Biblio

Cloud Computing revolutionize the usage of Internet of Things enabled devices integrated via Internet. Providing everything in an outsourced fashion, Cloud also lends infrastructures such as storage. Though cloud makes it easy for us to store and access the data faster and easier, yet there exist various security and privacy risks. Such issues if not handled may become more threatening as it could even disclose the privacy of an individual/ organization. Strengthening the security of data is need of the hour. The work proposes a novel architecture enhancing the security of Cloud data in an IoT integrated environment. In order to enhance the security, systematic use of a modified hybrid mechanism based on DNA code and Elliptic Curve Cryptography along with Third Party Audit is proposed. The performance of the proposed mechanism has been analysed. The results ensures that proposed IoT Cloud architecture performs better while providing strong security which is the major aspect of the work.

Security authentication can effectively solve the problem of access to Low Earth Orbit (LEO) satellites. However, the existing solutions still harbor some problems in the computational complexity of satellite authentication, flexible networking, resistance to brute force attacks and other aspects. So, a security authentication scheme for LEO satellites that integrates spatial channel characteristics is designed within the software defined network architecture. In this scheme, the spatial channel characteristics are introduced to the subsequent lightweight encryption algorithm to achieve effective defense against brute force attacks. According to security analysis and simulation results, the scheme can effectively reduce the computational overhead while protecting against replay attacks, brute force attacks, DOS attacks, and other known attacks.

Cryptocurrencies such as Bitcoin and Ethereum achieve decentralized payment by maintaining a globally distributed and append-only ledger. Recently, several researchers have sought to achieve privacy-preserving auditing, which is a crucial function for scenarios that require regulatory compliance, for decentralized payment systems. However, those proposed schemes usually cost much time for the cooperation between the auditor and the user due to leveraging complex cryptographic tools such as zero-knowledge proof. To tackle the problem, we present T-PPA, a privacy-preserving decentralized payment system, which provides customizable and efficient auditability by leveraging trusted execution environments (TEEs). T-PPA demands the auditor construct audit programs based on request and execute them in the TEE to protect the privacy of transactions. Then, identity-based encryption (IBE) is employed to construct the separation of power between the agency nodes and the auditor and to protect the privacy of transactions out of TEE. The experimental results show that T-PPA can achieve privacy-preserving audits with acceptable overhead.

Data security is the process of protecting data from loss, alteration, or unauthorised access during its entire lifecycle. It includes everything from the policies and practices of a company to the hardware, software, storage, and user devices used by that company. Data security tools and technology increase transparency into an organization's data and its usage. These tools can protect data by employing methods including encryption and data masking personally identifiable information.. Additionally, the method aids businesses in streamlining their auditing operations and adhering to the increasingly strict data protection rules.

The development of cloud apps enables people to exchange resources, goods, and expertise online with other clients. The material is more vulnerable to numerous security dangers from outsiders due to the fact that millions of users exchange data through the same system. How to maintain the security of this data is now the main concern. The current data protection system functions best when it places a greater priority on safeguarding data maintained in online storage than it does on cybersecurity during transportation. The data becomes open to intrusion attacks while being transferred. Additionally, the present craze states that an outside auditor may view data as it is being transmitted. Additionally, by allowing the hacker to assume a third-person identity while obtaining the information, this makes the data more susceptible to exploitation. The proposed system focuses on using encryption to safeguard information flow since cybersecurity is seen as a major issue. The approach also takes into account the fourth auditing issue, which is that under the recommended manner, the inspector is not allowed to see the user information. Tests have shown that the recommended technique improves security overall by making it harder for hackers to decode the supplied data.

