A secured storage and privacy-preserving model using CRT for providing security on cloud and IoT-based applications
Introduction
In recent years, the novelties of cloud computing techniques are growing significantly due to the rapid development of cloud users and their expectations. Resource sharing is a key feature of cloud computing that is also needed for the IoT environment. The cloud is a geographically independent platform which is able to support the cloud users for accessing the cloud data and resources from any place/any device via internet. Similarly, the IoT devices are also can access the data and resource from any location. The available cloud features like elasticity, ubiquitous access, on demand service provision and resource pooling are the basic need of the IoT technology. The efficient and versatile service is provided by elastic and on-demand feature, the reliability of service is improved by the resource pooling. These are all the convincing factors that emerges the need for combining the IoT and Cloud computing standards [43], [44].
Cloud data security is the important and essential branch of the cloud computing technology which gives protection to the cloud user's data. Here, the security policies like firewalls and virtual private networks that assure the data privacy of the cloud user. Because of the concept of resource pooling is mandatory in cloud environment the highly confidential data is also available to the third party cloud. The user authentication and secured action are necessary in cloud computing technology. In various literatures different types of security concerns and future challenges have been discussed and reviewed based on the standards like PCI-DSS, ITIL, and ISO-27001/27002. According to the changing functionalities of various architectural designs the architectural security issues also arises. Because of outsourcing the cloud computing has two main concerns: an unauthorized person can access the data in cloud without owner's permission, cloud service provider can breach the data owner's information. Any kind of security destruction will cause a massive loss and can create a critical situation in cloud. The cloud security problems should be organized, governed and strictly regulated in position for the entrepreneurs to adopt the cloud computing facilities safely.
In recent years, cloud users are increasing massively so extensive storage space and highly performing computational maintenance is needed. For the secured cloud environment, keeping the sensitive data confidentially is the very big challenge. Encryption is the only powerful mechanism that ensures data confidentiality in cloud [3]. It can protect the content and the original data is converted in to unintelligible cipher text data. When the data owner is not willing to disclose the sensitive information to the cloud databases, he/she can use encryption technique. The content-related keywords and authentication data should be embedded in the encrypted content for securing and managing data in the cloud for the administrator purpose [2]. Attribute-based encryption (ABE) is an adaptable cryptographic method for performing different functionalities. ABE is of two different types they are cipher text-policy attribute-based encryption (CP-ABE) and key-policy attribute-based encryption (KP-ABE). In cipher text-policy attribute-based encryption the cipher text have been generated by obtaining the key from the attributes set of the user. The decryption of the cipher text can be done only by using the particular secret key which is embedded in the cipher text. Where as in KP-ABE attributes and the access policy are attached in reverse order to secret keys and cipher texts [4].
An important part of cloud-based technologies is cloud storage. Day by day the user's data volume and the network bandwidth have been increasing geometrically so the capacity of the local machines cannot support the user requirements. The people were searching for a new method for storing their data, and they found more powerful storage capacity named cloud storage. Cloud storage technology is widely spreading now a day and in future storing of user's data in cloud will be a trend. Cloud storage is nothing but a computational system where the data services and the management services are provided. The devices in the cloud storage are cluster of distributed file systems, applications and network technology works together. iCloud, Dropbox, Baidu Cloud, Google Drive, etc. are the organizations which is providing cloud storage services. Because of providing substantial limit of capacity and different administrations identified with well-known applications, huge numbers of subscribers are attracted successfully by these companies. Still there are a lot of problems in security existing in cloud storage.
The significant problem among those issues is privacy problem. In the past, there were a few well-known cloud storage privacy leakage events happened. In that one is, at the year of 2014 Apples iCloud have been hacked and the personal photographs of some Hollywood actresses which are saved in the iCloud were leaked. Big scene was created by this event and the panics of the user's about the security of their information over the cloud server have been raised. The cloud service provider (CSP) manages the data in the cloud and the user has the access to store his data directly in the cloud. The physical storage of their data is not managed by the user and therefore here the division of possession and the administration of information take place. The data in the cloud is independently accessed by the CSP and there is a lot of chance for the hacker to attack the CSP server to get the clients information. As said over the two cases will cause data leakage and loss. Access restrictions or data encryption are the traditional secure storage solutions [5].
