To achieve the high availability of health data in erasure-coded cloud storage systems,the data update performance in erasure coding should be continuously optimized.However,the data update performance is often bottle...To achieve the high availability of health data in erasure-coded cloud storage systems,the data update performance in erasure coding should be continuously optimized.However,the data update performance is often bottlenecked by the constrained cross-rack bandwidth.Various techniques have been proposed in the literature to improve network bandwidth efficiency,including delta transmission,relay,and batch update.These techniques were largely proposed individually previously,and in this work,we seek to use them jointly.To mitigate the cross-rack update traffic,we propose DXR-DU which builds on four valuable techniques:(i)delta transmission,(ii)XOR-based data update,(iii)relay,and(iv)batch update.Meanwhile,we offer two selective update approaches:1)data-deltabased update,and 2)parity-delta-based update.The proposed DXR-DU is evaluated via trace-driven local testbed experiments.Comprehensive experiments show that DXR-DU can significantly improve data update throughput while mitigating the cross-rack update traffic.展开更多
The sensitive data stored in the public cloud by privileged users,such as corporate companies and government agencies are highly vulnerable in the hands of cloud providers and hackers.The proposed Virtual Cloud Storag...The sensitive data stored in the public cloud by privileged users,such as corporate companies and government agencies are highly vulnerable in the hands of cloud providers and hackers.The proposed Virtual Cloud Storage Archi-tecture is primarily concerned with data integrity and confidentiality,as well as availability.To provide confidentiality and availability,thefile to be stored in cloud storage should be encrypted using an auto-generated key and then encoded into distinct chunks.Hashing the encoded chunks ensured thefile integrity,and a newly proposed Circular Shift Chunk Allocation technique was used to determine the order of chunk storage.Thefile could be retrieved by performing the opera-tions in reverse.Using the regenerating code,the model could regenerate the missing and corrupted chunks from the cloud.The proposed architecture adds an extra layer of security while maintaining a reasonable response time and sto-rage capacity.Experimental results analysis show that the proposed model has been tested with storage space and response time for storage and retrieval.The VCSA model consumes 1.5x(150%)storage space.It was found that total storage required for the VCSA model is very low when compared with 2x Replication and completely satisfies the CIA model.The response time VCSA model was tested with different sizedfiles starting from 2 to 16 MB.The response time for storing and retrieving a 2 MBfile is 4.96 and 3.77 s respectively,and for a 16 MBfile,the response times are 11.06 s for storage and 5.6 s for retrieval.展开更多
When it comes to data storage,cloud computing and cloud storage providers play a critical role.The cloud data can be accessed from any location with an internet connection.Additionally,the risk of losing privacy when ...When it comes to data storage,cloud computing and cloud storage providers play a critical role.The cloud data can be accessed from any location with an internet connection.Additionally,the risk of losing privacy when data is stored in a cloud environment is also increased.A variety of security techniques are employed in the cloud to enhance security.In this paper,we aim at maintaining the privacy of stored data in cloud environment by implementing block-based modelling to boost the privacy level with Anti-Codify Technique(ACoT)and block cipher-based algorithms.Initially,the cipher text is generated using Deoxyribo Nucleic Acid(DNA)model.Block-cipher-based encryption is used by ACoT,but the original encrypted file and its extension are broken up into separate blocks.When the original file is broken up into two separate blocks,it raises the security level and makes it more difficult for outsiders to cloud data access.ACoT improves the security and privacy of cloud storage data.Finally,the fuzzy-based classification is used that stores various access types in servers.The simulation results shows that the ACoT-DNA method achieves higher entropy against various block size with reduced computational cost than existing methods.展开更多
Ciphertext policy attribute based encryption(CP-ABE)can provide high finegrained access control for cloud storage.However,it needs to solve problems such as property privacy protection,ciphertext search and data updat...Ciphertext policy attribute based encryption(CP-ABE)can provide high finegrained access control for cloud storage.However,it needs to solve problems such as property privacy protection,ciphertext search and data update in the application process.Therefore,based on CP-ABE scheme,this paper proposes a dynamically updatable searchable encryption cloud storage(DUSECS)scheme.Using the characteristics of homomorphic encryption,the encrypted data is compared to achieve efficient hiding policy.Meanwhile,adopting linked list structure,the DUSECS scheme realizes the dynamic data update and integrity detection,and the search encryption against keyword guessing attacks is achieved by combining homomorphic encryption with aggregation algorithm.The analysis of security and performance shows that the scheme is secure and efficient.展开更多
