Your search keyword '"cloud storage"' showing total 2,637 results

1. Dynamic AES Encryption and Blockchain Key Management: A Novel Solution for Cloud Data Security

Author

Mohammed Y. Shakor, Mustafa Ibrahim Khaleel, Mejdl Safran, Sultan Alfarhood, and Michelle Zhu

Subjects

AES, blockchain, cloud computing, cloud storage, dynamic encryption, ECC, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

In the rapidly evolving realm of cloud computing security, this paper introduces an innovative solution to address persistent challenges. The proliferation of cloud technology has brought forth heightened concerns regarding data security, necessitating novel approaches to safeguarding sensitive information. The issue centers on the vulnerability of cloud-stored data, usually necessitating enhanced encryption and key management strategies. Traditional methods usually fall short in mitigating risks associated with compromised encryption keys and centralized key storage. To combat these challenges, our proposed solution encompasses a two-phase approach. In the first phase, dynamic Advanced Encryption Standard (AES) keys are generated, ensuring each file’s encryption with a unique and ever-changing key. This approach significantly enhances file-level security, curtailing an attacker’s ability to decrypt multiple files even if a key is compromised. The second phase introduces blockchain technology, where keys are securely stored with accompanying metadata, bolstering security and data integrity. Elliptic Curve Cryptography (ECC) public key encryption enhances security during transmission and storage, while also facilitating secure file sharing. In conclusion, this comprehensive approach enhances cloud security, providing robust encryption, decentralized key management, and protection against unauthorized access. Its scalability and adaptability make it a valuable asset in contemporary cloud security paradigms, assuring users of data security in the cloud.

Published

2024

2. A Blockchain-Assisted Certificateless Public Cloud Data Integrity Auditing Scheme

Author

Jianming Du, Guofang Dong, Juangui Ning, Zhengnan Xu, and Ruicheng Yang

Subjects

Cloud storage, certificateless encryption, dynamic updating, integrity auditing, privacy protection, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The utilization of cloud storage is increasingly prevalent as the field of cloud computing continues to expand. Several cloud data auditing schemes have been proposed within the academic community to guarantee the availability and integrity of cloud data. Nevertheless, several schemes rely on public key infrastructure and identity-based encryption, introducing intricate challenges associated with certificate management and key escrow. Consequently, we present a certificateless encryption-based blockchain-assisted public cloud data integrity auditing scheme for data integrity. Furthermore, our proposed scheme incorporates blockchain technology to oversee the activities of semi-trusted third-party auditors and resolve the concerns mentioned above. To enhance the efficiency of dynamic data updating and ensure data privacy security, we introduce a new data structure that combines a novel counting bloom filter and a Multi-Merkel hash tree approach. The assumption of the discrete logarithm issue determines the system’s security. In contrast, the security model of the scheme is comprehensively delineated. In the part dedicated to performance analysis, we assess the scheme’s functionality and computational cost within the framework of existing literature. The experimental results provide proof of the scheme’s comprehensive functionality and effectiveness.

Published

2023

3. A Multi-Objective Bee Foraging Learning-Based Particle Swarm Optimization Algorithm for Enhancing the Security of Healthcare Data in Cloud System

Author

Reyazur Rashid Irshad, Shahab Saquib Sohail, Shahid Hussain, Dag Oivind Madsen, Mohammed Altaf Ahmed, Ahmed Abdu Alattab, Omar Ali Saleh Alsaiari, Khalid Ahmed Abdallah Norain, and Abdallah Ahmed Alzupair Ahmed

Subjects

Healthcare, BFL-PSO, sanitization, restoration, cloud storage, degree of modification, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Cloud computing is a potential platform transforming the health sector by allowing clinicians to monitor patients in real-time using sensor technologies. However, the users tend to transmit sensitive and classified medical data back and forth to cloud service providers for centralized processing and storage. This presents opportunities for hackers to steal data, intercept data in transit, and deprive patients and healthcare providers of private information. Consequently, Security and privacy are the primary concerns that must be addressed for the healthcare organization to trust and adopt the cloud computing platform. We present data sanitization and restoration processes to generate the keys from the acquired data and develop a multi-objective function for the hiding ratio, degree of modification, and information preservation ratio. We then employed the Bee-Foraging Learning-based Particle Swarm Optimization (BFL-PSO) algorithm to acquire the optimal key while transferring healthcare data into the cloud to ensure high Security. The experiment is carried out on the UHDDS dataset. The performance is assessed in terms of Security, delay time, encryption time, error rate, and convergence speed, with the results contrasted to state-of-the-art works. The performance study demonstrates that the suggested algorithm has higher Security than cutting-edge security algorithms.

Published

2023

4. Efficient Large-Capacity Caching in Cloud Storage Using Skip-Gram-Based File Correlation Analysis

Author

Fang Xiao, Siyuan Yu, and Yuze Li

Subjects

Cache strategy, cloud storage, file correlation, hit rate, machine learning, prefetching, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Designing a high-capacity cache is an essential means of improving the accessibility of cloud storage. Compared with traditional data access, cloud storage data access presents new patterns, and traditional caching strategies cannot handle the prefetching and replacement of non-hot data very well. Numerous studies have shown that file correlation can optimize cloud storage’s caching and prefetching strategies. However, characterizing the correlation between files from multiple dimensions is quite complex, and the difficulty of optimizing cloud storage caching using file correlation increases accordingly. Based on the above shortcomings, this study designed a file similarity strategy based on skip-gram from the analysis of user access. This strategy completes the prefetching and replacing files in a high-capacity cache by judging the correlation between files. The strategy prefetches files and dynamically inserts them into the cache by judging the correlation between files. After using the prefetching strategy, we significantly improve the cache hit rate in the simulation benchmark. In addition, the strategy can establish an index table after each training completion, which consumes very little time during online operations. During training, the time required to establish the index is $O(N*log(V))$ , and the time for indexing is $O(1)$ .

Published

2023

5. CACPA: Credible Alliance-Chain-Based Public Auditing Scheme for Cloud Storage

Author

Jiahao Jiang, Xiao Tan, Lidong Han, Qi Xie, and Shengbao Wang

Subjects

Blockchain, cloud storage, public auditing, third-party auditor, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

We propose a credible alliance-chain-based public auditing scheme (CACPA) to properly address the trust problem of third-party auditor (TPA) in the traditional audit scheme for cloud storage. Based on the non-tamperability and traceability of blockchain, we design a novel incentive mechanism to enforce honest and reliable behaviors of TPA. The basic idea is to organize TPA as a group of blockchain nodes conducting mutual surveillance. Any behavior of a TPA node will be inspected by other nodes to maintain good reputation of the group, and malicious behaviors will bring severe punishments. Accordingly, we develop system model of the proposed CACPA, as well as smart contracts to deal with transactions-related issues, such as dispute resolution. Finally, performance evaluation validates that our scheme enjoys acceptable efficiency and suits for real-world applications.

Published

2023

6. A Data Deduplication Scheme Based on DBSCAN With Tolerable Clustering Deviation

Author

Yan Teng, Hequn Xian, Quanli Lu, and Feng Guo

Subjects

Deduplication, cloud storage, data popularity, DBSCAN, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

To protect data privacy, users prefer to store encrypted data in cloud servers. Cloud servers reduce the cost of storage and network bandwidth by eliminating duplicate copies. To address the potential internal data leakage problem, the concept of clustering deviation is proposed for the first time. We improve the DBSCAN algorithm to tolerate clustering deviation. A data deduplication scheme is built upon the new algorithm, which considers users as clustering samples. Instead of immediately re-clustering new users, a certain deviation is tolerated to assign the users to the existing classes. We determine the popularity of the data according to user clustering results and apply different encryption schemes to protect the security of unpopular data more effectively. The performance of the algorithm is analyzed and compared with other methods through experiments, and the results verify the feasibility and efficiency of the proposed deduplication scheme.