Research data sharing requires provision of adequate security. The requirements for data privacy are extremely demanding for medical data that is reused for research purposes. To address these requirements, the research institutions must implement adequate security measurements, and this demands large effort and costs to do it properly. The usage of adequate access controls and data encryption are key approaches to effectively protect research data confidentiality; however, the management of the encryption keys is challenging. There are novel mechanisms that can be explored for managing access to the encryption keys and encrypted files. These mechanisms guarantee that data are accessed by authorised users and that auditing is possible. In this paper we explore these mechanisms to implement a secure research medical data sharing system. In the proposed system, the research data are stored on a secure cloud system. The data are partitioned into subsets, each one encrypted with a unique key. After the authorisation process, researchers are given rights to use one or more of the keys and to selectively access and decrypt parts of the dataset. Our proposed solution offers automated fine-grain access control to research data, saving time and work usually made manually. Moreover, it maximises and fortifies users' trust in data sharing through secure clouds solutions. We present an initial evaluation and conclude with a discussion about the limitations, open research questions and future work around this challenging topic.

New advancements in cloud computing technology enable the usage of cloud platforms for business purposes rapidly increasing every day. Data accumulation related to business transactions, Communications, business model architecture and much other information are stored in the cloud platform and access Dubai the business Associates commonly. Considering the security point of view data stored in the cloud need to be highly secured and accessed through authentication. The proposed system is focused on evaluating a cloud integrity auditing model in which the security and privacy preserving system is being audited, privacy is decided using a machine learning algorithm. The proposed model is developed using a hybrid CatBoost algorithm (HCBA) in which the input data is stored into the cloud platform using Bring your own encryption Key (BYOEK). The security of BYOEK model is evaluated and validated with respect to the given test model in terms of Execution time comparison Vs. Data transactions.

Redactable blockchain allows modifiers or voting committees with modification privileges to edit the data on the chain. Among them, trapdoor holders in chameleon-based hash redactable blockchains can quickly compute hash collisions for arbitrary data without breaking the link of the hash-chain. However, chameleon-based hash redactable blockchain schemes have difficulty solving issues such as editing operations with different granularity or conflicts and auditing modifiers that abuse editing privileges. To address the above challenges, we propose a redactable blockchain with Cross-audit and Diversity Editing (CDEdit). The proposed scheme distributes subdivided transaction-level and block-level tokens to the matching modifier committee to weaken the influence of central power. A number of modifiers are unpredictably selected based on reputation value proportions and the mapping of the consistent hash ring to enable diversity editing operations, and resist Sybil attacks. Meanwhile, an adaptive cross-auditing protocol is proposed to adjust the roles of modifiers and auditors dynamically. This protocol imposes a reputation penalty on the modifiers of illegal edits and solves the problems of abuse of editing privileges and collusion attacks. In addition, We used ciphertext policy attribute-based encryption (CP-ABE) and chameleon hashes with ephemeral trapdoor (CHET) for data modification, and present a system steps and security analysis of CDEdit. Finally, the extensive comparisons and evaluations show that our scheme costs less time overhead than other schemes and is suitable for complex application scenarios, e.g. IoT data management.

Recent modern era becomes a multi-user environment. It's hard to store and retrieve data in secure manner at the end user side is a hectic challenge. Difference of Cloud computing compare to Network Computing can be accessed from multiple company servers. Cloud computing makes the users and organization to opt their services. Due to effective growth of the Cloud Technology. Data security, Data Privacy key validation and tracing of user are severe concern. It is hard to trace malicious users who misuse the secrecy. To reduce the rate of misuse in secrecy user revocation is used. Audit Log helps in Maintaining the history of malicious user also helps in maintaining the data integrity in cloud. Cloud Monitoring Metrics helps in the evaluation survey study of different Metrics. In this paper we give an in depth survey about Back-end of cloud services their concerns and the importance of privacy in cloud, Privacy Mechanism in cloud, Ways to Improve the Privacy in cloud, Hazards, Cloud Computing Issues and Challenges we discuss the need of cryptography and a survey of existing cryptographic algorithms. We discuss about the auditing and its classifications with respect to comparative study. In this paper analyzed various encryption schemes and auditing schemes with several existing algorithms which help in the improvement of cloud services.

