• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2588-2609
• /
• 2019

Speech homomorphic encryption has become one of the key components in secure speech storing in the public cloud computing. The major problem of speech homomorphic encryption is the huge data expansion of speech cipher-text. To address the issue, this paper presents a speech homomorphic encryption scheme with less data expansion, which is a probabilistic statistics and addition homomorphic cryptosystem. In the proposed scheme, the original digital speech with some random numbers selected is firstly grouped to form a series of speech matrix. Then, a proposed matrix encryption method is employed to encrypt that speech matrix. After that, mutual information in sample speech cipher-texts is reduced to limit the data expansion. Performance analysis and experimental results show that the proposed scheme is addition homomorphic, and it not only resists statistical analysis attacks but also eliminates some signal characteristics of original speech. In addition, comparing with Paillier homomorphic cryptosystem, the proposed scheme has less data expansion and lower computational complexity. Furthermore, the time consumption of the proposed scheme is almost the same on the smartphone and the PC. Thus, the proposed scheme is extremely suitable for secure speech storing in public cloud computing.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.2
• /
• pp.1043-1063
• /
• 2019

With delegating proxy to process data before outsourcing, data owners in restricted access could enjoy flexible and powerful cloud storage service for productivity, but still confront with data integrity breach. Identity-based data auditing as a critical technology, could address this security concern efficiently and eliminate complicated owners' public key certificates management issue. Recently, Yu et al. proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019). It aims to offer identity-based, privacy-preserving and batch auditing for multiple owners' data on different clouds, while allowing proxy processing. In this article, we first demonstrate this scheme is insecure in the sense that malicious cloud could pass integrity auditing without original data. Additionally, clouds and owners are able to recover proxy's private key and thus impersonate it to forge tags for any data. Secondly, we propose an improved scheme with provable security in the random oracle model, to achieve desirable secure identity based privacy-preserving batch public auditing with proxy processing. Thirdly, based on theoretical analysis and performance simulation, our scheme shows better efficiency over existing identity-based auditing scheme with proxy processing on single owner and single cloud effort, which will benefit secure big data storage if extrapolating in real application.

• Journal of Korea Multimedia Society
• /
• v.19 no.2
• /
• pp.308-315
• /
• 2016

With the advancement in the area of cloud storage services as well as a tremendous growth of social networking sites, permission for one web service to act on the behalf of another has become increasingly vital as social Internet services such as blogs, photo sharing, and social networks. With this increased cross-site media sharing, there is a upscale of security implications and hence the need to formulate security protocols and considerations. Recently, OAuth, a new protocol for establishing identity management standards across services, is provided as an alternative way to share the user names and passwords, and expose personal information to attacks against on-line data and identities. Moreover, OwnCloud provides an enterprise file synchronizing and sharing that is hosted on user's data center, on user's servers, using user's storage. We propose a secure Social Networking Site (SSN) access based on OAuth implementation by combining two novel concepts of OAuth and OwnCloud. Security analysis and performance evaluation are given to validate the proposed scheme.

• Journal of Information Processing Systems
• /
• v.13 no.3
• /
• pp.476-490
• /
• 2017

In the centralized cloud controlled environment, the decision-making and monitoring play crucial role where in the host controller (HC) manages the resources across hosts in data center (DC). HC does virtual machine (VM) and physical hosts management. The VM management includes VM creation, monitoring, and migration. If HC down, the services hosted by various hosts in DC can't be accessed outside the DC. Decentralized VM management avoids centralized failure by considering one of the hosts from DC as HC that helps in maintaining DC in running state. Each host in DC has many VM's with the threshold limit beyond which it can't provide service. To maintain threshold, the host's in DC does VM migration across various hosts. The data in migration is in the form of plaintext, the intruder can analyze packet movement and can control hosts traffic. The incorporation of security mechanism on hosts in DC helps protecting data in migration. This paper discusses an approach for dynamic HC selection, VM selection and secure VM migration over cloud environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.929-940
• /
• 2016

