Biblio

After the emergence of the cloud architecture, many companies migrate their data from conventional storage i.e., on bare metal to the cloud storage. Since then huge amount of data was stored on cloud servers, which later resulted in redundancy of huge amount of data. Hence in this cloud world, many data de-duplication techniques has been widely used. Not only the redundancy but also made data more secure and privacy of the existing data were also increased. Some techniques got limitations and some have their own advantages based on the requirements. Some of the attributes like data privacy, tag regularity and interruption to brute-force attacks. To make data deduplication technique more efficient based on the requirements. This paper will discuss schemes that brace user-defined access control, by allowing the service provider to get information of the information owners. Thus our scheme eliminates redundancy of the data without breaching the privacy and security of clients that depends on service providers. Our lastest deduplication scheme after performing various algorithms resulted in conclusion and producing more efficient data confidentiality and tag consistency. This paper has discussion on various techniques and their drawbacks for the effectiveness of the deduplication.

Rapid development of cloud storage services, users are allowed to upload heavy storage and computational cost to cloud to reduce the local resource and energy consumption. While people enjoy the desirable benefits from the cloud storage service, critical security concerns in data outsourcing have been raised seriously. In the cloud storage service, data owner loses the physical control of the data and these data are fully controlled by the cloud server. As such, the integrity of outsourced data is being put at risk in reality. Remote data integrity checking (RDIC) is an effective solution to checking the integrity of uploaded data. However, most RDIC schemes are rely on traditional public key infrastructure (PKI), which leads communication and storage overhead due to the certificate management. Identity-based RDIC scheme is not need the storage management, but it has a drawback of key escrow. To solve these problems, we propose a practical certificateless RDIC scheme. Moreover, many public auditing schemes authorize the third party auditor (TPA) to check the integrity of remote data and the TPA is not fully trusted. Thus, we take the data privacy into account. The proposed scheme not only can overcome the above deficiencies but also able to preserve the data privacy against the TPA. Our theoretical analyses prove that our mechanism is correct and secure, and our mechanism is able to audit the integrity of cloud data efficiently.

In the era of machine learning, mobile users are able to submit their symptoms to doctors at any time, anywhere for personal diagnosis. It is prevalent to exploit edge computing for real-time diagnosis services in order to reduce transmission latency. Although data-driven machine learning is powerful, it inevitably compromises privacy by relying on vast amounts of medical data to build a diagnostic model. Therefore, it is necessary to protect data privacy without accessing local data. However, the blossom has also been accompanied by various problems, i.e., the limitation of training data, vulnerabilities, and privacy concern. As a solution to these above challenges, in this paper, we design a lightweight privacy-preserving medical diagnosis mechanism on edge. Our method redesigns the extreme gradient boosting (XGBoost) model based on the edge-cloud model, which adopts encrypted model parameters instead of local data to reduce amounts of ciphertext computation to plaintext computation, thus realizing lightweight privacy preservation on resource-limited edges. Additionally, the proposed scheme is able to provide a secure diagnosis on edge while maintaining privacy to ensure an accurate and timely diagnosis. The proposed system with secure computation could securely construct the XGBoost model with lightweight overhead, and efficiently provide a medical diagnosis without privacy leakage. Our security analysis and experimental evaluation indicate the security, effectiveness, and efficiency of the proposed system.

In recent days cloud domain gains a lot of user attention in order to store and access the data from remote locations connected through the internet. As it is generally known that all the sensitive data come from remote locations will be stored in the centralized storage medium and then try to access the data from that centralized storage space controlled by the cloud server. It is facing a problem like there is no security for the data in terms of user authorization and data authentication from the centralized storage location. Hence, it is required to migrate for a new storage procedure like Decentralized storage of cloud data in which the systems that do not rely on a central authority, so that the collusion resistance can be avoided by maintaining a global identifier. Here, the term de-centralized access means granting multi authorities to control the access for providing more security for the sensitive data. The proposed research study attempts to develop a new scheme by adding a global identifier like Attribute Authority (AA) for providing access keys for the data users who wish to access the sensitive information from the cloud server. The proposed research work attempts to incorporate the composite order bilinear groups scheme for providing access facility for the data users and provide more security for the sensitive data. By conducting various experiments on the proposed model, the obtained result clearly tells that the proposed system is very efficient to access the data in a de-centralized manner by using a global identifier.

