Cloud computing is an information technology (IT) paradigm that enables ubiquitous access to shared pools of configurable system resources and higher-level services that can be rapidly provisioned with minimal management effort, often over the Internet.

RAAC: Robust and Auditable Access Control with Multiple Attribute Authorities for Public Cloud Storage

Introduction:
Data access control is a challenging issue in public cloud storage systems. Cipher text-Policy Attribute-Based Encryption (CP-ABE) has been adopted as a promising technique to provide flexible, fine-grained and secure data access control for cloud storage with honest-but-curious cloud servers. However, in the existing CP-ABE schemes, the single attribute authority must execute the time-consuming user legitimacy verification and secret key distribution, and hence it results in a single-point performance bottleneck when a CP-ABE scheme is adopted in a large-scale cloud storage system. Users may be stuck in the waiting queue for a long period to obtain their secret keys, thereby resulting in low-efficiency of the system. Although multi authority access control schemes have been proposed, these schemes still cannot overcome the drawbacks of single-point bottleneck and low efficiency, due to the fact that each of the authorities still independently manages a disjoint attribute set. In this paper, we propose a novel heterogeneous framework to remove the problem of single-point performance bottleneck and provide a more efficient access control scheme with an auditing mechanism. Our framework employs multiple attribute authorities to share the load of user legitimacy verification. Meanwhile, in our scheme, a CA (Central Authority) is introduced to generate secret keys for legitimacy verified users. Unlike other multiauthority access control schemes, each of the authorities in our scheme manages the whole attribute set individually. To enhance security, we also propose an auditing mechanism to detect which AA (Attribute Authority) has incorrectly or maliciously performed the legitimacy verification procedure. Analysis shows that our system not only guarantees the security requirements but also makes great performance improvement on key generation.

Reference IEEE paper:
“RAAC: Robust and Auditable Access Control with Multiple Attribute Authorities for Public Cloud Storage”, IEEE Transactions on Information Forensics and Security, 2017.

Unique ID -SBI1022

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Secure Data Sharing in Cloud Computing Using Revocable Storage Identity Based Encryption

Introduction:
Cloud computing provides a flexible and convenient way for data sharing, which brings various benefits for both the society and individuals. But there exists a natural resistance for users to directly outsource the shared data to the cloud server. Since the data often contain valuable information. Thus, it is necessary to place cryptographically enhanced access control on the shared data. Identity-based encryption is a promising crypto graphical primitive to build a practical data sharing system. However, access control is not static. That is, when some user’s authorization is expired, there should be a mechanism that can remove him/her from the system. Consequently, the revoked user cannot access both the previously and subsequently shared data. To this end, we propose a notion called revocable-storage identity-based encryption (RS-IBE), which can provide the forward/backward security of cipher text by introducing the functionalities of user revocation and cipher text update simultaneously. Furthermore, we present a concrete construction of RS-IBE, and prove its security in the defined security model. The performance comparisons indicate that the proposed RS-IBE scheme has advantages in terms of functionality and efficiency, and thus is feasible for a practical and cost-effective data-sharing system. Finally, we provide implementation results of the proposed scheme to demonstrate its practicability.

Reference IEEE paper:
“Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based Encryption”, IEEE Transactions on Cloud Computing 2017.

Unique ID -SBI1023

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Securing Cloud Data under Key Exposure

Introduction:
Recent news reveal a powerful attacker which breaks data confidentiality by acquiring cryptographic keys, by means of coercion or backdoors in cryptographic software. Once the encryption key is exposed, the only viable measure to preserve data confidentiality is to limit the attacker’s access to the cipher text. This may be achieved, for example, by spreading cipher text blocks across servers in multiple administrative domains—thus assuming that the adversary cannot compromise all of them. Nevertheless, if data is encrypted with existing schemes, an adversary equipped with the encryption key, can still compromise a single server and decrypt the cipher text blocks stored therein. In this paper, we study data confidentiality against an adversary which knows the encryption key and has access to a large fraction of the cipher text blocks. To this end, we propose Bastion, a novel and efficient scheme that guarantees data confidentiality even if the encryption key is leaked and the adversary has access to almost all cipher text blocks. We analyze the security of Bastion, and we evaluate its performance by means of a prototype implementation. We also discuss practical insights with respect to the integration of Bastion in commercial dispersed storage systems. Our evaluation results suggest that Bastion is well-suited for integration in existing systems since it incurs less than 5% overhead compared to existing semantically secure encryption modes.

