility Computing Measuring and billing with Multiple levels of providers On-demand billing system availability. Cloud Software Attacks against XML. Attacks against web services. Networks and Internet connectivity Virtualization Denial of service (DOS) Man-In-The-Middle attack (MITM). IP Spoofing. Port Scanning. DNS spoofing. Security threats sourced from host: We cannot solve in this paper the set of security issues in cloud that could be partially solved by the use of IDS, IPS, anti-viruses etc, thus, as we see in the next section, we concentrate our effort on problem that can be solved by a correct use of cryptography. 3 Symmetric Encryption In order to provide confidentiality of the data stored and used in the cloud, we proposed to review three different encryption solutions that operate at different levels. 3.1 Securing the data at the application level Applications hosted in the cloud could support encryption of sensitive data directly within the application. This solution provides a true end-to-end encryption controlled by the end user at his own computer level. Computer Hardware Monitoring from host. VMs Communications between VMs and host. VMs modification. Security threats sourced from VM: Monitoring VMs from other VM. Communication between VMs. Virtual machines Mobility Resources Denial of Service (DoS). VMs provisioning and migration. Physical attacks against computer hardware. Data security on retired or replaced storage devices. Figure 1: Encryption at application level At no time, cloud or network providers, will be aware of the information that is transmitted. Moreover, an attacker that can sniff or manipulate the network traffic will not get access to the data. The only way to compromise the data will be to compromise the users computer itself. Users will need to be very careful with the secret key used for encryption because no third party will be able to provide it back if lost. This solution is not compatible with a web application that are likely to be used in cloud base business. Implementing this solution requires to modify the application at core level to allow encryption. This could be very challenging and need support from application developers. 3.2 Securing the communication to access cloud information Transmitting data to a secure channel could also be done by deploying an IPSec VPN or using a Secure socket (SSL/TLS). IPSec VPN is a protocol suite that aims at securing the Internet protocol (IP) communication by providing authentication, integrity, confidentiality, anti-replay and non-repudiation at layer 3 (Internet network layer). Depending on the protocol and mode of operation used, it operates in different ways and provides different functions [1] ([RFC 4308]). It is defined by IIETF RFC4301 [2]. A Secure ISBN:

5 socket (SSL/TLS) is initialized at layer 5 (OSI session layer) by an handshake using an asymmetric cipher in order to establish a set of cipher settings and a shared key for that session. Then, at layer 6 (OSI presentation layer) it encrypts the rest of the communication using a symmetric cipher and the session key. Figure 2: Secure channel encryption As the data are only encrypted during transport, using a secure channel will provide protection again network snooping and is compatible with almost any existing software. Secure channel will not protect data from being accessed by the cloud provider nor if the user s computer is compromised. Initialisation phase is also subject to attacks [3]. To implement secure sockets on an existing Web application, software reconfiguration on server side will be required but nothing should be done on the client side as every major web browser already includes SSL support. For other kind of applications, IPsec VPN will require to install and configure software on both sides. For both technologies, a pre-shared secret need to be securely shared. How this secret key is transmitted is a question that will be solved in section Securing the storage of data withing a operation system in the cloud To provide confidentiality when the data are stored in the cloud, the operating system data partition can be encrypted. Encryption could be done on system, data and swap partition. We recommend to enable encryption on all partitions to ensure maximum confidentiality. Encrypting only data partition could lead to side channel attacks exploiting the information contained in clear text on file systems [http://citpsite.s3-website-us-east- 1.amazonaws.com/oldsite-htdocs/pub/coldboot.pdf]. Figure 3: Storage of data within a operation system in the cloud This solution is compatible with every application and protect data from being accessed by the cloud provider. As data are not encrypted during transport, communication interception will compromise the data. This solution can be implemented transparently and with minimal effort on the cloud operating system side. This is a one time operation that should be supported by the cloud provider itself. 3.4 Technical solution comparaison and recommandations Data encryption and decryption at application level only Data transport using encrypted protocols Data encryption on cloud storage network snooping;universal compatibility universal compatibility;cloud provider access to data* Protection provided network snooping; Man in the middle attacks; cloud provider access to data Residual issues user computer compromised* ;Not compatible with web application;no secret key recovery user computer compromised;man in the middle attacks*;cloud provider access to data network snooping;user computer compromised; Man in the middle attacks effort Developper to implement solution within the application Software deployment at most, configuration only for web application. Minimal initial configuration required at cloud storage level Table 2: Technical solution comparaison Table 3: * : Depending on implementation flaw or specific conditions We recommend to implement encryption at the application level whenever this is possible. This solution will provide maximum data confidentiality. We recommend that the solution forces encryption even on the user s computer. In this setup, the attacker will have to maintain a surveillance of the users computer long enough to catch the user secret key to decrypt the data. We believe that this raised the security level to a state sponsor attack only. If application level encryption is not possible, we recommend to combine Data transport using encrypted protocols and Data encryption on cloud storage technique to reduce risks. In this combined setup, compromising the users computer will be the only way to compromise the data. We believed that a motivated offensive security expert will be able to compromise data within a reasonable time frame. Lawful interception or regulations may require users to give access to his data. This kind of official request is out of scope of this paper but may impact solution choices.we believe that cloud provider should ISBN:

6 provide solutions to their customers to enforce confidentiality in respect with applicable laws. 4 Asymmetric Keys and Identity management To solve the problem of authentification and non repudiation, we use to consider the standard PKI. We suggest here to review this sytem and to propose another one which is less known but certainly more efficient for a cloud computing. 4.1 Public Key Infrastructure A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The third-party validation authority (VA) can provide this information on behalf of CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the registration authority (RA). The RA ensures that the public key is bound to the individual to which it is assigned in a way that ensures non-repudiation (see Fig 4) Issues in cloud based PKI According to us and as explained in [70], there can be three issues that can complicate the implementation of PKI on cloud: 1. Storing Private Keys In Scalable And Mobile Systems: The three factors to consider when designing the system are scalability, mobility and automation. A solution must be able to add more CAs on demand, be relatively consistent in required time to sign certificates and always be available. Hence, the solution must support the CA operations being movable to another less strained server if the number of requested signatures increases beyond the limit of the Hardware Security Module or the service unexpectedly fails. To able to move all CA operations to another server, all data regarding that CA must be moved between databases and the private key has to be moved or be the same at the new location. However, there exists no sufficiently secure procedure to move private keys between Hardware Security Modules (HSMs) autonomously. Therefore, the same private keys must be predefined in HSMs at all available locations of that CA. The ability to move the CA to another location and to bind private keys on demand provides scalability in the number of signatures the system can handle. The scalability of the number CAs at one location is relative to the number of keys the Hardware Security Module is able to store. 2. Certificate Authority Separation: One essential requirement of a cloud based PKI is that one customer should only be able to see and use its own CAs. Consequently, there must be separation between CAs and customers. 3. Providing Secure Authentication And Authorization: Only a number of predefined CAs can issue certificates to administrators due to the trust store in the application server. Other CAs issuing administrator certificates can be added but that requires restarting of the application server. The purpose of this is to give each customer a dedicated CA to issue certificates to its administrators. Figure 4: Diagram of a public-key infrastructure[69] 4. Managing revocation. For huge system, managing revocation is not so simple with a PKI. ISBN:

7 In order to avoid such complication we propose to use the following technique based on Identity Based Cryptography. 4.2 IBE We briefly summarize what is Identity based cryptography and the bilinear pairing. The idea of IBC appeared in 1984 in [65], but without the introduction of elliptic curves. The bilinear pairing appears in 2001 [66]. Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string. A trusted third party, called the Private Key Generator (PKG), generates the corresponding private keys. To operate, the PKG first publishes a master public key, and retains the corresponding master private key (referred to as master key). Given the master public key, any party can compute a public key corresponding to the identity ID by combining the master public key with the identity value. To obtain a corresponding private key, the party authorized to use the identity ID contacts the PKG, which uses the master private key to generate the private key for identity ID. As a result, parties may encrypt messages (or verify signatures) with no prior distribution of keys between individual participants. This is extremely useful in cases where pre-distribution of authenticated keys is inconvenient or infeasible due to technical restraints. However, to decrypt or sign messages, the authorized user must obtain the appropriate private key from the PKG. The steps involved are depicted in this diagram: with the following properties: Bilinearity: P, Q G 1, a, b Z q, we have ê(ap, bq) = ê(p, Q) ab Non-degeneracy: There exist P, Q G 1 such that ê(p, Q) = 1 Computability: There exists an efficient algorithm to compute ê(p, Q) P, Q G Hierrachical architecture for cloud computing [67] As shown in Fig.6, IBHM (Identity based Hierarchical model) for cloud computing (IBHMCC) is composed of three levels [68]. The top level (level-0) is root PKG. The level-1 is sub-pkgs. Each node in level-1 corresponds to a data-center (such as a Cloud Storage Service Provider) in the cloud computing. The bottom level (level-2) are users in the cloud computing. In IBHMCC, each node has a unique name. The name is the nodes registered distinguished name (DN) when the node joins the cloud storage service. For example, in the Fig.6, DN of the root node is DN 0, DN of node M is DN M and DN of node N is DN N. We define the identity of node is the DN string from the root node to the current node itself. For example, the identity of entity N is ID N = DN 0 DN M DN N. denotes string concatenation. We further define ID N I 0 = DN 0, IDN 1 = DN O DN M, IDN 2 = DN 0 DN M DN N. The rule is applicable to all nodes in the hierarchical model. The deployment of IBHMCC needs two modules: Root PKG setup and Lowerlevel setup. Root PKG setup: Root PKG acts as follows: 1. Generate groups G 1, G 2, of some prime order q and an admissible pairing ê : G 1 G 1 G 2 ; 2. Choose an arbitrary generator P G 1 ; Figure 5: ID Based Encryption: Offline and Online Steps[67] Let G 1 be a cyclic additive group of prime order q, and G 2 be a cyclic multiplicative group of the same order q. A bilinear pairing is a map ê : G 1 G 1 G 2 3. Choose cryptography hash functions H 1 : {0, 1} G 1, H 2 : G 2 {0, 1} n for some n; 4. Pick a random α Z q and set Q 0 = αp, P 0 = H 1 (DN 0 ), S 0 = αp 0. The root PKGs master key is S 0 and the system parameters are G 1, G 1 2, ê, Q 0, P, P 0, H 1, H 2. ISBN:

8 Identity-Based Encryption (IBE): IBE is based on the above Root PKG setup and Lower-level setup algorithms. It is composed by two parts: Encryption and Decryption. Encryption: Assume E 1 and E 2 are two entities in the cloud computing. The identity of the entity E 2 is ID E2 = DN 0 DN 1 DN 2. To encrypt message m with ID E2, E 1 acts as follows: 1. Compute P 1 = H 1 (DN 0 DN 1 ), P 2 = H 1 (DN 0 DN 1 DN 2 ); Figure 6: Hierarchical architecture for cloud computing Lower-level setup 1. Assume there are m nodes in the level-1. For each node, the root PKG acts as follows (let X be an arbitrary node in the m nodes): 2. Compute the public key of node X: P X = H 1 (ID X ) where ID X = DN 0 DN X ; 3. Pick the secret point ρ X Z q for the node X. ρ X is only known by node X and its parent node; 4. Set the secret key of node X: S X = S 0 +ρ X P X ; 5. Define the Q-value: Q IDX I 1 = ρ X P Q IDX I 1 is public. After the above five steps are finished, all nodes in the level-1 get and securely keep their secret keys and the secret points. On the other hand, the public key and the Q-value are publicized. Then, each node in the level-1 similarly repeats the above steps (2-5). Similarly, all nodes in level-2 keep the secret keys and the secret point while publicizing the public key and Q-value Identity-Based Encryption and Signature for IBHMCC For the need in cloud computing, we have to propose an encryption and signature schemes. Therefore, as we know that identity-based encryption (IBE) and identity-based signature (IBS) schemes are well known, it can be considered for IBHMCC in the following. 2. Chose a random r Z q; 3. Output the ciphertext rp, rp 1, rp 2, H 2 (g r ) m, where g = ê(q 0, P 0 ) which can be precomputed. Decryption: After receiving the ciphertext C = U 0, U 1, U 2, V, the entity E 2 can decrypt C using its secret key S E2 = S 0 + ρ 1 P 1 + ρ 2 P 2 where ρ 1 is the secret point of node DN 0 DN 1 DN 2 : 1. Compute d = ê(u 0,S E2 ) 2 i=1 ê(q ID E2 I i,u i ) Q IDE2 I 1 = ρ 1 P, Q IDE2 I 2 = ρ 2 P ; 2. Output the message m = H 2 (d) V. where Identity-Based Signature (IBS): IBS is also based on Root PKG setup and Lower-level setup algorithms. It incorporates two algorithms: signature and verification. Signature: To sign a message m, the entity E 2 acts as follows: 1. Compute H 1 (DN 0 DN 1 DN 2 m); 2. Compute δ = S E2 +ρ 2 P m, where ρ 2 is the secret point of the entity E 2 ; 3. Output the signature δ, P m, Q IDE2 I 1, Q IDE2 I 2. Verification: Other Entities can verify the signature by acting as follows: Confirm ê(p, δ) = ê(p, ρ 2 P m )ê(q 0, P 0 ) 2 ê(q IDE2 I i, P i ). i=1 if the equation is true, the signature is validated. ISBN:

9 4.2.3 Identity-Based cryptography to manage users storage in cloud computing Here we assume that an initial registration of users has been done. Then for any new session, it is clear that the users can be authentified through standard authentification protocol. By using the IBE and IBS, user can send securly through the network the passphrase that enable the encryption of the operating system as it is considered in section 3. To do this we recommend to use the TLS protocol or an IPsec-VPN. Secure communication between users of the same group is insured by the IBE system. We believe that the use of the HIBE and HIBS system and the combination with an OS encryption solution allow to remove the inerent problem of PKI and avoid inerent problem of Homomorphism. In particular, the revocation is anymore a difficulty since revocated user will not have new asymmetric key to communicate. as we have seen, mainly, a system based on identity requires one server when a standard PKI requires 3 ones. Almost no key has to be registered, each public key can be computed from the identity itself and PKG has a secret key to generate all private keys. 5 Private information retrieval In cryptography, a private information retrieval (PIR) protocol allows a user to retrieve an item from a server in possession of a database without revealing which item is retrieved. PIR is a weaker version of 1-out-ofn oblivious transfer, where it is also required that the user should not get information about other database items. One trivial, but very inefficient way to achieve PIR is for the server to send an entire copy of the database to the user. In fact, this is the only possible protocol that gives the user information theoretic privacy for their query in a single-server setting. There are two ways to address this problem: one is to make the server computationally bounded and the other is to assume that there are multiple non-cooperating servers, each having a copy of the database. The problem was introduced in 1995 by Chor, Goldreich, Kushilevitz and Sudan [51] in the information-theoretic setting and in 1997 by Kushilevitz and Ostrovsky in the computational setting [53]. The authors of [51] showed the following: Assume you have k 2 copies of databases of size n. Then there are PIR schemes of complexity n which achieve complete information theoretic security. The authors of [51] came up with PIR schemes that enable private retrieval of records from replicated databases, with a nontrivially small amount of communication. In such protocols, users query each server holding the database. The protocol ensures that each individual server (by observing only the query it receives) gets no information about the identity of the items of user interest. We now make the notion of private information retrieval schemes more concrete. We model the database as a k-long q-ary string x that is replicated between r non-communicating servers. The user holds an index i (which is an integer between 1 and k) and is interested in obtaining the value of the i-th coordinate of x. To achieve this goal, the user tosses some random coins, queries each of the r servers and gets replies from which the desired value can be computed. The query to each server is distributed independently of i therefore each server gets no information about what the user is after. Formally, Definition 1 A r-server private information retrieval protocol is a triplet of non-uniform algorithms P = (Q, A, C): We assume that each algorithm is given k as an advice. At the beginning of the protocol, the user U tosses random coins and obtains a random string rand: Next U invokes Q(i, rand) to generate an r-tuple of queries (que 1,..., que r ). For j [r], U sends que j to the server S j. Each server S j, j [r] responds with an answer ans j = A(j, x, que j ). Finally, U computes its output by applying the reconstruction algorithm C(ans 1,..., ans r, i, rand). A protocol as above should satisfy the following requirements: Correctness: For any k, x [q] k and i [k]. U outputs the correct value of x i with probability 1 (where the probability is over the random strings rand). Privacy: Each server individually learns no information about i. More precisely, we require that for any k and for any j [r], the distributions que j (i, rand) are identical for all values i [k]. The communication complexity of a PIR protocol P is a function of k measuring the total number of bits communicated between the user and the servers, maximized over all choices of x [q] k, i [k], and random inputs. The major goal of PIR related research to design r-server private information retrieval schemes with optimal (i.e., the smallest possible) amount of ISBN:

10 communication for every r. Following the paper of Chor et al. [51] there has been a large a body of work on private information retrieval [54 62]. A large number of extensions of the basic PIR model have also been studied. These include extensions to t-private protocols, in which the user is protected against collusions of up to t servers [55, 63] extensions which protect the servers holding the database in addition to the user, termed symmetric PIR [71, 72]; extensions to computational schemes [73] that only ensure that a server cannot get any information about the user s intensions unless it solves a certain computationally hard problem; and other extensions [74]. In many of those extensions the protocols are obtained by adding some extra layers on top of a basic private information retrieval scheme. Therefore improving parameters of basic private information retrieval schemes yields improvements for many other problems. See [75] for surveys of PIR literature. The gap between upper and lower bounds for communication complexity of private information retrieval schemes is fairly large. Currently, the most efficient r-server schemes for r 3 are obtained through r-query locally decodable codes. Communication complexity of such schemes is roughly logarithmic in the codeword length of corresponding codes. This, for instance, yields 3-server schemes with exp log k log log k communication to access a k-bit database [76]. Two server private information retrieval schemes do not rely on locally decodable codes (LDCs). The most effficient such schemes to date require O(k 1/3 ) communication [51]. The best lower bound for the communication complexity of two server PIR is 5 log k due to Wehner and de Wolf [60]. Single server PIR schemes require Θ(k) communication [51]. We present a two server scheme based on polynomial interpolation. 5.1 From codes to schemes The following lemma obtains an r-server private information retrieval scheme out of any perfectly smooth r-query locally decodable code, i.e., a code where each decoder s query is distributed perfectly uniformly over the set of codeword coordinates. Lemma 2 [77]. Suppose there exists a perfectly smooth q-ary r-query locally decodable code C encoding k-long messages to N-long codewords; then there exists an r-server private information retrieval scheme with O(r log 2 (Nq)) communication to access a q-ary k-long database. Theorem 3 [77]. For every integer t 2 and for all k 2, there exists a 3 2 t 2 -server private information retrieval scheme with ) exp t ((log k) 1/t (log log k) 1 1 t bit communication to access a k-bit database. One of the earliest applications of locally decodable codes was to worstcase to average-case reductions in computational complexity theory. This application requires LDCs with polynomial length and polylogarithmic query complexity. Such codes can be obtained from Reed Muller codes. Currently, Reed Muller codes are the best known LDCs in the regime of medium query complexity. The length of RM codes of query complexity log k is only slightly superpolynomial. To date Reed Muller codes and multiplicity codes constitute the only known classes of locally correctable codes. It is interesting to see if there are locally correctable codes in the regime of low query complexity that are shorter than Reed Muller codes. In particular we do not know if matching vector codes can be made locally correctable. 6 Conclusion We have exposed few secure solutions that could be used in a Iaas cloud, we believe that these solutions are realistic and that securing a cloud properly is available by using the existing cryptographic material. Currently secure storage in cloud is an open problem but existing operating systems encryption as TrueCrypt allows users to work without latency problems. PKI is enabling computer to computer communications in the Cloud because it offers a cryptographically strong method of authentication which can be tied to the secure transport mechanism, TLS. The security of any system is not a question of if the system is secure or not, it is a question of how secure it is or in other words, to what extent it is secure. Every system has flaws, either in the design or in the nature of the system, thus absolute security cannot be guaranteed for any system. Technologies and incentives to access or destroy systems emerge as technology moves forward and the value of the system increases. Hence, a system can only be classified secure to an extent or not secure at all. One critical factor in security is cost. To limit the incentives to break the system, the cost of breaking the system should be higher or equal to the ISBN:

11 value of the information the system is protecting. The paper has discussed a model to build trust in Cloud using public key Infrastructure and Identity based cryptography. We prefer the use of Identity based cryptography for some reason of scalability and management. As we have seen, PKI is certainely much more costly on almost all point of view. Finally we proposed to investigate toward PIR solution in order to offer to cloud users privacy. This last subject is open and merits research to make it less costly in term of complexity. Acknowledgements: The research was supported by the compagny Numergy (https://www.numergy.com/). References: [1] P. Hoffman. Cryptographic Suites for IPsec. IETF Request for Comments: [2] S. Kent, K. Seo. Security Architecture for the Internet Protocol. IETF Request for Comments: [3] Steve Dispensa, Marsh Ray. Renegotiating TLS Man-In-The-Middle. Paper /Renegotiating TLS.pdf [4] J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. Lest We Remember: Cold Boot Attacks on Encryption Keys. Paper https://citp.princeton.edu/research/memory/ [5] Mell P, Grance T. The NIST definition of cloud computing. NIST Special Publication. 2011: [6] Bessani A, Correia M, Quaresma B, et al. DEP- SKY: dependable and secure storage in a cloudof-clouds. 6th Conference on Computer Systems (EuroSys11), 2011: [7] Chen Y, Sion R. On securing untrusted clouds with cryptography ACM Workshop on Privacy in the Electronic Society (WPES 2010), 2010: [8] Chow S S M, Chu C, Huang X, et al. Dynamic secure cloud storage with provenance. Cryptography and Security: from Theory to Applications, LNCS, Springer-Verlag. 2011, 6805: [9] Kamara S, Lauter K. Cryptographic cloud storage. 14th International Conference on Financial Cryptography and Data Security, LNCS, IFCA/Springer-Verlag. 2010, 6054: [10] Kumbhare A, Simmhan Y, Prasanna V. Designing a secure storage repository for sharing scientific databases using public clouds. Second International Workshop on Data Intensive Computing in the Clouds (DataCloud-SC11), New York, ACM. 2011: [11] Li M, Yu S, Lou W, et al. Toward privacyassured cloud data services with flexible search functionalities. 3rd International Workshop on Security and Privacy in Cloud Computing (SPCC 2012), IEEE ICDCS [12] Lu Y, Tsudik G. Enhancing data privacy in the cloud. IFIP Advances in Information and Communication Technology, 2011, 358: [13] Patil D H, Bhavsar R R, Thorve A S. Data security over cloud. IJCA Proceedings on Emerging Trends in Computer Science and Information Technology (ETCSIT2012) etcsit1001, 2012, ETCSIT(5): [14] Wang C, Cao N, Li J, et al. Secure ranked keyword search over encrypted cloud data. IEEE 30th International Conference on Distributed Computing Systems (ICDCS), 2010: [15] Danezis G, Livshits B. Towards ensuring client-side computational integrity. 3rd ACM Workshop on Cloud Computing Security Workshop (CCSW11), New York, ACM. 2011: [16] Davenport J H. Cryptography and security in clouds. IBM Forum Zurich, 2011 [17] Dijk M, Juels A. On the impossibility of cryptography alone for privacy-preserving cloud computing. 5th USENIX Conference on Hot Topics in Security, Article 1-8, USENIX Association Berkeley [18] Gentry G. Fully homomorphic encryption using ideal lattices. 41st Annual ACM Symposium on Theory of Computing (STOC 2009), ACM, 2009: [19] Li H, Dai Y, Yang B. Identity-based cryptography for cloud security. Cryptography eprint Archive: Report 2011/169 ISBN:

12 [20] Silva D A R, Casano F J G, Orellana L A, et al. Encrypted domain processing for cloud privacy-concept and practical experience. International Conference on Cloud Computing and Services Science (CLOSER), 2011: [21] Takahashi T, Blanc G, Kadobayashi Y, et al. Enabling secure multitenancy in cloud computing: challenges and approachs nd Baltic Congress on Future Internet Communications (BCFIC), 2012: [22] Slamanig D. More privacy for cloud users: privacy-preserving resource usage in the cloud. 4th Hot Topics in Privacy Enhancing Technologies (HotPETs), 2011 [23] Slamanig D. Efficient schemes for anonymous yet authorized and bounded use of cloud resources. Selected Areas in Cryptography, LNCS, 2012, 7118: [24] Cloud security alliance. Security Guideline for Critical Areas of Focus in Cloud Computing V3.0, 2011 [25] Wu J, Ping L, Ge X, et al. Cloud storage as the infrastructure of cloud computing. International Conference on Intelligent Computing and Cognitive Informatics, 2010: [26] Popa R A, Lorch J R, Molnar D, et al. Enabling security in cloud storage SLAs with Cloud- Proof. Microsoft TechReport MSR-TR-2010, 2010, 46: 1-12 [27] Subashini S, Kavitha V. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 2011, 34(1): 1-11 [28] Tang Y, Lee P P C, Lui J C S, et al. FADE: secure overlay cloud storage with file assured deletion. Security and Privacy in Communication Networks. 2010, LNICST 50: [29] Chase M, Kamara S. Structured encryption and controlled disclosure. ASIACRYPT 2010, LNCS. 2010, 6477: [30] Kamara S, Papamanthou C, Roeder T. CS2: a semantic cryptographic cloud storage system. Microsoft Research, Tech.Rep.MSR-TR , 2011 [31] Ko R K L, Jagadpramana P, Mowbray M, et al. TrustCloud: a framework for accountability and trust in cloud computing IEEE World Congress on Services, 2011: [32] Liu Q, Tan C C, Wu J, et al. Reliable reencryption in unreliable clouds. IEEE Global Telecommunications Conference (GLOBE- COM), 2011 [33] Barua M, Liang X, Lu X, et al. ESPAC: enabling security and patient-centric access control for ehealth in cloud computing. International Journal of Security and Networks, 2011, 6(2): [34] Bethencourt J, Sshai A, Waters B. Ciphertextpolicy attribute-based encryption. IEEE Symposium on Security and Privacy, 2007: [35] Boneh D, Franklin M K. Identity-based encryption from the Weil Pairing. 21th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO01), 2001: [36] Kumbhare A, Simmhan Y, Prasanna V. Cryptonite: a secure and performant data repository on public clouds IEEE 5th International Conference on Cloud Computing, 2012: [37] Simmhan Y, Giakkoupis M, Cao B, et al. On using cloud platform in a software architecture for smart energy grids. CloudCom, 2010 [38] Zarandioon S, Yao D, Ganaphthy V. K2C: cryptography cloud storage with lazy revocation and anonymous access. Securecomm, 2011 [39] Somorovsky J, Meyer C, Tran T, et al. SEC2: secure moblie solution for distributed public cloud storages. 2nd International Conference on Cloud Computing and Services Science (CLOSER), 2012: [40] Boneh D, Gentry C, Waters B. Collusion resistant broadcast encryption with short ciphertexts and private keys. CRYPTO05, LNCS, Springer-Verlag. 2005, 3621: [41] Fiat A, Naor M. Broadcast encryption. CRYPTO93, LNCS. 1994, 773: [42] Micali S, Rabin M O, Vadhan S P. Verifiable random functions. 40th Annual Symposium on Foundations of Computer Science (FOCS), 1999: [43] Ruj S, Nayak A, Stojmernovic I. DACC: distributed access control in clouds International Joint Conference of IEEE TrustCom- 11/IEEE ICESS-11/FCST-11, IEEE Computer Society, 2011: ISBN:

13 [44] Lewko A B, Waters B. Decentralizing attributebased encryption. EUROCRYPT 2011, LNCS. 2011, 6632: [45] Kiayias A, Tsiounis Y, Yung M. Group encryption. ASIACRYPT07, 2007: [46] Feng J, Chen Y, Summerville D H. A fair multi-party non-repudiation scheme for storage clouds International Conference on Collaboration Technologies and Systems (CTS 2011), 2011: [47] Feng J, Chen Y, Summerville D, et al. Enhancing cloud storage security against rollback attacks with a new fair multi-party nonrepudiation protocol IEEE Conference on Consumer Communications and Networking (CCNC), 2011: [48] Boneh D, Shacham H. Group signatures with verifier-local revocation. ACM Conference on Computer and Communications Security (CCS 2004), New York, ACM, 2004: [49] Delerablee C. Identity-based broadcast encryption with constant size Ciphertexts and private keys. ASIACRYPT 2007, LNCS, Springer- Verlag. 2007, 4833: [50] H. Aiache, M. Lauriano, C. Sieux and C. Tavernier. Nested Encryption Library for automated IPSec-based Anonymous Circuits Establishment. 6th WSEAS International Conference on Information Security and Privacy (ISP 07), Puerto De La Cruz, Tenerife, Canary Islands, Espagne dcembre 14-16, 2007 [51] B. Chor, E. Kushilevitz, O. Goldreich, and M. Sudan. Private information retrieval. Journal of the ACM (JACM), 45: , November [52] Yanbin Lu, Gene Tsudik. Enhancing Data Privacy in the Cloud. Trust Management V, IFIP Advances in Information and Communication Technology Volume 358, 2011, pp [53] Eyal Kushilevitz, Rafail Ostrovsky: Replication Is Not Needed: Single Database, Computationally-Private Information Retrieval. FOCS 1997: [54] Andris Ambainis. Upper bound on the communication complexity of private information retrieval. In 32nd International Colloquium on Automata, Languages and Programming (ICALP), volume 1256 of Lecture Notes in Computer Science, pages Springer, Berlin, Heidelberg, [55] Amos Beimel, Yuval Ishai, and Eyal Kushilevitz. General constructions for informationtheoretic private information retrieval. Journal of Computer and System Sciences, 71: , 2005 [56] Amos Beimel, Yuval Ishai, Eyal Kushilevitz, and Jean-Francios Raymond. Breaking the O ( n 1/2k 1) barrier for information-theoretic private information retrieval. In 43rd IEEE Symposium on Foundations of Computer Science (FOCS), pages , 2002 [57] Klim Efremenko. 3-query locally decodable codes of subexponential length. In 41st ACM Symposium on Theory of Computing (STOC), pages 39-44, 2009 [58] Toshiya Itoh and Yasuhiro Suzuki. New constructions for query-efficient locally decodable codes of subexponential length. IEICE Transactions on Information and Systems, pages , 2010 [59] Prasad Raghavendra. A note on Yekhanin s locally decodable codes. In Electronic Colloquium on Computational Complexity (ECCC), TR07-016, 2007 [60] Stephanie Wehner and Ronald de Wolf. Improved lower bounds for locally decodable codes and private information retrieval. In 32nd International Colloquium on Automata, Languages and Programming (ICALP), volume 3580 of Lecture Notes in Computer Science, pages Springer, Berlin, Heidelberg, 2005 [61] David WoodruK and Sergey Yekhanin. A geometric approach to information theoretic private information retrieval. In 20th IEEE Computational Complexity Conference (CCC), pages , 2005 [62] Sergey Yekhanin. Towards 3-query locally decodable codes of subexponential length. Journal of the ACM, 55: 1-16, 2008 [63] Omer Barkol, Yuval Ishai, and Enav Weinreb. On locally decodable codes, self-correctable codes, and t-private PIR. In International Workshop on Randomization and Computation (RANDOM), pages , 2007 [64] W. Dawoud, I. Takouna, C. Meinel. Infrastructure as a service security: Challenges and solutions. 7th International Conference on Informatics and Systems. Cairo, Egypte ISBN:

14 [65] Adi Shamir, Identity-Based Cryptosystems and Signature Schemes. Advances in Cryptology: Proceedings of CRYPTO 84, Lecture Notes in Computer Science, 7:47 53, 1984 [66] Dan Boneh, Matthew K. Franklin, Identity- Based Encryption from the Weil Pairing Advances in Cryptology - Proceedings of CRYPTO 2001 (2001) [67] encryption [68] Hongwei Li1, Yuanshun Dai1, Bo Yang. Identity-Based Cryptography for Cloud Security. [69] Diagram of a public-key infrastructure Infrastructure.svg [70] PKI reborn in cloud by Jaimee Brown and Peter Robinson RSA, The Security Division of EMC found at: /previewbody/ /nms-301 %20-%20PKI%20Reborn%20in%20the%20 Cloud.pdf [71] Yael Gertner, Yuval Ishai, Eyal Kushilevitz, and Tal Malkin. Protecting data privacy in private information retrieval schemes. Journal of Computer and System Sciences, 60: , 2000 [72] Moni Naor and Benny Pinkas. Oblivious transfer and polynomial evaluation. In 29th ACM Symposium on Theory of Computing (STOC), pages , 1999 [73] Eyal Kushilevitz and Rafail Ostrovsky. Replication is not needed: Singledatabase computationally-private information retrieval. In 38rd IEEE Symposium on Foundations of Computer Science (FOCS), pages , 1997 [74] Giovanni Di-Crescenzo, Yuval Ishai, and Rafail Ostrovsky. Universal serviceproviders for private information retrieval. Journal of Cryptology, 14: pages 37-74, 2001 [75] gey Yekhanin. Private information retrieval. Communications of the ACM, 53(4): pages 68-73, 2010 [76] Klim Efremenko. 3-query locally decodable codes of subexponential length. In 41st ACM Symposium on Theory of Computing (STOC), pages 39-44, 2009 ISBN: [77] Sergey Yekhanin.locally decodable codes. Ninth IACR Theory of Cryptography Conference TCC 2012 [78] NIST Definition of Cloud Computing - Computer Security Resource.

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE Reshma Mary Abraham and P. Sriramya Computer Science Engineering, Saveetha University, Chennai, India E-Mail: reshmamaryabraham@gmail.com

More information

The NIST Definition of Cloud Computing

The NIST Definition of Cloud Computing Special Publication 800-145 The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication 800-145 The NIST

More information

Data management using Virtualization in Cloud Computing

Data management using Virtualization in Cloud Computing Data management using Virtualization in Cloud Computing A.S.R. Krishna Kanth M.Tech (CST), Department of Computer Science & Systems Engineering, Andhra University, India. M.Sitha Ram Research Scholar Department

More information

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models. Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,

More information

Verifying Correctness of Trusted data in Clouds

Verifying Correctness of Trusted data in Clouds Volume-3, Issue-6, December-2013, ISSN No.: 2250-0758 International Journal of Engineering and Management Research Available at: www.ijemr.net Page Number: 21-25 Verifying Correctness of Trusted data in

More information

The NIST Definition of Cloud Computing (Draft)

The NIST Definition of Cloud Computing (Draft) Special Publication 800-145 (Draft) The NIST Definition of Cloud Computing (Draft) Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication

More information

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes Cloud Computing Supplementary slides Course: Designing and Implementing Service Oriented Business Processes 1 Introduction Cloud computing represents a new way, in some cases a more cost effective way,

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

IS PRIVATE CLOUD A UNICORN?

IS PRIVATE CLOUD A UNICORN? IS PRIVATE CLOUD A UNICORN? With all of the discussion, adoption, and expansion of cloud offerings there is a constant debate that continues to rear its head: Public vs. Private or more bluntly Is there

More information

A Secure Decentralized Access Control Scheme for Data stored in Clouds

A Secure Decentralized Access Control Scheme for Data stored in Clouds A Secure Decentralized Access Control Scheme for Data stored in Clouds Priyanka Palekar 1, Abhijeet Bharate 2, Nisar Anjum 3 1 SKNSITS, University of Pune 2 SKNSITS, University of Pune 3 SKNSITS, University

More information

Capability Paper. Today, aerospace and defense (A&D) companies find

Capability Paper. Today, aerospace and defense (A&D) companies find Today, aerospace and defense (A&D) companies find Today, aerospace and defense (A&D) companies find themselves at potentially perplexing crossroads. On one hand, shrinking defense budgets, an increasingly

More information

Strengthen RFID Tags Security Using New Data Structure

Strengthen RFID Tags Security Using New Data Structure International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University

More information

Attribute Based Encryption with Privacy Preserving In Clouds

Attribute Based Encryption with Privacy Preserving In Clouds Attribute Based Encryption with Privacy Preserving In Clouds M. Suriyapriya 1, A. Joicy 2 PG Scholar 1 Assistant Professor CSE Department 2 St.Joseph College of Engineering Sriperumbudur, Chennai-602105

More information

Distributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment

Distributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment Distributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment Chandra Sekhar Murakonda M.Tech Student, Department of Computer Science Engineering, NRI Institute

More information

An Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method

An Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method An Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method E.Sathiyamoorthy 1, S.S.Manivannan 2 1&2 School of Information Technology and Engineering

More information

An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood

An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood One significant impediment to the widespread adoption of public-key cryptography is its dependence on a public-key infrastructure

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

Fully homomorphic encryption equating to cloud security: An approach

Fully homomorphic encryption equating to cloud security: An approach IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 9, Issue 2 (Jan. - Feb. 2013), PP 46-50 Fully homomorphic encryption equating to cloud security: An approach

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

Soft Computing Models for Cloud Service Optimization

Soft Computing Models for Cloud Service Optimization Soft Computing Models for Cloud Service Optimization G. Albeanu, Spiru Haret University & Fl. Popentiu-Vladicescu UNESCO Department, University of Oradea Abstract The cloud computing paradigm has already

More information

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA THE PUBLISHING HOUSE PROCEEDINGS OF THE ROMANIAN ACADEMY, Series A, OF THE ROMANIAN ACADEMY Volume 14, Number 1/2013, pp. 72 77 NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA Laurenţiu BURDUŞEL Politehnica

More information

Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography

Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography Liang Yan, Chunming Rong, and Gansen Zhao University of Stavanger, Norway {liang.yan,chunming.rong}@uis.no

More information

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud T.Vijayalakshmi 1, Balika J Chelliah 2,S.Alagumani 3 and Dr.J.Jagadeesan 4 1 PG

More information

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,

More information

Secure Data Sharing in Cloud Computing using Hybrid cloud

Secure Data Sharing in Cloud Computing using Hybrid cloud International Journal of Electronics and Computer Science Engineering 144 Available Online at www.ijecse.org ISSN: 2277-1956 Secure Data Sharing in Cloud Computing using Hybrid cloud Er. Inderdeep Singh

More information

Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage

Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage Abstract: Cloud computing is one of the emerge technologies. To protect the data and privacy of users the access

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Kent State University s Cloud Strategy

Kent State University s Cloud Strategy Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

An Efficient data storage security algorithm using RSA Algorithm

An Efficient data storage security algorithm using RSA Algorithm An Efficient data storage security algorithm using RSA Algorithm Amandeep Kaur 1, Sarpreet Singh 2 1 Research fellow, Department of Computer Science and Engineering, Sri Guru Granth Sahib World University,

More information

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud? East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management

