A secured storage and privacy-preserving model using CRT for providing security on cloud and IoT-based applications

doi:10.1016/j.comnet.2019.01.032

Computer Networks

Volume 151, 14 March 2019, Pages 181-190

https://doi.org/10.1016/j.comnet.2019.01.032 Get rights and content

Abstract

Cloud computing and Internet of Things (IoT) are emerging technologies which have the capability to enhance the human daily lifestyle. Moreover, the combination of Cloud computing and IoT are increasing the productivity of the enormous number of applications in various fields like supply chains, commercial, engineering, manufacturing etc. Presently, security is a very big threat in cloud computing and the Internet of things areas. For that purpose, the various researchers have introduced many privacy-preserving models and security mechanisms in recent years. Even though, they have failed to achieve the latest cloud user's expectation in terms of security level. For satisfying the cloud users, this paper proposes a new Chinese Remainder Theorem (CRT)-based data storage mechanism for storing the user data securely in cloud database. Moreover, a new group key management scheme is also built using CRT to access the encrypted data from the cloud database. In the proposed CRT-based secured storage scheme adopts two encryption schemes which use new formulas for performing the first and second encryption and also introduced a new formula for decrypting the cloud data. In addition, a new formula is introduced in the process of group key generation for accessing the encrypted cloud data from the cloud database in a cloud server. The performance level of the security models has been evaluated by analyzing the experimental results. Finally, it is proven that the proposed data security model is better than other existing models.

Introduction

In recent years, the novelties of cloud computing techniques are growing significantly due to the rapid development of cloud users and their expectations. Resource sharing is a key feature of cloud computing that is also needed for the IoT environment. The cloud is a geographically independent platform which is able to support the cloud users for accessing the cloud data and resources from any place/any device via internet. Similarly, the IoT devices are also can access the data and resource from any location. The available cloud features like elasticity, ubiquitous access, on demand service provision and resource pooling are the basic need of the IoT technology. The efficient and versatile service is provided by elastic and on-demand feature, the reliability of service is improved by the resource pooling. These are all the convincing factors that emerges the need for combining the IoT and Cloud computing standards [43], [44].

Cloud data security is the important and essential branch of the cloud computing technology which gives protection to the cloud user's data. Here, the security policies like firewalls and virtual private networks that assure the data privacy of the cloud user. Because of the concept of resource pooling is mandatory in cloud environment the highly confidential data is also available to the third party cloud. The user authentication and secured action are necessary in cloud computing technology. In various literatures different types of security concerns and future challenges have been discussed and reviewed based on the standards like PCI-DSS, ITIL, and ISO-27001/27002. According to the changing functionalities of various architectural designs the architectural security issues also arises. Because of outsourcing the cloud computing has two main concerns: an unauthorized person can access the data in cloud without owner's permission, cloud service provider can breach the data owner's information. Any kind of security destruction will cause a massive loss and can create a critical situation in cloud. The cloud security problems should be organized, governed and strictly regulated in position for the entrepreneurs to adopt the cloud computing facilities safely.

In recent years, cloud users are increasing massively so extensive storage space and highly performing computational maintenance is needed. For the secured cloud environment, keeping the sensitive data confidentially is the very big challenge. Encryption is the only powerful mechanism that ensures data confidentiality in cloud [3]. It can protect the content and the original data is converted in to unintelligible cipher text data. When the data owner is not willing to disclose the sensitive information to the cloud databases, he/she can use encryption technique. The content-related keywords and authentication data should be embedded in the encrypted content for securing and managing data in the cloud for the administrator purpose [2]. Attribute-based encryption (ABE) is an adaptable cryptographic method for performing different functionalities. ABE is of two different types they are cipher text-policy attribute-based encryption (CP-ABE) and key-policy attribute-based encryption (KP-ABE). In cipher text-policy attribute-based encryption the cipher text have been generated by obtaining the key from the attributes set of the user. The decryption of the cipher text can be done only by using the particular secret key which is embedded in the cipher text. Where as in KP-ABE attributes and the access policy are attached in reverse order to secret keys and cipher texts [4].