Reference IEEE paper:
“Securing Cloud Data under Key Exposure”, IEEE Transactions on Cloud Computing, 2017.

Unique ID -SBI1024

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

TAFC: Time and Attribute Factors Combined Access Control for Time-Sensitive Data in Public Cloud

Introduction:
The new paradigm of outsourcing data to the cloud is a double-edged sword. On the one hand, it frees data owners from the technical management, and is easier for data owners to share their data with intended users. On the other hand, it poses new challenges on privacy and security protection. To protect data confidentiality against the honest-but-curious cloud service provider, numerous works have been proposed to support fine grained data access control. However, till now, no schemes can support both fine-grained access control and time-sensitive data publishing. In this paper, by embedding timed-release encryption into CP-ABE (Ciphertext-Policy Attribute-based Encryption), we propose a new time and attribute factors combined access control on time-sensitive data for public cloud storage (named TAFC). Based on the proposed scheme, we further propose an efficient approach to design access policies faced with diverse access requirements for time-sensitive data. Extensive security and performance analysis shows that our proposed scheme is highly efficient and satisfies the security requirements for time sensitive data storage in public cloud.

Reference IEEE paper:
“TAFC: Time and Attribute Factors Combined Access Control for Time-Sensitive Data in Public Cloud”, IEEE Transactions on Services Computing, 2017.

Unique ID -SBI1025

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

TEES: An Efficient Search Scheme over Encrypted Data on Mobile Cloud

Introduction:
Cloud storage provides a convenient, massive, and scalable storage at low cost, but data privacy is a major concern that prevents users from storing files on the cloud trustingly. One way of enhancing privacy from data owner point of view is to encrypt the files before outsourcing them onto the cloud and decrypt the files after downloading them. However, data encryption is a heavy overhead for the mobile devices, and data retrieval process incurs a complicated communication between the data user and cloud. Normally with limited bandwidth capacity and limited battery life, these issues introduce heavy overhead to computing and communication as well as a higher power consumption for mobile device users, which makes the encrypted search over mobile cloud very challenging. In this paper, we propose TEES (Traffic and Energy saving Encrypted Search), a bandwidth and energy efficient encrypted search architecture over mobile cloud. The proposed architecture offloads the computation from mobile devices to the cloud, and we further optimize the communication between the mobile clients and the cloud. It is demonstrated that the data privacy does not degrade when the performance enhancement methods are applied. Our experiments show that TEES reduces the computation time by 23% to 46% and save the energy consumption by 35% to 55% per file retrieval, meanwhile the network traffics during the file retrievals are also significantly reduced.

Reference IEEE paper:
“TEES: An Efficient Search Scheme over Encrypted Data on Mobile Cloud”, IEEE Transactions on Cloud Computing, 2017

Unique ID -SBI1026

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Two Cloud Secure Database for Numeric-Related SQL Range Queries with Privacy Preserving

Introduction:
Industries and individuals outsource database to realize convenient and low-cost applications and services. In order to provide sufficient functionality for SQL queries, many secure database schemes have been proposed. However, such schemes are vulnerable to privacy leakage to cloud server. The main reason is that database is hosted and processed in cloud server, which is beyond the control of data owners. For the numerical range query (“>”, “<”, etc.), those schemes cannot provide sufficient privacy protection against practical challenges, e.g., privacy leakage of statistical properties, access pattern. Furthermore, increased number of queries will inevitably leak more information to the cloud server. In this paper, we propose a two-cloud architecture for secure database, with a series of intersection protocols that provide privacy preservation to various numeric-related range queries. Security analysis shows that privacy of numerical information is strongly protected against cloud providers in our proposed scheme.