Published

2023

7. CIA: A Collaborative Integrity Auditing Scheme for Cloud Data With Multi-Replica on Multi-Cloud Storage Providers.

Author

Li, Tengfei, Chu, Jianfeng, and Hu, Liang

Subjects

*DATA integrity, *CLOUD storage, *AUDITING, *DATA warehousing, *DOWNLOADING, *CLOUD computing

Abstract

The emergence of cloud storage has solved many pain points of the traditional storage model. However, the issue of cloud storage data integrity - whether the cloud storage provider has kept the data intact - has raised concerns about cloud storage. Integrity auditing of cloud storage data allows users to know the integrity of the outsourced data without downloading it in its entirety. However it is not enough to know its integrity. Multi-replicas, as a common means of redundancy, improves the reliability of cloud storage data. And storing multi-replicas on multi-cloud storage providers (CSPs) enhances this feature. In a multi-replica multi-CSPs scenario, if the independence of CSPs is given full play and auditing is performed among CSPs, not only the introduction of third party auditor (TPA) can be eliminated, but also the tag generation, which is a huge computational overhead, can be removed. Inspired by this, in this paper we propose a new model for remote data integrity auditing: CIA (Collaborative Integrity Auditing). In addition to the reduction in computational overhead, the proposed scheme provides unprecedented support for free data blocking. The proposed scheme employs only hash functions in the calculation, which has a negligible computational overhead compared to the traditional bilinear pairing-based schemes. Theoretical analysis and experimental results show that the proposed scheme provides high efficiency and flexibility with security assurance, and can be used as a lightweight alternative to traditional remote data integrity auditing schemes in multi-replica multi-CSP scenarios. [ABSTRACT FROM AUTHOR]

Published

2023

8. Lightweight Public Key Authenticated Encryption With Keyword Search Against Adaptively-Chosen-Targets Adversaries for Mobile Devices.

Author

Lu, Yang and Li, Jiguo

Subjects

PUBLIC key cryptography, KEYWORD searching, BIOMETRIC identification, BIOMETRY, CASCADING style sheets, CLOUD storage

Abstract

Cloud storage services have grown extensively in recent years. For security and privacy purposes, sensitive data need to be outsourced to clouds in encrypted form. Searchable public key encryption (SPKE) enables data ciphertexts to be retrieved by keyword(s) without decryption. Unfortunately, most of the existing SPKE schemes cannot withstand the keyword guessing attack. To combat such attack, public key authenticated encryption with keyword search (PAEKS) was presented. However, the existing PAEKS schemes were proven secure under a designated-targets security model, in which an adversary only can attack a sender and a recipient designated by the challenger. Our cryptanalysis indicates that such a scheme may be insecure against the practical attacks where the adversaries choose their targets by themselves. To fight against adaptively-chosen-targets adversaries, we refine the adversary model for PAEKS by permitting the adversaries to choose their targets adaptively, and then formalize the security definitions under the improved security model. After that, we devise a lightweight PAEKS scheme that avoids the time-consuming bilinear pairing operations and give the security proofs. The comparisons show that it outperforms the existing bilinear pairing-based PAEKS schemes in both the computation and communication performance, and therefore is more suitable for the resource-constrained mobile devices. [ABSTRACT FROM AUTHOR]

Published

2022

9. Data Integrity Audit Based on Data Blinding for Cloud and Fog Environment

Author

Genqing Bian, Yanru Fu, Bilin Shao, and Fan Zhang

Subjects

Cloud and fog computing, data blinding, integrity audit, cloud storage, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Cloud-fog computing is a novel computing model that expands the functionality of cloud computing, which provides various services through fog nodes. The issue of traditional data integrity auditing are low data security, slow data processing speed and low communication efficiency. To solve these problems, this paper proposes a data integrity audit scheme based on data blinding. This scheme uses the edge devices in the transmission node to establish a fog computing layer between the cloud service provider and the data owner to reduce transmission delay. The subordinate distribution relationship and weight between fog nodes dynamically allocate the optimal path and transmit the data to reduce transmission delay. At the same time, a blind factor is added to the integrity audit in the evidence generation process to avoid data leakage. This paper gives a security model and security proof based on computational Diffie-Hellman (CDH) assumptions. The experimental results show that the fog computing layer and blind factor are introduced into the data integrity audit process, which can reduce the data communication delay effectively and improve the security of data audit.

Published

2022

10. Data Integrity Audit Scheme Based on Blockchain Expansion Technology

Author

Zhenpeng Liu, Yongjiang Feng, Lele Ren, and Weihua Zheng

Subjects

Blockchain, cloud storage, data auditing, blockchain expansion, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Increasing numbers of users are outsourcing data to the cloud, but data integrity is an important issue. Due to the decentralization and immutability of blockchain, more and more researchers tend to use blockchain to replace third-party auditors. This paper proposes a data integrity system based on blockchain expansion technology that aims to solve the problem of high cost for blockchain network maintenance and for user creation of new blocks caused by the rapid growth of blocks in the data integrity audit scheme of existing blockchain technology. Users and cloud service providers (CSP) deploy smart contracts on the main chain and sub-chains. Intensive and frequent computing work is transferred to the sub-chain for completion, and the computation results of the sub-chain are submitted to the main chain periodically or when needed to ensure its finality. The concept of non-interactive audit is introduced to avoid affecting user experience due to the communication with the CSP during the audit process. In order to ensure data security, a reward pool mechanism is introduced. Comprehensive analysis from aspects such as storage, batch auditing and data consistency proves the correctness of the scheme. Experiments on the Ethereum blockchain platform demonstrate that this scheme can effectively reduce storage and computational overhead.

Published

2022

11. Ultrahigh Fiber Count and High-Density Cables, Deployments, and Systems.

Author

Sasaki, Takashi, Sato, Fumiaki, Risch, Brian G., and Weimann, Peter A.

Subjects

CABLE structures, FIBER optics industry, CLOUD storage, DATA transmission systems, OPTICAL fibers, OPTICAL interconnects, OPTICAL fiber networks, UNDERGROUND areas

Abstract

Since the 1980s, the single-core optical fiber cable has been the essential data transmission wiring media, with ongoing increases in deployments. Its use case has broadened, with transmission distances ranging from meters to 10000s km, including intrabuilding, fiber-to-the-home (FTTH), terrestrial, and even submarine trunk lines. Currently, optical fiber cable deployment is strongly driven by cloud-based storage, X as a Service (XaaS), and worldwide data center (DC) functionality with the optical interconnection of massive servers on DC campuses. Hence, it is quite natural that the optical fiber cable industry has developed ultrahigh fiber count, high density, and small diameter optical fiber cable, e.g., 6912-fiber-count cable. With high-density cables, massive data capacity can be installed at one time while saving limited space in an underground duct. High-density cable designs have been developed not just by cable structure optimization but through the process of bundling fibers and the use of high-grade optical fibers. Moreover, many enabling technologies have been developed to support the deployment of ultrahigh fiber count cables, such as fiber identification, connectors, mass fusion splicing, and storage systems for fusion splicing points. In this article, state-of-the-art technologies and prospects for ultrahigh-count and ultrahigh-density optical fiber cables and enabling technologies are explained. [ABSTRACT FROM AUTHOR]

Published

2022

12. Blockchain-Based Offline Auditing for the Cloud in Vehicular Networks.

Author

Yu, Haiyang, Yang, Zhen, Tu, Shanshan, Waqas, Muhammad, and Liu, Huan

Abstract

The rapid growth of various vehicular apps such as automotive navigation and in-car entertainment has brought the explosion of vehicular data. Such a growth has given rise to a huge challenge of maintaining the quality of cloud storage services for the whole period of storage in vehicular networks. As a result, poor quality of services easily causes data corruption problems and thereby threats vehicular data integrity. Blockchain, a tamper-proofing technique, is considered a promising approach for mitigating data integrity risks in cloud storage. However, existing blockchain-based schemes for auditing long-term cloud data integrity suffer from poor communication performance in a vehicular network. In this study, a blockchain-based offline auditing scheme for cloud storage in the vehicular network is proposed to improve auditing performance. Inspired by the data structure of blockchain, we design an evidence chain to achieve offline auditing, which allows the cloud to spontaneously generate data integrity evidence without communicating with auditors during the evidence generation phase. Furthermore, we extend our scheme to support public and automatic validation based on the smart contract. We prove the security of the proposed scheme under the random oracle model and further provide the performance evaluation by comparing with the state-of-the-art approaches. [ABSTRACT FROM AUTHOR]

Published

2022

13. Redactable Signature-Based Public Auditing Scheme With Sensitive Data Sharing for Cloud Storage.

Author

Li, Song, Han, Jinguang, Tong, Deyu, and Cui, Jie

Abstract

To guarantee data security, the data owner needs to check the integrity of data stored remotely in the cloud server with the public auditing technique. However, the auditing result will be invalid if the data have been modified dynamically in the process of data anonymization when sharing data to others with sensitive information. In existing solutions, a data sanitizer is needed to anonymize the data and transform the signature. However, such data sanitizers introduce new security risks, and the static anonymous strategy is not flexible to different application scenarios. Therefore, we propose a new scheme based on redactable signature. In our proposed scheme, the cloud server can transform the signature directly without the additional sanitizer while sharing sensitive data. The signature transformation does not influence the integrity checking of the stored data. The signature not only can be used to authenticate the source of sharing data, but can also be used to check the integrity of the stored data in the cloud. Both the security proof and experimental analysis show that our proposed scheme is secure and more efficient than the existing schemes. [ABSTRACT FROM AUTHOR]

