• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.3182-3203
• /
• 2023

With the growing adoption of cloud-based technologies, maintaining the privacy and security of cloud data has become a pressing issue. Privacy-preserving encryption schemes are a promising approach for achieving cloud data security, but they require careful design and implementation to be effective. The integrated approach to cloud data security that we suggest in this work uses CogniGate: the orchestrated permissions protocol, index trees, blockchain key management, and unique Opacus encryption. Opacus encryption is a novel homomorphic encryption scheme that enables computation on encrypted data, making it a powerful tool for cloud data security. CogniGate Protocol enables more flexibility and control over access to cloud data by allowing for fine-grained limitations on access depending on user parameters. Index trees provide an efficient data structure for storing and retrieving encrypted data, while blockchain key management ensures the secure and decentralized storage of encryption keys. Performance evaluation focuses on key aspects, including computation cost for the data owner, computation cost for data sharers, the average time cost of index construction, query consumption for data providers, and time cost in key generation. The results highlight that the integrated approach safeguards cloud data while preserving privacy, maintaining usability, and demonstrating high performance. In addition, we explore the role of differential privacy in our integrated approach, showing how it can be used to further enhance privacy protection without compromising performance. We also discuss the key management challenges associated with our approach and propose a novel blockchain-based key management system that leverages smart contracts and consensus mechanisms to ensure the secure and decentralized storage of encryption keys.

• Journal of Communications and Networks
• /
• v.16 no.6
• /
• pp.592-599
• /
• 2014

Cloud computing enables users to easily store their data and simply share data with others. Due to the security threats in an untrusted cloud, users are recommended to compute verification metadata, such as signatures, on their data to protect the integrity. Many mechanisms have been proposed to allow a public verifier to efficiently audit cloud data integrity without receiving the entire data from the cloud. However, to the best of our knowledge, none of them has considered about the efficiency of public verification on multi-owner data, where each block in data is signed by multiple owners. In this paper, we propose a novel public verification mechanism to audit the integrity of multi-owner data in an untrusted cloud by taking the advantage of multisignatures. With our mechanism, the verification time and storage overhead of signatures on multi-owner data in the cloud are independent with the number of owners. In addition, we demonstrate the security of our scheme with rigorous proofs. Compared to the straightforward extension of previous mechanisms, our mechanism shows a better performance in experiments.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.8
• /
• pp.2708-2721
• /
• 2014

Data outsourcing in the cloud (DOC) is a promising solution for data management at the present time, but it could result in the disclosure of outsourced data to unauthorized users. Therefore, protecting the confidentiality of such data has become a very challenging issue. The conventional way to achieve data confidentiality is to encrypt the data via asymmetric or symmetric encryptions before outsourcing. However, this is computationally inefficient because encryption/decryption operations are time-consuming. In recent years, a few DOC schemes based on secret sharing have emerged due to their low computational complexity. However, Dautrich and Ravishankar pointed out that most of them are insecure against certain kinds of collusion attacks. In this paper, we proposed a novel DOC scheme based on Shamir's secret sharing to overcome the security issues of these schemes. Our scheme can allow an authorized data user to recover all data files in a specified subset at once rather than one file at a time as required by other schemes that are based on secret sharing. Our thorough analyses showed that our proposed scheme is secure and that its performance is satisfactory.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.10
• /
• pp.5171-5189
• /
• 2016

With the popularity of cloud computing, many data owners outsource their graph data to the cloud for cost savings. The cloud server is not fully trusted and always wants to learn the owners' contents. To protect the information hiding, the graph data have to be encrypted before outsourcing to the cloud. The adjacent vertex search is a very common operation, many other operations can be built based on the adjacent vertex search. A boolean adjacent vertex search is an important basic operation, a query user can get the boolean search results. Due to the graph data being encrypted on the cloud server, a boolean adjacent vertex search is a quite difficult task. In this paper, we propose a solution to perform the boolean adjacent vertex search over encrypted graph data in cloud computing (BASG), which maintains the query tokens and search results privacy. We use the Gram-Schmidt algorithm and achieve the boolean expression search in our paper. We formally analyze the security of our scheme, and the query user can handily get the boolean search results by this scheme. The experiment results with a real graph data set demonstrate the efficiency of our scheme.

• Journal of Korea Multimedia Society
• /
• v.19 no.2
• /
• pp.308-315
• /
• 2016

With the advancement in the area of cloud storage services as well as a tremendous growth of social networking sites, permission for one web service to act on the behalf of another has become increasingly vital as social Internet services such as blogs, photo sharing, and social networks. With this increased cross-site media sharing, there is a upscale of security implications and hence the need to formulate security protocols and considerations. Recently, OAuth, a new protocol for establishing identity management standards across services, is provided as an alternative way to share the user names and passwords, and expose personal information to attacks against on-line data and identities. Moreover, OwnCloud provides an enterprise file synchronizing and sharing that is hosted on user's data center, on user's servers, using user's storage. We propose a secure Social Networking Site (SSN) access based on OAuth implementation by combining two novel concepts of OAuth and OwnCloud. Security analysis and performance evaluation are given to validate the proposed scheme.