In recent times, the use of cloud computing has gained popularity all over the world in the context of performing smart computations on big data. The privacy of sensitive data of the client is of utmost important issues. Data leakage or hijackers may theft significant information about the client that ultimately may affect the reputation and prestige of its owner (bank) and client (customers). In general, to save the privacy of our banking data it is preferred to store, process, and transmit the data in the form of encrypted text. But now the main concern leads to secure computation over encrypted text or another possible way to perform computation over clouds makes data more vulnerable to hacking and attacks. Existing classical encryption techniques such as RSA, AES, and others provide secure transaction procedures for data over clouds but these are not fit for secure computation over data in the clouds. In 2009, Gentry comes with a solution for such issues and presents his idea as Homomorphic encryption (HE) that can perform computation over encrypted text without decrypting the data itself. Now a day's privacy-enhancing techniques (PET) are there to explore more potential benefits in security issues and useful in historical cases of privacy failure. Differential privacy, Federated analysis, homomorphic encryption, zero-knowledge proof, and secure multiparty computation are a privacy-enhancing technique that may useful in financial services as these techniques provide a fully-fledged mechanism for financial institutes. With the collaboration of industries, these techniques are may enable new data-sharing agreements for a more secure solution over data. In this paper, the primary concern is to investigate the different standards and properties of homomorphic encryption in digital banking and financial institutions.

Cloud-based enterprise search services (e.g., AWS Kendra) have been entrancing big data owners by offering convenient and real-time search solutions to them. However, the problem is that individuals and organizations possessing confidential big data are hesitant to embrace such services due to valid data privacy concerns. In addition, to offer an intelligent search, these services access the user’s search history that further jeopardizes his/her privacy. To overcome the privacy problem, the main idea of this research is to separate the intelligence aspect of the search from its pattern matching aspect. According to this idea, the search intelligence is provided by an on-premises edge tier and the shared cloud tier only serves as an exhaustive pattern matching search utility. We propose Smartness at Edge (SAED mechanism that offers intelligence in the form of semantic and personalized search at the edge tier while maintaining privacy of the search on the cloud tier. At the edge tier, SAED uses a knowledge-based lexical database to expand the query and cover its semantics. SAED personalizes the search via an RNN model that can learn the user’s interest. A word embedding model is used to retrieve documents based on their semantic relevance to the search query. SAED is generic and can be plugged into existing enterprise search systems and enable them to offer intelligent and privacy-preserving search without enforcing any change on them. Evaluation results on two enterprise search systems under real settings and verified by human users demonstrate that SAED can improve the relevancy of the retrieved results by on average ≈24% for plain-text and ≈75% for encrypted generic datasets.

How to analyze users' data without compromising individual privacy is an important issue in cloud computing. In order to protect privacy and enable the cloud to perform computing, users can apply homomorphic encryption schemes to their data. Most of existing homomorphic encryption-based cloud computing methods require that users' data are encrypted with the same key. While in practice, different users may prefer to use different keys. In this paper, we propose a privacy-preserving cloud computing method which adopts a double-trapdoor homomorphic encryption scheme to deal with the multi-key issue. The proposed method uses two cloud servers to analyze users' encrypted data. And we propose to use blockchain to monitor the information exchanged between the servers. Security analysis shows that the introduction of blockchain can help to prevent the two servers from colluding with each other, hence data privacy is further enhanced. And we conduct simulations to demonstrate the feasibility of the propose method.

The cloud infrastructure is not new to the society from past one decade. But even in recent time, the companies started migrating from local services to cloud services for better connectivity and for other requirements, this is due to companies financial limitations on existing infrastructure, they are migrating to less cost and hire and fire support based cloud infrastructures. But the proposed cloud infrastructure require security on event logs accessed by different end users on the cloud environment. To adopt the security on local services to cloud service based infrastructure, it need better identify management between end users. Therefore this paper presents the related works of user identity as a service for each user involving in cloud service and the accessing permission and protection will be monitored and controlled by the cloud security infrastructures.

With the rapid development of cloud computing which has been extensively applied in the health research, the concept of medical cloud has become widespread. In this paper, we proposed an integrated medical cloud architecture with multiple applications based on privacy protection. The scheme in this paper adopted attribute encryption to ensure the PHR files encrypted all the time in order to protect the health privacy of the PHR owners not leaked. In addition, the medical cloud architecture proposed in this paper is suitable for multiple application scenarios. Different from the traditional domain division which has public domain (PUD) and private domain (PSD), the PUD domain is further divided into PUD1and PUD2 with finer granularity based on different permissions of the PHR users. In the PUD1, the PHR users have read or write access to the PHR files, while the PHR users in the PUD2 only have read permissions. In the PSD, we use key aggregation encryption (KAE) to realize the access control. For PHR users of PUD1 and PUD2, the outsourcable ABE technology is adopted to greatly reduce the computing burden of users. The results of function and performance test show that the scheme is safe and effective.