Published

2022

14. Indirect Revocable KP-ABE With Revocation Undoing Resistance.

Author

Rasori, Marco, Perazzo, Pericle, Dini, Gianluca, and Yu, Shucheng

Abstract

Lately, many cloud-based applications proposed attribute-based encryption (ABE) as an all-in-one solution for achieving confidentiality and access control. Within this paradigm, data producers store the encrypted data on a semi-trusted cloud server, and users, holding decryption keys issued by a key authority, can decrypt data according to some access control policy. To be used in practical cases, any ABE scheme should implement a key revocation mechanism which assures that a compromised decryption key cannot be used anymore to decrypt data. Yu et al. (2010) introduced an ABE scheme with revocation capabilities that enjoys several unique advantages, such as reactivity and efficiency. In the scheme, the cloud server is entitled to update keys and ciphertexts in order to achieve revocation. Unfortunately, the cloud server retains the power to undo the revocation of a key (revocation undoing attack) so endangering confidentiality. In this article, we propose a revocable ABE scheme that still ensures the advantages of Yu et al.’s scheme, but it also resists to the revocation undoing attack. We formally prove the security of our scheme and show through simulations that the user experiences a slightly higher computational cost with respect to Yu et al.’s scheme. [ABSTRACT FROM AUTHOR]

Published

2022

15. Privacy-Preserving Reverse Nearest Neighbor Query Over Encrypted Spatial Data.

Author

Li, Xiaoguo, Xiang, Tao, Guo, Shangwei, Li, Hongwei, and Mu, Yi

Abstract

With the advent of cloud computing, it has become more and more popular to outsource various services to the cloud for releasing the burden of local data storage and maintenance. However, it may cause serious privacy problems because the cloud may be untrusted. In this article, we study the privacy-preserving reverse nearest neighbor (PPRNN) query over encrypted spatial data. First, we introduce the concept of reference-locked order-preserving encryption (RL-OPE) with its construction and security proof, which reveals less information than traditional order-preserving encryption (OPE). Then, we present a novel PPRNN scheme in static setting based on structured encryption (SE) and the proposed RL-OPE, called sPPRNN. After that, we design a generic method that extends a PPRNN scheme in static setting to the counterpart in dynamic setting, called dPPRNN. Furthermore, we present a thorough privacy analysis of our proposal. Finally, we demonstrate its efficiency and effectiveness for practical deployment through extensive experiments. [ABSTRACT FROM AUTHOR]

Published

2022

16. Unveiling Key Performance Indicators for the Energy Efficiency of Cloud Data Storage

Author

Banijamali, Pouyeh, Fatima, Iffat, Lago, Patricia, Heitlager, Ilja, Banijamali, Pouyeh, Fatima, Iffat, Lago, Patricia, and Heitlager, Ilja

Abstract

The continuous growth of data centers prompts research into their energy impact. While some cloud providers give an overall estimate of data centers energy efficiency, there is a lack of transparency about data for individual components and functions. We explore metrics to evaluate the energy efficiency of cloud data storage in particular and represent them as Key Performance Indicators (KPIs) for organizational monitoring. To this aim, we perform an exploratory study with Schuberg Philis (SBP), a leading IT provider in the Netherlands to explore sustainability monitoring for cloud data storage. We identify the data provided by a cloud provider and explore the corresponding metrics in the academic literature. Based on the SBP's sustainability roadmap, we propose three KPIs that are developed using an existing KPI framework. These KPIs are reviewed by the experts at SBP for their correctness and added value. The study provides, (i) an overview of the energy efficiency of cloud data storage, (ii) suggested KPIs to monitor and optimize the cloud data storage to meet the SBP's sustainability goals. The KPIs are energy consumption (kW/h), storage capacity utilization (%), and capacity per watt (GB/Watt), and (iii) actions per KPI to reach the sustainability targets. The results of the study provide insights into monitoring the energy efficiency of data storage for SBP for potential optimization while building a foundation for developing similar approaches for other practitioners and for targeting sustainability concerns.

Published

2024

17. Blockchain-Based Secure Data Storage Protocol for Sensors in the Industrial Internet of Things.

Author

Lu, Junqing, Shen, Jian, Vijayakumar, P, and Gupta, B. B.

Abstract

The Industrial Internet of Things (IIoT) that introduces Internet of Things (IoT) technology into industrial environments is beneficial to construct smart factories. It utilizes various sensors to collect the data of industrial devices. These data are analyzed to improve the manufacturing efficiency and product quality. Cloud storage provides a solution for storing data outsourced, especially for sensors that have limited local storage and computational capacity. To ensure the privacy preserving of devices, the collected data should be stored in the formal ciphertext. Therefore, encrypted data sharing should be implemented to analyze the devices’ data. In this article, the cloud storage solution for sensors is considered. To achieve a secure and efficient data storage and sharing, a novel group signature scheme, which has less computation overhead and communication overhead, is designed to realize anonymous authentication first. And then, a novel blockchain-based cloud storage protocol for sensors in IIoT is constructed on basis of the proposed group signature scheme. Smart contract and proxy re-encryption are utilized in this protocol to realize secure data sharing with a less computational overhead. Furthermore, security proofs and performance evaluations demonstrate that this protocol is secure, privacy-preserving, and has at least 40% and 20% performance improvement in data storage and sharing phase, respectively. [ABSTRACT FROM AUTHOR]

Published

2022

18. A Privacy-Enhanced Retrieval Technology for the Cloud-Assisted Internet of Things.

Author

Wang, Tian, Yang, Quan, Shen, Xuewei, Gadekallu, Thippa Reddy, Wang, Weizheng, and Dev, Kapal

Abstract

In the cloud-assisted Internet of things (IoT), most of the data are sent to the cloud for storage and processing. Data privacy and security are extreme concerns since retrieving data from the cloud will yield privacy disclosure risk due to the cloud’s openness. To this end, this article proposes PERT, a privacy-enhanced retrieval technology for cloud-assisted IoT. This architecture is designed through an implicit index maintained by edge servers and a hierarchical retrieval model that preserves data privacy by hiding the information of data transmission between the cloud and the edge servers. For the hierarchical retrieval model, we designed a data partition strategy. The edge server stores partial data. In this way, data privacy is preserved since the attacker must get the data maintained by both cloud and edge servers. The detailed performance analysis and extensive experiments have displayed the effectiveness of the technology for data privacy. It is tested that the architecture can efficiently and securely retrieve the stored data while the computation cost is reduced through operation downsizing. Compared with the benchmark cloud encrypted storage model, the time cost of this method is significantly reduced when the number of users is relatively large. [ABSTRACT FROM AUTHOR]

Published

2022

19. On the Impact of Pollution Attacks on Coding-Based Distributed Storage Systems.

Author

Gaeta, Rossano

Abstract

Coding-based distributed storage systems (DSS) are employed in many diverse heterogeneous settings, e.g., cloud storage data centers, peer-to-peer systems, wireless sensor networks, fog/edge computing system, to provide better throughput, latency, reliability, scalability, load adaptation, geographical migration and fault tolerance with respect to traditional monolithic enterprise storage systems. Despite the undoubted advantages offered by coding, reliability and security are jeopardized by a pollution attack that can easily disrupt the entire system and degrade performance. In this paper we take an abstract view of a DSS and we investigate by means of mathematical modeling what are the availability, robustness, and timeliness of heterogeneous, coding-based DSS when storage nodes (SN) are unreliable and can be malicious. To this end, we focus on a class of allocations of coded fragments to SNs that we call feasible allocations; the model takes into account both reliability and reactivity of SNs. We define robust availability and timeliness of feasible allocations that we use to characterize the overall performance and robustness of the DSS in a reference scenario. Our analysis reveals that code redundancy is a double-edged sword in a DSS where malicious SNs come into play and that there exists an optimal value of code redundancy regardless all system parameters that maximizes the number of malicious SNs that can be tolerated to achieve maximum DSS performance. We also found that larger codes are preferred over short ones as they yield superior DSS performance in the presence of malicious SNs. Furthermore, when multiple feasible allocations yield the highest DSS performance timeliness can be used as a guide for the choice. Finally, heterogeneity plays a role in determining the timeliness of the maximally spread allocations in the case of targeted attacks. [ABSTRACT FROM AUTHOR]