An important part of cloud-based technologies is cloud storage. Day by day the user's data volume and the network bandwidth have been increasing geometrically so the capacity of the local machines cannot support the user requirements. The people were searching for a new method for storing their data, and they found more powerful storage capacity named cloud storage. Cloud storage technology is widely spreading now a day and in future storing of user's data in cloud will be a trend. Cloud storage is nothing but a computational system where the data services and the management services are provided. The devices in the cloud storage are cluster of distributed file systems, applications and network technology works together. iCloud, Dropbox, Baidu Cloud, Google Drive, etc. are the organizations which is providing cloud storage services. Because of providing substantial limit of capacity and different administrations identified with well-known applications, huge numbers of subscribers are attracted successfully by these companies. Still there are a lot of problems in security existing in cloud storage.

The significant problem among those issues is privacy problem. In the past, there were a few well-known cloud storage privacy leakage events happened. In that one is, at the year of 2014 Apples iCloud have been hacked and the personal photographs of some Hollywood actresses which are saved in the iCloud were leaked. Big scene was created by this event and the panics of the user's about the security of their information over the cloud server have been raised. The cloud service provider (CSP) manages the data in the cloud and the user has the access to store his data directly in the cloud. The physical storage of their data is not managed by the user and therefore here the division of possession and the administration of information take place. The data in the cloud is independently accessed by the CSP and there is a lot of chance for the hacker to attack the CSP server to get the clients information. As said over the two cases will cause data leakage and loss. Access restrictions or data encryption are the traditional secure storage solutions [5].

In Cloud environment, the important requirements of cloud security are access control to the user's data and web-based services. Due to the shared infrastructure and increasing number of hosting applications, unauthorized accesses to the data have been increased. New access control requirements are arising according to the environmental change. Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC) models are the traditional access control models which are identity based and identification is performed directly to the subjects. The above mentioned models are only useful for centralized systems, which are static with limited number of users with known set of services. In the internet world every user is not known to each other and domain is also not in a secure place, so the determination of access control rules that are depending over the users attributes and services will be better. Accordingly, the attribute permissions are dynamically assigned to the users and such models are named as Attribute-Based Access Control (ABAC). This type of ABAC policies are more expressive and fine grained than RBAC model but there are problems in trust, provisions for context and privacy issues [6].

The major contributions of this paper are as follows: (i) to introduce a new Chinese Remainder Theorem-based data storage mechanism to store the data securely in cloud database and (ii) to introduce a new CRT-based key management scheme which is working for group to access the encrypted cloud data from cloud database. The proposed model (iii) introduced double encryption scheme which uses new formulas. (iv) Introduce new formulas for performing encryption process in secured data storage mechanism and (v) also introduce a new formula for decrypting the encrypted data which are stored in cloud. In addition, (vi) a new formula is introduced in the procedure of group key generation to access the encrypted cloud data from cloud database in cloud server.

The remainder of this paper is arranged as follows: The more relevant and related works in the areas like encryption, decryption, CRT and cloud security have been discussed in Section 2. The overall architecture of the proposed section is given in Section 3 with proper explanation. Section 4 describe in detail about the proposed model. The experimental results are shown in Section 5 with justification for the enhancement. The conclusion of the proposed work is given in Section 6 with future enhancements.

Section snippets

Literature survey

In the past, many researchers have worked in this direction of cloud networks related works including cloud data secured storage [50], [53], cloud security [51], [52], encryption and decryption techniques [50], access control mechanisms and privacy preserving model [1], [2], [12], [13], [14], [15], [16], [17], [23], [24], [25], [33], [34], [35], [36], [37], [38], [39], [40]. Among them, Shao et al. [8] developed a new secure method for the cloud data storage by using a two-way proxy

System architecture

The system architecture of the proposed work is shown in Fig. 1. It consists of six components including the user interface module, cloud database, data collection module, decision manager, secured data storage model and key generation model. Here, cloud user send and receive the data through user interface module.