Cloud computing is one of the greatest and authoritative paradigms in computing as it provides access and use of various third-party services at a lower cost. However, there exist various security challenges facing cloud computing especially in the aspect of data privacy and this is more critical when dealing with sensitive personal or organization's data. Cloud service providers encrypt data during transfer from the local hard drive to the cloud server and at the server-side, the only problem is that the encryption key is stored by the service provider meaning they can decrypt your data. This paper discusses how cloud security can be enhanced by using client-side data encryption (pre-internet encryption), this will allow the clients to encrypt data before uploading to the cloud and store the key themselves. This means that data will be rendered to the cloud in an unreadable and secure format that cannot be accessed by unauthorized persons.

Fog Computing was envisioned to solve problems like high latency, mobility, bandwidth, etc. that were introduced by Cloud Computing. Fog Computing has enabled remotely connected IoT devices and sensors to be managed efficiently. Nonetheless, the Fog-Cloud paradigm suffers from various security and privacy related problems. Blockchain ensures security in a trustless way and therefore its applications in various fields are increasing rapidly. In this work, we propose a Fog-Cloud architecture that enables Blockchain to ensure security, scalability, and privacy of remotely connected IoT devices. Furthermore, our proposed architecture also efficiently manages common problems like ever-increasing latency and energy consumption that comes with the integration of Blockchain in Fog-Cloud architecture.

Cloud computing provides an open architecture and resource sharing computing platform with pay-per-use model. It is now a popular computing platform and most of the new internet based computing services are on this innovation supported environment. We consider it as innovation supported because developers are more focused here on the service design, rather on arranging the infrastructure, network, management of the resources, etc. These all things are available in cloud computing on hired basis. Now, a big question arises here is the security of data or privacy of data because the service provider is already using the infrastructure, network, storage, processors, and other more resources from the third party. So, the security or privacy of the portable user's data is the main motivation for writing this research paper. In this paper, we are proposing an innovative perturbation algorithm MAP() to secure the portable user's data on the cloud server.

With almost unlimited storage capacity and low maintenance cost, cloud storage becomes a convenient and efficient way for data sharing among cloud users. However, this introduces the challenges of access control and privacy protection when data sharing for multiple groups, as each group usually has its own encryption and access control mechanism to protect data confidentiality. In this paper, we propose a multiple-group data sharing scheme with privacy preservation in the cloud. This scheme constructs a flexible access control framework by using group signature, ciphertext-policy attribute-based encryption and broadcast encryption, which supports both intra-group and cross-group data sharing with anonymous access. Furthermore, our scheme supports efficient user revocation. The security and efficiency of the scheme are proved thorough analysis and experiments.

There exists a need for sharing user health data, especially with institutes for research purposes, in a secure fashion. This is especially true in the case of a system that includes a third party storage service, such as cloud computing, which limits the control of the data owner. The use of encryption for secure data storage continues to evolve to meet the need for flexible and fine-grained access control. This evolution has led to the development of Attribute Based Encryption (ABE). The use of ABE to ensure the security and privacy of health data has been explored. This paper presents an ABE based framework which allows for the secure outsourcing of the more computationally intensive processes for data decryption to the cloud servers. This reduces the time needed for decryption to occur at the user end and reduces the amount of computational power needed by users to access data.

Nowadays, ubiquitous healthcare monitoring applications are becoming a necessity. In a pervasive smart healthcare system, the user's location information is always transmitted periodically to healthcare providers to increase the quality of the service provided to the user. However, revealing the user's location will affect the user's privacy. This paper presents a novel cloud-based secure location privacy-preserving mobile healthcare framework with decision-making capabilities. A user's vital signs are sensed possibly through a wearable healthcare device and transmitted to a cloud server for securely storing user's data, processing, and decision making. The proposed framework integrates a number of features such as machine learning (ML) for classifying a user's health state, and crowdsensing for collecting information about a person's privacy preferences for possible locations and applying such information to a user who did not set his privacy preferences. In addition to location privacy preservation methods (LPPM) such as obfuscation, perturbation and encryption to protect the location of the user and provide a secure monitoring framework. The proposed framework detects clear emergency cases and quickly decides about sending a help message to a healthcare provider before sending data to the cloud server. To validate the efficiency of the proposed framework, a prototype is developed and tested. The obtained results from the proposed prototype prove its feasibility and utility. Compared to the state of art, the proposed framework offers an adaptive context-based decision for location sharing privacy and controlling the trade-off between location privacy and service utility.