Published

2022

20. Analysis and Enhancement of a Lattice-Based Data Outsourcing Scheme With Public Integrity Verification.

Author

Wang, Qingxuan, Cheng, Chi, Xu, Rui, Ding, Jintai, and Liu, Zhe

Abstract

Recently, Zhang et al. proposed a lattice-based data outsourcing scheme with public integrity verification (DOPIV), which enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. They employed a third party auditor (TPA) to check the integrity of the outsourced data and any TPA can verify the data integrity efficiently. DOPIV is claimed to achieve proxy-oriented secure data outsourcing as well as storage correctness guarantee. Unfortunately, we find that there exist vulnerabilities in DOPIV which allow the cloud server to simply delete the received data without being noticed by the TPA. Fortunately, we come up with a simple and efficient solution to thwart the proposed attack. Our improved scheme maintains all the features claimed in DOPIV. [ABSTRACT FROM AUTHOR]

Published

2022

21. Dynamic Proof of Data Possession and Replication With Tree Sharing and Batch Verification in the Cloud.

Author

Guo, Wei, Qin, Sujuan, Gao, Fei, Zhang, Hua, Li, Wenmin, Jin, Zhengping, and Wen, Qiaoyan

Abstract

Cloud storage attracts a lot of clients to join the paradise. For a high data availability, some clients require their files to be replicated and stored on multiple servers. Because clients are generally charged based on the redundancy level required by them, it is critical for clients to obtain convincing evidence that all replicas are stored correctly and are updated to the up-to-date version. In this article, we propose a dynamic proof of data possession and replication (DPDPR) scheme, which is proved to be secure in the defined security model. Our scheme shares a single authenticated tree across multiple replicas, which reduces the tree's storage cost significantly. Our scheme allows for batch verification for multiple challenged leaves and can verify multiple replicas in a single batch way, which considerably save bandwidth and computation resources during audit process. We also evaluate the DPDPR's performance and compare it with the most related scheme. The evaluation results show that our scheme saves almost 66 percent tree's storage cost for three replicas, and obtains almost 60 and 80 percent efficiency improvements in terms of the overall bandwidth and computation costs, respectively, when three replicas are checked and each challenged with 460 blocks. [ABSTRACT FROM AUTHOR]

Published

2022

22. Industrial Image Anomaly Localization Based on Gaussian Clustering of Pretrained Feature.

Author

Wan, Qian, Gao, Liang, Li, Xinyu, and Wen, Long

Subjects

*RECEIVER operating characteristic curves, *FEATURE extraction, *CONVOLUTIONAL neural networks, *CLOUD storage, *MANUFACTURING processes

Abstract

Anomaly localization is valuable for improvement of complex production processing in smart manufacturing system. As the distribution of anomalies is unknowable and labeled data is few, unsupervised methods based on convolutional neural network (CNN) have been studied for anomaly localization. But there are still problems for real industrial applications, in terms of localization accuracy, computation time, and memory storage. This article proposes a novel framework called as Gaussian clustering of pretrained feature (GCPF), including the clustering and inference stage, for anomaly localization in unsupervised way. The GCPF consists of three modules which include pretrained deep feature extraction (PDFE), multiple independent multivariate Gaussian clustering (MIMGC), and multihierarchical anomaly scoring (MHAS). In the clustering stage, features of normal images are extracted by pretrained CNN at the PDFE module, and then clustered at the MIMGC module. In the inference stage, features of target images are extracted and then scored for anomaly localization at the MHAS module. The GCPF is compared with the state-of-the-art methods on MVTec dataset, achieving receiver operating characteristic curve of 96.86% over all 15 categories, and extended to NanoTWICE and DAGM datasets. The GCPF outperforms the compared methods for unsupervised anomaly localization, and significantly reserves the low computation complexity and online memory storage which are important for real industrial applications. [ABSTRACT FROM AUTHOR]

Published

2022

23. Hierarchical Coding for Cloud Storage: Topology-Adaptivity, Scalability, and Flexibility.

Author

Yang, Siyi, Hareedy, Ahmed, Calderbank, Robert, and Dolecek, Lara

Subjects

*SCALABILITY, *BLOCKCHAINS, *DATA warehousing, *CLOUD storage, *INFORMATION storage & retrieval systems, *CHANNEL coding, *DATA protection

Abstract

In order to accommodate the ever-growing data from various, possibly independent, sources and the dynamic nature of data usage rates in practical applications, modern cloud data storage systems are required to be scalable, flexible, and heterogeneous. The recent rise of the blockchain technology is also moving various information systems towards decentralization to achieve high privacy at low costs. While codes with hierarchical locality have been intensively studied in the context of centralized cloud storage due to their effectiveness in reducing the average reading time, those for decentralized storage networks (DSNs) have not yet been discussed. In this paper, we propose a joint coding scheme where each node receives extra protection through the cooperation with nodes in its neighborhood in a heterogeneous DSN with any given topology. This work extends and subsumes our prior work on coding for centralized cloud storage. In particular, our proposed construction not only preserves desirable properties such as scalability and flexibility, which are critical in dynamic networks, but also adapts to arbitrary topologies, a property that is essential in DSNs but has been overlooked in existing works. [ABSTRACT FROM AUTHOR]

Published

2022

24. DssP: Efficient Dual-Server Secret Sharing Protocol Based on Password Authentication for Cloud Storage Services.

Author

Zhang, Songsong, Yong, Xie, Luo, Min, He, Debiao, and Choo, Kim-Kwang Raymond

Abstract

Ensuring the security of cloud storage services is an ongoing challenge, due to the increasingly complex and dynamic threat landscape. One particular challenge is how to design security and efficient data encryption approaches. For example, the key used to encrypt data is generally a string of long random number, and this key is uploaded to the cloud server for security. The threshold password authentication secret sharing (TPASS) protocol is commonly used to save encryption keys. However, existing TPASS protocols may not fully achieve the desired security and efficiency levels due to the complexity of the protocol design. Hence, in this article, we propose an efficient dual-server secret sharing protocol (DssP) based on password authentication for cloud storage services. In our approach, users only need to remember a simple password to achieve random key access through dual server cooperation. We then mathematically prove that DssP meets the security requirements, and also evaluate its performance to show that it has less computational and communication overheads than other similar protocols. [ABSTRACT FROM AUTHOR]

Published

2022

25. Efficient Data Sharing With Privacy Preservation Over Lattices for Secure Cloud Storage.

Author

Wang, Fenghe, Wang, Junquan, and Shi, Shaoquan

Abstract

Data sharing is a basic data processing mechanism in the cloud storage. Data confidentiality and the receiver privacy are two important requirements of data-sharing systems. Because the data owner does not wish anyone who is not authorized to access the shared data and the authenticated data receiver also does not wish anyone else to know that he/she has accessed the shared data from the data owner. Broadcast encryption gives a possible solution to these requirements of data-sharing systems. This article constructs a data-sharing system over lattice by designing an efficient identity-based broadcast encryption (IBBE) scheme which achieves the data confidentiality and the identity privacy simultaneously. Besides the data owner, no one knows the identities of the authenticated data receivers in the proposed data-sharing system. Data confidentiality is achieved by the indistinguishability under the selective identity and the chosen ciphertext attacks (IND-sID-CCA) of the proposed IBBE scheme. It is proven in the random oracle model that the IND-sID-CCA security is based on the hardness of the learning with errors problem which can resist the quantum attacks. Inherited from the proposed IBBE scheme, the proposed data-sharing system also has several other characters which are suitable to the practical application. The most important feature is that all the public parameters size, private key size, and the ciphertext length are constant for any data receivers set in the proposed system. Hence, the proposed system adapts to the situation of large receiver group. Moreover, the proposed data-sharing system supports efficient member joining. When a new user asks to access the uploaded data, the existing receiver does not need to update his/her private key. The decryption cost of the existing receiver will remain unchanged when the outsourced data have been updated. Detailed performance analysis and a simulated experiment of the designed core algorithm are given by using Java program on a personal computer Intel Core i7-8700 K (3.7 GHz), 32 G RAM which verifies the design results in this article. [ABSTRACT FROM AUTHOR]

Published

2022

26. A Practical Framework for Secure Document Retrieval in Encrypted Cloud File Systems.

Author

Fu, Junsong, Wang, Na, Cui, Baojiang, and Bhargava, Bharat K.

