Cloud computing security and privacy: Standards and regulations

doi:10.1016/j.csi.2017.03.005

Computer Standards & Interfaces

Volume 54, Part 1, November 2017, Pages 1-2

https://doi.org/10.1016/j.csi.2017.03.005 Get rights and content

Abstract

Cloud computing is a distributed computation model over a large pool of shared and virtualized computing resources, such as storage, processing power, applications and services. It has received considerable attention from the research communities and the industry due to its practicality This kind of new computing represents a vision of providing computing services as public utilities like water and electricity. Cloud computing provides a number of benefits, including reduced IT costs, flexibility, increased collaboration, etc. However, the advent of cloud computing has posed a variety of new challenges for both cloud users and cloud service providers. Taking data privacy as an example, encryption is becoming a standard practice for both cloud users and cloud service providers, as a mechanism against unauthorized surveillance as well as malware. However, the introduction of encryption to cloud also leads to new problems such as key management, as well as the inability of cloud to provide some utilities such as data manipulation. Providing cloud as utilities is an active research area of interest, which includes how these encrypted data can be searched, shared or used as input for computation directly.

Section snippets

This Special Issue

We are pleased to present 8 technical papers dealing with cutting-edge research and technology related to this topic. These papers were selected out of the significantly extended versions of the 60 submissions from 23 countries in the 9th International Conference on Provable Security (ProvSec., 2015) and 39 open submissions. These papers have been rigorously reviewed and only the best papers were selected.

In the first paper entitled “Pairing-based CP-ABE with constant-size ciphertexts and

References (8)

V. Odelu, A. Kumar Das, Y.S. Rao, S. Kumari, M. Khurram Khan and K. Choo, “Pairing-based CP-ABE with constant-size...
H. Liu, Y. Mu, J. Zhao, C. Xu, H. Wang, L. Chen and Y. Yu, “Identity-Based Provable Data Possession Revisited: Security...
G. Han, Y. Yu, X. Li, K. Chen and H. Li, “Characterizing the semantics of passwords: The role of Pinyin for Chinese...
W. Ren, R. Liu, M. Lei and K. Choo, “SeGoAC: A tree-based model for self-defined, proxy-enabled and group-oriented...

There are more references available in the full text version of this article.

Cited by (24)