In the current scenario, the data owners would like to access data from anywhere and anytime. Hence, they will store their data in public or private cloud along with encryption and particular set of attributes to access control on the cloud data. While uploading the data into public or private cloud they will assign some attribute set to their data. If any authorized cloud user wants to download their data they should enter that particular attribute set to perform further actions on the data owner's data. A cloud user wants to register their details under cloud organization to access the data owner's data. Users wants to submit their details as attributes along with their designation. Based on the Users details Semi-Trusted Authority generates decryption keys to get control on owner's data. A user can perform a lot of operation over the cloud data. If the user wants to read the cloud data he needs to be entering some read related, and if he wants to write the data he needs to be entering write related attribute. For each and every action user in an organization would be verified with their unique attribute set. These attributes will be stored by the admins to the authorized users in cloud organization. These attributes will be stored in the policy files in a cloud. Along with this attribute,a rule based engine is used, to provide the access control to user. If any user leaks their decryption key to the any malicious user data owners wants to trace by sending audit request to auditor and auditor will process the data owners request and concludes that who is the convict.

Intelligent environments work collaboratively, bringing more comfort to human beings. The intelligence of these environments comes from technological advances in sensors and communication. IoT is the model developed that allows a wide and intelligent communication between devices. Hardware reduction of IoT devices results in vulnerabilities. Thus, there are numerous concerns regarding the security of user information, since mobile devices are easily trackable over the Internet. Care must be taken regarding the information in user profiles. Mobile devices are protected by a permission-based mechanism, which limits third-party applications from accessing sensitive device resources. In this context, this work aims to present a proposal for materialization of application for the evolution of user profiles in intelligent environments. Having as parameters the parameters presented in the proposed taxonomy. The proposed solution is the development of two applications, one for Android devices, responsible for allowing or blocking some features of the device. And another in Cloud, responsible for imposing the parameters and privacy criteria, formalizing the profile control module (PRIPRO - PRIvacy PROfiles).

Cloud computing has made the life of individual users and work of business corporations so much easier by providing them data storage services at very low costs. Individual users can store and access their data through shared cloud storage service anywhere anytime. Similarly, business corporation consumers of cloud computing can store, manage, process and access their big data with quite an ease. However, the security and privacy of users' data remains vulnerable in cloud computing Availability, integrity and confidentiality are the three primary elements that users consider before signing up for cloud computing services. Many public and private cloud services have experienced security breaches and unauthorized access incidents. This paper suggests user end cryptography of data before uploading it to a cloud storage service platform like Google Drive, Microsoft, Amazon and CloudSim etc. The proposed cryptography algorithm is based on symmetric key cryptography model and has been implemented on Amazon S3 cloud space service.

Cloud computing is the flexible platform to outsource the data from local server to commercial cloud. However cloud provides tremendous benefits to user, data privacy and data leakage reduce the attention of cloud. For protecting data privacy and reduce data leakage various techniques has to be implemented in cloud. There are various types of cloud environment, but we concentrate on Hybrid cloud. Hybrid cloud is nothing but combination of more than two or more cloud. Where critical operations are performed in private cloud and non critical operations are performed in public cloud. So, it has numerous advantages and criticality too. In this paper, we focus on data security through encryption scheme over Hybrid Cloud. There are various encryption schemes are close to us but it also have data security issues. To overcome these issues, Attribute Based Encryption Scheme with Dynamic Attributes Supporting (ABE-DAS) has proposed. Attribute based Encryption Scheme with Dynamic Attributes Supporting technique enhance the security of the data in hybrid cloud.

With the improvement of the current Internet software and hardware performance, cloud storage has become one of the most widely used applications. This paper proposes a user privacy protection algorithm suitable for tennis match live broadcast from media cloud platform. Through theoretical and experimental verification, this algorithm can better protect the privacy of users in the live cloud platform. This algorithm is a ciphertext calculation algorithm based on data blocking. Firstly, plaintext data are grouped, then AES ciphertext calculation is performed on each group of plaintext data simultaneously and respectively, and finally ciphertext data after grouping encryption is spliced to obtain final ciphertext data. Experimental results show that the algorithm has the characteristics of large key space, high execution efficiency, ciphertext statistics and good key sensitivity.