The proliferation of the global datasphere has forced cloud storage systems to evolve more complex architectures for different applications.The emergence of these application session requests and system daemon service...The proliferation of the global datasphere has forced cloud storage systems to evolve more complex architectures for different applications.The emergence of these application session requests and system daemon services has created large persistent flows with diverse performance requirements that need to coexist with other types of traffic.Current routing methods such as equal-cost multipath(ECMP)and Hedera do not take into consideration specific traffic characteristics nor performance requirements,which make these methods difficult to meet the quality of service(QoS)for high-priority flows.In this paper,we tailored the best routing for different kinds of cloud storage flows as an integer programming problem and utilized grey relational analysis(GRA)to solve this optimization problem.The resulting method is a GRAbased service-aware flow scheduling(GRSA)framework that considers requested flow types and network status to select appropriate routing paths for flows in cloud storage datacenter networks.The results from experiments carried out on a real traffic trace show that the proposed GRSA method can better balance traffic loads,conserve table space and reduce the average transmission delay for high-priority flows compared to ECMP and Hedera.展开更多
In distributed cloud storage systems, inevitably there exist multiple node failures at the same time. The existing methods of regenerating codes, including minimum storage regenerating(MSR) codes and minimum bandwidth...In distributed cloud storage systems, inevitably there exist multiple node failures at the same time. The existing methods of regenerating codes, including minimum storage regenerating(MSR) codes and minimum bandwidth regenerating(MBR) codes, are mainly to repair one single or several failed nodes, unable to meet the repair need of distributed cloud storage systems. In this paper, we present locally minimum storage regenerating(LMSR) codes to recover multiple failed nodes at the same time. Specifically, the nodes in distributed cloud storage systems are divided into multiple local groups, and in each local group(4, 2) or(5, 3) MSR codes are constructed. Moreover, the grouping method of storage nodes and the repairing process of failed nodes in local groups are studied. Theoretical analysis shows that LMSR codes can achieve the same storage overhead as MSR codes. Furthermore, we verify by means of simulation that, compared with MSR codes, LMSR codes can reduce the repair bandwidth and disk I/O overhead effectively.展开更多
With the rapid development of E-commerce and E-government, there are somany electronic records have been produced. The increasing number of electronicrecords brings about storage difficulties, the traditional electron...With the rapid development of E-commerce and E-government, there are somany electronic records have been produced. The increasing number of electronicrecords brings about storage difficulties, the traditional electronic records center isdifficult to cope with the current fast growth requirements of electronic records storageand management. Therefore, it is imperative to use cloud storage technology to buildelectronic record centers. However, electronic records also have weaknesses in the cloudstorage environment, and one of them is that once electronic record owners or managerslose physical control of them, the electronic records are more likely to be tampered withand destroyed. So, the paper builds a reliable electronic records preservation systembased on coding theory. It can effectively guarantee the reliability of record storage whenthe electronic record is damaged, and the original electronic record can be restored byredundant coding, thus ensuring the reliable storage of electronic records.展开更多
The cloud storage service cannot be completely trusted because of the separation of data management and ownership, leading to the difficulty of data privacy protection. In order to protect the privacy of data on untru...The cloud storage service cannot be completely trusted because of the separation of data management and ownership, leading to the difficulty of data privacy protection. In order to protect the privacy of data on untrusted servers of cloud storage, a novel multi-authority access control scheme without a trustworthy central authority has been proposed based on CP-ABE for cloud storage systems, called non-centered multi-authority proxy re-encryption based on the cipher-text policy attribute-based encryption(NC-MACPABE). NC-MACPABE optimizes the weighted access structure(WAS) allowing different levels of operation on the same file in cloud storage system. The concept of identity dyeing is introduced to improve the users' information privacy further. The re-encryption algorithm is improved in the scheme so that the data owner can revoke user's access right in a more flexible way. The scheme is proved to be secure. And the experimental results also show that removing the central authority can resolve the existing performance bottleneck in the multi-authority architecture with a central authority, which significantly improves user experience when a large number of users apply for accesses to the cloud storage system at the same time.展开更多
Cloud computing has become one of the most projecting words in the IT world due to its design for providing computing service as a utility. The typical use of cloud computing as a resource has changed the scenery of c...Cloud computing has become one of the most projecting words in the IT world due to its design for providing computing service as a utility. The typical use of cloud computing as a resource has changed the scenery of computing. Due to the increased flexibility, better reliability, great scalability, and decreased costs have captivated businesses and individuals alike because of the pay-per-use form of the cloud environment. Cloud computing is a completely internet dependent technology where client data are stored and maintained in the data center of a cloud provider like Google, Amazon, Apple Inc., Microsoft etc. The Anomaly Detection System is one of the Intrusion Detection techniques. It’s an area in the cloud environment that is been developed in the detection of unusual activities in the cloud networks. Although, there are a variety of Intrusion Detection techniques available in the cloud environment, this review paper exposes and focuses on different IDS in cloud networks through different categorizations and conducts comparative study on the security measures of Dropbox, Google Drive and iCloud, to illuminate their strength and weakness in terms of security.展开更多
