With cloud computing,large chunks of data can be handled at a small cost.However,there are some reservations regarding the security and privacy of cloud data stored.For solving these issues and enhancing cloud computi...With cloud computing,large chunks of data can be handled at a small cost.However,there are some reservations regarding the security and privacy of cloud data stored.For solving these issues and enhancing cloud computing security,this research provides a Three-Layered Security Access model(TLSA)aligned to an intrusion detection mechanism,access control mechanism,and data encryption system.The TLSA underlines the need for the protection of sensitive data.This proposed approach starts with Layer 1 data encryption using the Advanced Encryption Standard(AES).For data transfer and storage,this encryption guarantees the data’s authenticity and secrecy.Surprisingly,the solution employs the AES encryption algorithm to secure essential data before storing them in the Cloud to minimize unauthorized access.Role-based access control(RBAC)implements the second strategic level,which ensures specific personnel access certain data and resources.In RBAC,each user is allowed a specific role and Permission.This implies that permitted users can access some data stored in the Cloud.This layer assists in filtering granular access to data,reducing the risk that undesired data will be discovered during the process.Layer 3 deals with intrusion detection systems(IDS),which detect and quickly deal with malicious actions and intrusion attempts.The proposed TLSA security model of e-commerce includes conventional levels of security,such as encryption and access control,and encloses an insight intrusion detection system.This method offers integrated solutions for most typical security issues of cloud computing,including data secrecy,method of access,and threats.An extensive performance test was carried out to confirm the efficiency of the proposed three-tier security method.Comparisons have been made with state-of-art techniques,including DES,RSA,and DUAL-RSA,keeping into account Accuracy,QILV,F-Measure,Sensitivity,MSE,PSNR,SSIM,and computation time,encryption time,and decryption time.The proposed TLSA method provides an accuracy of 89.23%,F-Measure of 0.876,and SSIM of 0.8564 at a computation time of 5.7 s.A comparison with existing methods shows the better performance of the proposed method,thus confirming the enhanced ability to address security issues in cloud computing.展开更多
Despite the multifaceted advantages of cloud computing,concerns about data leakage or abuse impedes its adoption for security-sensi tive tasks.Recent investigations have revealed that the risk of unauthorized data acc...Despite the multifaceted advantages of cloud computing,concerns about data leakage or abuse impedes its adoption for security-sensi tive tasks.Recent investigations have revealed that the risk of unauthorized data access is one of the biggest concerns of users of cloud-based services.Transparency and accountability for data managed in the cloud is necessary.Specifically,when using a cloudhost service,a user typically has to trust both the cloud service provider and cloud infrastructure provider to properly handling private data.This is a multi-party system.Three particular trust models can be used according to the credibility of these providers.This pa per describes techniques for preventing data leakage that can be used with these different models.展开更多
The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in ...The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in cloud storage systems.A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption(MPRE-CPABE) is proposed for cloud storage systems.MPRE-CPABE requires data owner to split each file into two blocks,one big block and one small block.The small block is used to encrypt the big one as the private key,and then the encrypted big block will be uploaded to the cloud storage system.Even if the uploaded big block of file is stolen,illegal users cannot get the complete information of the file easily.Ciphertext-policy attribute-based encryption(CPABE)is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right.MPRE-CPABE applies CPABE to the multi-authority cloud storage system,and solves the above issues.The weighted access structure(WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments,and reduce the computational cost of key distribution.Meanwhile,MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation.Experiments are implemented on platforms of Ubuntu and CloudSim.Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right.MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman(DBDH).展开更多
基金funded by UKRI EPSRC Grant EP/W020408/1 Project SPRITE+2:The Security,Privacy,Identity and Trust Engagement Network plus(phase 2)for this studyThe authors also have been funded by PhD project RS718 on Explainable AI through UKRI EPSRC Grant funded Doctoral Training Centre at Swansea University.
文摘With cloud computing,large chunks of data can be handled at a small cost.However,there are some reservations regarding the security and privacy of cloud data stored.For solving these issues and enhancing cloud computing security,this research provides a Three-Layered Security Access model(TLSA)aligned to an intrusion detection mechanism,access control mechanism,and data encryption system.The TLSA underlines the need for the protection of sensitive data.This proposed approach starts with Layer 1 data encryption using the Advanced Encryption Standard(AES).For data transfer and storage,this encryption guarantees the data’s authenticity and secrecy.Surprisingly,the solution employs the AES encryption algorithm to secure essential data before storing them in the Cloud to minimize unauthorized access.Role-based access control(RBAC)implements the second strategic level,which ensures specific personnel access certain data and resources.In RBAC,each user is allowed a specific role and Permission.This implies that permitted users can access some data stored in the Cloud.This layer assists in filtering granular access to data,reducing the risk that undesired data will be discovered during the process.Layer 3 deals with intrusion detection systems(IDS),which detect and quickly deal with malicious actions and intrusion attempts.The proposed TLSA security model of e-commerce includes conventional levels of security,such as encryption and access control,and encloses an insight intrusion detection system.This method offers integrated solutions for most typical security issues of cloud computing,including data secrecy,method of access,and threats.An extensive performance test was carried out to confirm the efficiency of the proposed three-tier security method.Comparisons have been made with state-of-art techniques,including DES,RSA,and DUAL-RSA,keeping into account Accuracy,QILV,F-Measure,Sensitivity,MSE,PSNR,SSIM,and computation time,encryption time,and decryption time.The proposed TLSA method provides an accuracy of 89.23%,F-Measure of 0.876,and SSIM of 0.8564 at a computation time of 5.7 s.A comparison with existing methods shows the better performance of the proposed method,thus confirming the enhanced ability to address security issues in cloud computing.
基金supported by National Basic Research (973) Program of China (2011CB302505)Natural Science Foundation of China (61373145, 61170210)+1 种基金National High-Tech R&D (863) Program of China (2012AA012600,2011AA01A203)Chinese Special Project of Science and Technology (2012ZX01039001)
文摘Despite the multifaceted advantages of cloud computing,concerns about data leakage or abuse impedes its adoption for security-sensi tive tasks.Recent investigations have revealed that the risk of unauthorized data access is one of the biggest concerns of users of cloud-based services.Transparency and accountability for data managed in the cloud is necessary.Specifically,when using a cloudhost service,a user typically has to trust both the cloud service provider and cloud infrastructure provider to properly handling private data.This is a multi-party system.Three particular trust models can be used according to the credibility of these providers.This pa per describes techniques for preventing data leakage that can be used with these different models.
基金supported by the National Natural Science Foundation of China(6120200461472192)+1 种基金the Special Fund for Fast Sharing of Science Paper in Net Era by CSTD(2013116)the Natural Science Fund of Higher Education of Jiangsu Province(14KJB520014)
文摘The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in cloud storage systems.A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption(MPRE-CPABE) is proposed for cloud storage systems.MPRE-CPABE requires data owner to split each file into two blocks,one big block and one small block.The small block is used to encrypt the big one as the private key,and then the encrypted big block will be uploaded to the cloud storage system.Even if the uploaded big block of file is stolen,illegal users cannot get the complete information of the file easily.Ciphertext-policy attribute-based encryption(CPABE)is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right.MPRE-CPABE applies CPABE to the multi-authority cloud storage system,and solves the above issues.The weighted access structure(WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments,and reduce the computational cost of key distribution.Meanwhile,MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation.Experiments are implemented on platforms of Ubuntu and CloudSim.Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right.MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman(DBDH).