Subjects

*INFORMATION retrieval, *PROXY servers, *SEARCH algorithms, *CLOUD storage, *CLOUD computing

Abstract

With the development of cloud computing, more and more data owners are motivated to outsource their documents to the cloud and share them with the authorized data users securely and flexibly. To protect data privacy, the documents are generally encrypted before being outsourced to the cloud and hence their searchability decreases. Though many privacy-preserving document search schemes have been proposed, they cannot reach a proper balance among functionality, flexibility, security and efficiency. In this paper, a new encrypted document retrieval system is designed and a proxy server is integrated into the system to alleviate data owner's workload and improve the whole system's security level. In this process, we consider a more practical and stronger threat model in which the cloud server can collude with a small number of data users. To support multiple document search patterns, we construct two AVL trees for the filenames and authors, and a Hierarchical Retrieval Features tree (HRF tree) for the document vectors. A depth-first search algorithm is designed for the HRF tree and the Enhanced Asymmetric Scalar-Product-Preserving Encryption (Enhanced ASPE) algorithm is utilized to encrypt the HRF tree. All the three index trees are linked with each other to efficiently support the search requests with multiple parameters. Theoretical analysis and simulation results illustrate the security and efficiency of the proposed framework. [ABSTRACT FROM AUTHOR]

Published

2022

27. An Efficient Privacy-Preserving Public Auditing Protocol for Cloud-Based Medical Storage System.

Author

Li, Xiong, Liu, Shanpeng, Lu, Rongxing, Khan, Muhammad Khurram, Gu, Ke, and Zhang, Xiaosong

Subjects

CLOUD storage, AUDITING, MEDICAL protocols, DATA integrity, STORAGE, INTERNET of things, DIAGNOSTIC imaging

Abstract

The booming Internet of Things makes smart healthcare a reality, while cloud-based medical storage systems solve the problems of large-scale storage and real-time access of medical data. The integrity of medical data outsourced in cloud-based medical storage systems has become crucial since only complete data can make a correct diagnosis, and public auditing protocol is a key technique to solve this problem. To guarantee the integrity of medical data and reduce the burden of the data owner, we propose an efficient privacy-preserving public auditing protocol for the cloud-based medical storage systems, which supports the functions of batch auditing and dynamic update of data. Detailed security analysis shows that our protocol is secure under the defined security model. In addition, we have conducted extensive performance evaluations, and the results indicate that our protocol not only remarkably reduces the computational costs of both the data owner and the third-party auditor (TPA), but also significantly improves the communication efficiency between the TPA and the cloud server. Specifically, compared with other related work, the computational cost of the TPA in our protocol is negligible and the data owner saves more than $2/3$ of computational cost. In addition, as the number of challenged blocks increases, our protocol saves nearly 90% of communication overhead between the TPA and the cloud server. [ABSTRACT FROM AUTHOR]

Published

2022

28. Watermarking-Based Secure Plaintext Image Protocols for Storage, Show, Deletion and Retrieval in the Cloud.

Author

Dong, Xiaojuan, Zhang, Weiming, Shah, Mohsin, Wang, Bei, and Yu, Nenghai

Abstract

In this article, we propose secure plaintext image storage protocols in the cloud environment for image owners managing and controlling their outsourced images. To solve control and privacy issues, conventional schemes suggest outsourcing images in the encrypted form. However, encrypted images lose their usability and visibility. For example, image owners cannot quickly find their stored images in the cloud. The proposed protocols encourage plaintext image storage in the cloud with copyright protection of images, visible display, lossless retrieval and controlled deletion via techniques of homomorphic encryption and digital watermarking. We allow the image owner to embed and remove the watermark in a privacy-preserving way without compromising the security of the original data and the computed results. Moreover, the image owner can securely detect the cloud's dishonest act of not completely deleting an image as required or leaking an image without permission. Compared with existing works, our work achieves more functions. We prove that the proposed work achieves the controllable management of the outsourced plaintext images without privacy leakage to unauthorized parties and demonstrate the utility and the efficiency of our protocols through experimental evaluation. [ABSTRACT FROM AUTHOR]

Published

2022

29. Enabling Secure and Space-Efficient Metadata Management in Encrypted Deduplication.

Author

Li, Jingwei, Huang, Suyu, Ren, Yanjing, Yang, Zuoru, Lee, Patrick P. C., Zhang, Xiaosong, and Hao, Yao

Subjects

*METADATA, *DATA warehousing, *MAXIMUM likelihood statistics

Abstract

Encrypted deduplication combines encryption and deduplication in a seamless way to provide confidentiality guarantees for the physical data in deduplicated storage, yet it incurs substantial metadata storage overhead due to the additional storage of keys. We present a new encrypted deduplication storage system called ${\sf Metadedup}$ Metadedup , which suppresses metadata storage by also applying deduplication to metadata. Its idea builds on indirection, which adds another level of metadata chunks that record metadata information. We find that metadata chunks are highly redundant in real-world workloads and hence can be effectively deduplicated. We further extend ${\sf Metadedup}$ Metadedup to incorporate multiple servers via a distributed key management approach, so as to provide both fault-tolerant storage and security guarantees. We extensively evaluate ${\sf Metadedup}$ Metadedup from performance and storage efficiency perspectives. We show that ${\sf Metadedup}$ Metadedup achieves high throughput in writing and restoring files, and saves the metadata storage by up to 93.94 percent for real-world backup workloads. [ABSTRACT FROM AUTHOR]

Published

2022

30. HF-TPE: High-Fidelity Thumbnail- Preserving Encryption.

Author

Zhang, Yushu, Zhao, Ruoyu, Xiao, Xiangli, Lan, Rushi, Liu, Zhe, and Zhang, Xinpeng

Subjects

*CLOUD storage, *DATA privacy, *IMAGE encryption, *PERCEIVED quality, *USER experience, *PRIVACY

Abstract

With the popularity of cloud storage services, people are increasingly accustomed to storing images in the cloud. However, cloud storage services raise privacy concerns, e.g., leakage of images to unauthorized third parties and service providers may exploit image detection technologies to portrait users without permission. Although privacy concerns can be solved by encrypting images before they are uploaded to the cloud, traditional encryption methods significantly affect the usability and user experience, for example, users cannot preview images in the cloud. Recently, Marohn et al. proposed two approximate thumbnail-preserving encryption schemes, called DRPE and TPE-LSB, to balance the privacy and usability of images in the cloud. However, both schemes have defects that either the decryption may fail or the ciphertext images have poor performance in perceived quality and too many noise points after decryption. To this end, we pertinently propose a high-fidelity thumbnail-preserving encryption scheme (HF-TPE). Compared with the previous works, on the one hand, the HF-TPE scheme not only ensures the correct decryption of ciphertext images, but also makes the ciphertext thumbnails more close to the plaintext images perceptually. On the other hand, the decrypted thumbnails have lower noise intensity and upper limit of the number of noises. In addition, simulation experiments further show that the HF-TPE scheme can guarantee users’ usability. [ABSTRACT FROM AUTHOR]

Published

2022

31. TABE-DAC: Efficient Traceable Attribute-Based Encryption Scheme With Dynamic Access Control Based on Blockchain

Author

Lifeng Guo, Xiaoli Yang, and Wei-Chuen Yau

Subjects

Access control, key abuse, private data, cloud storage, attribute-based encryption, confidentiality, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The features of decentralization and tamper-proof enable blockchain to be an emerging technology for integrity protection of important data stored on it. Blockchains are also used to combine with cloud storage for access control and sharing of private data. To protect the confidentiality of the private data, attribute-based encryption (ABE) schemes that can provide one-to-many encryption are commonly used as the solutions. However, there are problems, such as inefficiency, key abuse, and inflexibility of access control policy, when adopting ABE solutions. This paper proposes an efficient traceable attribute-based encryption with dynamic access control (TABE-DAC) scheme based on blockchain for fine-grained sharing of encrypted private data on cloud. The proposed TABE-DAC scheme supports traceability for the accountability of malicious users who leak the private key. The proposed solution also realizes dynamic access control where data owners have the flexibility to update access control policy. We also prove the security of the proposed TABE-DAC scheme. Finally, through theoretical comparison and experimental analysis, we verify the efficiency of the proposed solution.

Published

2021

32. Efficient Auditing Scheme for Secure Data Storage in Fog-to-Cloud Computing

Author

Xingjun Zhang and Wei Si

Subjects

MAC, homomorphic MAC, cloud storage, fog-to-cloud computing, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Fog-to-cloud computing has now become a new cutting-edge technique along with the rapid popularity of Internet of Things (IoT). Unlike traditional cloud computing, fog-to-cloud computing needs more entities to participate in, including mobile sinks and fog nodes except for cloud service provider (CSP). Hence, the integrity auditing in fog-to-cloud storage will also be different from that of traditional cloud storage. In the recent work of Tian et al., they took the first step to design public auditing system for fog-to-cloud computing. However, their scheme becomes very inefficient since they uses intricate public key cryptographic techniques, including bilinear mapping, proof of knowledge etc. In this paper, we design a general and more efficient auditing system based on MAC and HMAC, both of which are popular private key cryptographic techniques. By implementing MAC and HMAC, we give a concrete instantiation of our auditing system. Finally, the theoretical analysis and experiment results show that our proposed system has more efficiency in terms of communication and computational costs.

