This paper was motivated by the existing problems of Cloud Data storage in Imo State University, Nigeria such as outsourced data causing the loss of data and misuse of customer information by unauthorized users or hac...This paper was motivated by the existing problems of Cloud Data storage in Imo State University, Nigeria such as outsourced data causing the loss of data and misuse of customer information by unauthorized users or hackers, thereby making customer/client data visible and unprotected. Also, this led to enormous risk of the clients/customers due to defective equipment, bugs, faulty servers, and specious actions. The aim if this paper therefore is to analyze a secure model using Unicode Transformation Format (UTF) base 64 algorithms for storage of data in cloud securely. The methodology used was Object Orientated Hypermedia Analysis and Design Methodology (OOHADM) was adopted. Python was used to develop the security model;the role-based access control (RBAC) and multi-factor authentication (MFA) to enhance security Algorithm were integrated into the Information System developed with HTML 5, JavaScript, Cascading Style Sheet (CSS) version 3 and PHP7. This paper also discussed some of the following concepts;Development of Computing in Cloud, Characteristics of computing, Cloud deployment Model, Cloud Service Models, etc. The results showed that the proposed enhanced security model for information systems of cooperate platform handled multiple authorization and authentication menace, that only one login page will direct all login requests of the different modules to one Single Sign On Server (SSOS). This will in turn redirect users to their requested resources/module when authenticated, leveraging on the Geo-location integration for physical location validation. The emergence of this newly developed system will solve the shortcomings of the existing systems and reduce time and resources incurred while using the existing system.展开更多
The cloud storage service cannot be completely trusted because of the separation of data management and ownership, leading to the difficulty of data privacy protection. In order to protect the privacy of data on untru...The cloud storage service cannot be completely trusted because of the separation of data management and ownership, leading to the difficulty of data privacy protection. In order to protect the privacy of data on untrusted servers of cloud storage, a novel multi-authority access control scheme without a trustworthy central authority has been proposed based on CP-ABE for cloud storage systems, called non-centered multi-authority proxy re-encryption based on the cipher-text policy attribute-based encryption(NC-MACPABE). NC-MACPABE optimizes the weighted access structure(WAS) allowing different levels of operation on the same file in cloud storage system. The concept of identity dyeing is introduced to improve the users' information privacy further. The re-encryption algorithm is improved in the scheme so that the data owner can revoke user's access right in a more flexible way. The scheme is proved to be secure. And the experimental results also show that removing the central authority can resolve the existing performance bottleneck in the multi-authority architecture with a central authority, which significantly improves user experience when a large number of users apply for accesses to the cloud storage system at the same time.展开更多
The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in ...The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in cloud storage systems.A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption(MPRE-CPABE) is proposed for cloud storage systems.MPRE-CPABE requires data owner to split each file into two blocks,one big block and one small block.The small block is used to encrypt the big one as the private key,and then the encrypted big block will be uploaded to the cloud storage system.Even if the uploaded big block of file is stolen,illegal users cannot get the complete information of the file easily.Ciphertext-policy attribute-based encryption(CPABE)is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right.MPRE-CPABE applies CPABE to the multi-authority cloud storage system,and solves the above issues.The weighted access structure(WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments,and reduce the computational cost of key distribution.Meanwhile,MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation.Experiments are implemented on platforms of Ubuntu and CloudSim.Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right.MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman(DBDH).展开更多
To enhance the security of user data in the clouds,we present an adaptive and dynamic data encryption method to encrypt user data in the mobile phone before it is uploaded.Firstly,the adopted data encryption algorithm...To enhance the security of user data in the clouds,we present an adaptive and dynamic data encryption method to encrypt user data in the mobile phone before it is uploaded.Firstly,the adopted data encryption algorithm is not static and uniform.For each encryption,this algorithm is adaptively and dynamically selected from the algorithm set in the mobile phone encryption system.From the mobile phone's character,the detail encryption algorithm selection strategy is confirmed based on the user's mobile phone hardware information,personalization information and a pseudo-random number.Secondly,the data is rearranged with a randomly selected start position in the data before being encrypted.The start position's randomness makes the mobile phone data encryption safer.Thirdly,the rearranged data is encrypted by the selected algorithm and generated key.Finally,the analysis shows this method possesses the higher security because the more dynamics and randomness are adaptively added into the encryption process.展开更多
We focus on security and privacy problems within a cloud database framework,exploiting the DataBase as a Service(DBaaS).In this framework,an information proprietor drives out its information to a cloud database profes...We focus on security and privacy problems within a cloud database framework,exploiting the DataBase as a Service(DBaaS).In this framework,an information proprietor drives out its information to a cloud database professional company.The Data-Owner(DO)encrypts the delicate information before transmission at the cloud database professional company end to offer information security.Current encryption ideas,nonetheless,are just halfway homomorphic as all of them intend to enable an explicit kind of calculation,which is accomplished on scrambled information.These current plans can't be coordinated to solve genuine functional queries that include activities of various types.We propose and evaluate a Verifiable Reliable Secure-DataBase(VRS-DB)framework on shared tables along with many primary operations on scrambled information,which enables information interoperability,and permits an extensive possibility of Structured Query Language(SQL)queries to be prepared by the service provider on the encoded data.We show that our security and privacy idea is protected from two forms of threats and are fundamentally proficient.展开更多