With increased awareness comes unprecedented expectations. We live in a digital, cloud era wherein the underlying information architectures are expected to be elastic, secure, resilient, and handle petabyte scaling. The expectation of epic proportions from the next generation of the data frameworks is to not only do all of the above but also build it on a foundation of trust and explainability across multi-organization business networks. From cloud providers to automobile industries or even vaccine manufacturers, components are often sourced by a complex, not full digitized thread of disjoint suppliers. Building Machine Learning and AI-based order fulfillment and predictive models, remediating issues, is a challenge for multi-organization supply chain automation. We posit that Federated Learning in conjunction with blockchain and smart contracts are technologies primed to tackle data privacy and centralization challenges. In this paper, motivated by challenges in the industry, we propose a decentralized distributed system in conjunction with a recommendation system model (Matrix Factorization) that is trained using Federated Learning on an Ethereum blockchain network. We leverage smart contracts that allow decentralized serverless aggregation to update local-ized items vectors. Furthermore, we utilize Homomorphic Encryption (HE) to allow sharing the encrypted gradients over the network while maintaining their privacy. Based on our results, we argue that training a model over a serverless Blockchain network using smart contracts will provide the same accuracy as in a centralized model while maintaining our serverless model privacy and reducing the overhead communication to a central server. Finally, we assert such a system that provides transparency, audit-ready and deep insights into supply chain operations for enterprise cloud customers resulting in cost savings and higher Quality of Service (QoS).

Internet of things (IoT) healthcare devices, like other IoT devices, typically use proprietary protocol communications. Usually, these proprietary protocols are not audited and may present security flaws. Further, new proprietary protocols are desgined in the field of IoT devices, like data-over-sound communications. Data-over-sound is a new method of communication based on audio with increasing popularity due to its low hardware requirements. Only a speaker and a microphone are needed instead of the specific antennas required by Bluetooth or Wi-Fi protocols. In this paper, we analyze, audit and reverse engineer a modern IoT healthcare device used for performing electrocardiograms (ECG). The audited device is currently used in multiple hospitals and allows remote health monitoring of a patient with heart disease. For this auditing, we follow a black-box reverse-engineering approach and used STRIDE threat analysis methodology to assess all possible attacks. Following this methodology, we successfully reverse the proprietary data-over-sound protocol used by the IoT healthcare device and subsequently identified several vulnerabilities associated with the device. These vulnerabilities were analyzed through several experiments to classify and test them. We were able to successfully manipulate ECG results and fake heart illnesses. Furthermore, all attacks identified do not need any patient interaction, being this a transparent process which is difficult to detect. Finally, we suggest several short-term solutions, centred in the device isolation, as well as long-term solutions, centred in involved encryption capabilities.

Automatic dependent surveillance-broadcast (ADS- B) records provide an important basis and evidence for future route planning and accountability. However, due to the lack of effective support for the integrity and confidentiality of ADS-B, the air traffic control (ATC) system based on ADS-B faces serious security threats. Once the data is tampered with, it will cause immeasurable losses to society. The ADS-B data is arranged in chronological order, and the order-preserving encryption method allows users to directly search for ciphertexts by time. However, encryption alone does not guarantee the integrity of the data. The attacker can still destroy the integrity of the data by modifying the ciphertext. This paper proposes a secure ADS- B protection scheme that supports queries. We construct a dynamic order-preserving encryption (DOPE) scheme to achieve data confidentiality and sequential search of target data in the ciphertext. In addition, the scheme achieves fast integrity checking by calculating the unique verification label of the entire ciphertext, and supports blockless verification, which means that all data does not need to be transmitted during the audit phase. In the meanwhile, the auditor can verify the integrity of multiple ADS-B documents at once, which improves the computational efficiency of the audit. We analyze the integrity and security of the scheme and proved that DOPE is indistinguishable under an ordered chosen-plaintext attack (IND-OCPA). Furthermore, we conclude through performance analysis that the communication overhead is constant and computation overhead is logarithmic level. The proposed scheme is applicable to all data arranged in order, such as hospital records arranged by date and so on. At the same time, ADS-B can be used for urban vehicle monitoring and is a basic means to realize smart transportation.