Published

2021

33. Efficient Revocable Multi-Authority Attribute-Based Encryption for Cloud Storage

Author

Yang Ming, Baokang He, and Chenhao Wang

Subjects

Attribute-based encryption, multi-authority, revocation, elliptic curve cryptography, cloud storage, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

As is known, attribute-based encryption (ABE) is usually adopted for cloud storage, both for its achievement of fine-grained access control over data, and for its guarantee of data confidentiality. Nevertheless, single-authority attribute-based encryption (SA-ABE) has its obvious drawback in that only one attribute authority can assign the users’ attributes, enabling the data to be shared only within the management domain of the attribute authority, while rendering multiple attribute authorities unable to share the data. On the other hand, multi-authority attribute-based encryption (MA-ABE) has its advantages over SA-ABE. It can not only satisfy the need for the fine-grained access control and confidentiality of data, but also make the data shared among different multiple attribute authorities. However, existing MA-ABE schemes are unsuitable for the devices with resources-constraint, because these schemes are all based on expensive bilinear pairing. Moreover, the major challenge of MA-ABE scheme is attribute revocation. So far, many solutions in this respect are not efficient enough. In this paper, on the basis of the elliptic curves cryptography, we propose an efficient revocable multi-authority attribute-based encryption (RMA-ABE) scheme for cloud storage. The security analysis indicates that the proposed scheme satisfies indistinguishable under adaptive chosen plaintext attack assuming hardness of the decisional Diffie-Hellman problem. Compared with the other schemes, the proposed scheme gets its advantages in that it is more economical in computation and storage.

Published

2021

34. Integrity Auditing for Multi-Copy in Cloud Storage Based on Red-Black Tree

Author

Zhenpeng Liu, Yi Liu, Xianwei Yang, and Xiaofei Li

Subjects

Cloud storage, data integrity auditing, red-black tree, dynamic data update, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

With the rapid development of cloud storage, cloud users are willing to store data in the cloud storage system, and at the same time, the requirements for the security, integrity, and availability of data storage are getting higher and higher. Although many cloud audit schemes have been proposed, the data storage overhead is too large and the data cannot be dynamically updated efficiently when most of the schemes are in use. In order to solve these problems, a cloud audit scheme for multi-copy dynamic data integrity based on red-black tree full nodes is proposed. This scheme uses ID-based key authentication, and improves the classic Merkel hash tree MHT to achieve multi-copy storage and dynamic data manipulation, which improves the efficiency of real-time dynamic data update (insertion, deletion, modification). The third-party audit organization replaces users to verify the integrity of data stored on remote cloud servers, which reduces the computing overhead and system communication overhead. The security analysis proves that the security model based on the CDH problem and the DL problem is safe. Judging from the results of the simulation experiment, the scheme is safe and efficient.

Published

2021

35. An Efficient Data Auditing Protocol With a Novel Sampling Verification Algorithm

Author

Xuelian Li, Lisha Chen, and Juntao Gao

Subjects

Cloud storage, data auditing, dynamic structure, sampling verification, smart contract, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Currently, data auditing is an important means to check the integrity of the data stored on the cloud. Existing data auditing schemes have done a lot of work in terms of functionality, implementation, and security. As we can see, all of these schemes are based on the auditing framework proposed by Ateniese et al., which uses random sampling to probabilistically check whether the data is integrity or not. But multiple repeated sampling may lead to an intersection between the challenge sets selected each time, reducing the probability of detection, and the time for detecting corrupted blocks will be indefinite. If the corrupted data is not found for a long time, the data remedial measures will become invalid, resulting in permanent data loss. To address the above problem, we designed an efficient sampling verification algorithm. Based on this algorithm, the auditing scheme is further optimized, and a dynamic auditing function has been developed for the scheme to facilitate data owners to update data. Through the security analysis, our scheme is soundness. The experiment shows that our sampling verification can detect corrupted blocks faster than other auditing schemes.

Published

2021

36. Auto-Tuning Parameters for Emerging Multi-Stream Flash-Based Storage Drives Through New I/O Pattern Generations.

Author

Bhimani, Janki, Maruf, Adnan, Mi, Ningfang, Pandurangan, Rajinikanth, and Balakrishnan, Vijay

Subjects

*CLOUD storage, *REWARD (Psychology), *SOLID state drives, *OPTICAL disks, *ELECTRONIC data processing, *BIG data, *GRAPHICAL user interfaces

Abstract

In the era of big data processing, more and more data centers in cloud storage are now replacing traditional HDDs with enterprise SSDs. Both developers and users of these SSDs require thorough benchmarking to evaluate and configure the variable parameters of emerging technologies. and are the recent development of the SSD industry, which assists in placing data on SSDs in a smart way to improve application performance and SSD endurance. The challenging part to use multi-stream SSDs is to assign stream IDs to incoming writes, such that each stream consists of data with a similar lifetime. The benefit of the stream management algorithms varies over different workloads. Thus, first, we propose a new framework, called Pattern I/O generator (PatIO), to capture the enterprise storage behavior that is prevailing across various user workloads, virtualization setup, file systems, and volume managers for the database server applications on flash-based storage. Second, using PatIO, we study what type of applications may be benefited by which stream assignment algorithm. Third, we design the framework to automatically tune the variable parameters of different stream identification algorithms of the multi-stream SSDs. Our evaluation shows 20 to 110 percent of the reward function increase, measuring the cumulative impact on application performance and SSD endurance. [ABSTRACT FROM AUTHOR]

Published

2022

37. MDev-NVMe: Mediated Pass-Through NVMe Virtualization Solution With Adaptive Polling.

Author

Peng, Bo, Yao, Jianguo, Dong, Yaozu, and Guan, Haibing

Subjects

*CLOUD storage, *PARALLEL processing, *CLOUD computing, *SERVER farms (Computer network management), *DATA warehousing, *NONVOLATILE memory, *SCALABILITY

Abstract

The fast access to data and high parallel processing in high-performance computing instigates an urgent demand on the improvement of the NVMe storage within modern data centers. However, the former NVMe virtualization’s unsatisfactory performance demonstrates that NVMe devices are often underutilized within cloud platforms. An NVMe virtualization mechanism with high performance and device sharing has captured researchers and developers’ attention. This article introduces MDev-NVMe, a new virtualization solution for NVMe storage device with (1) full NVMe storage virtualization for VMs running native NVMe driver, (2) a mediated pass-through mechanism for NVMe management, and (3) adaptive configuration of active polling optimization to simultaneously achieve high throughput, low latency performance, and substantial device scalability. We practically implement the MDev-NVMe as a Linux kernel module. This article subsequently evaluates MDev-NVMe with Intel OPTANE and P3600 SSD by comparing several mainstream NVMe virtualization mechanisms using application-level I/O benchmarks. MDev-NVMe with active polling can demonstrate a 142 percent improvement over native (interrupt-driven) throughput and over 2.5 × the Virtio throughput with only 70 percent native average latency and 31 percent Virtio average latency. Finally, the advantages of MDev-NVMe and the importance of adaptive polling are discussed, offering evidence that MDev-NVMe is a superior virtualization choice for cloud storage. [ABSTRACT FROM AUTHOR]

Published

2022

38. Achieving Secure and Dynamic Range Queries Over Encrypted Cloud Data.

Author

Yang, Wei, Geng, Yangyang, Li, Lu, Xie, Xike, and Huang, Liusheng

Subjects

*KEYWORD searching, *CLOUD storage, *CLOUD computing, *JOB performance, *PRIVACY

Abstract

Cloud computing is motivating data owners to outsource their databases to the cloud. However, for privacy concerns, the sensitive data has to be encrypted before outsourcing, which inevitably posts a challenging task for effective data utilization. Existing work either focuses on keyword searches, or suffers from inadequate security guarantees or inefficiency. In this paper, we concentrate on multi-dimensional range queries over dynamic encrypted cloud data. We first propose a tree-based private range query scheme over dynamic encrypted cloud data (TRQED), which supports faster-than-linear range queries and protects single-dimensional privacy. Then, we discuss the defects of TRQED in terms of privacy-preservation. We modify the framework of the system by adopting a two-server model and put forward a safer range query scheme, called TRQED $^{+}$ + . By newly designed secure node query (SNQ) and secure point query (SPQ), we propose the perturbation-based oblivious R-tree traversal (ORT) operation to preserve both path pattern and stronger single-dimensional privacy. Finally, we conduct comprehensive experiments on real-world datasets and perform comparisons with existing works to evaluate the performance of the proposed schemes. Experimental results show that our TRQED and TRQED $^+$ + surpass the state-of-the-art methods in privacy-preservation level and efficiency. [ABSTRACT FROM AUTHOR]

