A Higher-Level Security Scheme for Key Access on Cloud Computing

nternational journal of communication networks and information security, 2022

A disgusting problem in public cloud is to securely share data based on fine grained access control policies and unauthorized key management. Existing approaches to encrypt policies and data with different keys based on public key cryptosystem are Attribute Based Encryption and proxy reencryption. The weakness behind approaches is: It cannot efficiently handle policy changes and also problem in user revocation and attribute identification. Even though it is so popular, when employed in cloud it generate high computational and storage cost. More importantly, image encryption is some out complex in case of public key cryptosystem. On the publication of sensitive dataset, it does not preserve privacy of an individual. A direct application of a symmetric key cryptosystem, where users are served based on the policies they satisfy and unique keys are generated by Data Owner (DO). Based on this idea, we formalize a new key management scheme, called Symmetric Chaos Based key Management (SCBKM), and then give a secure construction of a SCBKM scheme. The idea is to give some secrets to Key Manager (KM) based on the identity attributes they have and later allow them to derive actual symmetric keys based on their secrets. Using our SCBKM construct, we propose an efficient approach for finegrained encryption-based access control for data stored in untrusted cloud storage.

Lecture Notes in Computer Science, 2013

Cloud services are blooming recently. They provide a convenient way for data accessing, sharing, and processing. A key ingredient for successful cloud services is to control data access while considering the specific features of cloud services. The specific features include great quantity of outsourced data, large number of users, honest-butcurious cloud servers, frequently changed user set, dynamic access control policies, and data accessing for light-weight mobile devices. This paper addresses a cryptographic key assignment problem for enforcing a hierarchical access control policy over cloud data. We propose a new hierarchical key assignment scheme CloudHKA that observes the Bell-LaPadula security model and efficiently deals with the user revocation issue practically. We use CloudHKA to encrypt outsourced data so that the data are secure against honest-but-curious cloud servers. CloudHKA possesses almost all advantages of the related schemes, e.g., each user only needs to store one secret key, supporting dynamic user set and access hierarchy, and provably-secure against collusive attacks. In particular, CloudHKA provides the following distinct features that make it more suitable for controlling access of cloud data. (1) A user only needs a constant computation time for each data accessing. (2) The encrypted data are securely updatable so that the user revocation can prevent a revoked user from decrypting newly and previously encrypted data. Notably, the updates can be outsourced by using public information only. (3) CloudHKA is secure against the legal access attack. The attack is launched by an authorized, but malicious, user who pre-downloads the needed information for decrypting data ciphertexts in his authorization period. The user uses the pre-downloaded information for future decryption even after he is revoked. Note that the pre-downloaded information are often a small portion of encrypted data only, e.g. the header-cipher in a hybrid encrypted data ciphertext. (4) Each user can be flexibly authorized the access rights of Write or Read, or both.

Recent years have witnessed the trend of leveraging cloud-based services for large scale content storage, processing, and distribution. Data security and privacy are among top concerns for the public cloud environments. Towards these security challenges, we propose and implement CloudaSec framework for securely sharing outsourced data via the public cloud. CloudaSec ensures the confidentiality of content in the public cloud environments with flexible access control policies for subscribers and efficient revocation mechanisms. CloudaSec proposes several cryptographic tools for data owners, based on a novel content hash keying system, by leveraging the Elliptic Curve Cryptography (ECC). The separation of subscription-based key management and confidentiality-oriented asymmetric encryption policies uniquely enables flexible and scalable deployment of the solution as well as strong security for outsourced data in cloud servers. Through experimental evaluation, we demonstrate the efficiency and scalability of CloudaSec, build upon OpenStack Swift testbed.

International Journal of Advanced Research in Computer Science and Software Engineering, 2017

