Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption

Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption Cloud computing is a revolutionary computing paradigm, which enables flexible, on-demand, and low-cost usage of computing resources, but the data is outsourced to some cloud servers, and various privacy concerns emerge from it. Various schemes based on the attribute-based encryption have been proposed to secure the cloud storage. However, most work focuses on the data contents privacy and the access control, while less attention is paid to the privilege control and the identity privacy. A semi-anonymous privilege control…

Read More

Effective Authentic and Anonymous Data Sharing with Forward Security

Effective Authentic and Anonymous Data Sharing with Forward Security Data sharing has never been easier with the advances of cloud computing, and an accurate analysis on the shared data provides an array of benefits to both the society and individuals. Data sharing with a large number of participants must take into account several issues, including efficiency, data integrity and privacy of data owner. Ring signature is a promising candidate to construct an anonymous and authentic data sharing system. It allows a data owner to anonymously authenticate his data which can…

Read More

Privacy-Preserving Ciphertext Multi-Sharing Control for Big Data Storage

Privacy-Preserving Ciphertext Multi-Sharing Control for Big Data Storage The need of secure big data storage service is more desirable than ever to date. The basic requirement of the service is to guarantee the confidentiality of the data. However, the anonymity of the service clients, one of the most essential aspects of privacy, should be considered simultaneously. Moreover, the service also should provide practical and fine-grained encrypted data sharing such that a data owner is allowed to share a ciphertext of data among others under some specified conditions. A privacy-preserving ciphertext…

Read More

Vmbuddies: coordinating live migration of multi-tier applications in cloud environments

Enabled by virtualization technologies, various multi-tier applications are hosted by virtual machines (VMs) in cloud data centers. Live migration of multi-tier applications across geographically distributed data centers is important for load management, power saving, routine server maintenance and quality-of-service. Different from a single-VM migration, VMs in a multi-tier application are closely correlated, which results in a correlated VM migrations problem. Current live migration algorithms for single-VM cause significant application performance degradation because intermediate data exchange between different VMs suffers relatively low bandwidth and high latency across distributed data centers. A…

Read More

A Hybrid Cloud Approach for Secure Authorized Deduplication

A Hybrid Cloud Approach for Secure Authorized Deduplication Data deduplication is one of important data compression techniques for eliminating duplicate copies of repeating data, and has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the confidentiality of sensitive data while supporting deduplication, the convergent encryption technique has been proposed to encrypt the data before outsourcing. To better protect data security, this work makes the first attempt to formally address the problem of authorized data deduplication. Different from traditional deduplication systems,…

Read More

Truthful Greedy Mechanisms for Dynamic Virtual Machine Provisioning and Allocation in Clouds

Truthful Greedy Mechanisms for Dynamic Virtual Machine Provisioning and Allocation in Clouds A major challenging problem for cloud providers is designing efficient mechanisms for virtual machine (VM) provisioning and allocation. Such mechanisms enable the cloud providers to effectively utilize their available resources and obtain higher profits. Recently, cloud providers have introduced auction-based models for VM provisioning and allocation which allow users to submit bids for their requested VMs. Dynamic VM provisioning and allocation problem is studied for the auction-based model as an integer program considering multiple types of resources. Truthful…

Read More

Secure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud

Secure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud Due to the high volume and velocity of big data, it is an effective option to store big data in the cloud, as the cloud has capabilities of storing big data and processing high volume of user access requests. Attribute-Based Encryption (ABE) is a promising technique to ensure the end-to-end security of big data in the cloud. However, the policy updating has always been a challenging issue when ABE is used to construct access control schemes.…

Read More

Key-Aggregate Searchable Encryption (KASE) for Group Data Sharing via Cloud Storage

The capability of selectively sharing encrypted data with different users via public cloud storage may greatly ease security concerns over inadvertent data leaks in the cloud. A key challenge to designing such encryption schemes lies in the efficient management of encryption keys. The desired flexibility of sharing any group of selected documents with any group of users demands different encryption keys to be used for different documents. However, this also implies the necessity of securely distributing to users a large number of keys for both encryption and search, and those…

Read More

Identity-Based Distributed Provable Data Possession in Multi-Cloud Storage

Identity-Based Distributed Provable Data Possession in Multi-Cloud Storage Remote data integrity checking is of crucial importance in cloud storage. It can make the clients verify whether their outsourced data is kept intact without downloading the whole data. In some application scenarios, the clients have to store their data on multi-cloud servers. At the same time, the integrity checking protocol must be efficient in order to save the verifier’s cost. From the two points, we propose a novel remote data integrity checking model: ID-DPDP (identity-based distributed provable data possession) in multi-cloud…

Read More

On the Knowledge Soundness of a Cooperative Provable Data Possession Scheme in Multicloud Storage

On the Knowledge Soundness of a Cooperative Provable Data Possession Scheme in Multicloud Storage Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients’ data integrity without downloading the whole data. In 2012, Zhu et al. proposed the construction of an efficient PDP scheme for multicloud storage. They studied the existence of multiple CSPs to cooperatively store and maintain the clients’ data. Then, based on homomorphic verifiable response and hash index hierarchy, they presented a cooperative PDP (CPDP) scheme from the bilinear…

Read More