Mostafa Chegenizadeh; Mohammad Ali; Javad Mohajeri; Mohammad Reza Aref
Abstract
Attribute-based encryption (ABE) is a promising cryptographic mechanism for providing confidentiality and fine-grained access control in the cloud-based area.However, due to high computational overhead, common ABE schemes are not suitable for resource-constrained devices.Additionally, access policies ...
Read More
Attribute-based encryption (ABE) is a promising cryptographic mechanism for providing confidentiality and fine-grained access control in the cloud-based area.However, due to high computational overhead, common ABE schemes are not suitable for resource-constrained devices.Additionally, access policies should be able to be updated efficiently by data owners, and in some circumstances, hidden access policies are necessary to preserve the privacy of clients and data.In this paper, we propose a ciphertext-policy attribute-based access control scheme that, for the first time, simultaneously provides online/offline encryption, hidden access policy, and access policy update.In our scheme, resource-constrained devices are equipped with online/offline encryption reducing the encryption overhead significantly.Furthermore, attributes of access policies are hidden such that the attribute sets satisfying an access policy cannot be guessed by other parties.Moreover, data owners can update their defined access policies while outsourcing a major part of the updating process to the cloud service provider.In particular, we introduce blind access policies that enable the cloud service provider to update the data owners' access policies without receiving a new re-encryption key.Besides, our scheme supports fast decryption such that the decryption algorithm consists of a constant number of bilinear pairing operations.The proposed scheme is proven to be secure in the random oracle model and under the hardness of Decisional Bilinear Diffie–Hellman (DBDH) and Decision Linear (D-Linear) assumptions.Also, performance analysis results demonstrate that the proposed scheme is efficient and practical.
Danial Shiraly; Nasrollah Pakniat; Ziba Eslami
Abstract
Public key encryption with keyword search (PEKS) is a cryptographic primitive designed for performing secure search operations over encrypted data stored on untrusted cloud servers. However, in some applications of cloud computing, there is a hierarchical access-privilege setup among users so that upper-level ...
Read More
Public key encryption with keyword search (PEKS) is a cryptographic primitive designed for performing secure search operations over encrypted data stored on untrusted cloud servers. However, in some applications of cloud computing, there is a hierarchical access-privilege setup among users so that upper-level users should be able to monitor data used by lower-level ones in the hierarchy. To support such situations, Wang et al. introduced the notion of hierarchical ID-based searchable encryption. However, Wang et al.'s construction suffers from a serious security problem. To provide a PEKS scheme that securely supports hierarchical structures, Li et al. introduced the notion of hierarchical public key encryption with keyword search (HPEKS). However, Li et al.'s HPEKS scheme is established on traditional public key infrastructure (PKI) which suffers from costly certificate management problem. To address these issues, in this paper, we consider designated-server HPEKS in identity-based setting. We introduce the notion of designated-server hierarchical identity-based searchable encryption (dHIBSE) and provide a formal definition of its security model. We then propose a dHIBSE scheme and prove its security under our model. Finally, we provide performance analysis as well as comparisons with related schemes to show the overall superiority of our dHIBSE scheme.
Mohammad Ali
Abstract
Remote data auditing (RDA) protocols enable a cloud server to persuade an auditor that it is storing a data file honestly. Unlike digital signature(DS) schemes, in RDA protocols, the auditor can carry out the auditing procedure without having the entire data file. Therefore, RDA protocols seem to be ...
Read More
Remote data auditing (RDA) protocols enable a cloud server to persuade an auditor that it is storing a data file honestly. Unlike digital signature(DS) schemes, in RDA protocols, the auditor can carry out the auditing procedure without having the entire data file. Therefore, RDA protocols seem to be attractive alternatives to DSs as they can effectively reduce bandwidth consumption. However, existing RDA protocols do not provide adequately powerful tools for user authentication. In this paper, we put forward a novel attribute-based remote data auditing and user authentication scheme. In our proposed scheme, without having a data file outsourced to a cloud server, an auditor can check its integrity and the issuer’s authenticity. Indeed, through a challenge-response protocol, the auditor can check whether 1) the cloud server has changed the content of the data file or not; 2) the data owner possesses specific attributes or not. We show that our scheme is secure under the hardness assumption of the bilinear Diffie-Hellman (BDH) problem.