The data storage and retrieval processes of the data in the cloud server are the primary responsibilities of the user interface module. The cloud database contains the volume of

Proposed work

This section describes the newly proposed secured storage and privacy preserving model which is based on CRT to store the cloud user's data securely. In addition, it is also used to access the cloud user's data by authenticated cloud users. In this work, a new Chinese Remainder Theorem-based data storage mechanism is proposed for storing the cloud user data securely in cloud database. Moreover, a new CRT-based Group Key Management Scheme is also been proposed for accessing the encrypted cloud

Results and discussion

The proposed model has been developed and implemented by using JAVA programming in the system which has Intel Core i7 processor, 8GB random access memory, 500GB hard disk with windows 2008 operating system for making a group with 1000 cloud users. Here, the cloud environment is designed with CloudSim with Eclipse. Generally, the CloudSim has been developed by using Java Programming with basic cloud features. Moreover, the knowledge of programming IDEs like Eclipse is also useful. Moreover, it

Conclusion and future work

A new CR-based secured storage and privacy preserving model has been proposed and implemented for storing the cloud data securely and access the data by authenticated cloud users. In this work, a new Chinese Remainder Theorem-based data storage mechanism has been proposed for storing the user data securely in cloud database. Moreover, a new CRT-based Group Key Management Scheme is also been proposed for accessing the encrypted cloud data from cloud server which is stored in the cloud database.

Prabhu Kavin B is currently pursuing Ph.D. in Computer Science and Engineering, VIT-Chennai Campus, Chennai in the area of Cloud Computing and Security. He has completed his M.E. from Anna University, Chennai. He has published 2 papers in journal and conference. His areas of interest are Cryptography, Cloud Computing and Security.

References (55)

S.K. Sood
A combined approach to ensure data security in cloud computing
J. Netw. Comput. Appl.
(2012)
T. Bouabana-Tebibel et al.
Parallel search over encrypted data under attribute based encryption on the cloud computing
Comput. Secur.
(2015)
J. Wang
Toward performance and energy-efficient queries in three-tier wireless sensor networks
J. Shao et al.
Secure bidirectional proxy re-encryption for cryptographic cloud storage
Pervasive Mob. Comput.
(2016)
P. Patel et al.
Integrated ECC and blowfish for smartphone security
Phys. Procedia
(2016)
K. Han et al.
Security and efficiency data sharing scheme for cloud storage
Chaos Solitons Fractals
(2016)
A. Castiglione et al.
Supporting dynamic updates in storage clouds with the Akl–Taylor scheme
Inf. Sci.
(2017)
D. Yuan
An ORAM-based privacy preserving data sharing scheme for cloud storage
J. Inf. Secur. Appl.
(2018)
K. El Makkaoui et al.
Fast cloud-RSA scheme for promoting data confidentiality in the cloud computing
Procedia Comput. Sci.
(2017)
Hui Yin et al.
A query privacy-enhanced and secure search scheme over encrypted data in cloud computing
J. Comput. System Sci.
(2017)

Q. Xu et al.

Secure multi-authority data access control scheme in cloud storage system based on attribute-based signcryption

IEEE Access

(2018)

W. Shen et al.

Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage

IEEE Trans. Inf. Forensics Secur.

(2018)

Cited by (80)

