Biblio

The availability of FPGAs in cloud data centers offers rapid, on-demand access to hardware compute resources that users can configure to their own needs. However, the low-level access to the hardware FPGA and associated resources such as PCIe, SSD, or DRAM also opens up threats of malicious attackers uploading designs that are able to infer information about other users or about the cloud infrastructure itself. In particular, this work presents a new, fast PCIe-contention-based channel that is able to transmit data between different FPGA-accelerated virtual machines with bandwidths reaching 2 kbps with 97% accuracy. This paper further demonstrates that the PCIe receiver circuits are able to not just receive covert transmissions, but can also perform fine-grained monitoring of the PCIe bus or detect different types of activities from other users' FPGA-accelerated virtual machines based on their PCIe traffic signatures. Beyond leaking information across different virtual machines, the ability to monitor the PCIe bandwidth over hours or days can be used to estimate the data center utilization and map the behavior of the other users. The paper also introduces further novel threats in FPGA-accelerated instances, including contention due to shared NVMe SSDs as well as thermal monitoring to identify FPGA co-location using the DRAM modules attached to the FPGA boards. This is the first work to demonstrate that it is possible to break the separation of privilege in FPGA-accelerated cloud environments, and highlights that defenses for public clouds using FPGAs need to consider PCIe, SSD, and DRAM resources as part of the attack surface that should be protected.

With meteoric advancement in quantum computing, the traditional data integrity verifying schemes are no longer safe for cloud data storage. A large number of the current techniques are dependent on expensive Public Key Infrastructure (PKI). They cost computationally and communicationally heavy for verification which do not stand with the advantages when quantum computing techniques are applied. Hence, a quantum safe and efficient integrity verification protocol is a research hotspot. Lattice-based signature constructions involve matrix-matrix or matrix vector multiplications making computation competent, simple and resistant to quantum computer attacks. Study in this paper uses Bloom Filter which offers high efficiency in query and search operations. Further, we propose an Identity-Based Integrity Verification (IBIV) protocol for cloud storage from Lattice and Bloom filter. We focus on security against attacks from Cloud Service Provider (CSP), data privacy attacks against Third Party Auditor (TPA) and improvement in efficiency.

In the current network security situation, the types of network threats are complex and changeable. With the development of the Internet and the application of information technology, the general trend is opener. Important data and important business applications will face more serious security threats. However, with the development of cloud computing technology, the trend of large-scale deployment of important business applications in cloud centers has greatly increased. The development and use of software-defined networks in cloud data centers have greatly reduced the effect of traditional network security boundary protection. How to find an effective way to protect important applications in open multi-step large-scale cloud data centers is a problem we need to solve. Threat intelligence has become an important means to solve complex network attacks, realize real-time threat early warning and attack tracking because of its ability to analyze the threat intelligence data of various network attacks. Based on the research of threat intelligence, machine learning, cloud central network, SDN and other technologies, this paper proposes an active defense method of network security based on threat intelligence for super-large cloud data centers.

The main purpose to ensure the security for confidential medical data is to develop and implement the architecture of a medical cloud system, for storage, systematization, and processing of survey results (for example EEG) jointly with an algorithm for ensuring the protection of confidential data based on a fully homomorphic cryptosystem. The most optimal algorithm based on the test results (analysis of the time of encryption, decryption, addition, multiplication, the ratio of the signal-to-noise of the ciphertext to the open text), has been selected between two potential applicants for using (BFV and CKKS schemes). As a result, the CKKS scheme demonstrates maximal effectiveness in the context of the criticality of the requirements for an important level of security.

With the development of cloud computing technology, cloud services have been used by more and more traditional applications and products because of their unique advantages such as virtualization, high scalability and universality. In the cloud computing environment, computer networks often encounter security problems such as external attacks, hidden dangers in the network and hidden dangers in information sharing. The network security level protection system is the basic system of national network security work, which is the fundamental guarantee for promoting the healthy development of informatization and safeguarding national security, social order and public interests. This paper studies cloud computing security from the perspective of level protection, combining with the characteristics of cloud computing security. This scheme is not only an extension of information system level protection, but also a study of cloud computing security, aiming at cloud computing security control from the perspective of level protection.