In recent years,the use of mobile devices such as smart phones,tablet PCs,etc.is rapidly increasing.In case of these mobile devices,the storage space is limited due to their characteristics.To make up for the limited ...In recent years,the use of mobile devices such as smart phones,tablet PCs,etc.is rapidly increasing.In case of these mobile devices,the storage space is limited due to their characteristics.To make up for the limited space of storage in mobile devices,several methods are being researched.Of these,cloud storage service(CSS),one of cloud computing services,is an efficient solution to compensate such limited storage space.CSS is a service of storing files to the storage and thus getting access to stored files through networks(Internet)at anytime,anywhere.As for the existing CSS,users store their personally important files in the cloud storage,not in their own computers.It may cause security problems such as the leaking of information from private files or the damaging to the information.Thus,we propose a cloud storage system which can solve the security problem of CSS for mobile devices using the personal computer.Our system is deigned to store and manage files through the direct communication between mobile devices and personal computer storages by using the software as a service(SaaS),one of computing services,instead of directly storing files into cloud storages.展开更多
Cloud storage is one of the main application of the cloud computing.With the data services in the cloud,users is able to outsource their data to the cloud,access and share their outsourced data from the cloud server a...Cloud storage is one of the main application of the cloud computing.With the data services in the cloud,users is able to outsource their data to the cloud,access and share their outsourced data from the cloud server anywhere and anytime.However,this new paradigm of data outsourcing services also introduces new security challenges,among which is how to ensure the integrity of the outsourced data.Although the cloud storage providers commit a reliable and secure environment to users,the integrity of data can still be damaged owing to the carelessness of humans and failures of hardwares/softwares or the attacks from external adversaries.Therefore,it is of great importance for users to audit the integrity of their data outsourced to the cloud.In this paper,we first design an auditing framework for cloud storage and proposed an algebraic signature based remote data possession checking protocol,which allows a third-party to auditing the integrity of the outsourced data on behalf of the users and supports unlimited number of verifications.Then we extends our auditing protocol to support data dynamic operations,including data update,data insertion and data deletion.The analysis and experiment results demonstrate that our proposed schemes are secure and efficient.展开更多
In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dy...In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dynamics and deduplication,is proposed.In our scheme,data blocks are encrypted by a two-level encryption approach,in which the control keys are generated from a key derivation tree,encrypted by an All-OrNothing algorithm and then distributed into DHT network after being partitioned by secret sharing.This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an ownerspecified data lifetime.Besides confidentiality,data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption.The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.展开更多
Identity-based public cloud storage auditing schemes can check the integrity of cloud data, and reduce the complicated certificate management. In such a scheme, one Private Key Generator(PKG) is employed to authentica...Identity-based public cloud storage auditing schemes can check the integrity of cloud data, and reduce the complicated certificate management. In such a scheme, one Private Key Generator(PKG) is employed to authenticate the identity and generate private keys for all users, and one Third Party Auditor(TPA) is employed to by users to check the integrity of cloud data. This approach is undesirable for large-scale users since the PKG and the TPA might not be able to afford the heavy workload. To solve the problem, we give a hierarchical Private Key Generator structure for large-scale user groups, in which a root PKG delegates lower-level PKGs to generate private keys and authenticate identities. Based on the proposed structure, we propose an authorized identity-based public cloud storage auditing scheme, in which the lowest-level PKGs play the role of TPA, and only the authorized lowest-level PKGs can represent users in their domains to check cloud data's integrity. Furthermore, we give the formal security analysis and experimental results, which show that our proposed scheme is secure and efficient.展开更多
Cloud computing is the highly demanded technology nowadays.Due to the service oriented architecture,seamless accessibility and other advantages of this advent technology,many transaction rich applications are making u...Cloud computing is the highly demanded technology nowadays.Due to the service oriented architecture,seamless accessibility and other advantages of this advent technology,many transaction rich applications are making use of it.At the same time,it is vulnerable to hacks and threats.Hence securing this environment is of at most important and many research works are being reported focusing on it.This paper proposes a safe storage mechanism using Elliptic curve cryptography(ECC)for the Transaction Rich Applications(TRA).With ECC based security scheme,the security level of the protected system will be increased and it is more suitable to secure the delivered data in the portable devices.The proposed scheme shields the aligning of different kind of data elements to each provider using an ECC algorithm.Analysis,comparison and simulation prove that the proposed system is more effective and secure for the Transaction rich applications in Cloud.展开更多