Wedad Alawad; Awatef Balobaid
Abstract
Digital forensics is a process of uncovering and exploring evidence from digital content. A growth in digital data in recent years has made it challenging for forensic investigators to uncover useful information. Moreover, the applied use of cloud computing has increased significantly in past few years ...
Read More
Digital forensics is a process of uncovering and exploring evidence from digital content. A growth in digital data in recent years has made it challenging for forensic investigators to uncover useful information. Moreover, the applied use of cloud computing has increased significantly in past few years and has introduced new challenges to forensic experts. Cloud forensics assist organizations who exercise due diligence and comply with the requirements related to sensitive information protection, maintain the records required for audits, and notify concerned parties when confidential information is compromised or exposed. One of the problems with cloud forensics is the limitation of cloud forensic models and guidelines. The aim of this project is to propose a new cloud forensic model that will help investigators and cloud service providers achieve digital forensic readiness within the cloud environment. To achieve this goal, we have studied and compared differentforensic process models to determine their limitations. Based on results of this comparative study, a new cloud forensic framework– Forensic-enabled Security as a Service (FESaaS) is presented. The security and forensic layers are aggregated to discover evidence in the proposed framework. Compared to other cloud forensic frameworks, our framework deals with live data, reports, and logs. Thus, it is sufficient and provides the capability for rapid response.
Najah K. Almazmomi
Abstract
Today, in the area of telecommunication, social media, the internet of things (IoT), and the virtual world, enormous amounts of data are being generated which are extracted to discover knowledge. Knowledge discovery from data in the cloud-computing environment entails the extraction of the new and necessary ...
Read More
Today, in the area of telecommunication, social media, the internet of things (IoT), and the virtual world, enormous amounts of data are being generated which are extracted to discover knowledge. Knowledge discovery from data in the cloud-computing environment entails the extraction of the new and necessary information from the large and complex datasets. This study is qualitative and exploratory in nature. To review based on the recent literature, the articles published in the last five years (2014-2018) were searched. Different databases were searched using the keywords: ‘Knowledge management’ or ‘Knowledge discover*’ and ‘Cloud computing.'. The literature review section is divided into three sub-section based on the findings. The first two sub-sections present the data security and data privacy concerns under two main techniques (Big data analytics and machine learning) used in knowledge discovery, and the last sub-section presents various protocols proposed to address the related security and privacy concerns. This review consolidates the related data security and privacy challenges under two techniques used for knowledge discovery in a cloud environment. Also, the review consolidates the proposals proposed by different experts to address the data security and privacy concerned
Tahir Alyas; Gulzar Ahmad; Yousaf Saeed; Muhammad Asif; Umer Farooq; Asma Kanwal
Abstract
Internet of Things (IoT) and cloud computing technologies have connected the infrastructure of the city to make the context-aware and more intelligent city for utility its major resources. These technologies have much potential to solve thechallenges of urban areas around the globe to facilitate ...
Read More
Internet of Things (IoT) and cloud computing technologies have connected the infrastructure of the city to make the context-aware and more intelligent city for utility its major resources. These technologies have much potential to solve thechallenges of urban areas around the globe to facilitate the citizens. A framework model that enables the integration of sensor’s data and analysis of the data in the context of smart parking is proposed. These technologies use sensors anddevices deployed around the city parking areas sending real time data through the edge computers to the main cloud servers. Mobil-Apps are developed that used real time data, set from servers of the parking facilities in the city. Fuzzification is shown to be a capable mathematical approach for modeling city parking issues. To solve the city parking problems in cities a detailed analysis of fuzzy logic proposed systems is developed. This paper presents the resultsachieved using Mamdani Fuzzy Inference System to model complex smart parking system. These results are verified using MATLAB simulation.