BTIA-IME: A blockchain-based trusted interactive architecture for intelligent manufacturing equipment
2024, Internet of Things (Netherlands)
With the continuous development of artificial intelligence, big data, and blockchain technology, the intelligent manufacturing industry will enter a new 5.0 era. In Industry 5.0, attackers can take advantage of the hidden dangers of information transmission among infrastructure, such as smart factories (SF) and intelligent manufacturing equipment (IME), to steal private data, endanger personal safety, and harm the interests of factories. In order to avoid the above phenomenon, this paper proposes a blockchain-based trusted interactive architecture for intelligent manufacturing equipment (BTIA-IME) based on the device layer of the Industrial Internet of Things (IIoT). First, we design the key management smart contract (KMSC) and equipment management smart contract (EMSC) based on Elgamal to implement the IME trusted authentication mechanism that does not require three-party verification to ensure the credibility of IME in SF. Then, we design the data management smart contract (DMSC) based on Elgamal to store the privacy data structure through the “Blockchain-(InterPlanetary File System) IPFS” on-chain and off-chain storage modes to ensure the distributed and trusted storage of private data. After that, an access control list is constructed with the shared private data as the main body to implement the trusted access method of private data to ensure trusted access to private data. Finally, we perform simulation experiments on the proposed architecture. Theoretical and simulation experiments have proved that our proposed architecture is feasible.
Homomorphic cryptosystem-based secure data processing model for edge-assisted IoT healthcare systems
2023, Internet of Things (Netherlands)
The substantial acceptance of Internet-of-Things (IoT) in digital healthcare systems necessitates secure data processing before storing it on a cloud server. Since resource-limited IoT devices engender complexity in secure processing, edge computing technology is adopted. Edge-assisted IoT locates edge nodes in proximity to user devices enabling computation offloading and seamless interaction between IoT applications and cloud servers. Integration of these entities results in severe security and privacy issues due to large amount of sensitive information transmitted over vulnerable communication channels. As such, information protection and data integrity in edge-assisted IoT have become critical factors for improvement. Several data processing models have been proposed regarding the above-stated concerns. However, under a powerful adversarial scenario, traditional solutions lack in preserving robust security and privacy. This motivates us to address critical challenges of communication security and privacy-preserving computation offloading in edge-assisted IoT systems. In this article, we design a homomorphic cryptosystem-based secure data processing model (HC-SDPM), enabling secure data collection and aggregation offloading on edge nodes for our hypothesized edge-assisted IoT healthcare system. Paillier homomorphic encryption and certificateless linear homomorphic ID-based signatures are utilized to achieve end-to-end confidentiality and data integrity during transmission and aggregation. Moreover, HC-SDPM involves a semi-trusted authority to enable key-escrow resilience. The security analysis of HC-SDPM assures signatures unforgeability in the random oracle model under computational Diffie–Hellman assumptions. Compared with similar modeled schemes, HC-SDPM demonstrates a relative advantage in computational overhead, communication overhead, and storage complexity.
Enhancement of IoT device security using an Improved Elliptic Curve Cryptography algorithm and malware detection utilizing deep LSTM
2023, High-Confidence Computing
Internet of things (IoT) has become more popular due to the development and potential of smart technology aspects. Security concerns against IoT infrastructure, applications, and devices have grown along with the need for IoT technologies. Enhanced system security protocols are difficult due to the diverse capabilities of IoT devices and the dynamic, ever-changing environment, and simply applying basic security requirements is dangerous. Therefore, this proposed work designs a malware detection and prevention approach for secure data transmission among IoT gadgets. The malware detection approach is designed with the aid of a deep learning approach. The initial process is identifying attack nodes from normal nodes through a trust value using contextual features. After discovering attack nodes, these are considered for predicting different kinds of attacks present in the network, while some preprocessing and feature extraction strategies are applied for effective classification. The Deep LSTM classifier is applied for this malware detection approach. Once completed malware detection, prevention is performed with the help of the Improved Elliptic Curve Cryptography (IECC) algorithm. A hybrid MA-BW optimization is adopted for selecting the optimal key during transmission. Python 3.8 software is used to test the performance of the proposed approach, and several existing techniques are considered to evaluate its performance. The proposed approach obtained 95% of accuracy, 5% of error value and 92% of precision. In addition, the improved ECC algorithm is also compared with some existing algorithm which takes 6.02 s of execution time. Compared to the other methods, the proposed approach provides better security to IoT gadgets during data transmission.
CAP2M.÷Contingent Anonymity Preserving Privacy Method for the Internet of Things Services
2023, Computers and Electrical Engineering
The Internet of Things (IoT) consists of a collection of inter-connected devices that are used to transmit data. Secure transactions that guarantee user anonymity and privacy are necessary for the data transmission process. One of the major constraints of IoT Healthcare is the issue of maintaining security. These problems are addressed in this study by the Contingent Anonymity-Preserving Privacy Method (CAP2M), which takes into account the various security needs. The CAP2M method uses the session deployment and user requirements to preserve user privacy. The initial and final privacy settings are modified in the session deployment depending on the session interval and the service provider's recommendation. Federated learning is employed for training privacy settings toward the session's final interval. The suggested approach maintains privacy on various sharing intervals with minimum computation complexity. In the privacy-preserving process, two-factor authentication is used for concealing the sharing and shared ends. The performance is validated using the metrics failure, complexity, and latency.
Optimized key generation-based privacy preserving data mining model for secure data publishing
2023, Advances in Engineering Software
Citation Excerpt :
This technique effectively handled the real-world event logs, but the most important challenge lies in incorporating this technique for industry-scale utilization. Ganapathy [26] created a CRT-based secured storage method that uses two encryption algorithms that each employ new formulas to accomplish. It has very lowest expense when compared to the other.
The data from the mobile devices and internet services plays a significant role now a day. The information shared needs to be original to get the best solution. Without the utilization of privacy preservation techniques, the individual's sensitive information cannot be exposed. The Privacy preserving data publishing (PPDP) is one of the privacy preserving techniques to preserve privacy. However, the reduction of the loss of data and the security enhancement are the major challenges. To solve the issues in secure data publishing, the efficient Cat Swarm Henry Gas Solubility Optimization (CSHGSO) is introduced for achieving effective privacy preservation for secure data publishing. In addition, the proposed CSHGSO is devised by the incorporation of Cat Swarm Optimization (CSO), and Henry Gas Solubility Optimization (HGSO). Here, the procedure of generating secret key is carried out based on the proposed CSHGSO with respect to the objective measures. The experimentation of the developed CSHGSO is performed in JAVA tool using Heart Disease Dataset. Furthermore, the CSHGSO achieved the higher conditional privacy of 1.338 using database-1, maximum accuracy of 0.965 using database-4, and the NMI value of 0.927 using database-4.
Blockchain-Enabled Intelligent IoT Protocol for High-Performance and Secured Big Financial Data Transaction
2024, IEEE Transactions on Computational Social Systems