Many organizations are still reluctant to move sensitive data to the cloud. Moreover, data protection regulations have established considerable punishments for violations of privacy and security requirements. Privacy, however, is a concept that is difficult to measure and to demonstrate. While many privacy design strategies, tactics and patterns have been proposed for privacy-preserving system design, it is difficult to evaluate an existing system with regards to whether these strategies have or have not appropriately been implemented. In this paper we propose indicators for a system's non-compliance with privacy design strategies, called privacy smells. To that end we first identify concrete metrics that measure certain aspects of existing privacy design strategies. We then define smells based on these metrics and discuss their limitations and usefulness. We identify these indicators on two levels of a cloud system: the data flow level and the access control level. Using a cloud system built in Microsoft Azure we show how the metrics can be measured technically and discuss the differences to other cloud providers, namely Amazon Web Services and Google Cloud Platform. We argue that while it is difficult to evaluate the privacy-awareness in a cloud system overall, certain privacy aspects in cloud systems can be mapped to useful metrics that can indicate underlying privacy problems. With this approach we aim at enabling cloud users and auditors to detect deep-rooted privacy problems in cloud systems.

Cloud is the perfect way to hold our data every day. Yet the confidentiality of our data is a big concern in the handling of cloud data. Data integrity, authentication and confidentiality are basic security threats in the cloud. Cryptography techniques and Third Party Auditor (TPA) are very useful to impose the integrity and confidentiality of data. In this paper, a system is proposed Enhancing data protection that is housed in cloud computing. The suggested solution uses the RSA algorithm and the AES algorithm to encrypt user data. The hybridization of these two algorithms allows better data protection before it is stored in the cloud. Secure hash algorithm 512 is used to compute the Hash Message Authentication Code (HMAC). A stable audit program is also introduced for Third Party Auditor (TPA) use. The suggested algorithm is applied in python programming and tested in a simple sample format. It is checked that the proposed algorithm functions well to guarantee greater data protection.

In recent trends, privacy preservation is the most predominant factor, on big data analytics and cloud computing. Every organization collects personal data from the users actively or passively. Publishing this data for research and other analytics without removing Personally Identifiable Information (PII) will lead to the privacy breach. Existing anonymization techniques are failing to maintain the balance between data privacy and data utility. In order to provide a trade-off between the privacy of the users and data utility, a Mondrian based k-anonymity approach is proposed. To protect the privacy of high-dimensional data Deep Neural Network (DNN) based framework is proposed. The experimental result shows that the proposed approach mitigates the information loss of the data without compromising privacy.

Network threats often come from multiple sources and affect a variety of domains. Collaborative sharing and analysis of Cyber Threat Information (CTI) can greatly improve the prediction and prevention of cyber-attacks. However, CTI data containing sensitive and confidential information can cause privacy exposure and disclose security risks, which will deter organisations from sharing their CTI data. To address these concerns, the consortium of the EU H2020 project entitled Collaborative and Confidential Information Sharing and Analysis for Cyber Protection (C3ISP) has designed and implemented a framework (i.e. C3ISP Framework) as a service for cyber threat management. This paper focuses on the design and development of an API Gateway, which provides a bridge between end-users and their data sources, and the C3ISP Framework. It facilitates end-users to retrieve their CTI data, regulate data sharing agreements in order to sanitise the data, share the data with privacy-preserving means, and invoke collaborative analysis for attack prediction and prevention. In this paper, we report on the implementation of the API Gateway and experiments performed. The results of these experiments show the efficiency of our gateway design, and the benefits for the end-users who use it to access the C3ISP Framework.

The security of user personal information on cloud computing is an important issue for the recommendation system. In order to provide high quality recommendation services, privacy of user is often obtained by untrusted recommendation systems. At the same time, malicious attacks often use the recommendation results to try to guess the private data of user. This paper proposes a hybrid algorithm based on NMF and random perturbation technology, which implements the recommendation system and solves the protection problem of user privacy data in the recommendation process on cloud computing. Compared with the privacy protection algorithm of SVD, the elements of the matrix after the decomposition of the new algorithm are non-negative elements, avoiding the meaninglessness of negative numbers in the matrix formed by texts, images, etc., and it has a good explanation for the local characteristics of things. Experiments show that the new algorithm can produce recommendation results with certain accuracy under the premise of protecting users' personal privacy on cloud computing.