Reference IEEE paper:
“Two-Cloud Secure Database for Numeric-Related SQL Range Queries with Privacy Preserving”, IEEE Transactions on Information Forensics and Security, 2017.

Unique ID -SBI1027

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Provably Secure Key-Aggregate Cryptosystems with Broadcast
Aggregate Keys for Online Data Sharing on the Cloud

Introduction:
Online data sharing for increased productivity and efficiency is one of the primary requirements today for any organization. The advent of cloud computing has pushed the limits of sharing across geographical boundaries, and has enabled a multitude of users to contribute and collaborate on shared data. However, protecting online data is critical to the success of the cloud, which leads to the requirement of efficient and secure cryptographic schemes for the same. Data owners would ideally want to store their data/files online in an encrypted manner, and delegate decryption rights for some of these to users, while retaining the power to revoke access at any point of time. An efficient solution in this regard would be one that allows users to decrypt multiple classes of data using a single key of constant size that can be efficiently broadcast to multiple users. Chu et al. proposed a key aggregate cryptosystem (KAC) in 2014 to address this problem, albeit without formal proofs of security. In this paper, we propose CPA and CCA secure KAC constructions that are efficiently implementable using elliptic curves and are suitable for implementation on cloud based data sharing environments. We lay special focus on how the standalone KAC scheme can be efficiently combined with broadcast encryption to cater to m data users and m0 data owners while reducing the reducing the secure channel requirement from O(mm0) in the standalone case to O(m + m0).

Reference IEEE paper:
“Provably Secure Key-Aggregate Cryptosystems with Broadcast Aggregate Keys for Online Data Sharing on the Cloud”, IEEE Transactions on Computers, 2017.

Unique ID -SBI1021

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Achieving Efficient and Secure Data Acquisition for Cloud supported
Internet of Things in Smart Grid

Introduction:
Cloud-supported Internet of Things (Cloud-IoT) has been broadly deployed in smart grid systems. The IoT front-ends are responsible for data acquisition and status supervision, while the substantial amount of data is stored and managed in the cloud server. Achieving data security and system efficiency in the data acquisition and transmission process are of great significance and challenging, because the power grid-related data is sensitive and in huge amount. In this paper, we present an efficient and secure data acquisition scheme based on CP-ABE (Ciphertext Policy Attribute Based Encryption). Data acquired from the terminals will be partitioned into blocks and encrypted with its corresponding access sub-tree in sequence, thereby the data encryption and data transmission can be processed in parallel. Furthermore, we protect the information about the access tree with threshold secret sharing method, which can preserve the data privacy and integrity from users with the unauthorized sets of attributes. The formal analysis demonstrates that the proposed scheme can fulfill the security requirements of the Cloud-supported IoT in smart grid. The numerical analysis and experimental results indicate that our scheme can effectively reduce the time cost compared with other popular approaches.

Reference IEEE paper:
“Achieving Efficient and Secure Data Acquisition for Cloud-supported Internet of Things in Smart Grid” , IEEE Internet of Things Journal, IEEE 2017.

Unique ID -SBI1007

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Achieving secure universal and fine-grained query results
verification for secure search scheme over encrypted cloud data

Introduction:
Secure search techniques over encrypted cloud data allow an authorized user to query data files of interest by submitting encrypted query keywords to the cloud server in a privacy-preserving manner. However, in practice, the returned query results may be incorrect or incomplete in the dishonest cloud environment. For example, the cloud server may intentionally omit some qualified results to save computational resources and communication overhead. Thus, a well-functioning secure query system should provide a query results verification mechanism that allows the data user to verify results. In this paper, we design a secure, easily integrated, and fine-grained query results verification mechanism, by which, given an encrypted query results set, the query user not only can verify the correctness of each data file in the set but also can further check how many or which qualified data files are not returned if the set is incomplete before decryption. The verification scheme is loose-coupling to concrete secure search techniques and can be very easily integrated into any secure query scheme. We achieve the goal by constructing secure verification object for encrypted cloud data. Furthermore, a short signature technique with extremely small storage cost is proposed to guarantee the authenticity of verification object and a verification object request technique is presented to allow the query user to securely obtain the desired verification object. Performance evaluation shows that the proposed schemes are practical and efficient.