The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in ...The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in cloud storage systems.A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption(MPRE-CPABE) is proposed for cloud storage systems.MPRE-CPABE requires data owner to split each file into two blocks,one big block and one small block.The small block is used to encrypt the big one as the private key,and then the encrypted big block will be uploaded to the cloud storage system.Even if the uploaded big block of file is stolen,illegal users cannot get the complete information of the file easily.Ciphertext-policy attribute-based encryption(CPABE)is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right.MPRE-CPABE applies CPABE to the multi-authority cloud storage system,and solves the above issues.The weighted access structure(WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments,and reduce the computational cost of key distribution.Meanwhile,MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation.Experiments are implemented on platforms of Ubuntu and CloudSim.Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right.MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman(DBDH).展开更多
Cloud storage employs software that interconnects and facilitates collaboration between different types of storage devices. Compared with traditional storage methods, cloud storage poses new challenges in data securit...Cloud storage employs software that interconnects and facilitates collaboration between different types of storage devices. Compared with traditional storage methods, cloud storage poses new challenges in data security, reliability, and management. This paper introduces four layers of cloud storage architecture: data storage layer (connecting multiple storage components), data management layer (providing common support technology for multiple services), data service layer (sustaining multiple storage applications), and user access layer. A typical cloud storage application-Backup Cloud (B-Cloud)-is examined and its software architecture, characteristics, and main research areas are discussed.展开更多
More and more embedded devices, such as mobile phones, tablet PCs and laptops, are used in every field, so huge files need to be stored or backed up into cloud storage. Optimizing the performance of cloud storage is v...More and more embedded devices, such as mobile phones, tablet PCs and laptops, are used in every field, so huge files need to be stored or backed up into cloud storage. Optimizing the performance of cloud storage is very important for Internet development. This paper presents the performance evaluation of the open source distributed storage system, a highly available, distributed, eventually consistent object/blob store from Open Stack cloud computing components. This paper mainly focuses on the mechanism of cloud storage as well as the optimization methods to process different sized files. This work provides two major contributions through comprehensive performance evaluations. First, it provides different configurations for Open Stack Swift system and an analysis of how every component affects the performance. Second, it presents the detailed optimization methods to improve the performance in processing different sized files. The experimental results show that our method improves the performance and the structure. We give the methods to optimize the object-based cloud storage system to deploy the readily available storage system.展开更多
Cloud storage has the characteristics of distributed and virtual, and it makes the ownership rights and management rights of users data separated. The master-slave architecture of cloud storage has a problem of single...Cloud storage has the characteristics of distributed and virtual, and it makes the ownership rights and management rights of users data separated. The master-slave architecture of cloud storage has a problem of single point failure. In this paper, we provide a cloud storage architecture model based on Semantic equivalence. According to semantic matching degree, this architecture divides the nodes into node cluster by creating semantic tree and maintains system routing through semantic hypergraph. Through simulation experiments show that dividing network into semantic can enhance scalability and flexibility of the system, and it can improve the efficiency of network organization and the security of cloud storage system, at the same time, it can also reduce the cloud data storage and the delay of reading time.展开更多
Problems with data security impede the widespread application of cloud computing. Although data can be protected through encryption, effective retrieval of encrypted data is difficult to achieve using traditional meth...Problems with data security impede the widespread application of cloud computing. Although data can be protected through encryption, effective retrieval of encrypted data is difficult to achieve using traditional methods. This paper analyzes encrypted storage and retrieval technologies in cloud storage applications. A ranking method based on fully homomorphic encryption is proposed to meet demands of encrypted storage. Results show this method can improve efficiency.展开更多
基金supported by Major Special Project of Sichuan Science and Technology Department(2020YFG0460)Central University Project of China(ZYGX2020ZB020,ZYGX2020ZB019).