The IMO e-navigation strategy has requested a communication infrastructure providing authorized seamless information transfer between stakeholders. The Maritime Cloud is the term used to describe the concept of an infrastructure that support authorized, seamless information transfer, adding those elements, that are necessary to support the e-navigation domain. It is necessary to consider the study on maritime cloud security, but the study is still an early stage. In this paper, we propose a secure synchronization method for the maritime cloud services. The proposed method can be synchronize between the vessel based on the SH-Tree, and it has the advantage that there is no exposure information in the synchronization process.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5653-5672
• /
• 2019

In cloud computing era, an increasing number of resource-constrained users outsource their data to cloud servers. Due to the untrustworthiness of cloud servers, it is important to ensure the integrity of outsourced data. However, most of existing solutions still have challenging issues needing to be addressed, such as the identity privacy protection of users, the traceability of users, the supporting of dynamic user operations, and the publicity of auditing. In order to tackle these issues simultaneously, in this paper, we propose a traceable dynamic public auditing scheme with identity privacy preserving for cloud storage. In the proposed scheme, a single user, including a group manager, is unable to know the signer's identity. Furthermore, our scheme realizes traceability based on a secret sharing mechanism and supports dynamic user operations. Based on the security and efficiency analysis, it is shown that our scheme is secure and efficient.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.411-429
• /
• 2014

As cloud computing has enabled, a variety of cloud services has come into wide use. Thus, cloud computing products can be easily identified in the IT market. Common Criteria is international standards for security evaluation performed of IT products. In addition, Consumers can be used as a objective guideline for the evaluation results. And, it is a provides for protection profile(security target of security products). For general, IT products are providing the protection profile. However, for cloud-related products of protection profile is not being provided. Thus, about cloud security products, there is no way for evaluation. Therefore, in this paper, we propose protection profile on cloud database management system for the secure cloud environment in common criteria.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.10
• /
• pp.3607-3623
• /
• 2014

The increasing demand in promoting cloud computing in either business or other areas requires more security of a cloud storage system. Traditional cloud storage systems fail to protect data integrity information (DII), when the interactive messages between the client and the data storage server are sniffed. To protect DII and support public verifiability, we propose a data integrity verification scheme by deploying a designated confirmer signature DCS as a building block. The DCS scheme strikes the balance between public verifiable signatures and zero-knowledge proofs which can address disputes between the cloud storage server and any user, whoever acting as a malicious player during the two-round verification. In addition, our verification scheme remains blockless and stateless, which is important in conducting a secure and efficient cryptosystem. We perform security analysis and performance evaluation on our scheme, and compared with the existing schemes, the results show that our scheme is more secure and efficient.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4226-4241
• /
• 2014

Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

• Annual Conference of KIPS
• /
• 2014.11a
• /
• pp.516-519
• /
• 2014

Cloud computing is an up-and-coming paradigm shift transforming computing models from a technology to a utility. However, security concerns related to privacy, confidentiality and trust are among the issues that threaten the wide deployment of cloud computing. With the advancement of ubiquitous mobile-based clients, the ubiquity of the model suggests a higher integration in our day to day life and this leads to a rise in security issues. To strengthen the access control of cloud resources, most organizations are acquiring Identity Management Systems (IDM). This paper presents one of the most popular IDM systems, specifically OAuth, working in the scope of Mobile Cloud Computing which has many weaknesses in its protocol flow. OAuth is a Delegated Authorization protocol, and not an Authentication protocol and this is where the problem lies. This could lead to very poor security decisions around authentication when the basic OAuth flow is adhered to. OAuth provides an access token to a client, so that it can access a protected resource, based on the permission of the resource owner. Many researchers have opted to implement OpenlD alongside OAuth so as to solve this problem. But OpenlD similarly has several security flows. This paper presents scenarios of how insecure implementations of OAuth can be abused maliciously. We incorporate an authentication protocol to verify the identities before authorization is carried out.