Distributed Denial of service attack(DDoS)is a network security attack and now the attackers intruded into almost every technology such as cloud computing, IoT, and edge computing to make themselves stronger. As per the behaviour of DDoS, all the available resources like memory, cpu or may be the entire network are consumed by the attacker in order to shutdown the victim`s machine or server. Though, the plenty of defensive mechanism are proposed, but they are not efficient as the attackers get themselves trained by the newly available automated attacking tools. Therefore, we proposed a classification based machine learning approach for detection of DDoS attack in cloud computing. With the help of three classification machine learning algorithms K Nearest Neighbor, Random Forest and Naive Bayes, the mechanism can detect a DDoS attack with the accuracy of 99.76%.

With the vigorous development of the Internet and the widespread popularity of smart devices, the amount of data it generates has also increased exponentially, which has also promoted the generation and development of cloud computing and big data. Given cloud computing and big data technology, cloud storage has become a good solution for people to store and manage data at this stage. However, when cloud storage manages and regulates massive amounts of data, its security issues have become increasingly prominent. Aiming at a series of security problems caused by a malicious user's illegal operation of cloud storage and the loss of all data, this paper proposes a threshold signature scheme that is signed by a private key composed of multiple users. When this method performs key operations of cloud storage, multiple people are required to sign, which effectively prevents a small number of malicious users from violating data operations. At the same time, the threshold signature method in this paper uses a double update factor algorithm. Even if the attacker obtains the key information at this stage, he can not calculate the complete key information before and after the time period, thus having the two-way security and greatly improving the security of the data in the cloud storage.

Aiming at the working mechanism of optical backbone network, based on the theory of complex network, the invulnerability evaluation index of optical backbone network is extracted from the physical topology of optical backbone network and the degree of bandwidth satisfaction, finally, the invulnerability evaluation model of optical backbone network is established. At the same time, the evaluation model is verified and analyzed with specific cases, through the comparison of 4 types of attack, the results show that the number of deliberate point attacks ( DP) is 16.7% lower than that of random point attacks ( RP) when the critical collapse state of the network is reached, and the number of deliberate edge attacks ( DE) is at least 10.4% lower than that of random edge attacks ( RE). Therefore, evaluating the importance of nodes and edges and strengthening the protection of key nodes and edges can help optical network effectively resist external attacks and significantly improve the anti-damage ability of optical network, which provides theoretical support for the anti-damage evaluation of optical network and has certain practical significance for the upgrade and reconstruction of optical network.

Cloud computing is a modern computing mode based on network, which is widely participated by the public, and provides virtualized dynamic computing resources in the form of services. Cloud computing builds an effective communication platform with the help of computer internet, so that users can get the same computing resources even if they are in different areas. With its unique technical characteristics and advantages, cloud computing has been deployed to practical applications more and more, and the consequent security problems of cloud computing have become increasingly prominent. In addition to the original cloud computing environment, this paper proposes to build a secure cloud with cloud technology, deploy security agents in the business cloud, connect the business cloud, security cloud and security agents through SDN (software defined network) technology, and dynamically divide the business cloud into logically isolated business areas through security agents. Therefore, security is separated from the specific implementation technology and deployment scheme of business cloud, and an information security protection scheme under cloud computing environment is proposed according to the characteristics of various factors, so as to enhance the security of network information.