文摘To achieve the high availability of health data in erasure-coded cloud storage systems,the data update performance in erasure coding should be continuously optimized.However,the data update performance is often bottlenecked by the constrained cross-rack bandwidth.Various techniques have been proposed in the literature to improve network bandwidth efficiency,including delta transmission,relay,and batch update.These techniques were largely proposed individually previously,and in this work,we seek to use them jointly.To mitigate the cross-rack update traffic,we propose DXR-DU which builds on four valuable techniques:(i)delta transmission,(ii)XOR-based data update,(iii)relay,and(iv)batch update.Meanwhile,we offer two selective update approaches:1)data-deltabased update,and 2)parity-delta-based update.The proposed DXR-DU is evaluated via trace-driven local testbed experiments.Comprehensive experiments show that DXR-DU can significantly improve data update throughput while mitigating the cross-rack update traffic.
文摘The sensitive data stored in the public cloud by privileged users,such as corporate companies and government agencies are highly vulnerable in the hands of cloud providers and hackers.The proposed Virtual Cloud Storage Archi-tecture is primarily concerned with data integrity and confidentiality,as well as availability.To provide confidentiality and availability,thefile to be stored in cloud storage should be encrypted using an auto-generated key and then encoded into distinct chunks.Hashing the encoded chunks ensured thefile integrity,and a newly proposed Circular Shift Chunk Allocation technique was used to determine the order of chunk storage.Thefile could be retrieved by performing the opera-tions in reverse.Using the regenerating code,the model could regenerate the missing and corrupted chunks from the cloud.The proposed architecture adds an extra layer of security while maintaining a reasonable response time and sto-rage capacity.Experimental results analysis show that the proposed model has been tested with storage space and response time for storage and retrieval.The VCSA model consumes 1.5x(150%)storage space.It was found that total storage required for the VCSA model is very low when compared with 2x Replication and completely satisfies the CIA model.The response time VCSA model was tested with different sizedfiles starting from 2 to 16 MB.The response time for storing and retrieving a 2 MBfile is 4.96 and 3.77 s respectively,and for a 16 MBfile,the response times are 11.06 s for storage and 5.6 s for retrieval.
文摘When it comes to data storage,cloud computing and cloud storage providers play a critical role.The cloud data can be accessed from any location with an internet connection.Additionally,the risk of losing privacy when data is stored in a cloud environment is also increased.A variety of security techniques are employed in the cloud to enhance security.In this paper,we aim at maintaining the privacy of stored data in cloud environment by implementing block-based modelling to boost the privacy level with Anti-Codify Technique(ACoT)and block cipher-based algorithms.Initially,the cipher text is generated using Deoxyribo Nucleic Acid(DNA)model.Block-cipher-based encryption is used by ACoT,but the original encrypted file and its extension are broken up into separate blocks.When the original file is broken up into two separate blocks,it raises the security level and makes it more difficult for outsiders to cloud data access.ACoT improves the security and privacy of cloud storage data.Finally,the fuzzy-based classification is used that stores various access types in servers.The simulation results shows that the ACoT-DNA method achieves higher entropy against various block size with reduced computational cost than existing methods.
基金supported by the National Nature Science Foundation of China under grant No.(61562059,61461027,61462060)。
文摘Ciphertext policy attribute based encryption(CP-ABE)can provide high finegrained access control for cloud storage.However,it needs to solve problems such as property privacy protection,ciphertext search and data update in the application process.Therefore,based on CP-ABE scheme,this paper proposes a dynamically updatable searchable encryption cloud storage(DUSECS)scheme.Using the characteristics of homomorphic encryption,the encrypted data is compared to achieve efficient hiding policy.Meanwhile,adopting linked list structure,the DUSECS scheme realizes the dynamic data update and integrity detection,and the search encryption against keyword guessing attacks is achieved by combining homomorphic encryption with aggregation algorithm.The analysis of security and performance shows that the scheme is secure and efficient.
基金supported by National Natural Science Foundation of China(Nos.61861013,61662018)Science and Technology Major Project of Guangxi(No.AA18118031)+2 种基金Guangxi Natural Science Foundation of China(No.2018 GXNSFAA050028)the Doctoral Research Foundation of Guilin University of Electronic Science and Technology(No.UF19033Y)Director Fund project of Key Laboratory of Cognitive Radio and Information Processing of Ministry of Education(No.CRKL190102)。
文摘The proliferation of the global datasphere has forced cloud storage systems to evolve more complex architectures for different applications.The emergence of these application session requests and system daemon services has created large persistent flows with diverse performance requirements that need to coexist with other types of traffic.Current routing methods such as equal-cost multipath(ECMP)and Hedera do not take into consideration specific traffic characteristics nor performance requirements,which make these methods difficult to meet the quality of service(QoS)for high-priority flows.In this paper,we tailored the best routing for different kinds of cloud storage flows as an integer programming problem and utilized grey relational analysis(GRA)to solve this optimization problem.The resulting method is a GRAbased service-aware flow scheduling(GRSA)framework that considers requested flow types and network status to select appropriate routing paths for flows in cloud storage datacenter networks.The results from experiments carried out on a real traffic trace show that the proposed GRSA method can better balance traffic loads,conserve table space and reduce the average transmission delay for high-priority flows compared to ECMP and Hedera.