More information

A Survey on Cloud Security Issues and Techniques

A Survey on Cloud Security Issues and Techniques A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com

More information

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption Partitioning Data and Domain Integrity Checking for Storage - Improving Cloud Storage Security Using Data Partitioning Technique Santosh Jogade *, Ravi Sharma, Prof. Rajani Kadam Department Of Computer

More information

Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud

Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud I.sriram murthy 1 N.Jagajeevan 2 II M-Tech student Assistant.Professor Department of computer science & Engineering Department of

More information

Chapter 10. Cloud Security Mechanisms

Chapter 10. Cloud Security Mechanisms Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based

More information

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD 1 Ms.Nita R. Mhaske, 2 Prof. S.M.Rokade 1 student, Master of Engineering, Dept. of Computer Engineering Sir Visvesvaraya

More information

Efficient Unlinkable Secret Handshakes for Anonymous Communications

Efficient Unlinkable Secret Handshakes for Anonymous Communications 보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 Efficient Unlinkable Secret Handshakes for Anonymous Communications Eun-Kyung Ryu 1), Kee-Young Yoo 2), Keum-Sook Ha 3) Abstract The technique

More information

ADVANCE SECURITY TO CLOUD DATA STORAGE

ADVANCE SECURITY TO CLOUD DATA STORAGE Journal homepage: www.mjret.in ADVANCE SECURITY TO CLOUD DATA STORAGE ISSN:2348-6953 Yogesh Bhapkar, Mitali Patil, Kishor Kale,Rakesh Gaikwad ISB&M, SOT, Pune, India Abstract: Cloud Computing is the next

More information

Batch Decryption of Encrypted Short Messages and Its Application on Concurrent SSL Handshakes

Batch Decryption of Encrypted Short Messages and Its Application on Concurrent SSL Handshakes Batch Decryption of ncrypted Short Messages and Its Application on Concurrent SSL Handshakes Yongdong Wu and Feng Bao System and Security Department Institute for Infocomm Research 21, Heng Mui Keng Terrace,

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Decentralized Access Control Schemes for Data Storage on Cloud

Decentralized Access Control Schemes for Data Storage on Cloud Computer Science and Engineering 2016, 6(1): 1-6 DOI: 10.5923/j.computer.20160601.01 Decentralized Access Control Schemes for Data Storage on Cloud Shraddha V. Mokle *, Nuzhat F. Shaikh Department of Computer

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini Business Intelligence (BI) Cloud Prepared By: Pavan Inabathini Summary Federal Agencies currently maintain Business Intelligence (BI) solutions across numerous departments around the enterprise with individual

More information

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY Siliveru Ashok kumar* S.G. Nawaz ## and M.Harathi # * Student of M.Tech, Sri Krishna Devaraya Engineering College, Gooty # Department

More information

Improving data integrity on cloud storage services

Improving data integrity on cloud storage services International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 2 Issue 2 ǁ February. 2013 ǁ PP.49-55 Improving data integrity on cloud storage services

More information

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services Ronnie D. Caytiles and Byungjoo Park * Department of Multimedia Engineering, Hannam University

More information

Journal of Electronic Banking Systems

Journal of Electronic Banking Systems Journal of Electronic Banking Systems Vol. 2015 (2015), Article ID 614386, 44 minipages. DOI:10.5171/2015.614386 www.ibimapublishing.com Copyright 2015. Khaled Ahmed Nagaty. Distributed under Creative

More information

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA U.Pandi Priya 1, R.Padma Priya 2 1 Research Scholar, Department of Computer Science and Information Technology,

More information

Decentralized Admittance Power with Flexible Distributed Storage Integrity Auditing Mechanism

Decentralized Admittance Power with Flexible Distributed Storage Integrity Auditing Mechanism Decentralized Admittance Power with Flexible Distributed Storage Integrity Auditing Mechanism I G.Thenmozhi, II Dr.S.Dhanalakshmi I M.Phil Full Time Research Scholar, Dept. of Computer Science II Head

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

Data Storage Security in Cloud Computing

Data Storage Security in Cloud Computing Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT

More information

Cloud Computing Security Issues And Methods to Overcome

Cloud Computing Security Issues And Methods to Overcome Cloud Computing Security Issues And Methods to Overcome Manas M N 1, Nagalakshmi C K 2, Shobha G 3 MTech, Computer Science & Engineering, RVCE, Bangalore, India 1,2 Professor & HOD, Computer Science &

More information

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts. Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:

More information

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1 EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

More information

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD Volume 1, Issue 7, PP:, JAN JUL 2015. SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD B ANNAPURNA 1*, G RAVI 2*, 1. II-M.Tech Student, MRCET 2. Assoc. Prof, Dept.

More information

15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM Dhanashri Bamane Vinayak Pottigar Subhash Pingale Department of Computer Science and Engineering SKN

More information

Customer Security Issues in Cloud Computing

Customer Security Issues in Cloud Computing Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IJCSMC, Vol. 2, Issue.

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Query Services in Cost Efficient Cloud Using Query Analysis

Query Services in Cost Efficient Cloud Using Query Analysis Query Services in Cost Efficient Cloud Using Query Analysis VanthanaPriya.J 1, ArunKumar.B 2 PG Scholar, Department of CSE, Karpagam University, Coimbatore, Tamil nadu, India 1 Assistant Professor, Department

More information

A Performance Analysis of Identity-Based Encryption Schemes

A Performance Analysis of Identity-Based Encryption Schemes A Performance Analysis of Identity-Based Encryption Schemes Pengqi Cheng, Yan Gu, Zihong Lv, Jianfei Wang, Wenlei Zhu, Zhen Chen, Jiwei Huang Tsinghua University, Beijing, 084, China Abstract We implemented

More information

WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES

WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES Balachandra Muniyal 1 Krishna Prakash 2 Shashank Sharma 3 1 Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

Security Issues In Cloud Computing and Countermeasures

Security Issues In Cloud Computing and Countermeasures Security Issues In Cloud Computing and Countermeasures Shipra Dubey 1, Suman Bhajia 2 and Deepika Trivedi 3 1 Department of Computer Science, Banasthali University, Jaipur, Rajasthan / India 2 Department

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

Lecture 25: Pairing-Based Cryptography

Lecture 25: Pairing-Based Cryptography 6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: Pairing-Based Cryptography Scribe: Ben Adida 1 Introduction The field of Pairing-Based Cryptography

More information

Cloud Computing & Hosting Solutions

Cloud Computing & Hosting Solutions Cloud Computing & Hosting Solutions SANTA FE COLLEGE CTS2356: NETWORK ADMIN DANIEL EAKINS 4/15/2012 1 Cloud Computing & Hosting Solutions ABSTRACT For this week s topic we will discuss about Cloud computing