Industrial Internet is widely used in the production field. As the openness of networks increases, industrial networks facing increasing security risks. Information and communication technologies are now available for most industrial manufacturing. This industry-oriented evolution has driven the emergence of cloud systems, the Internet of Things (IoT), Big Data, and Industry 4.0. However, new technologies are always accompanied by security vulnerabilities, which often expose unpredictable risks. Industrial safety has become one of the most essential and challenging requirements. In this article, we highlight the serious challenges facing Industry 4.0, introduce industrial security issues and present the current awareness of security within the industry. In this paper, we propose solutions for the anomaly detection and defense of the industrial Internet based on the demand characteristics of network security, the main types of intrusions and their vulnerability characteristics. The main work is as follows: This paper first analyzes the basic network security issues, including the network security needs, the security threats and the solutions. Secondly, the security requirements of the industrial Internet are analyzed with the characteristics of industrial sites. Then, the threats and attacks on the network are analyzed, i.e., system-related threats and process-related threats; finally, the current research status is introduced from the perspective of network protection, and the research angle of this paper, i.e., network anomaly detection and network defense, is proposed in conjunction with relevant standards. This paper proposes a software-defined network (SDN)-based industrial Internet security gateway for the security protection of the industrial Internet. Since there are some known types of attacks in the industrial network, in order to fully exploit the effective information, we combine the ExtratreesClassifier to enhance the detection rate of anomaly detection. In order to verify the effectiveness of the algorithm, this paper simulates an industrial network attack, using the acquired training data for testing. The test data are industrial network traffic datasets, and the experimental results show that the algorithm is suitable for anomaly detection in industrial networks.

Scientific applications built on wide-area distributed systems such as emerging cloud based architectures and the legacy grid computing infrastructure often struggle with user adoption even though they succeed from a systems research perspective. This paper examines the coupling of user-centered design processes with modern distributed systems. Further in this paper, we describe approaches for conceptualizing a product that solves a recognized need: to develop a data gateway to serve the data management and research needs of experimentalists of electron microscopes and similar shared scientific instruments in the context of a research service laboratory. The purpose of the data gateway is to provide secure, controlled access to data generated from a wide range of scientific instruments. From the functional perspective, we focus on the basic processing of raw data that underlies the lab's "business" processes, the movement of data from the laboratory to central access and archival storage points, and the distribution of data to respective authorized users. Through the gateway interface, users will be able to share the instrument data with collaborators or copy it to remote storage servers. Basic pipelines for extracting additional metadata (through a pluggable parser framework) will be enabled. The core contribution described in this paper, building on the aforementioned distributed data management capabilities, is the adoption of user-centered design processes for developing the scientific user interface. We describe the user-centered design methodology for exploring user needs, iteratively testing the design, learning from user experiences, and adapting what we learn to improve design and capabilities. We further conclude that user-centered design is, in turn, best enabled by an adaptable distributed systems framework. A key challenge to implementing a user-centered design is to have design tools closely linked with a software system architecture that can evolve over time while providing a highly available data gateway. A key contribution of this paper is to share the insights from crafting such an evolvable design-build-evaluate-deploy architecture and plans for iterative development and deployment.

The main aim of this report is to find how data security can be improved in a cloud environment using the remote data auditing technique. The research analysis of the existing journal articles that are peer-reviewed Q1 level of articles is selected to perform the analysis.The main taxonomy that is proposed in this project is being data, auditing, monitoring, and output i.e., DAMO taxonomy that is used and includes these components. The data component would include the type of data; the auditing would ensure the algorithm that would be used at the backend and the storage would include the type of database as single or the distributed server in which the data would be stored.As a result of this research, it would help understand how the data can be ensured to have the required level of privacy and security when the third-party database vendors would be used by the organizations to maintain their data. Since most of the organizations are looking to reduce their burden of the local level of data storage and to reduce the maintenance by the outsourcing of the cloud there are still many issues that occur when there comes the time to check if the data is accurate or not and to see if the data is stored with resilience. In such a case, there is a need to use the Remote Data Auditing techniques that are quite helpful to ensure that the data which is outsourced is reliable and maintained with integrity when the information is stored in the single or the distributed servers.