Istabraq M. Al-Joboury; Emad H. Al-Hemiary
Abstract
The Internet of Things (IoT) becomes the future of a global data field in which the embedded devices communicate with each other, exchange data and making decisions through the Internet. IoT could improve the quality of life in smart cities, but a massive amount of data from different smart devices could ...
Read More
The Internet of Things (IoT) becomes the future of a global data field in which the embedded devices communicate with each other, exchange data and making decisions through the Internet. IoT could improve the quality of life in smart cities, but a massive amount of data from different smart devices could slow down or crash database systems. In addition, IoT data transfer to Cloud for monitoring information and generating feedback that will lead to high delay in infrastructure level. Fog Computing can help by offering services closer to edge devices. In this paper, we propose an efficient system architecture to mitigate the problem of delay. We provide performance analysis like response time, throughput and packet loss for MQTT (Message Queue Telemetry Transport) and HTTP (Hyper Text Transfer Protocol) protocols based on Cloud or Fog servers with large volume of data from emulated traffic generator working alongside one real sensor . We implement both protocols in the same architecture, with low cost embedded devices to local and Cloud servers with different platforms. The results show that HTTP response time is 12.1 and 4.76 times higher than MQTT Fog and Cloud based located in the same geographical area of the sensors respectively. The worst case in performance is observed when the Cloud is public and outside the country region. The results obtained for throughput shows that MQTT has the capability to carry the data with available bandwidth and lowest percentage of packet loss. We also prove that the proposed Fog architecture is an efficient way to reduce latency and enhance performance in Cloud based IoT.
Javad Ghareh Chamani; Mohammad Sadeq Dousti; Rasool Jalili; Dimitrios Papadopoulos
Abstract
While cloud computing is growing at a remarkable speed, privacy issues are far from being solved. One way to diminish privacy concerns is to store data on the cloud in encrypted form. However, encryption often hinders useful computation cloud services. A theoretical approach is to employ the so-called ...
Read More
While cloud computing is growing at a remarkable speed, privacy issues are far from being solved. One way to diminish privacy concerns is to store data on the cloud in encrypted form. However, encryption often hinders useful computation cloud services. A theoretical approach is to employ the so-called fully homomorphic encryption, yet the overhead is so high that it is not considered a viable solution for practical purposes. The next best thing is to craft special-purpose cryptosystems which support the set of operations required to be addressed by cloud services. In this paper, we put forward one such cryptosystem, which supports efficient search over structured data types, such as timestamps or network addresses, which are comprised of several segments with well-known values. The new cryptosystem, called SESOS, provides the ability to execute LIKE queries, along with the search for exact matches, as well as comparison. In addition, the extended version, called XSESOS, allows for verifying the integrity of ciphertexts. At its heart, SESOS combines any order-preserving encryption (OPE) scheme with a novel encryption scheme called Multi-map Perfectly Secure Cryptosystem(MuPS). We prove that MuPS is perfectly secure, and hence SESOS enjoys the same security properties of the underlying OPE scheme. The overhead of executing equality and comparison operations is negligible. The performance of LIKE queries is significantly improved by up to 1370X and the performance of result decryption improved by 520X compared to existing solutions on a database with merely 100K records (the improvement is even more significant in larger databases).
E. Damiani; S. Cimato; G. Gianini
Abstract
Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to ...
Read More
Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification of "typical" threats and attack vectors. Also, the dynamic, multi-party nature of cloud-based processes makes severity assessment very dependent on the particular set of stakeholders involved in each process execution. In this paper, we tackle these problems by presenting a novel, process-oriented quantitative risk assessment methodology aimed at disclosure risks on cloud computing platforms. Key advantages of our methodology include (i) a fully quantitative and iterative approach, which enables stakeholders to compare alternative versions of cloud-based processes (e.g., with and without security controls) (ii) non-frequency-based probability estimates, which allow analyzing threats for which a detailed history is not available (iii) support for quick visual comparisons of risk profiles of alternative processes even when impact cannot be exactly quantified.