Reference IEEE paper:
“Achieving secure, universal, and fine-grained query results verification for secure search scheme over encrypted cloud data” IEEE Transactions on Cloud Computing, 2017.

Unique ID -SBI1008

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Assessing Invariant Mining Techniques for Cloud-based Utility
Computing Systems

Introduction:
Likely system invariants model properties that hold in operating conditions of a computing system. Invariants may be mined offline from training datasets, or inferred during execution. Scientific work has shown that invariants’ mining techniques support several activities, including capacity planning and detection of failures, anomalies and violations of Service Level Agreements. However their practical application by operation engineers is still a challenge. We aim to fill this gap through an empirical analysis of three major techniques for mining invariants in cloud-based utility computing systems: clustering, association rules, and decision list. The experiments use independent datasets from real-world systems: a Google cluster, whose traces are publicly available, and a Software-as-a-Service platform used by various companies worldwide. We assess the techniques in two invariants’ applications, namely executions characterization and anomaly detection, using the metrics of coverage, recall and precision. A sensitivity analysis is performed. Experimental results allow inferring practical usage implications, showing that relatively few invariants characterize the majority of operating conditions, that precision and recall may drop significantly when trying to achieve a large coverage, and that techniques exhibit similar precision, though the supervised one a higher recall. Finally, we propose a general heuristic for selecting likely invariants from a dataset.

Reference IEEE paper:
“Assessing Invariant Mining Techniques for Cloud-based Utility Computing Systems”, IEEE Transactions on Services Computing 2017.

Unique ID -SBI1009

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Customer-Satisfaction-Aware Optimal Multiserver Configuration
for Profit Maximization in Cloud Computing

Introduction:
Along with the development of cloud computing, an increasing number of enterprises start to adopt cloud service, which promotes the emergence of many cloud service providers. For cloud service providers, how to configure their cloud service platforms to obtain the maximum profit becomes increasingly the focus that they pay attention to. In this paper, we take customer satisfaction into consideration to address this problem. Customer satisfaction affects the profit of cloud service providers in two ways. On one hand, the cloud configuration affects the quality of service which is an important factor affecting customer satisfaction. On the other hand, the customer satisfaction affects the request arrival rate of a cloud service provider. However, few existing works take customer satisfaction into consideration in solving profit maximization problem, or the existing works considering customer satisfaction do not give a proper formalized definition for it. Hence, we firstly refer to the definition of customer satisfaction in economics and develop a formula for measuring customer satisfaction in cloud computing. And then, an analysis is given in detail on how the customer satisfaction affects the profit. Lastly, taking into consideration customer satisfaction, service-level agreement, renting price, energy consumption and so forth, a profit maximization problem is formulated and solved to get the optimal configuration such that the profit is maximized.

Reference IEEE paper:
“Customer-Satisfaction-Aware Optimal Multiserver Configuration for Profit Maximization in Cloud Computing”, IEEE Transactions on Sustainable Computing, 2017.

Unique ID -SBI1010

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Identity Based Data Outsourcing with Comprehensive Auditing in
Clouds

Introduction:
Cloud storage system provides facilitative file storage and sharing services for distributed clients. To address integrity, controllable outsourcing and origin auditing concerns on outsourced files, we propose an identity-based data outsourcing (IBDO) scheme equipped with desirable features advantageous over existing proposals in securing outsourced data. First, our IBDO scheme allows a user to authorize dedicated proxies to upload data to the cloud storage server on her behalf, e.g., a company may authorize some employees to upload files to the company’s cloud account in a controlled way. The proxies are identified and authorized with their recognizable identities, which eliminates complicated certificate management in usual secure distributed computing systems. Second, our IBDO scheme facilitates comprehensive auditing, i.e., our scheme not only permits regular integrity auditing as in existing schemes for securing outsourced data, but also allows to audit the information on data origin, type and consistence of outsourced files. Security analysis and experimental evaluation indicate that our IBDO scheme provides strong security with desirable efficiency.