Efficient identity-based traceable cloud data broadcasting with outsider anonymity and simultaneous individual transmission
2023, Journal of Information Security and Applications
In recent years, cloud data broadcasting system has attracted intensive attention due to its universal applicability in various Internet-of-Things enabled real-life scenarios. Cloud data broadcasting with simultaneous individual transmission is an exciting data broadcasting variant that empowers any data broadcaster to distribute encrypted broadcast data to a subscribed consumer group and the personalized transmission to each group member simultaneously. Recently [IEEE Transactions on Broadcasting (2020)], a certificate-based data broadcasting with simultaneous individual transmission scheme (Chen et al., 2020) is proposed with the aim to solve both key-escrow problem and certificate management problem, and it is claimed to provide subscriber’s outsider anonymity under the nonstandard $q$ -type security assumption with the existence of random oracles. Unfortunately, we can show that this most recent work of Chen et al. (2020) is not secure against insider attacks, meaning that their protocol cannot trace the system’s traitor consumers who can resell the sensitive information for their own profit without valid authorization. Besides, the design of Chen et al. (2020) has significantly high communication bandwidth that is approvingly inconvenient for the Internet-of-Things facilitated low-powerful multimedia devices to reduce unnecessary burden on the encryption costs. We design a provably secure adaptive identity-based data broadcasting technique having simultaneous individual transmission with unbounded number of consumers that can concatenate two mutually orthogonal functionalities, namely consumer’s outsider anonymity and traitor consumer traceability, in a cost-efficient way. Our framework exploits the most secure and advanced asymmetric Type-3 bilinear maps to defend against fault attacks and realizes security in the standard provable security model without the existence of any random oracle. On a positive note, our construction eliminates the $q$ -type security assumption that is so far a plausible achievement compared to all the existing schemes in this area.
Blockchain-based verifiable privacy-preserving data classification protocol for medical data
2022, Computer Standards and Interfaces
Citation Excerpt :
With the development of the Internet-of-things [1,2], a large number of IoT devices are connected to the internet.1
Massive IoT devices are used for data collection with the fast development of the Internet-of-things (IoT). For example, wearable devices are used to collect users’ health data and conduct health monitoring. However, many private information are involved in medical data. Privacy-preserving data classification scheme (PPDC) provided an effective approach to balance the utility and the privacy of data. In the PPDC schemes, a fully trusted auditor is employed to validate the result of data classification. To reduce trust on the auditor, we provide a simplified version of the PPDC scheme. We propose blockchain-based verifiable privacy-preserving data classification protocol (VeriDC) for medical data. It makes the data center check the classification result without involving an auditor. We provide the system model of the verifiable privacy-preserving data classification protocol in blockchain setting and formalize its security model. By using verifiable oblivious pseudorandom function(verifiable OPRF), we can generate a verifiable proof and post it on blockchain to guarantee the transparency of data classification. We present a concrete construction and prove its security. Finally, we compare VeriDC with the related schemes to evaluate the effectiveness of VeriDC.
A designated cloud server-based multi-user certificateless public key authenticated encryption with conjunctive keyword search against IKGA
2022, Computer Standards and Interfaces
Citation Excerpt :
Moreover, the cloud server can take users data without their permission and use it for financial purposes. Therefore, the data must be encrypted before being outsourced to the untrusted cloud server to maintain data security and privacy [9–14]. However, it can be challenging for users to search for what the user wants to examine without disclosing any information related to actual data stored in the cloud storage.
With the massive growth of the World Wide Web (i.e., internet), individual users or companies can store and manage large amounts of sensitive data to outsource it to the cloud server. Despite its advantages, such as reducing local storage, reducing overhead, and providing backups, it faces security and data privacy issues. Many public-key encryption with keyword search (PEKS) schemes are developed to resolve the above problems. Nevertheless, those are not efficiently suitable for multi-user scenario applications. Recently, a new scheme developed called Multi-user certificateless public key encryption with a conjunctive keyword search (mCLPECK) scheme. It contains two features: the multi-user environment and the conjunctive keyword search function. Nevertheless, it requires a secure channel while transmitting the trapdoor to the cloud server, which is not practical in applications, and it cannot resist the keyword guessing attack (KGA). We propose a primitive called a designated cloud server-based multi-user certificateless public key authenticated encryption with conjunctive keyword search (dmCLPAECKS) scheme. It doesn’t require a secure channel between the designated cloud server and a data receiver and provides security against keyword guessing attack (KGA) in random oracle model. Furthermore, our proposed scheme shows better results than other related schemes in terms of communication and computation cost.
Identity-based outsider anonymous cloud data outsourcing with simultaneous individual transmission for IoT environment
2021, Journal of Information Security and Applications
Citation Excerpt :