Published

2022

39. DOPIV: Post-Quantum Secure Identity-Based Data Outsourcing with Public Integrity Verification in Cloud Storage.

Author

Zhang, Xiaojun, Zhao, Jie, Xu, Chunxiang, Wang, Huaxiong, and Zhang, Yuan

Abstract

Public verification enables cloud users to employ a third party auditor (TPA) to check the data integrity. However, recent breakthrough results on quantum computers indicate that applying quantum computers in clouds would be realized. A majority of existing public verification schemes are based on conventional hardness assumptions, which are vulnerable to adversaries equipped with quantum computers in the near future. Moreover, new security issues need to be solved when an original data owner is restricted or cannot access the remote cloud server flexibly. In this paper, we propose an efficient identity-based data outsourcing with public integrity verification scheme (DOPIV) in cloud storage. DOPIV is designed on lattice-based cryptography, which achieves post-quantum security. DOPIV enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. Any TPA can perform data integrity verification efficiently on behalf of the original data owner, without retrieving the entire data set. Additionally, DOPIV possesses the advantages of being identity-based systems, avoiding complex certificate management procedures. We provide security proofs of DOPIV in the random oracle model, and conduct a comprehensive performance evaluation to show that DOPIV is more practical in post-quantum secure cloud storage systems. [ABSTRACT FROM AUTHOR]

Published

2022

40. Achieve Efficient and Verifiable Conjunctive and Fuzzy Queries over Encrypted Data in Cloud.

Author

Shao, Jun, Lu, Rongxing, Guan, Yunguo, and Wei, Guiyi

Abstract

Due to the high demands of searchability over encrypted data, searchable encryption (SE) has recently received considerable attention and been widely suggested in encrypted cloud storage. Typically, the cloud server is assumed to be honest-but-curious in most SE-based cloud storage systems, i.e., the cloud server should follow the protocol to return valid and complete search results to users. However, this trust assumption is not always true due to some unanticipated situations, such as misconfigurations and malfunctions. Therefore, the function of verifiability of search results becomes crucial for the success of SE-based cloud storage systems. For this reason, many verifiable SE schemes have been proposed; however, they either fail to support query operators “OR”, “AND”, “ $\ast$ * ” and “?” simultaneously, or require many time-consuming operations. Aiming at addressing this problem, in this paper, we propose a new verifiable SE scheme for encrypted cloud storage. The proposed scheme is characterized by integrating various techniques, i.e., bitmap index, radix tree, format preserving encryption, keyed-hash message authentication code and symmetric key encryption, for achieving efficient and verifiable conjunctive and fuzzy queries over encrypted data in the cloud. Detailed security analysis shows that our proposed scheme holds the confidentiality of data and verifiability of search results at the same time. In addition, extensive experiments are conducted, and the results demonstrate our proposed scheme is efficient and suitable for users to retrieve their data from the cloud to their mobile devices. [ABSTRACT FROM AUTHOR]

Published

2022

41. A Lightweight Auditing Service for Shared Data with Secure User Revocation in Cloud Storage.

Author

Rabaninejad, Reyhaneh, Attari, Mahmoud Ahmadian, Asaar, Maryam Rajabzadeh, and Aref, Mohammad Reza

Abstract

As data sharing has become one of the most popular services offered by cloud storage, designing public auditing mechanisms for integrity of shared data becomes more important. Two problems which arise in shared data auditing include preserving users identity and collusion resistant revocation of users. When data stored at the cloud is shared among a group of users, different users may modify and sign different data blocks which leaks signer identities to the public verifier. Also, when a user is revoked from the group, signatures generated by this user should be re-signed by the cloud server using re-signature keys. In addition, collusion of cloud server and the revoked user should leak no information about the private key of other users. In this paper, by employing a new proxy re-signature scheme, we propose a public shared data auditing mechanism that provides identity privacy and collusion resistant user revocation, simultaneously. The proposed protocol requires only lightweight computations at the user side for signing data blocks in real-time online phase. Moreover, our protocol supports large dynamic group of users, batch auditing and dynamic data operations. Experimental results demonstrate excellent efficiency of our scheme in comparison to the state of the art. [ABSTRACT FROM AUTHOR]

Published

2022

42. A Throughput-Oriented NVMe Storage Virtualization With Workload-Aware Management.

Author

Peng, Bo, Yang, Ming, Yao, Jianguo, and Guan, Haibing

Subjects

*STORAGE, *CLOUD storage, *ELECTRONIC data processing, *RESOURCE management, *NONVOLATILE memory, *SCALABILITY

Abstract

Storage virtualization is an important component of large-scale online services in multi-tenant clouds. It typically shares the physical storage among guest machines and performs transactional operations for high-performance data processing. However, even with the recent mediated pass-through virtualization optimization, the operations of multi-tenant storage I/O meet the bottleneck, and thus degrade the throughput performance of the cloud storage services. We observe that the root cause of the problem is the unawareness of varying and imbalanced workload inefficiency of resource management in the multi-tenant cloud storage setting. In this paper, we present FinNVMe, a new throughput-oriented NVMe storage virtualization management mechanism, that (1) passes-through I/O performance-critical resources and emulates privileged resources to provide high throughput in a workload-aware manner among multi-tenant VMs, (2) enables fine-grained scheduling for I/O resources to achieve promising flexibility and scalability with respective to virtualization, and (3) adopts the queue binding and the queue shuffling to reduce the virtualization and management overhead, and involves active polling for further I/O acceleration. This article subsequently evaluates FinNVMe with micro benchmarks on two typical scenarios (both balanced and imbalanced workload) and the real-world storage workloads to show its high throughput performance, along with the flexibility and scalability of virtualization and resource management. For example, FinNVMe achieves up to 20 percent throughput improvement with more stable latency in the varying and imbalanced workload. [ABSTRACT FROM AUTHOR]

Published

2021

43. Joint IT-Facility Optimization for Green Data Centers via Deep Reinforcement Learning.

Author

Zhou, Xin, Wang, Ruihang, Wen, Yonggang, and Tan, Rui

Subjects

*REINFORCEMENT learning, *DEEP learning, *SERVER farms (Computer network management), *ENERGY consumption, *TROPICAL conditions, *CLOUD storage, *INFORMATION technology

Abstract

The data center market grows rapidly with the increase of data and its corresponding applications (e.g., machine learning, cloud storage, Internet of Things, and so on). The growth is boosted recently due to the shift of activities online during the COVID-19 pandemic. Reducing the energy consumption of data centers faces various challenges that are further aggravated by the tropical conditions with high temperature and humidity in the tropics like Singapore. The prevailing siloed approach of operating the information technology (IT) and the facility systems separately has resulted in wasteful over-provisioning. The recently proposed approaches for energy usage minimization under various constraints including thermal safety scale poorly with the data center size and often result in non-optimal solutions. To advance the state of the art, we apply deep reinforcement learning (DRL) to address the scalability problem and achieve optimality over a long time horizon in reducing data center energy usage. In particular, we deploy the data-driven deep model and physical rule based model in lieu of the physical data center during the training and validation phases to manage the thermal safety risks caused by DRL's strategy of learning from errors. [ABSTRACT FROM AUTHOR]

Published

2021

44. Verifiable Spatial Range Query Over Encrypted Cloud Data in VANET.

Author

Meng, Qian, Weng, Jian, Miao, Yinbin, Chen, Kefei, Shen, Zhonghua, Wang, Fuqun, and Li, Zhijun

Subjects

*CLOUD storage, *ELECTRONIC data processing, *VEHICULAR ad hoc networks, *DATA warehousing

Abstract

With the popularization of the geo-positioning technologies and Location Based Service (LBS), the spatial range query has gained increasing attention in VANET. To eliminate local data storage and computation burden, the data owner outsources his/her spatial data and the processing of range query tasks to location based service providers. However, outsourcing tasks may bring the risk of privacy leakage as location based service providers and clients, including data owner and data users are not in the same trusted domain. Besides, malicious service providers may forge or tamper retrieval results due to interest incentives such as saving storage or computational capacity. Therefore, we first propose and construct the Verifiable Spatial Range Query (VSRQ) scheme in VANET by using the hierarchical cell based encoding method, G-tree and the accumulator. To guarantee the correctness and completeness of search results, we leverage an accumulator-based technology. Then, we develop an improved G-tree to accelerate query processing and extend it to support multi-dimensional range queries. Security analysis shows that basic VSRQ and extension of VSRQ schemes are secure in terms of the privacy of index and confidentiality of spatial data. Extensive experiments further show that, basic (or extension of) VSRQ scheme can achieve result integrity while supporting spatial range query and lower computational and storage burden compared with existing schemes. [ABSTRACT FROM AUTHOR]