In cloud,data access control is a crucial way to ensure data security.Functional encryption(FE) is a novel cryptographic primitive supporting fine-grained access control of encrypted data in cloud.In FE,every cipherte...In cloud,data access control is a crucial way to ensure data security.Functional encryption(FE) is a novel cryptographic primitive supporting fine-grained access control of encrypted data in cloud.In FE,every ciphertext is specified with an access policy,a decryptor can access the data if and only if his secret key matches with the access policy.However,the FE cannot be directly applied to construct access control scheme due to the exposure of the access policy which may contain sensitive information.In this paper,we deal with the policy privacy issue and present a mechanism named multi-authority vector policy(MAVP) which provides hidden and expressive access policy for FE.Firstly,each access policy is encoded as a matrix and decryptors can only obtain the matched result from the matrix in MAVP.Then,we design a novel function encryption scheme based on the multi-authority spatial policy(MAVPFE),which can support privacy-preserving yet non-monotone access policy.Moreover,we greatly improve the efficiency of encryption and decryption in MAVP-FE by shifting the major computation of clients to the outsourced server.Finally,the security and performance analysis show that our MAVP-FE is secure and efficient in practice.展开更多
Big data cloud platforms provide users with on-demand configurable computing,storage resources to users,thus involving a large amount of user data.However,most of the data is processed and stored in plaintext,resultin...Big data cloud platforms provide users with on-demand configurable computing,storage resources to users,thus involving a large amount of user data.However,most of the data is processed and stored in plaintext,resulting in data leakage.At the same time,simple encrypted storage ensures the confidentiality of the cloud data,but has the following problems:if the encrypted data is downloaded to the client and then decrypted,the search efficiency will be low.If the encrypted data is decrypted and searched on the server side,the security will be reduced.Data availability is finally reduced,and indiscriminate protection measures make the risk of data leakage uncontrollable.To solve the problems,based on searchable encryption and key derivation,a cipher search system is designed in this paper considering both data security and availability,and the use of a search encryption algorithm that supports dynamic update is listed.Moreover,the system structure has the advantage of adapting different searchable encryption algorithm.In particular,a user-centered key derivation mechanism is designed to realize file-level fine-grained encryption.Finally,extensive experiment and analysis show that the scheme greatly improves the data security of big data platform.展开更多
文摘This paper was motivated by the existing problems of Cloud Data storage in Imo State University, Nigeria such as outsourced data causing the loss of data and misuse of customer information by unauthorized users or hackers, thereby making customer/client data visible and unprotected. Also, this led to enormous risk of the clients/customers due to defective equipment, bugs, faulty servers, and specious actions. The aim if this paper therefore is to analyze a secure model using Unicode Transformation Format (UTF) base 64 algorithms for storage of data in cloud securely. The methodology used was Object Orientated Hypermedia Analysis and Design Methodology (OOHADM) was adopted. Python was used to develop the security model;the role-based access control (RBAC) and multi-factor authentication (MFA) to enhance security Algorithm were integrated into the Information System developed with HTML 5, JavaScript, Cascading Style Sheet (CSS) version 3 and PHP7. This paper also discussed some of the following concepts;Development of Computing in Cloud, Characteristics of computing, Cloud deployment Model, Cloud Service Models, etc. The results showed that the proposed enhanced security model for information systems of cooperate platform handled multiple authorization and authentication menace, that only one login page will direct all login requests of the different modules to one Single Sign On Server (SSOS). This will in turn redirect users to their requested resources/module when authenticated, leveraging on the Geo-location integration for physical location validation. The emergence of this newly developed system will solve the shortcomings of the existing systems and reduce time and resources incurred while using the existing system.
基金Projects(61472192,61202004)supported by the National Natural Science Foundation of ChinaProject(14KJB520014)supported by the Natural Science Fund of Higher Education of Jiangsu Province,China
文摘The cloud storage service cannot be completely trusted because of the separation of data management and ownership, leading to the difficulty of data privacy protection. In order to protect the privacy of data on untrusted servers of cloud storage, a novel multi-authority access control scheme without a trustworthy central authority has been proposed based on CP-ABE for cloud storage systems, called non-centered multi-authority proxy re-encryption based on the cipher-text policy attribute-based encryption(NC-MACPABE). NC-MACPABE optimizes the weighted access structure(WAS) allowing different levels of operation on the same file in cloud storage system. The concept of identity dyeing is introduced to improve the users' information privacy further. The re-encryption algorithm is improved in the scheme so that the data owner can revoke user's access right in a more flexible way. The scheme is proved to be secure. And the experimental results also show that removing the central authority can resolve the existing performance bottleneck in the multi-authority architecture with a central authority, which significantly improves user experience when a large number of users apply for accesses to the cloud storage system at the same time.