In Cloud environment, the important requirements of cloud security are access control to the user's data and web-based services. Due to the shared infrastructure and increasing number of hosting applications, unauthorized accesses to the data have been increased. New access control requirements are arising according to the environmental change. Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC) models are the traditional access control models which are identity based and identification is performed directly to the subjects. The above mentioned models are only useful for centralized systems, which are static with limited number of users with known set of services. In the internet world every user is not known to each other and domain is also not in a secure place, so the determination of access control rules that are depending over the users attributes and services will be better. Accordingly, the attribute permissions are dynamically assigned to the users and such models are named as Attribute-Based Access Control (ABAC). This type of ABAC policies are more expressive and fine grained than RBAC model but there are problems in trust, provisions for context and privacy issues [6].
The major contributions of this paper are as follows: (i) to introduce a new Chinese Remainder Theorem-based data storage mechanism to store the data securely in cloud database and (ii) to introduce a new CRT-based key management scheme which is working for group to access the encrypted cloud data from cloud database. The proposed model (iii) introduced double encryption scheme which uses new formulas. (iv) Introduce new formulas for performing encryption process in secured data storage mechanism and (v) also introduce a new formula for decrypting the encrypted data which are stored in cloud. In addition, (vi) a new formula is introduced in the procedure of group key generation to access the encrypted cloud data from cloud database in cloud server.
The remainder of this paper is arranged as follows: The more relevant and related works in the areas like encryption, decryption, CRT and cloud security have been discussed in Section 2. The overall architecture of the proposed section is given in Section 3 with proper explanation. Section 4 describe in detail about the proposed model. The experimental results are shown in Section 5 with justification for the enhancement. The conclusion of the proposed work is given in Section 6 with future enhancements.
Section snippets
Literature survey
In the past, many researchers have worked in this direction of cloud networks related works including cloud data secured storage [50], [53], cloud security [51], [52], encryption and decryption techniques [50], access control mechanisms and privacy preserving model [1], [2], [12], [13], [14], [15], [16], [17], [23], [24], [25], [33], [34], [35], [36], [37], [38], [39], [40]. Among them, Shao et al. [8] developed a new secure method for the cloud data storage by using a two-way proxy
System architecture
The system architecture of the proposed work is shown in Fig. 1. It consists of six components including the user interface module, cloud database, data collection module, decision manager, secured data storage model and key generation model. Here, cloud user send and receive the data through user interface module.
The data storage and retrieval processes of the data in the cloud server are the primary responsibilities of the user interface module. The cloud database contains the volume of
Proposed work
This section describes the newly proposed secured storage and privacy preserving model which is based on CRT to store the cloud user's data securely. In addition, it is also used to access the cloud user's data by authenticated cloud users. In this work, a new Chinese Remainder Theorem-based data storage mechanism is proposed for storing the cloud user data securely in cloud database. Moreover, a new CRT-based Group Key Management Scheme is also been proposed for accessing the encrypted cloud
Results and discussion
The proposed model has been developed and implemented by using JAVA programming in the system which has Intel Core i7 processor, 8GB random access memory, 500GB hard disk with windows 2008 operating system for making a group with 1000 cloud users. Here, the cloud environment is designed with CloudSim with Eclipse. Generally, the CloudSim has been developed by using Java Programming with basic cloud features. Moreover, the knowledge of programming IDEs like Eclipse is also useful. Moreover, it
Conclusion and future work
A new CR-based secured storage and privacy preserving model has been proposed and implemented for storing the cloud data securely and access the data by authenticated cloud users. In this work, a new Chinese Remainder Theorem-based data storage mechanism has been proposed for storing the user data securely in cloud database. Moreover, a new CRT-based Group Key Management Scheme is also been proposed for accessing the encrypted cloud data from cloud server which is stored in the cloud database.
Prabhu Kavin B is currently pursuing Ph.D. in Computer Science and Engineering, VIT-Chennai Campus, Chennai in the area of Cloud Computing and Security. He has completed his M.E. from Anna University, Chennai. He has published 2 papers in journal and conference. His areas of interest are Cryptography, Cloud Computing and Security.
References (55)
A combined approach to ensure data security in cloud computing
J. Netw. Comput. Appl.
(2012)- et al.
Parallel search over encrypted data under attribute based encryption on the cloud computing
Comput. Secur.