Published

2021

45. Lightweight Certificate-Based Public/Private Auditing Scheme Based on Bilinear Pairing for Cloud Storage

Author

Feng Wang, Li Xu, Kim-Kwang Raymond Choo, Yuexin Zhang, Huaqun Wang, and Jiguo Li

Subjects

Certificate-based auditing, public/private auditing, lightweight, provable data possession, cloud storage, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Ensuring the integrity of outsourced data is one of several functional requirements in cloud storage services, although designing an effective and secure public auditing scheme remains an ongoing research challenge. For example, a number of existing schemes are designed based on symmetric bilinear pairing, which are computationally expensive. While certificate-based auditing schemes can simplify certificate management and mitigate key escrow concern, such schemes are not popular in the literature. Therefore, we propose a lightweight certificate-based public/private auditing scheme based on asymmetric bilinear pairing for cloud storage. Specifically, we describe a new method of designing lightweight auditing schemes. Additionally, our proposed scheme is proven to be secure in the random oracle model. We then implement our scheme by using type D curve of the pairing-based library. The findings demonstrate that our auditing scheme significantly reduces client's computation cost in the tag-generation (TagGen) phase, particularly in comparison to several other competing schemes. For example, when the block size is 10 KB, our on-line computation cost in the TagGen phase takes only 0.45 seconds, while it requires at least 62.83 seconds in other schemes. Furthermore, the findings show that when the number of blocks is fixed, the on-line computation cost in our TagGen phase is constant despite varying file sizes.

Published

2020

46. An Improved Authentication Scheme for Remote Data Access and Sharing Over Cloud Storage in Cyber-Physical-Social-Systems

Author

Zahid Ghaffar, Shafiq Ahmed, Khalid Mahmood, Sk Hafizul Islam, Mohammad Mehedi Hassan, and Giancarlo Fortino

Subjects

Authentication, cloud storage, data sharing, data owner, impersonation attack, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Cyber-physical-social systems (CPSSs) epitomize an evolving paradigm, including the social, physical, and cyber world. The vital goal of CPSSs is to offer personalized, high-quality, and proactive services for the end-users. An ingenious framework for reliable services is required for CPSSs to achieve this purpose. In this regard, the cloud storage environment of cloud computing (having a great connection with the physical, cyber, and social world) requires a reliable framework for secure communication between cloud and users. Cloud storage provides various services that need scalable, cost-effective, and secure facilities of data management. Public cloud storage bound its users to maintain strict security considerations that are offered by cloud service providers. On the other hand, an opportunity for users is offered by private cloud storage to construct a controlled and self-managed model of data security. This mobile model is responsible for managing the sharing and accessing of data privately. Despite that, it induces new challenges of data security. One censorious problem is to ensure the authenticated and secure model of data-storage for accessing the data under the controlled environment of data accessibility. To tackle this challenge, many protocols have been developed. The problem is that all these protocols are unable to fulfill the required security efficiency and are susceptible to various security attacks. Recently, Tiwari et al. presented an authentication scheme for data sharing and access with a biometric feature. They claimed that their scheme resists significant security attacks. However, in this article, we show that the claim of Tiwari et al. for developing a secure scheme is not valid, and their protocol is insecure against user and server impersonation attacks. Moreover, the protocol of Tiwari et al. do not provide user anonymity. Therefore, we present an enhanced, secure, and convenient scheme for data access. Besides, in order to add the flexible distribution of data that is controlled by data-owner, our protocol provides proxy re-encryption in which the cloud server utilizes the proxy re-encryption key. Then, the data-owner generates the credential token during decryption for controlling user's accessibility. The security analysis determines that our proposed protocol resists numerous security attacks. Furthermore, performance analysis determines that our protocol has practical computation, communication, and storage costs as compared to various related protocols. Consequently, our introduced protocol achieves not only the security goals but also has performance efficiency comparable to numerous relevant protocols of cloud storage.

Published

2020

47. LDVAS: Lattice-Based Designated Verifier Auditing Scheme for Electronic Medical Data in Cloud-Assisted WBANs

Author

Xiaojun Zhang, Chao Huang, Yuan Zhang, Jingwei Zhang, and Jie Gong

Subjects

Wireless body area networks, cloud storage, designated verifier auditing, lattice-based problems, post-quantum security, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Data integrity has become an extremely important security issue in cloud-assisted wireless body area networks (WBANs). As accurate medical diagnostic analysis is heavily based on outsourced electronic medical data in cloud storage, any corrupted data may lead to fateful consequences. Data auditing contributes to medical data integrity verification, but most of existing data auditing schemes are vulnerable to attackers equipped with practical quantum-computing devices, which are very likely to be invented in the near future. Besides, in many scenarios, a patient has no capability to execute medical data integrity verification personally, he/she has to specify a verifier to complete data auditing. To this end, we present an efficient lattice-based designated verifier auditing scheme (LDVAS), which could be well deployed in cloud-assisted WBANs. In particular, LDVAS enables a patient to designate a unique verifier to execute data auditing in post-quantum secure settings, and any others cannot fulfil such task without the approval of the patient. We formally prove the security of LDVAS based on the hardness assumptions of lattice-based problems. The performance evaluation demonstrates the high efficiency and feasibility of LDVAS on the side of the designated verifier.

Published

2020

48. Investigation of Optimal Data Encoding Parameters Based on User Preference for Cloud Storage

Author

Vikas Chouhan and Sateesh K. Peddoju

Subjects

Cloud computing, cloud storage, availability, storage cost, Reed-Solomon, erasure coding, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The erasure encoding scheme creates multiple coded data and parity fragments to protect the data from the losses. Nowadays, most storage systems like cloud storage utilize the erasure coding scheme to attain superior data consistency, reliability, and availability. Most of the existing literature focuses on either the cost of recovery or overhead due to the redundant storage without considering the interests of the users, such as high reliability and lower storage cost. We believe that the storage service provider should choose an appropriate encoding scheme with optimal values of two encoding parameters, i.e., data fragments and parity fragments. The values of these encoding parameters depend on the size of the input data and the Quality of Service (QoS) requirements of the users, such as storage efficiency, availability, and recoverability. These parameters play a crucial role in providing higher reliability and lower storage costs. Therefore, in this paper, we investigate to identify optimal parameters to provide higher reliability and lower storage cost while considering the user's preferences. We present the analysis of the Reed-Solomon coding scheme from the perspective of storage overhead, the probability of data availability, data recoverability, and storage efficiency to identify the optimal values of encoding parameters. We performed the experiments on the Reed-Solomon encoding schemes, and results are reported.

Published

2020

49. Dynamic Multiple-Replica Provable Data Possession in Cloud Storage System

Author

Yilin Yuan, Jianbiao Zhang, and Wanshan Xu

Subjects

Cloud storage, data security, provable data possession, dynamic operation, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

In cloud storage scenarios, data security has received considerably more attention than before. To ensure the reliability and availability of outsourced data and improve disaster resilience and data recovery ability, important data files possessed by users must be stored on multiple cloud service providers (CSPs). However, we know that CSP is invariably not reliable. In this situation, to verify the integrity of replica files stored by users on multiple CSPs simultaneously, a new dynamic multiple-replica provable data possession (DMR-PDP) scheme is proposed. In addition, due to the importance of the tag set, we utilize vector dot products instead of using the modular power calculation in the traditional PDP scheme, which greatly reduces the calculation time and storage space usage. Moreover, a novel dynamic data structure, the divided address-version mapping table (DAVMT), is presented and used to solve the problem of data dynamic operation. A practical experiment validates the effectiveness of our proposed scheme in the end.

Published

2020

50. A Parallel and Forward Private Searchable Public-Key Encryption for Cloud-Based Data Sharing

Author

Biwen Chen, Libing Wu, Li Li, Kim-Kwang Raymond Choo, and Debiao He

Subjects

Data sharing, cloud storage, searchable encryption, parallel search, forward privacy, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Data sharing through the cloud is flourishing with the development of cloud computing technology. The new wave of technology will also give rise to new security challenges, particularly the data confidentiality in cloud-based sharing applications. Searchable encryption is considered as one of the most promising solutions for balancing data confidentiality and usability. However, most existing searchable encryption schemes cannot simultaneously satisfy requirements for both high search efficiency and strong security due to lack of some must-have properties, such as parallel search and forward security. To address this problem, we propose a variant searchable encryption with parallelism and forward privacy, namely the parallel and forward private searchable public-key encryption (PFP-SPE). PFP-SPE scheme achieves both the parallelism and forward privacy at the expense of slightly higher storage costs. PFP-SPE has similar search efficiency with that of some searchable symmetric encryption schemes but no key distribution problem. The security analysis and the performance evaluation on a real-world dataset demonstrate that the proposed scheme is suitable for practical application.

Published

2020