With the popularity of cloud computing, cloud storage technology has also been widely used. Among them, data integrity verification is a hot research topic. At present, the realization of public auditing has become the development trend of integrity verification. Most existing public auditing schemes rarely consider some indispensable functions at the same time. Thus, in this paper, we propose a comprehensive public auditing scheme (PDBPA) that can simultaneously realize data block privacy protection, data dynamics, and multi- user batch auditing. Our PDBPA scheme is implemented in bilinear pairing. By adding random masking in the audit phase, with the help of the characteristics of homomorphic verifiable tags (HVTs), it can not only ensure that the TPA performs the audit work correctly, but also prevent it from exploring the user’s sensitive data. In addition, by utilizing the modified index hash table (MIHT), data dynamics can be effectively achieved. Furthermore, we provide a specific process for the TPA to perform batch audits for multiple users. Moreover, we formally prove the security of the scheme; while achieving the audit correctness, it can resist three types of attacks.

The main objective of the proposed work is to build a reliable and secure architecture for cloud servers where users may safely store and transfer their data. This platform ensures secure communication between the client and the server during data transfer. Furthermore, it provides a safe method for sharing and transferring files from one person to another. As a result, for ensuring safe data on cloud servers, this research work presents a secure architecture combining three DNA cryptography, HMAC, and a third party Auditor. In order to provide security by utilizing various strategies, a number of traditional and novel cryptographic methods are investigated. In the first step, data will be encrypted with the help of DNA cryptography, where the encoded document will be stored in the cloud server. In next step, create a HMAC value of encrypted file, which was stored on cloud by using secret key and sends to TPA. In addition, Third Party Auditor is used for authenticate the purity of stored documents in cloud at the time of verification TPA also create HMAC value from Cloud stored data and verify it. DNA-based cryptographic technique, hash based message authentic code and third party auditor will provide more secured framework for data security and integrity in cloud server.

Nowadays cloud computing has become the crucial part of IT and most important thing is information security in cloud environment. Range of users can access the facilities and use cloud according to their feasibility. Cloud computing is utilized as safe storage of information but still data security is the biggest concern, for example, secrecy, data accessibility, data integrity is considerable factor for cloud storage. Cloud service providers provide the facility to clients that they can store the data on cloud remotely and access whenever required. Due to this facility, it gets necessary to shield or cover information from unapproved access, hackers or any sort of alteration and malevolent conduct. It is inexpensive approach to store the valuable information and doesn't require any hardware and software to hold the data. it gives excellent work experience but main measure is just security. In this work security strategies have been proposed for cloud data protection, capable to overpower the shortcomings of conventional data protection algorithms and enhancing security using steganography algorithm, encryption decryption techniques, compression and file splitting technique. These techniques are utilized for effective results in data protection, Client can easily access our developed desktop application and share the information in an effective and secured way.

IoT systems commonly rely on cloud services. However, utilizing cloud providers can be problematic in terms of data security. Data stored in the cloud need to be secured from unauthorized malicious nodes and from the cloud providers themselves. Using a simple symmetric cipher can encrypt the data before uploading and decrypt it while retrieving. However, such a solution can be only applied between two parties with no support for multiple nodes. Whereas in IoT scenarios, many smart devices communicate and share data with each other. This paper proposes a solution that tackles the issue of sharing data securely between IoT devices by implementing a system that allows secure sharing of encrypted data in untrusted clouds. The implementation of the system performs the computation on connectionless clients with no involvement of the cloud server nor any third party. The cloud server is only used as a passive storage server. Analysis of the implemented prototype demonstrates that the system can be used in real-life applications with relatively small overhead. Based on the used hardware, key generation takes about 60 nanoseconds and the storage overhead is only a few kilobytes for large number of files and/or users.