Reference IEEE paper:
“Identity-Based Data Outsourcing with Comprehensive Auditing in Clouds”, IEEE Transactions on Information Forensics and Security, 2017.

Unique ID -SBI1013

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Identity Based Private Matching over Outsourced Encrypted
Datasets

Introduction:
With wide use of cloud computing and storage services, sensitive information is increasingly centralized into the cloud to reduce the management costs, which raises concerns about data privacy. Encryption is a promising way to maintain the confidentiality of outsourced sensitive data, but it makes effective data utilization to be a very challenging task. In this paper, we focus on the problem of private matching over outsourced encrypted datasets in identity-based cryptosystem that can simplify the certificate management. To solve this problem, we propose an Identity-Based Private Matching scheme (IBPM), which realizes fine-grained authorization that enables the privileged cloud server to perform private matching operations without leaking any private data. We present the rigorous security proof under the Decisional Linear Assumption and Decisional Bilinear Diffie-Hellman Assumption. Furthermore, through the analysis of the asymptotic complexity and the experimental evaluation, we verify that the cost of our IBPM scheme is linear to the size of the dataset and it is more efficient than the existing work of Zheng [30]. Finally, we apply our IBPM scheme to build two efficient schemes, including identity-based fuzzy private matching as well as identity-based multi-keyword fuzzy search.

Reference IEEE paper:
“Identity Based Private Matching over Outsourced Encrypted Datasets”, IEEE TRANSACTIONS ON CLOUD COMPUTING, 2017.

Unique ID -SBI1015

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Identity-based Remote Data Integrity Checking with Perfect Data
Privacy Preserving for Cloud Storage

Introduction:
Remote data integrity checking (RDIC) enables a data storage server, say a cloud server, to prove to a verifier that it is actually storing a data owner’s data honestly. To date, a number of RDIC protocols have been proposed in the literature, but most of the constructions suffer from the issue of a complex key management, that is, they rely on the expensive public key infrastructure (PKI), which might hinder the deployment of RDIC in practice. In this paper, we propose a new construction of identity-based (ID-based) RDIC protocol by making use of key-homomorphic cryptographic primitive to reduce the system complexity and the cost for establishing and managing the public key authentication framework in PKI based RDIC schemes. We formalize ID-based RDIC and its security model including security against a malicious cloud server and zero knowledge privacy against a third party verifier. The proposed ID-based RDIC protocol leaks no information of the stored data to the verifier during the RDIC process. The new construction is proven secure against the malicious server in the generic group model and achieves zero knowledge privacy against a verifier. Extensive security analysis and implementation results demonstrate that the proposed protocol is provably secure and practical in the real-world applications.

Reference IEEE paper:
“Identity-based Remote Data Integrity Checking with Perfect Data Privacy Preserving for Cloud Storage”, IEEE Transactions on Information Forensics and Security, 2017.