• Journal of Information Processing Systems
• /
• v.15 no.6
• /
• pp.1265-1276
• /
• 2019

Data deduplication is a common method to improve cloud storage efficiency and save network communication bandwidth, but it also brings a series of problems such as privacy disclosure and dictionary attacks. This paper proposes a secure deduplication scheme for cloud storage based on Bloom filter, and dynamically extends the standard Bloom filter. A public dynamic Bloom filter array (PDBFA) is constructed, which improves the efficiency of ownership proof, realizes the fast detection of duplicate data blocks and reduces the false positive rate of the system. In addition, in the process of file encryption and upload, the convergent key is encrypted twice, which can effectively prevent violent dictionary attacks. The experimental results show that the PDBFA scheme has the characteristics of low computational overhead and low false positive rate.

• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.163-172
• /
• 2022

The interconnection of an enormous number of devices into the Internet at a massive scale is a consequence of the Internet of Things (IoT). As a result, tasks offloading from these IoT devices to remote cloud data centers become expensive and inefficient as their number and amount of its emitted data increase exponentially. It is also a challenge to optimize IoT device energy consumption while meeting its application time deadline and data delivery constraints. Consequently, Fog Computing was proposed to support efficient IoT tasks processing as it has a feature of lower service delay, being adjacent to IoT nodes. However, cloud task offloading is still performed frequently as Fog computing has less resources compared to remote cloud. Thus, optimized schemes are required to correctly characterize and distribute IoT devices tasks offloading in a hybrid IoT, Fog, and cloud paradigm. In this paper, we present a detailed survey and classification of of recently published research articles that address the energy efficiency of task offloading schemes in IoT-Fog-Cloud paradigm. Moreover, we also developed a taxonomy for the classification of these schemes and provided a comparative study of different schemes: by identifying achieved advantage and disadvantage of each scheme, as well its related drawbacks and limitations. Moreover, we also state open research issues in the development of energy efficient, scalable, optimized task offloading schemes for Fog computing.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.871-874
• /
• 2011

The fast emerging of network technology and the high demand of computing resources have prompted many organizations to outsource their storage and computing needs. Cloud based storage services such as Microsoft's Azure and Amazon's S3 allow customers to store and retrieve any amount of data, at anytime from anywhere via internet. The scalable and dynamic of the cloud storage services help their customer to reduce IT administration and maintenance costs. No doubt, cloud based storage services brought a lot of benefits to its customer by significantly reducing cost through optimization increased operating and economic efficiencies. However without appropriate security and privacy solution in place, it could become major issues to the organization. As data get produced, transferred and stored at off premise and multi tenant cloud based storage, it becomes vulnerable to unauthorized disclosure and unauthorized modification. An attacker able to change or modify data while data inflight or when data is stored on disk, so it is very important to secure data during its entire life-cycle. The traditional cryptography primitives for the purpose of data security protection cannot be directly adopted due to user's lose control of data under off premises cloud server. Secondly cloud based storage is not just a third party data warehouse, the data stored in cloud are frequently update by the users and lastly cloud computing is running in a simultaneous, cooperated and distributed manner. In our proposed mechanism we protect the integrity, authentication and confidentiality of cloud based data with the encrypt- then-upload concept. We modified and applied proxy re-encryption protocol in our proposed scheme. The whole process does not reveal the clear data to any third party including the cloud provider at any stage, this helps to make sure only the authorized user who own corresponding token able to access the data as well as preventing data from being shared without any permission from data owner. Besides, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data, our scheme also protect the data integrity by using hash function.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.11
• /
• pp.4011-4027
• /
• 2021

Cloud Computing has emerged as an extensively used technology not only in the IT sector but almost in all sectors. As the nature of the cloud is distributed and dynamic, the jeopardies present in the current implementations of virtualization, numerous security threats and attacks have been reported. Considering the potent architecture and the system complexity, it is indispensable to adopt fundamentals. This paper proposes a secure authentication and data sharing scheme for providing security to the cloud data. An efficient IPSO-KELM is proposed for detecting the malicious behaviour of the user. Initially, the proposed method starts with the authentication phase of the data sender. After authentication, the sender sends the data to the cloud, and the IPSO-KELM identifies if the received data from the sender is an attacked one or normal data i.e. the algorithm identifies if the data is received from a malicious sender or authenticated sender. If the data received from the sender is identified to be normal data, then the data is securely shared with the data receiver using SHA256-RSA algorithm. The upshot of the proposed method are scrutinized by identifying the dissimilarities with the other existing techniques to confirm that the proposed IPSO-KELM and SHA256-RSA works well for malicious user detection and secure data sharing in the cloud.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.10
• /
• pp.2497-2513
• /
• 2013

In 2010, Dijk et al. demonstrated a simple somewhat homomorphic encryption (HE) scheme over the integers of which this simplicity came at the cost of a public key size in $\tilde{O}({\lambda}^{10})$. Although in 2011 Coron et al. reduced the public key size to $\tilde{O}({\lambda}^7)$, it is still too large for practical applications, especially for the cloud computing. In this paper, we propose a new form of somewhat HE scheme to reduce further the public key size and a variation of the scheme to optimize the ciphertext size. First of all, we propose a new somewhat HE scheme which is built on the hardness of the approximate greatest common divisor (GCD) problem of two integers, where the public key size in the scheme is reduced to $\tilde{O}({\lambda}^3)$. Furthermore, we can reduce the length of the ciphertext of the new somewhat HE scheme by applying the modular reduction technique. Additionally, we give simulation results for evaluating ability of the proposed scheme.