基金supported in part by the National Natural Science Foundation of China (61640006, 61572188)the Natural Science Foundation of Shaanxi Province, China (2015JM6307, 2016JQ6011)the project of science and technology of Xi’an City (2017088CG/RC051(CADX002))
文摘In distributed cloud storage systems, inevitably there exist multiple node failures at the same time. The existing methods of regenerating codes, including minimum storage regenerating(MSR) codes and minimum bandwidth regenerating(MBR) codes, are mainly to repair one single or several failed nodes, unable to meet the repair need of distributed cloud storage systems. In this paper, we present locally minimum storage regenerating(LMSR) codes to recover multiple failed nodes at the same time. Specifically, the nodes in distributed cloud storage systems are divided into multiple local groups, and in each local group(4, 2) or(5, 3) MSR codes are constructed. Moreover, the grouping method of storage nodes and the repairing process of failed nodes in local groups are studied. Theoretical analysis shows that LMSR codes can achieve the same storage overhead as MSR codes. Furthermore, we verify by means of simulation that, compared with MSR codes, LMSR codes can reduce the repair bandwidth and disk I/O overhead effectively.
文摘With the rapid development of E-commerce and E-government, there are somany electronic records have been produced. The increasing number of electronicrecords brings about storage difficulties, the traditional electronic records center isdifficult to cope with the current fast growth requirements of electronic records storageand management. Therefore, it is imperative to use cloud storage technology to buildelectronic record centers. However, electronic records also have weaknesses in the cloudstorage environment, and one of them is that once electronic record owners or managerslose physical control of them, the electronic records are more likely to be tampered withand destroyed. So, the paper builds a reliable electronic records preservation systembased on coding theory. It can effectively guarantee the reliability of record storage whenthe electronic record is damaged, and the original electronic record can be restored byredundant coding, thus ensuring the reliable storage of electronic records.
基金Projects(61472192,61202004)supported by the National Natural Science Foundation of ChinaProject(14KJB520014)supported by the Natural Science Fund of Higher Education of Jiangsu Province,China
文摘The cloud storage service cannot be completely trusted because of the separation of data management and ownership, leading to the difficulty of data privacy protection. In order to protect the privacy of data on untrusted servers of cloud storage, a novel multi-authority access control scheme without a trustworthy central authority has been proposed based on CP-ABE for cloud storage systems, called non-centered multi-authority proxy re-encryption based on the cipher-text policy attribute-based encryption(NC-MACPABE). NC-MACPABE optimizes the weighted access structure(WAS) allowing different levels of operation on the same file in cloud storage system. The concept of identity dyeing is introduced to improve the users' information privacy further. The re-encryption algorithm is improved in the scheme so that the data owner can revoke user's access right in a more flexible way. The scheme is proved to be secure. And the experimental results also show that removing the central authority can resolve the existing performance bottleneck in the multi-authority architecture with a central authority, which significantly improves user experience when a large number of users apply for accesses to the cloud storage system at the same time.
文摘Cloud computing has become one of the most projecting words in the IT world due to its design for providing computing service as a utility. The typical use of cloud computing as a resource has changed the scenery of computing. Due to the increased flexibility, better reliability, great scalability, and decreased costs have captivated businesses and individuals alike because of the pay-per-use form of the cloud environment. Cloud computing is a completely internet dependent technology where client data are stored and maintained in the data center of a cloud provider like Google, Amazon, Apple Inc., Microsoft etc. The Anomaly Detection System is one of the Intrusion Detection techniques. It’s an area in the cloud environment that is been developed in the detection of unusual activities in the cloud networks. Although, there are a variety of Intrusion Detection techniques available in the cloud environment, this review paper exposes and focuses on different IDS in cloud networks through different categorizations and conducts comparative study on the security measures of Dropbox, Google Drive and iCloud, to illuminate their strength and weakness in terms of security.