View all citing articles on Scopus

Sannasi Ganapathy is currently working as Assistant Professor (Sr. Gr) in VIT University, Chennai. He received his M.E. and Ph.D. degrees from Anna University, Chennai. He has published 50 articles in journals and conferences. His area of interest includes Computer Networks, Soft Computing, Cloud Computing and Security.

View full text

A secured storage and privacy-preserving model using CRT for providing security on cloud and IoT-based applications

Abstract

Introduction

Section snippets

Literature survey

System architecture

Proposed work

Results and discussion

Conclusion and future work

J. Netw. Comput. Appl.

Comput. Secur.

Pervasive Mob. Comput.

Phys. Procedia

Chaos Solitons Fractals

Inf. Sci.

J. Inf. Secur. Appl.

Procedia Comput. Sci.

J. Comput. System Sci.

Procedia Comput. Sci.

Database authentication watermarking scheme in encrypted domain

IET Inf. Secur.

Cipher text-policy attribute-based encryption with delegated equality test in cloud computing

IEEE Access

A three-layer privacy preserving cloud storage scheme based on computational intelligence in fog computing

IEEE Trans. Emerg. Topics Comput. Intell.

Purpose-based privacy preserving access control for secure service provision and composition

IEEE Trans. Serv. Comput.

Dynamic-hash-table based public auditing for secure cloud storage

IEEE Trans. Serv. Comput.

Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage

IEEE Trans. Inf. Forensics Secur.

RAAC: robust and auditable access control with multiple attribute authorities for public cloud storage

IEEE Trans. Inf. Forensics Secur.

An efficient public auditing protocol with novel dynamic structure for cloud data

IEEE Trans. Inf. Forensics Secur.

A collaborative key management protocol in ciphertext policy attribute-based encryption for cloud data sharing

IEEE Access

Dynamic encrypted data sharing scheme based on conditional proxy broadcast re-encryption for cloud storage

IEEE Access

Fine-grained two-factor protection mechanism for data sharing in cloud storage

IEEE Trans. Inf. Forensics Secur.

A public key compression scheme for fully homomorphic encryption based on quadratic parameters with correction

IEEE Access

Privacy-preserving indexing and query processing for secure dynamic cloud storage

IEEE Trans. Inf. Forensics Secur.

Privacy-preserving and dynamic multi-attribute conjunctive keyword search over encrypted cloud data

IEEE Access

Secure multi-authority data access control scheme in cloud storage system based on attribute-based signcryption

IEEE Access

Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage

IEEE Trans. Inf. Forensics Secur.