Cloud computing from the last few years has grown from a promising business concept to one of the fastest growing segments of IT Enterprise. This unique paradigm brings about many new security challenges. This work studies the problem of ensuring the storage security to the data outsourced in the cloud which is accessed and controlled by multiple legitimate parties. For this, we propose a very practical approach of providing privacy to the data outsourced in the cloud environment which makes use of both Cryptographic Tree and its key management to secure the data outsourced in the cloud. This scheme also allows multiple legitimate parties to outsource their data to the cloud without making a compromise on security and better performance than existing ones. Keywords Key management, cryptree, securing outsourced data, cloud I. INTRODUCTION Cloud computing security is an evolving sub-domain of computer security and network security. It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing. Cloud computing and storage solutions provide users and enterprises with various capabilities to store and process their data in third-party data centers. Organizations use the Cloud in a variety of different service models SaaS, PaaS, and IaaS and deployment models Private Public, Hybrid, and Community. There is a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: security issues faced by cloud providers and security issues faced by their customers as companies or organizations who host applications or store data on the cloud. The responsibility goes both ways, however: the provider must ensure that their infrastructure is secure and that their clients' data and applications are protected while the user must take measures to fortify their application and use strong passwords and authentication measures. II. RELATED WORKS Various authors have proposed various kinds of key management schemes. Among these, many of the existing works are on group key management in wireless sensor networks and some works are on cloud storage systems. (M. Zhou et. al 2012) has proposed a tree based cryptographic key management scheme for data storage in the cloud. This method is based on tree-based scheme, where there is a root node which holds the master key and the users who come below the root node in the tree hierarchy. Here, there is a cloud provider who acts as a root node and there are data owners, sub-tree data manager and a user who stores data in the cloud system. So, in this work, there are multiple users with multiple levels of access rights. Each of them one encryption and two decryption keys. This method is a secure and flexible tree-based key derivation hierarchy and allows only the outsourcing user to access the data block located at a specific node while other data are encrypted with child keys. This method is very effective for hierarchy based user access control and key management system. (D. Grolimund et. al. 2006) has proposed a cryptree method for granting access to files and folders based on file system's folder hierarchy system. They have proposed two cryptree methods: one for read access and another for write access. And they have presented their experimental results and findings. (J.J.Jaccard et. al. 2012) has proposed a portable key management service for maintaining a large number of keys that are stored in a designated storage area. They have implemented their key management system that is based on a portable USB device, which the users need to carry with them all the time. Access is provided to a particular user when they plug in their USB device containing information about their access rights. The user cannot access his data when he has lost his USB device. This could lead to loss of information and in the worst case, the device may fall into wrong hands, and thus allowing an unauthorized person to access the data. (T.Chih Hsia et. al. 2012) have used Lagrange interpolation method for key generation and encrypt it with Elliptic Curve cryptography. They claim that due to the use of Lagrange interpolation polynomial, the key generated is random. Thus there is no relationship between the generated keys. Also, due to the use of ECC, the attacker has to undergo Elliptic curve discrete logarithm problem to crack the key. They have proved that their system works in medical records

International Journal of Computer Applications, 2016

Sharing data using cloud computing can be a good solution to profit from reduced costs, scalability, flexibility and more advantages that user can get from the cloud infrastructure. But when the object shared consists of sensitive or personnel data, the security concerns increase. Problems related to the lack of data confidentiality and integrity represent the number one problem encountered in cloud infrastructure and that restrains users and a number of organizations to benefit from the cloud"s services. In this paper we discuss the requirements needed to secure data in cloud environment and we propose a new approach to enhance the security of the data shared in cloud storage. Our method is based on cryptographic models. It is confidential, flexible and it reduces time of computation by adopting simple and efficient key management process and encryption schemes.

The aim of this paper is to propose a model to strengthen the security of key management in cloud computing, where the model is shared or entirely controlled by a non-trusted third party provider. Key management is not a straightforward matter for IT-teams, in addition to critical issues related to properly managing and securing the keys on providers’ infrastructures, they have to deal with concerns specific to multi-cloud key management. Hardware Security Module (HSM) solution that offers a secure on-premise encryption key management turned out be impracticable for widespread cloud deployment. HSM as a Service seems to be the best approach for key management in multi-cloud, but the service is wholly owned and managed by another cloud provider. In This paper, we present an efficient and secure cloud key management that fulfills the requirements of multi-cloud deployment. The proposed design splits the key into a blinded version of n shares that will be stored in encrypted format at the cloud provider side. To demonstrate the efficiency of the proposed design, we implement a fully featured prototype and evaluate its performance. Results analysis shows that the proposed design is highly efficient and can serve as a groundwork for using secret share as a way to protect keys in a multi-cloud environment.

— In early days, cryptography used to be performed by using manual techniques. More importantly, computers now perform these cryptographic algorithms thus making the process a lot faster and secure. The approach has three sections: data owner, cloud, and users. The data owner consists of confidential data to share with authorized users by saving it in the public cloud and requesting the cloud to partially decrypt the encoded data when users request the access to the data. The cloud consists of three major sections: encrypted data storage; a key generation center (KGC), which generates pair of public/private key for each user and a security mediation server (SEM), acts as a security mediator for each content request and partially decode the encrypted data for authorized users. The cloud is trusted to provide the security mediation service and key generation perfectly, but it is not trusted for the sensitive data and key guaranteeing. It allows one to have most of the key generation and Organization functionality deployed in the un-trusted cloud as mCL-PKE method does not have the problem of key guarantee and the KGC is unable to provide full private keys of users.