Although it is easy to realize the communication mode of the outsider anonymous cloud data outsourcing system through the policy-hiding attribute-based data outsourcing system, the concept of identity-based OAnoDOSIT is an independent interest in which the outsider anonymity of the consumer set with any number of simultaneous personalized transmission are at primary concern. Over the last decade, extensive development has been performed in the design and analysis of various cloud computing systems, heading to a broad family of schemes [2,7,9,11,14,17,18,35]. However, we require further deployment of cloud data outsourcing systems that simultaneously: (1) enjoy compact communication and computation costs that are highly desirable for the IoT enabled light-weight devices, (2) realize Identity-Based Encryption (IBE) framework that can accommodate exponential number of consumers, (3) allow data owner to simultaneously transmit encrypted common data for a group of subscribed consumers along with the personalized data for individual consumers of the group and (4) can achieve outsider anonymity of the authorized consumers.
The integration of the Internet of Things (IoT) and cloud computing has become an attractive cloud-oriented big data processing paradigm, which is playing an important role in efficiency and productivity for digitalization of numerous IoT enabled industries. However, cloud-assisted IoT is also becoming an increasingly attractive target for various cyber-attacks, including the authenticity of outsourcing data, untrustworthiness of third parties, and data security and privacy. As a potential and promising solution to securely outsource data, we present the first construction for an efficient cloud data outsourcing system with simultaneous individual transmission preserving outsider anonymity of the subscribed consumer set. In our system, a data owner generates personalized data for each of the consumers in a group and transmits a common encrypted data for the group in such a way that the subscribed consumer set is completely hidden from the outsiders. Personalized data can be recovered only by an authorized consumer, while the common data can be decrypted by all the authorized consumer in that group. The communication bandwidth is compact in our construction, and the decryption algorithm requires significantly less computation cost. We design our scheme using asymmetric bilinear map over the prime order group to prevent fault attacks on symmetric bilinear map. Our construction is built in identity-based setting without any non-standard $q$ -type security assumption and does not use random oracles. Our scheme enjoys adaptive security against an indistinguishable chosen-plaintext attack under the hardness of the standard decisional bilinear Diffie–Hellman exponent problem. Furthermore, our design supports an exponential number of consumers as the size of the valid identity set grows exponentially with the security parameter, whereas it is only polynomial in the security parameter for the existing cloud data outsourcing systems. In particular, the implementation and performance analysis explicates the advantages of our design for resource-constrained IoT enabled frameworks.
Optimal defense of a distributed data storage system against hackers’ attacks
2020, Reliability Engineering and System Safety
Citation Excerpt :
With the rapid development of big data and cloud computing technology, distributed data storage systems have received considerable research attention in recent years [1–3].
Distributed data storage systems are widely used to store data with the development of big data and cloud computing. Due to the complicated network environment, the data may risk being destroyed or stolen by an intentional hacker. In order to mitigate the risk of data destruction and data theft, this paper studies the joint optimization of data parts allocation and computers protections to defense a distributed data storage system in order to maximize the system reliability. The whole data is divided into multiple data parts, where copies of each part can be made and allocated onto different computers. Two different cases are considered, where all data parts on a computer will be destroyed in the first case and all data parts on a computer will not only be destroyed but also stolen in the second case, if the computer is intruded by the hacker. The system is reliable if the defender still has all data parts and the hacker does not obtain all data parts. For both cases, the system reliability is evaluated by extending the universal generating function technique. Numerical examples are carried out to illustrate the applications.
Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks
2018, Journal of Network and Computer Applications
Citation Excerpt :
Cloud-aided WBANs can improve the quality of health-care services by supporting access to a wide range of resources, which better meet the basic requirements of real-time monitoring and tele-medicine basic demands. The open wireless network environment makes the application of WBANs face many security risks and threats (Huang et al., 2017), and the advent of cloud computing also presents a number of security challenges for cloud users and application providers (Yong et al., 2017; Verma and Kaushal, 2016; Shen et al., 2017b; Fu et al., 2015). Among them, the main concern of the user is the protection of the privacy and users need to verify that the cloud server has stored their data securely (Shen et al., 2017c; Li et al., 2015).
With the development of cloud computing and wireless body area networks (WBANs), wearable equipments are able to become new intelligent terminals to provide services for users, which plays an important role to improve the human health-care service. However, The traditional WBANs devices have limited computing and storage capabilities. These restrictions limit the services that WBANs can provide to users. Thus the concept of Cloud-aided WBANs has been proposed to enhance the capabilities of WBANs. In addition, due to the openness of the cloud computing environment, the protection of the user's physiological information and privacy remains a major concern. In previous authentication protocols, few of them can protect the user's private information in insecure channel. In this paper, we propose a cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. Our protocol ensures that no one can obtain user's real identity except for the network manager in the registration phase. Moreover, in the authentication phase, the network manager cannot know the user's real identity. Note that, through the security analysis, we can conclude that our protocol can provide stronger security protection of private information than most of existing schemes in insecure channel.

View all citing articles on Scopus

View full text

EditorialCloud computing security and privacy: Standards and regulations

Abstract

Section snippets

This Special Issue

Editorial
Cloud computing security and privacy: Standards and regulations