基金supported by the National Natural Science Foundation of China(6120200461472192)+1 种基金the Special Fund for Fast Sharing of Science Paper in Net Era by CSTD(2013116)the Natural Science Fund of Higher Education of Jiangsu Province(14KJB520014)
文摘The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in cloud storage systems.A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption(MPRE-CPABE) is proposed for cloud storage systems.MPRE-CPABE requires data owner to split each file into two blocks,one big block and one small block.The small block is used to encrypt the big one as the private key,and then the encrypted big block will be uploaded to the cloud storage system.Even if the uploaded big block of file is stolen,illegal users cannot get the complete information of the file easily.Ciphertext-policy attribute-based encryption(CPABE)is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right.MPRE-CPABE applies CPABE to the multi-authority cloud storage system,and solves the above issues.The weighted access structure(WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments,and reduce the computational cost of key distribution.Meanwhile,MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation.Experiments are implemented on platforms of Ubuntu and CloudSim.Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right.MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman(DBDH).
文摘To enhance the security of user data in the clouds,we present an adaptive and dynamic data encryption method to encrypt user data in the mobile phone before it is uploaded.Firstly,the adopted data encryption algorithm is not static and uniform.For each encryption,this algorithm is adaptively and dynamically selected from the algorithm set in the mobile phone encryption system.From the mobile phone's character,the detail encryption algorithm selection strategy is confirmed based on the user's mobile phone hardware information,personalization information and a pseudo-random number.Secondly,the data is rearranged with a randomly selected start position in the data before being encrypted.The start position's randomness makes the mobile phone data encryption safer.Thirdly,the rearranged data is encrypted by the selected algorithm and generated key.Finally,the analysis shows this method possesses the higher security because the more dynamics and randomness are adaptively added into the encryption process.
文摘We focus on security and privacy problems within a cloud database framework,exploiting the DataBase as a Service(DBaaS).In this framework,an information proprietor drives out its information to a cloud database professional company.The Data-Owner(DO)encrypts the delicate information before transmission at the cloud database professional company end to offer information security.Current encryption ideas,nonetheless,are just halfway homomorphic as all of them intend to enable an explicit kind of calculation,which is accomplished on scrambled information.These current plans can't be coordinated to solve genuine functional queries that include activities of various types.We propose and evaluate a Verifiable Reliable Secure-DataBase(VRS-DB)framework on shared tables along with many primary operations on scrambled information,which enables information interoperability,and permits an extensive possibility of Structured Query Language(SQL)queries to be prepared by the service provider on the encoded data.We show that our security and privacy idea is protected from two forms of threats and are fundamentally proficient.
基金supported by the National Science Foundation of China (No.61373040,No.61173137)The Ph.D.Pro-grams Foundation of Ministry of Education of China(20120141110073)Key Project of Natural Science Foundation of Hubei Province (No.2010CDA004)
文摘In cloud,data access control is a crucial way to ensure data security.Functional encryption(FE) is a novel cryptographic primitive supporting fine-grained access control of encrypted data in cloud.In FE,every ciphertext is specified with an access policy,a decryptor can access the data if and only if his secret key matches with the access policy.However,the FE cannot be directly applied to construct access control scheme due to the exposure of the access policy which may contain sensitive information.In this paper,we deal with the policy privacy issue and present a mechanism named multi-authority vector policy(MAVP) which provides hidden and expressive access policy for FE.Firstly,each access policy is encoded as a matrix and decryptors can only obtain the matched result from the matrix in MAVP.Then,we design a novel function encryption scheme based on the multi-authority spatial policy(MAVPFE),which can support privacy-preserving yet non-monotone access policy.Moreover,we greatly improve the efficiency of encryption and decryption in MAVP-FE by shifting the major computation of clients to the outsourced server.Finally,the security and performance analysis show that our MAVP-FE is secure and efficient in practice.
基金the Sichuan Science and Technology Program(2021JDRC0077)the Sichuan Province’s Key Research and Development Plan.“Distributed Secure StorageTechnology for Massive Sensitive Data”Project(2020YFG0298)Applied Basic Research Project of Sichuan Province(No.2018JY0370).
文摘Big data cloud platforms provide users with on-demand configurable computing,storage resources to users,thus involving a large amount of user data.However,most of the data is processed and stored in plaintext,resulting in data leakage.At the same time,simple encrypted storage ensures the confidentiality of the cloud data,but has the following problems:if the encrypted data is downloaded to the client and then decrypted,the search efficiency will be low.If the encrypted data is decrypted and searched on the server side,the security will be reduced.Data availability is finally reduced,and indiscriminate protection measures make the risk of data leakage uncontrollable.To solve the problems,based on searchable encryption and key derivation,a cipher search system is designed in this paper considering both data security and availability,and the use of a search encryption algorithm that supports dynamic update is listed.Moreover,the system structure has the advantage of adapting different searchable encryption algorithm.In particular,a user-centered key derivation mechanism is designed to realize file-level fine-grained encryption.Finally,extensive experiment and analysis show that the scheme greatly improves the data security of big data platform.