international journal for research in applied science and engineering technology ijraset, 2020

In the era of digitization and technological advancement, cloud computing is that the trending domain in several regards. Cloud computing permits us to form and customize business applications on-line. It allows the cost-efficient, easy approach by configuring the parts and also the applications on information centers. Whereas security remains a serious concern in cloud. Once the cryptography secret is exposed, the sole possible way to preserve information confidentiality is to limit the adversary's access to the cipher text. However, if information is encrypted, using the existing cryptography schemes and spreading the cipher text on multiple servers hasn't entirely solved the matter since somebody who may acquire the cryptography key, will still compromise single server and rewrite the cipher text keep therein. We in this paper tend to address confidentiality, user authentication and information integrity under key exposure. I. INTRODUCTION Computing is being fully changed to a model consisting of services that are commoditized and delivered using a fashion quite like many utilities which is usually available like water electricity, etc. In such models, users able to access services supported their requirements without relevancy where the services are hosted. Different computing paradigms deliver this utility computing which include Grid computing, Peer to Peer computing, and more recently cloud computing. [1]. Cloud Computing is a trending and emerging computing technology that uses the online and thus the remote servers to need care of data and applications. Cloud Computing refers to applications and services offered over the web. These services are offered from data centers everywhere the world, which collectively are mentioned because the "cloud. "Cloud computing is Pay Per-Use-On-Demand model which may conveniently access shared IT resources through the web Where the IT resources include social networking sites, web mail, online business applications and network Services. Cloud computing divulge infrastructure, platform, and software (application) as services, which are made available as subscription-based services to consumers. These services in industry are respectively mentioned as Infrastructure as a Service (Iaas) ,Software as a Service (SaaS) and Platform as a Service (PaaS).To realize cloud computing potential, vendors like Amazon, Google, Microsoft and IBM are started to make and deploy Clouds in various locations across the planet. Additionally, companies working across the planet require the faster response time and thus save time by distributing workload requests to multiple Clouds in various locations at the same time. This creates the necessity for flourishing a computing world for dynamically interconnecting and provisioning Clouds from multiple domains within and across enterprises. There are many difficulties involved in creating such Clouds and Cloud interconnections. Cloud computing companies' states that data is secure, but it isn't completely true. Only time will tell if your data is secure within the cloud. Since customer data and program are residing in provider premises cloud security concerns are arising tons. While cost and easiness to use are two major benefits of cloud computing, there are significant security concerns that require to be addressed while moving critical applications and crucial data to public and shared cloud environments. With social networking services gaining popularity it has to concentrate on sharing data. Google Docs is one such cloud platform which provides data sharing capabilities as groups of scholars, or teams performing on a project can share documents and should collaborate with one another effectively. There's an assumption that data servers will be trusted to stay the info secure. However, this assumption isn't any longer valid today since services are increasingly storing data across many servers that are shared with other data owners. The Cloud is prone to many privacy and security attacks. The largest obstacle hindering the development and also the wide adoption of the Cloud is that the privacy and security issues related to it. An example of this can be cloud data storage where cloud service providers aren't within the identical trusted domains as end users, and hardware platforms aren't under the direct control of information owners. To mitigate user's privacy concerns about their data, a typical solution is to store data in encrypted form so as that it will remain private, whether or not data servers or storage devices aren't trusted or compromised.

Data security in the cloud is where the majority of the most recent work has focused its attention. For safe data transfer in a cloud context, a new key management method that allows for multicast communication must be presented. The study proposes a novel hierarchical key management technique suitable for multicast communication in the cloud. For big, ever-changing multicast systems, the suggested approach is the best option due to its efficiency and scalability. Managing access control to approve and authenticate users utilizing the data is another significant difficulty in a cloud setting. The paradigm of access control used in a conventional setting is very different from that used in the cloud. Therefore, encryption methods, in addition to the access control strategy, must be implemented to safeguard data in group communication.

Journal of Communications Software and Systems

Cloud Computing has achieved long dreamed vision of developments in IT industry such as remote storage services or privacy solutions. It is a data storage model in which data is preserved, controlled and presented over the network users. However, cloud storage gives rise to security concerns. Preserving the secrecy in a group is one of the major research issue in cloud store. This paper is focused on Secure Secret Sharing (SSS) technique which is being recognized as one of the leading method to secure the sensitive data. The proposed methodology shares encrypted data over cloud and generated secret key is split into different parts are given to qualified participants (Qn) only which is analyzed by the index buffer and the malicious checkers. This malicious checker verifies the clients based on their previous performances, whether these users prove authorized participant or not. The key share is stored by trusted third party called Key handler (KH) i.e. an integrated approach for man...