Cloud technology is advancing rapidly because of it’s capability to replace the traditional computing techniques. Cloud offers various kinds of services for the user that are being used. In this research paper, storage as a service provided by cloud is examined as the data of the owner is being shared to the cloud so we have to ensure that data integrity is being maintained. In order to have a robust mechanism that offers a secure pathway for sharing data different encryption algorithms have been utilized. We investigate all the suitable algorithms with various combinations because any single algorithm is prone to some kind of attack. Testing of these algorithms is done by analyzing the parameters such as time required for execution, use of computational resources, key management, etc. Finally the best one that stands and fulfill all the criteria in a reasonable manner is selected for the purpose of storage.

Blockchain is well known for its storage consistency, decentralization and tamper-proof, but the privacy disclosure and difficulty in auditing discourage the innovative application of blockchain technology. As compared to public blockchain and private blockchain, consortium blockchain is widely used across different industries and use cases due to its privacy-preserving ability, auditability and high transaction rate. However, the present co-audit of privacy-preserving data on consortium blockchain is inefficient. Private data is usually encrypted by a session key before being published on a consortium blockchain for privacy preservation. The session key is shared with transaction parties and auditors for their access. For decentralizing auditorial power, multiple auditors on the consortium blockchain jointly undertake the responsibility of auditing. The distribution of the session key to an auditor requires individually encrypting the session key with the public key of the auditor. The transaction initiator needs to be online when each auditor asks for the session key, and one encryption of the session key for each auditor consumes resources. This work proposes GAChain and applies group key agreement technology to efficiently co-audit privacy-preserving data on consortium blockchain. Multiple auditors on the consortium blockchain form a group and utilize the blockchain to generate a shared group encryption key and their respective group decryption keys. The session key is encrypted only once by the group encryption key and stored on the consortium blockchain together with the encrypted private data. Auditors then obtain the encrypted session key from the chain and decrypt it with their respective group decryption key for co-auditing. The group key generation is involved only when the group forms or group membership changes, which happens very infrequently on the consortium blockchain. We implement the prototype of GAChain based on Hyperledger Fabric framework. Our experimental studies demonstrate that GAChain improves the co-audit efficiency of transactions containing private data on Fabric, and its incurred overhead is moderate.

The power grid has high requirements for data security, and data security audit technology is facing challenges. Because the server in the power grid operating environment is considered untrustworthy and does not have the authority to obtain the secret key, the encrypted data cannot be parsed and the data processing ability of the data center is restricted. In response to the above problems, the power grid database encryption system was designed, and the access control module and the encryption module that should be written based on SQL statements were explained. The database encryption system was developed using the Java language and deployed in the cloud environment. Finally, the method was proved by experiments. feasibility.

Cloud based cyber physical system (CPS) enables individuals to store and share data collected from both cyberspace and the physical world. This leads to the proliferation of massive data at a user's local site. Since local storage systems can't store and maintain huge data, it is a wise and practical way to outsource such huge data to the cloud. Cloud storage provides scalable storage space to manage data economically and flexibly. However, the integrity of outsourced data is a critical challenge because user's lose control of their data once it's transferred to cloud servers. Several auditing schemes have been put forward based on public key infrastructure (PKI) or identity-based cryptography to verify data integrity. However, “the PKI-based schemes suffer from certificate management problem and identity-based schemes face the key escrow” problem. Therefore, to address these problems, certificateless public auditing schemes have been introduced on the basis of bilinear pairing, which incur high computation overhead, and thus it is not suitable for CPS. To reduce the computation overhead, in this paper, Using elliptic curve cryptography, we propose an efficient pairing-free certificateless public auditing scheme for cloud-based CPS. The proposed scheme is more secure against type I/II/III adversaries and efficient compared to other certificateless based schemes.

