Biblio

The rapid development of blockchain application technology promotes continuous exploration in the field of computer application science. Although it is still in the initial stage of development, the technical features of blockchain technology such as decentralization, identity verification, tamper resistance, data integrity, and security are regarded as excellent solutions to today's computer security technical problems. In this paper, we will analyze and compare blockchain data storage and cloud data processing technologies, focusing on the concept and technology of blockchain distributed data storage technology, and analyze and summarize the key issues. The results of this paper will provide a useful reference for the application and research of blockchain technology in cloud storage security.

Cyber-attacks against cloud storage infrastructure e.g. Amazon S3 and Google Cloud Storage, have increased in recent years. One reason for this development is the rising adoption of cloud storage for various purposes. Robust counter-measures are therefore required to tackle these attacks especially as traditional techniques are not appropriate for the evolving attacks. We propose a two-pronged approach to address these challenges in this paper. The first approach involves dynamic snapshotting and recovery strategies to detect and partially neutralize security events. The second approach builds on the initial step by automatically correlating the generated alerts with cloud event log, to extract actionable intelligence for incident response. Thus, malicious activities are investigated, identified and eliminated. This approach is implemented in SlingShot, a cloud threat detection and incident response system which extends our earlier work - CSBAuditor, which implements the first step. The proposed techniques work together in near real time to mitigate the aforementioned security issues on Amazon Web Services (AWS) and Google Cloud Platform (GCP). We evaluated our techniques using real cloud attacks implemented with static and dynamic methods. The average Mean Time to Detect is 30 seconds for both providers, while the Mean Time to Respond is 25 minutes and 90 minutes for AWS and GCP respectively. Thus, our proposal effectively tackles contemporary cloud attacks.

Cloud Storage Service(CSS) provides unbounded, robust file storage capability and facilitates for pay-per-use and collaborative work to end users. But due to security issues like lack of confidentiality, malicious insiders, it has not gained wide spread acceptance to store sensitive information. Researchers have proposed proxy re-encryption schemes for secure data sharing through cloud. Due to advancement of computing technologies and advent of quantum computing algorithms, security of existing schemes can be compromised within seconds. Hence there is a need for designing security schemes which can be quantum computing resistant. In this paper, a secure file sharing scheme through cloud storage using proxy re-encryption technique has been proposed. The proposed scheme is proven to be chosen ciphertext secure(CCA) under hardness of ring-LWE, Search problem using random oracle model. The proposed scheme outperforms the existing CCA secure schemes in-terms of re-encryption time and decryption time for encrypted files which results in an efficient file sharing scheme through cloud storage.

Outsourcing data storage and IT workloads to a third-party cloud provider introduces some security risks and time performance degradation. Moreover, controlling access to this data becomes very difficult when the volume of the data and number of users is very high. Various access control techniques have been proposed to address this issue. However, those techniques have complex schemes which are costly to be applied in real scenarios and they have limited flexibility and scalability to large volumes of data and users. In this paper we propose ESSAC which is an enhanced version of the SSAC scheme. ESSAC introduces a fine-grained access control scheme based on a classified Attribute Based Encryption, Role Based Encryption and Single Key Encryption methodology which achieves highest security without degrading the performance. We validate our scheme using a simulation on top of Amazon S3 and compare it to current schemes.

Securing their critical documents on the cloud from data threats is a major challenge faced by organizations today. Controlling and limiting access to such documents requires a robust and trustworthy access control mechanism. In this paper, we propose a semantically rich access control system that employs an access broker module to evaluate access decisions based on rules generated using the organizations confidentiality policies. The proposed system analyzes the multi-valued attributes of the user making the request and the requested document that is stored on a cloud service platform, before making an access decision. Furthermore, our system guarantees an end-to-end oblivious data transaction between the organization and the cloud service provider using oblivious storage techniques. Thus, an organization can use our system to secure their documents as well as obscure their access pattern details from an untrusted cloud service provider.

The objective of this paper is to outline the design specification, implementation and evaluation of a proposed accelerated encryption framework which deploys both homomorphic and symmetric-key encryptions to serve the privacy preserving processing; in particular, as a sub-system within the Privacy Preserving Speech Processing framework architecture as part of the PPSP-in-Cloud Platform. Following a preliminary study of GPU efficiency gains optimisations benchmarked for AES implementation we have addressed and resolved the Big Integer processing challenges in parallel implementation of bilinear pairing thus enabling the creation of partially homomorphic encryption schemes which facilitates applications such as speech processing in the encrypted domain on the cloud. This novel implementation has been validated in laboratory tests using a standard speech corpus and can be used for other application domains to support secure computation and privacy preserving big data storage/processing in the cloud.

Cloud storage has been gaining in popularity as an on-line service for archiving, backup, and even primary storage of files. However, due to the data outsourcing, cloud storage also introduces new security challenges, which require a data audit and data repair service to ensure data availability and data integrity in the cloud. In this paper, we present the design and implementation of a network-coding-based Proof Of Retrievability scheme called ELAR, which achieves a lightweight data auditing and data repairing. In particular, we support direct repair mechanism in which the client can be free from the data repair process. Simultaneously, we also support the task of allowing a third party auditor (TPA), on behalf of the client, to verify the availability and integrity of the data stored in the cloud servers without the need of an asymmetric-key setting. The client is thus also free from the data audit process. TPA uses spot-checking which is a very efficient probabilistic method for checking a large amount of data. Extensive security and performance analysis show that the proposed scheme is highly efficient and provably secure.