Security, efficiency and availability are three key factors that affect the application of searchable encryption schemes in mobile cloud computing environments. In order to meet the above characteristics, this paper proposes a certificateless public key encryption with a keyword search (CLPEKS) scheme. In this scheme, a CLPEKS generation method and a Trapdoor generation method are designed to support multiple receivers to query. Based on the elliptic curve scalar multiplication, the efficiencies of encrypting keywords, generating Trapdoors, and testing are improved. By adding a random number factor to the Trapdoor generation, the scheme can resist the internal keyword guessing attacks. Under the random oracle model, it is proved that the scheme can resist keyword guessing attacks. Theoretical analyses and implementation show that the proposed scheme is more efficient than the existing schemes.

Dynamic searchable symmetric encryption (DSSE) that enables a client to perform searches and updates on encrypted data has been intensively studied in cloud computing. Recently, forward privacy and backward privacy has engaged significant attention to protect DSSE from the leakage of updates. However, the research in this field almost focused on keyword-level updates. That is, the client needs to know the keywords of the documents in advance. In this paper, we proposed a document-level update scheme, DBP, which supports immediate deletion while guaranteeing forward privacy and backward privacy. Compared with existing forward and backward private DSSE schemes, our DBP scheme has the following merits: 1) Practicality. It achieves deletion based on document identifiers rather than document/keyword pairs; 2) Efficiency. It utilizes only lightweight primitives to realize backward privacy while supporting immediate deletion. Experimental evaluation on two real datasets demonstrates the practical efficiency of our scheme.

Cloud computing is a technology that provides users with a large storage space and an enormous computing power. For privacy purpose, the sensitive data should be encrypted before being outsourced to the cloud. To search over the outsourced data, searchable encryption (SE) schemes have been proposed in the literature. An SE scheme should perform searches over encrypted data without causing any sensitive information leakage. To this end, a few security constraints were elaborated to guarantee the security of the SE schemes, namely, the keyword privacy, the trapdoor unlinkability, and the access pattern. The latter is very hard to be respected and most approaches fail to guarantee the access pattern constraint when performing a search. This constraint consists in hiding from the server the search result returned to the user. The non respect of this constraint may cause sensitive information leakage as demonstrated in the literature. To fix this security lack, we propose a method that allows to securely request and receive the needed documents from the server after performing a search. The proposed method that we call the access pattern hiding (APH) technique allows to respect the access pattern constraint. An experimental study is conducted to validate the APH technique.

With the widespread application of cloud computing technology, data privacy security problem becomes more serious. The recent studies related to searchable encryption (SE) area have shown that the data owners can share their private data with efficient search function and high-strength security. However, the search method has yet to be perfected, compared with the plaintext search mechanism. In this paper, based LSSS matrix, we give a new searchable algorithm, which is suitable for many search method, such as exact search, Boolean search and range search. In order to improve the search efficiency, the 0, 1-coding theory is introduced in the process of ciphertext search. Meanwhile it is shown that multi-search mechanism can improve the efficiency of data sharing. Finally, the performance analysis is presented, which prove our scheme is secure, efficient, and human-friendly.

To ensure a secure Cloud-based Electronic Health Record (EHR) system, we need to encrypt data and impose field-level access control to prevent malicious usage. Since the attributes of the Users will change with time, the encryption policies adopted may also vary. For large EHR systems, it is often necessary to search through the encrypted data in realtime and perform client-side computations without decrypting all patient records. This paper describes our novel cloud-based EHR system that uses Attribute Based Encryption (ABE) combined with Semantic Web technologies to facilitate differential access to an EHR, thereby ensuring only Users with valid attributes can access a particular field of the EHR. The system also includes searchable encryption using keyword index and search trapdoor, which allows querying EHR fields without decrypting the entire patient record. The attribute revocation feature is efficiently managed in our EHR by delegating the revision of the secret key and ciphertext to the Cloud Service Provider (CSP). Our methodology incorporates advanced security features that eliminate malicious use of EHR data and contributes significantly towards ensuring secure digital health systems on the Cloud.