Information Security is a unified piece of information technology that has emerged as vibrant technology in the last two decades. To manage security, authentication assumes a significant part. Biometric is the physical unique identification as well as authentication for the third party. We have proposed the security model for preventing many attacks so we are used the innermost layer as a 3DES (Triple Encryption standard) cryptography algorithm that is providing 3- key protection as 64-bit and the outermost layer used the MD5 (Message Digest) algorithm. i. e. providing 128-bit protection as well as we is using fingerprint identification as physical security that is used in third-party remote integrity auditing. Remote data integrity auditing is proposed to ensure the uprightness of the information put away in the cloud. Data Storage of cloud services has expanded paces of acknowledgment because of their adaptability and the worry of the security and privacy levels. The large number of integrity and security issues that arise depends on the difference between the customer and the service provider in the sense of an external auditor. The remote data integrity auditing is at this point prepared to be viably executed. In the meantime, the proposed scheme is depending on identity-based cryptography, which works on the convoluted testament of the executives. The safety investigation and the exhibition assessment show that the planned property is safe and productive.

In a Leading field of Information Technology moreover make information Security a unified piece of it. To manage security, Authentication assumes a significant part. Biometric is the physical unique identification as well as Authentication for third party. We are proposed the Security model for preventing many attacks so we are used Inner most layer as a 3DES (Triple Encryption standard) Cryptography algorithm that is providing 3-key protection as 64-bit And the outer most layer used the MD5 (Message Digest) Algorithm. i. e. Providing 128 – bit protection. As well as we are using Fingerprint Identification as a physical Security that used in third party remote integrity auditing, and remote data integrity auditing is proposed to ensure the uprightness of the information put away in the cloud. Data Storage of cloud services has expanded paces of acknowledgment because of their adaptability and the worry of the security and privacy levels. The large number of integrity and security issues that arise depends on the difference between the customer and the service provider in the sense of an external auditor. The remote data integrity auditing is at this point prepared to be viably executed. In the meantime, the proposed scheme is depends on identity-based cryptography, which works on the convoluted testament the executives. The safety investigation and the exhibition assessment show that the planned property is safe and productive.

Cloud computing has included an essential part of its industry and statistics garage is the main service provided, where a huge amount of data can be stored in a virtual server. Storing data in public platforms may be vulnerable to threats. Consequently, the obligation of secure usage and holistic backup of statistics falls upon the corporation providers. Subsequently, an affordable and compliant mechanism of records auditing that permits groups to audit the facts stored in shared clouds whilst acting quick and trouble- unfastened healing might be a fairly sought-after cloud computing task concept. There is a lot of advantage in growing this domain and there is considerable precedence to follow from the examples of dropbox, google power among others.

As an important type of cloud data, digital provenance is arousing increasing attention on improving system performance. Currently, provenance has been employed to provide cues regarding access control and to estimate data quality. However, provenance itself might also be sensitive information. Therefore, provenance might be encrypted and stored in the Cloud. In this paper, we provide a mechanism to classify cloud documents by searching specific keywords from their encrypted provenance, and we prove our scheme achieves semantic security. In term of application of the proposed techniques, considering that files are classified to store separately in the cloud, in order to facilitate the regulation and security protection for the files, the classification policies can use provenance as conditions to determine the category of a document. Such as the easiest sample policy goes like: the documents have been reviewed twice can be classified as “public accessible”, which can be accessed by the public.