(2015) Toward performance and energy-efficient queries in three-tier wireless sensor networks
- et al.
Secure bidirectional proxy re-encryption for cryptographic cloud storage
Pervasive Mob. Comput.
(2016) - et al.
Integrated ECC and blowfish for smartphone security
Phys. Procedia
(2016) - et al.
Security and efficiency data sharing scheme for cloud storage
Chaos Solitons Fractals
(2016) - et al.
Supporting dynamic updates in storage clouds with the Akl–Taylor scheme
Inf. Sci.
(2017) An ORAM-based privacy preserving data sharing scheme for cloud storage
J. Inf. Secur. Appl.
(2018)- et al.
Fast cloud-RSA scheme for promoting data confidentiality in the cloud computing
Procedia Comput. Sci.
(2017) - et al.
A query privacy-enhanced and secure search scheme over encrypted data in cloud computing
J. Comput. System Sci.
(2017)
Secured temporal log management techniques for cloud
Procedia Comput. Sci.
Database authentication watermarking scheme in encrypted domain
IET Inf. Secur.
Cipher text-policy attribute-based encryption with delegated equality test in cloud computing
IEEE Access
A three-layer privacy preserving cloud storage scheme based on computational intelligence in fog computing
IEEE Trans. Emerg. Topics Comput. Intell.
Purpose-based privacy preserving access control for secure service provision and composition
IEEE Trans. Serv. Comput.
Dynamic-hash-table based public auditing for secure cloud storage
IEEE Trans. Serv. Comput.
Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage
IEEE Trans. Inf. Forensics Secur.
RAAC: robust and auditable access control with multiple attribute authorities for public cloud storage
IEEE Trans. Inf. Forensics Secur.
An efficient public auditing protocol with novel dynamic structure for cloud data
IEEE Trans. Inf. Forensics Secur.
A collaborative key management protocol in ciphertext policy attribute-based encryption for cloud data sharing
IEEE Access
Dynamic encrypted data sharing scheme based on conditional proxy broadcast re-encryption for cloud storage
IEEE Access
Fine-grained two-factor protection mechanism for data sharing in cloud storage
IEEE Trans. Inf. Forensics Secur.
A public key compression scheme for fully homomorphic encryption based on quadratic parameters with correction
IEEE Access
Privacy-preserving indexing and query processing for secure dynamic cloud storage
IEEE Trans. Inf. Forensics Secur.
Privacy-preserving and dynamic multi-attribute conjunctive keyword search over encrypted cloud data
IEEE Access
Secure multi-authority data access control scheme in cloud storage system based on attribute-based signcryption
IEEE Access
Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage
IEEE Trans. Inf. Forensics Secur.
Cited by (80)
BTIA-IME: A blockchain-based trusted interactive architecture for intelligent manufacturing equipment
2024, Internet of Things (Netherlands)Homomorphic cryptosystem-based secure data processing model for edge-assisted IoT healthcare systems
2023, Internet of Things (Netherlands)CAP2M.÷Contingent Anonymity Preserving Privacy Method for the Internet of Things Services
2023, Computers and Electrical EngineeringOptimized key generation-based privacy preserving data mining model for secure data publishing
2023, Advances in Engineering SoftwareCitation Excerpt :This technique effectively handled the real-world event logs, but the most important challenge lies in incorporating this technique for industry-scale utilization. Ganapathy [26] created a CRT-based secured storage method that uses two encryption algorithms that each employ new formulas to accomplish. It has very lowest expense when compared to the other.
Blockchain-Enabled Intelligent IoT Protocol for High-Performance and Secured Big Financial Data Transaction
2024, IEEE Transactions on Computational Social Systems
Prabhu Kavin B is currently pursuing Ph.D. in Computer Science and Engineering, VIT-Chennai Campus, Chennai in the area of Cloud Computing and Security. He has completed his M.E. from Anna University, Chennai. He has published 2 papers in journal and conference. His areas of interest are Cryptography, Cloud Computing and Security.
Sannasi Ganapathy is currently working as Assistant Professor (Sr. Gr) in VIT University, Chennai. He received his M.E. and Ph.D. degrees from Anna University, Chennai. He has published 50 articles in journals and conferences. His area of interest includes Computer Networks, Soft Computing, Cloud Computing and Security.