More information

CRYPTOGRAPHIC SECURE CLOUD STORAGE MODEL WITH ANONYMOUS AUTHENTICATION AND AUTOMATIC FILE RECOVERY

CRYPTOGRAPHIC SECURE CLOUD STORAGE MODEL WITH ANONYMOUS AUTHENTICATION AND AUTOMATIC FILE RECOVERY SOWMIYA MURTHY: CRYPTOGRAPHIC SECURE CLOUD STORAGE MODEL WITH ANONYMOUS AUTHENTICATION AND AUTOMATIC FILE RECOVERY CRYPTOGRAPHIC SECURE CLOUD STORAGE MODEL WITH ANONYMOUS AUTHENTICATION AND AUTOMATIC FILE

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD. R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 ABSTRACT

N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD. R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 ABSTRACT N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 1 M.Tech Student, Department of Computer Science and Engineering, S.R.M. University Chennai 2 Asst.Professor,

More information

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era (1944-1978) Workstation Era (1968-1985) Xerox Star 1981!

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era (1944-1978) Workstation Era (1968-1985) Xerox Star 1981! Demystifying Cloud Computing What is Cloud Computing? First, a little history. Tim Horgan Head of Cloud Computing Centre of Excellence http://cloud.cit.ie 1" 2" Mainframe Era (1944-1978) Workstation Era

More information

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS ISSN 2320-7345 IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT Merlin Shirly T 1, Margret Johnson 2 1 PG

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

RSA BASED CPDP WITH ENCHANCED CLUSTER FOR DISTRUBED CLOUD STORAGE SERVICES

RSA BASED CPDP WITH ENCHANCED CLUSTER FOR DISTRUBED CLOUD STORAGE SERVICES RSA BASED CPDP WITH ENCHANCED CLUSTER FOR DISTRUBED CLOUD STORAGE SERVICES 1 MD ISMAIL Z, 2 ASHFAQUE AHAMED K. 1 PG Scholar,Department of Computer Science, C.Abdul Hakeem College Of Arts and Science,Melvisharam.

More information

Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve

Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve N.S. Jeya karthikka PG Scholar Sri Ramakrishna Engg Collg S.Bhaggiaraj Assistant Professor Sri Ramakrishna Engg Collg V.Sumathy

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Cloud Computing: The Next Computing Paradigm

Cloud Computing: The Next Computing Paradigm Cloud Computing: The Next Computing Paradigm Ronnie D. Caytiles 1, Sunguk Lee and Byungjoo Park 1 * 1 Department of Multimedia Engineering, Hannam University 133 Ojeongdong, Daeduk-gu, Daejeon, Korea rdcaytiles@gmail.com,

More information

SHARED DATA & INDENTITY PRIVACY PRESERVING IN CLOUD AND PUBLIC AUDITING

SHARED DATA & INDENTITY PRIVACY PRESERVING IN CLOUD AND PUBLIC AUDITING SHARED DATA & INDENTITY PRIVACY PRESERVING IN CLOUD AND PUBLIC AUDITING Er. Kavin M 1, Mr.J.Jayavel 2 1 PG Scholar, 2 Teaching Assistant, Department of Information Technology, Anna University Regional

More information

CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE RE-ENCRYPTION

CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE RE-ENCRYPTION CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE RE-ENCRYPTION Chandrala DN 1, Kulkarni Varsha 2 1 Chandrala DN, M.tech IV sem,department of CS&E, SVCE, Bangalore 2 Kulkarni Varsha, Asst. Prof.

More information

Authentication. Authorization. Access Control. Cloud Security Concerns. Trust. Data Integrity. Unsecure Communication

Authentication. Authorization. Access Control. Cloud Security Concerns. Trust. Data Integrity. Unsecure Communication Volume 4, Issue 6, June 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com A Three Layered

More information

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

More information

Selective dependable storage services for providing security in cloud computing

Selective dependable storage services for providing security in cloud computing Selective dependable storage services for providing security in cloud computing Gade Lakshmi Thirupatamma*1, M.Jayaram*2, R.Pitchaiah*3 M.Tech Scholar, Dept of CSE, UCET, Medikondur, Dist: Guntur, AP,

More information

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control.

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control. Volume 5, Issue 3, March 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Identity Based

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

International Journal of Advance Research in Computer Science and Management Studies

International Journal of Advance Research in Computer Science and Management Studies Volume 2, Issue 11, November 2014 ISSN: 2321 7782 (Online) International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Introduction to Cryptography

Introduction to Cryptography Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication

More information

Role Based Encryption with Efficient Access Control in Cloud Storage

Role Based Encryption with Efficient Access Control in Cloud Storage Role Based Encryption with Efficient Access Control in Cloud Storage G. V. Bandewar 1, R. H. Borhade 2 1 Department of Information Technology, Sinhgad Technical Education Society s SKNCOE, Pune, India

More information

Mutual Authentication Cloud Computing Platform based on TPM

Mutual Authentication Cloud Computing Platform based on TPM Mutual Authentication Cloud Computing Platform based on TPM Lei Peng 1, Yanli Xiao 2 1 College of Information Engineering, Taishan Medical University, Taian Shandong, China 2 Department of Graduate, Taishan

More information

The HIPAA Security Rule: Cloudy Skies Ahead?

The HIPAA Security Rule: Cloudy Skies Ahead? The HIPAA Security Rule: Cloudy Skies Ahead? Presented and Prepared by John Kivus and Emily Moseley Wood Jackson PLLC HIPAA and the Cloud In the past several years, the cloud has become an increasingly

More information

Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System

Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System 1 K.Valli Madhavi A.P vallimb@yahoo.com Mobile: 9866034900 2 R.Tamilkodi A.P tamil_kodiin@yahoo.co.in Mobile:

More information

White Paper. Enhancing Website Security with Algorithm Agility

White Paper. Enhancing Website Security with Algorithm Agility ENHANCING WEBSITE SECURITY WITH ALGORITHM AGILITY White Paper Enhancing Website Security with Algorithm Agility Enhancing Website Security with Algorithm Agility Contents Introduction 3 Encryption Today

More information

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network. Elements of Email Email Components There are a number of software components used to produce, send and transfer email. These components can be broken down as clients or servers, although some components

More information

Cloud Forensic Investigation using Digital Provenance Scheme

Cloud Forensic Investigation using Digital Provenance Scheme Cloud Forensic Investigation using Digital Provenance Scheme Nay Aung Aung, and Myat Myat Min Abstract In recent year, Cloud computing has become popular as a cost-effective and efficient computing paradigm.

More information

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management

More information