Cloud computing has helped in managing big data and providing resources remotely and ubiquitously, but it has some latency and security concerns. Fog has provided tremendous advantages over cloud computing which include low latency rate, improved real-time interactions, reduced network traffic overcrowding, and improved reliability, however, security concerns need to be addressed separately. Another major issue in the cloud is Cloud Lock-in/Vendor Lock-in. Through this research, an effort has been made to extend fog computing and Searchable Encryption technologies. The proposed system can reduce the issue of cloud lock-in faced in traditional cloud computing. The SE schemes used in this paper are Symmetric Searchable Encryption (SSE) and Multi-keyword Ranked Searchable Encryption (MRSE) to achieve confidentiality, privacy, fine-grained access control, and efficient keyword search. This can help to achieve better access control and keyword search simultaneously. An important use of this technique is it helps to prevent the issue of cloud/vendor lock-in. This can shift some computation and storage of index tables over fog nodes that will reduce the dependency on Cloud Service Providers (CSPs).

In order to solve the problem of difficult verification of query results in searchable encryption, we used the idea of Shamir-secret sharing, combined with game theory, to construct a randomly verifiable multi-cloud server searchable encryption scheme to achieve the correctness of the query results in the cloud storage environment verify. Firstly, we using the Shamir-secret sharing technology, the encrypted data is stored on each independent server to construct a multi-cloud server model to realize the secure distributed storage and efficient query of data. Secondly, combined with game theory, a game tree of query server and verification server is constructed to ensure honesty while being efficient, and solve the problem of difficulty in returning search results to verify under the multi-cloud server model. Finally, security analysis and experimental analysis show that this solution effectively protects data privacy while significantly reducing retrieval time.

With the advancement in the growth of Internet-of-Things (IoT), its number of applications has also increased such as in healthcare, smart cities, vehicles, industries, household appliances, and Smart Grids (SG). One of the major applications of IoT is the SG and smart meter which consists of a large number of internet-connected sensors and can communicate bi-directionally in real-time. The SG network involves smart meters, data collectors, generators, and sensors connected with the internet. SG networks involve the generation, distribution, transmission, and consumption of electrical power supplies. It consists of Household Area Network (HAN), and Neighborhood Area Network (NAN) for communication. Smart meters can communicate bidirectionally with consumers and provide real-time information to utility offices. But this communication channel is a wide-open network for data transmission. Therefore, it makes the SG network and smart meter vulnerable to outside hacker and various Cyber-Physical System (CPS) attacks such as False Data Injection (FDI), inserting malicious data, erroneous data, manipulating the sensor reading values. Here cryptography techniques can play a major role along with the private blockchain model for secure data transmission in smart meters. Hence, to overcome these existing issues and challenges in smart meter communication we have proposed a blockchain-based system model for secure communication along with a novel Advanced Elliptic Curve Cryptography Digital Signature (AECCDS) algorithm in Fog Computing (FC) environment. Here FC nodes will work as miners at the edge of smart meters for secure and real-time communication. The algorithm is implemented using iFogSim, Geth version 1.9.25, Ganache, Truffle for compiling smart contracts, Anaconda (Python editor), and ATOM as language editor for the smart contracts.

The integration of IDS and Internet of Things (IoT) with deep learning plays a significant role in safety. Security has a strong role to play. Application of the IoT network decreases the time complexity and resources. In the traditional intrusion detection systems (IDS), this research work implements the cutting-edge methodologies in the IoT environment. This research is based on analysis, conception, testing and execution. Detection of intrusions can be performed by using the advanced deep learning system and multiagent. The NSL-KDD dataset is used to test the IoT system. The IoT system is used to test the IoT system. In order to detect attacks from intruders of transport layer, efficiency result rely on advanced deep learning idea. In order to increase the system performance, multi -agent algorithms could be employed to train communications agencies and to optimize the feedback training process. Advanced deep learning techniques such as CNN will be researched to boost system performance. The testing part an IoT includes data simulator which will be used to generate in continuous of research work finding with deep learning algorithms of suitable IDS in IoT network environment of current scenario without time complexity.