Vendors who wish to provide software or services to large corporations and governments must often obtain numerous certificates of compliance. Each certificate asserts that the software satisfies a compliance regime, like SOC or the PCI DSS, to protect the privacy and security of sensitive data. The industry standard for obtaining a compliance certificate is an auditor manually auditing source code. This approach is expensive, error-prone, partial, and prone to regressions. We propose continuous compliance to guarantee that the codebase stays compliant on each code change using lightweight verification tools. Continuous compliance increases assurance and reduces costs. Continuous compliance is applicable to any source-code compliance requirement. To illustrate our approach, we built verification tools for five common audit controls related to data security: cryptographically unsafe algorithms must not be used, keys must be at least 256 bits long, credentials must not be hard-coded into program text, HTTPS must always be used instead of HTTP, and cloud data stores must not be world-readable. We evaluated our approach in three ways. (1) We applied our tools to over 5 million lines of open-source software. (2) We compared our tools to other publicly-available tools for detecting misuses of encryption on a previously-published benchmark, finding that only ours are suitable for continuous compliance. (3) We deployed a continuous compliance process at AWS, a large cloud-services company: we integrated verification tools into the compliance process (including auditors accepting their output as evidence) and ran them on over 68 million lines of code. Our tools and the data for the former two evaluations are publicly available.

Optimization plays an important role in many problems that expect the accurate output. Security of the data stored in remote servers purely based on secret key which is used for encryption and decryption purpose. Many secret key generation algorithms such as RSA, AES are available to generate the key. The key generated by such algorithms are need to be optimized to provide more security to your data from unauthorized users as well as from the third party auditors(TPA) who is going to verify our data for integrity purpose. In this paper a method to optimize the secret key by using cuckoo search algorithm (CSA) is proposed.

Ciphertext policy Attribute-based encryption (CPABE) plays an increasingly important role in the field of fine-grained access control for cloud storage. However, The exiting solution can not balance the issue of user identity tracking and user revocation. In this paper, we propose a CP-ABE scheme that supports association revocation and traceability. This scheme uses identity directory technology to realize single user revocation and associated user revocation, and the ciphertext re-encryption technology guarantees the forward security of revocation without updating the private key. In addition, we can accurately trace the identity of the user according to the decryption private key and effectively solve the problem of key abuse. This scheme is proved to be safe and traceable under the standard model, and can effectively control the computational and storage costs while maintaining functional advantages. It is suitable for the practical scenarios of tracking audit and user revocation.

Cloud computing is a vast area within which large amounts of data are exchanged through cloud services and has fully grown with its on-demand technology. Due to these versatile cloud services, sensitive data will be stored on cloud storage servers and it is also used to dynamically control a number of problems: security, privacy, data privacy, data sharing, and integrity across cloud servers. Moreover, the legitimacy and control of data access should be maintained in this extended environment. So, one of the most important concepts of cryptographic techniques in cloud computing environment is Attribute Based Encryption (ABE). In this research work, data auditing or integrity checking is considered as an area of concern for securing th cloud storage. In data auditing approach, an auditor inspects and verifies the data file integrity without having any knowledge about the content of file and sends the verification report to the data owner. In this research, Elliptical Curve Modified RSA (ECMRSA) is proposed along with Modified MD5 algorithm which is used for attribute-based cloud data integrity verification, in which data user or owner uploads their encrypted data files at cloud data server and send the auditing request to the Third-Party Auditor (TPA) for verification of their data files. The Third-Party Auditor (TPA) challenges the data server for ensuring the integrity of data files on behalf of the data owners. After verification of integrity of data file auditor sends the audit report to the owner. The proposed algorithm integrates the auditing scheme with public key encryption with homomorphic algorithm which generates digital signature or hash values of data files on encrypted files. The result analysis is performed on time complexity by evaluating encryption time, GenProof time and VerifyProof Time and achieved improvement in resolving time complexity as compared to existing techiques.

Provable Data Possession (PDP) is one of the data security techniques to make sure that the data stored in the cloud storage exists. In PDP, the integrity of the data stored in the cloud storage is probabilistically verified by the user or a third-party auditor. In the conventional PDP, the user creates the metadata used for audition. From the viewpoint of user convenience, it is desirable to be able to audit without operations other than uploading. In other words, the challenge is to provide a transparent PDP that verifies the integrity of files according to the general cloud storage system model so as not to add operations to users. We propose a scheme in which the cloud generates the metadata used during verification, and the user only uploads files. It is shown that the proposed scheme is resistant to the forgery of cloud proof and the acquisition of data by a third-party auditor.