基金The MKE(The Ministry of Knowledge Economy),Korea,under the ITRC(Infor mation Technology Research Center)support programsupervised by the NIPA(National ITIndustry Promotion Agency)(NIPA-2012-H0301-12-2006)
文摘In recent years,the use of mobile devices such as smart phones,tablet PCs,etc.is rapidly increasing.In case of these mobile devices,the storage space is limited due to their characteristics.To make up for the limited space of storage in mobile devices,several methods are being researched.Of these,cloud storage service(CSS),one of cloud computing services,is an efficient solution to compensate such limited storage space.CSS is a service of storing files to the storage and thus getting access to stored files through networks(Internet)at anytime,anywhere.As for the existing CSS,users store their personally important files in the cloud storage,not in their own computers.It may cause security problems such as the leaking of information from private files or the damaging to the information.Thus,we propose a cloud storage system which can solve the security problem of CSS for mobile devices using the personal computer.Our system is deigned to store and manage files through the direct communication between mobile devices and personal computer storages by using the software as a service(SaaS),one of computing services,instead of directly storing files into cloud storages.
基金The authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped improve the quality of this paper. This work is supported by National Natural Science Foundation of China (No: 61379144), Foundation of Science and Technology on Information Assurance Laboratory (No: KJ-13-002) and the Graduate Innovation Fund of the National University of Defense Technology.
文摘Cloud storage is one of the main application of the cloud computing.With the data services in the cloud,users is able to outsource their data to the cloud,access and share their outsourced data from the cloud server anywhere and anytime.However,this new paradigm of data outsourcing services also introduces new security challenges,among which is how to ensure the integrity of the outsourced data.Although the cloud storage providers commit a reliable and secure environment to users,the integrity of data can still be damaged owing to the carelessness of humans and failures of hardwares/softwares or the attacks from external adversaries.Therefore,it is of great importance for users to audit the integrity of their data outsourced to the cloud.In this paper,we first design an auditing framework for cloud storage and proposed an algebraic signature based remote data possession checking protocol,which allows a third-party to auditing the integrity of the outsourced data on behalf of the users and supports unlimited number of verifications.Then we extends our auditing protocol to support data dynamic operations,including data update,data insertion and data deletion.The analysis and experiment results demonstrate that our proposed schemes are secure and efficient.
基金supported by the National Key Basic Research Program of China(973 program) under Grant No.2012CB315901
文摘In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dynamics and deduplication,is proposed.In our scheme,data blocks are encrypted by a two-level encryption approach,in which the control keys are generated from a key derivation tree,encrypted by an All-OrNothing algorithm and then distributed into DHT network after being partitioned by secret sharing.This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an ownerspecified data lifetime.Besides confidentiality,data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption.The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.
基金supported by National Natural Science Foundation of China (No. 61572267, No. 61272425, No. 61402245)the Open Project of Co-Innovation Center for Information Supply & Assurance Technology, Anhui University+1 种基金the Open Project of the State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences(No.2017-MS-21, No.2016-MS-23)National Cryptography Development Fund of China (MMJJ20170118)
文摘Identity-based public cloud storage auditing schemes can check the integrity of cloud data, and reduce the complicated certificate management. In such a scheme, one Private Key Generator(PKG) is employed to authenticate the identity and generate private keys for all users, and one Third Party Auditor(TPA) is employed to by users to check the integrity of cloud data. This approach is undesirable for large-scale users since the PKG and the TPA might not be able to afford the heavy workload. To solve the problem, we give a hierarchical Private Key Generator structure for large-scale user groups, in which a root PKG delegates lower-level PKGs to generate private keys and authenticate identities. Based on the proposed structure, we propose an authorized identity-based public cloud storage auditing scheme, in which the lowest-level PKGs play the role of TPA, and only the authorized lowest-level PKGs can represent users in their domains to check cloud data's integrity. Furthermore, we give the formal security analysis and experimental results, which show that our proposed scheme is secure and efficient.
文摘Cloud computing is the highly demanded technology nowadays.Due to the service oriented architecture,seamless accessibility and other advantages of this advent technology,many transaction rich applications are making use of it.At the same time,it is vulnerable to hacks and threats.Hence securing this environment is of at most important and many research works are being reported focusing on it.This paper proposes a safe storage mechanism using Elliptic curve cryptography(ECC)for the Transaction Rich Applications(TRA).With ECC based security scheme,the security level of the protected system will be increased and it is more suitable to secure the delivered data in the portable devices.The proposed scheme shields the aligning of different kind of data elements to each provider using an ECC algorithm.Analysis,comparison and simulation prove that the proposed system is more effective and secure for the Transaction rich applications in Cloud.
基金supported by the National Natural Science Foundation of China(6120200461472192)+1 种基金the Special Fund for Fast Sharing of Science Paper in Net Era by CSTD(2013116)the Natural Science Fund of Higher Education of Jiangsu Province(14KJB520014)
文摘The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in cloud storage systems.A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption(MPRE-CPABE) is proposed for cloud storage systems.MPRE-CPABE requires data owner to split each file into two blocks,one big block and one small block.The small block is used to encrypt the big one as the private key,and then the encrypted big block will be uploaded to the cloud storage system.Even if the uploaded big block of file is stolen,illegal users cannot get the complete information of the file easily.Ciphertext-policy attribute-based encryption(CPABE)is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right.MPRE-CPABE applies CPABE to the multi-authority cloud storage system,and solves the above issues.The weighted access structure(WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments,and reduce the computational cost of key distribution.Meanwhile,MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation.Experiments are implemented on platforms of Ubuntu and CloudSim.Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right.MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman(DBDH).
基金funded by the National High Technology Research and Development Program of China "(863"program) under Grant No. 2009AA01A402
文摘Cloud storage employs software that interconnects and facilitates collaboration between different types of storage devices. Compared with traditional storage methods, cloud storage poses new challenges in data security, reliability, and management. This paper introduces four layers of cloud storage architecture: data storage layer (connecting multiple storage components), data management layer (providing common support technology for multiple services), data service layer (sustaining multiple storage applications), and user access layer. A typical cloud storage application-Backup Cloud (B-Cloud)-is examined and its software architecture, characteristics, and main research areas are discussed.
基金performed by key technology of networking media broadcast based on cloud computing in"China Twelfth Five-Year"Plan for Science&Technology Project(Grant No.:2013BAH65F01-2013BAH65F04)NSFC(Grant No.:61472144)+3 种基金National science and technology support plan(Grant No.:2013BAH65F03,2013BAH65F04)GDSTP(Grant No.:2013B010202004,2014A010103012)GDUPS(2011)Research Fund for the Doctoral Program of Higher Education of China(Grant No.:20120172110023)
文摘More and more embedded devices, such as mobile phones, tablet PCs and laptops, are used in every field, so huge files need to be stored or backed up into cloud storage. Optimizing the performance of cloud storage is very important for Internet development. This paper presents the performance evaluation of the open source distributed storage system, a highly available, distributed, eventually consistent object/blob store from Open Stack cloud computing components. This paper mainly focuses on the mechanism of cloud storage as well as the optimization methods to process different sized files. This work provides two major contributions through comprehensive performance evaluations. First, it provides different configurations for Open Stack Swift system and an analysis of how every component affects the performance. Second, it presents the detailed optimization methods to improve the performance in processing different sized files. The experimental results show that our method improves the performance and the structure. We give the methods to optimize the object-based cloud storage system to deploy the readily available storage system.
基金the National Natural Science Foundation of China under Grant,the Fundamental Research Funds for the Central Universities under Grant No.FRF-TP-14-046A2
基金supported in part by the National Science and technology support program of China No. 2014BAH29F05the National High-Tech R&D Program (863 Program) No. 2015AA01A705+3 种基金the National Natural Science Foundation of China under Grant No. 61572072the National Science and Technology Major Project No. 2015ZX03001041the Fundamental Research Funds for the Central Universities No. FRF-TP-14-046A2"Research on the System of Personalized Education using Big Data"
文摘Cloud storage has the characteristics of distributed and virtual, and it makes the ownership rights and management rights of users data separated. The master-slave architecture of cloud storage has a problem of single point failure. In this paper, we provide a cloud storage architecture model based on Semantic equivalence. According to semantic matching degree, this architecture divides the nodes into node cluster by creating semantic tree and maintains system routing through semantic hypergraph. Through simulation experiments show that dividing network into semantic can enhance scalability and flexibility of the system, and it can improve the efficiency of network organization and the security of cloud storage system, at the same time, it can also reduce the cloud data storage and the delay of reading time.
基金funded by the National Key Technology R & D Program of China under Grant No. 2008BAH37B07the National Natural Science Foundation of China under Grant No. 60970148the National Basic Research Program of China ("973" Program) under Grant No. 2007CB310806
文摘Problems with data security impede the widespread application of cloud computing. Although data can be protected through encryption, effective retrieval of encrypted data is difficult to achieve using traditional methods. This paper analyzes encrypted storage and retrieval technologies in cloud storage applications. A ranking method based on fully homomorphic encryption is proposed to meet demands of encrypted storage. Results show this method can improve efficiency.