Unique ID -SBI1016

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

On the Security of Data Access Control for Multi-authority Cloud
Storage Systems

Introduction:
Data access control has becoming a challenging issue in cloud storage systems. Some techniques have been proposed to achieve the secure data access control in a semi trusted cloud storage system. Recently, K.Yang et al.proposed a basic data access control scheme for multi-authority cloud storage system (DAC-MACS) and an extensive data access control scheme (EDAC-MACS). They claimed that the DAC-MACS could achieve efficient decryption and immediate revocation and the EDAC-MACS could also achieve these goals even though non-revoked users reveal their Key Update Keys to the revoked user. However, through our cryptanalysis, the revocation security of both schemes cannot be guaranteed. In this paper, we first give two attacks on the two schemes. By the first attack, the revoked user can eavesdrop to obtain other users’ Key Update Keys to update its Secret Key, and then it can obtain proper Token to decrypt any secret information as a non-revoked user. In addition, by the second attack, the revoked user can intercept Ciphertext Update Key to retrieve its ability to decrypt any secret information as a non-revoked user. Secondly, we propose a new extensive DAC-MACS scheme (NEDAC-MACS) to withstand the above two attacks so as to guarantee more secure attribute revocation. Then, formal cryptanalysis of NEDAC-MACS is presented to prove the security goals of the scheme. Finally, the performance comparison among NEDAC-MACS and related schemes is given to demonstrate that the performance of NEDAC-MACS is superior to that of DACC, and relatively same as that of DAC-MACS.

Reference IEEE paper:
“On the Security of Data Access Control for Multi authority Cloud Storage Systems”, IEEE Transactions on Services Computing, 2017

Unique ID -SBI1017

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Privacy Protection and Intrusion Avoidance for Cloudlet-based
Medical Data Sharing

Introduction:
With the popularity of wearable devices, along with the development of clouds and cloudlet technology, there has been increasing need to provide better medical care. The processing chain of medical data mainly includes data collection, data storage and data sharing, etc. Traditional healthcare system often requires the delivery of medical data to the cloud, which involves users’ sensitive information and causes communication energy consumption. Practically, medical data sharing is a critical and challenging issue. Thus in this paper, we build up a novel healthcare system by utilizing the flexibility of cloudlet. The functions of cloudlet include privacy protection, data sharing and intrusion detection. In the stage of data collection, we first utilize Number Theory Research Unit (NTRU) method to encrypt user’s body data collected by wearable devices. Those data will be transmitted to nearby cloudlet in an energy efficient fashion. Secondly, we present a new trust model to help users to select trustable partners who want to share stored data in the cloudlet. The trust model also helps similar patients to communicate with each other about their diseases. Thirdly, we divide users’ medical data stored in remote cloud of hospital into three parts, and give them proper protection. Finally, in order to protect the healthcare system from malicious attacks, we develop a novel collaborative intrusion detection system (IDS) method based on cloudlet mesh, which can effectively prevent the remote healthcare big data cloud from attacks. Our experiments demonstrate the effectiveness of the proposed scheme.

Reference IEEE paper:
“Privacy Protection and Intrusion Avoidance for Cloudlet-based Medical Data Sharing”, IEEE Transactions on Cloud Computing, 2017.

Unique ID -SBI1018

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Privacy-Preserving Multikeyword Similarity Search Over
Outsourced Cloud Data

Introduction:
The amount of data generated by individuals and enterprises is rapidly increasing. With the emerging cloud computing paradigm, the data and corresponding complex management tasks can be outsourced to the cloud for the management flexibility and cost savings. Unfortunately, as the data could be sensitive, the direct data outsourcing would have the problem of privacy leakage. The encryption can be used, before the data outsourcing, with the concern that the operations can still be accomplished by the cloud. We consider the multikeyword similarity search over outsourced cloud data. In particular, with the consideration of the text data only, multiple keywords are specified by the user. The cloud returns the files containing more than a threshold number of input keywords or similar keywords, where the similarity here is defined according to the edit distance metric. We propose three solutions, where blind signature provides the user access privacy, and a novel use of Bloom filter’s bit pattern provides the speedup of search task at the cloud side. Our final design to achieve the search is secure against insider threats and efficient in terms of the search time at the cloud side. Performance evaluation and analysis are used to demonstrate the practicality of our proposed solutions.

Reference IEEE paper:
“Privacy-Preserving Multikeyword Similarity Search Over Outsourced Cloud Data” , IEEE SYSTEMS JOURNAL, 2017.

Unique ID -SBI1020

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Privacy Protection based Access Control Scheme in Cloud-based
Services

Introduction:
With the rapid development of the computer technology, cloud-based services have become a hot topic. Cloud based services not only provide users with convenience, but also bring many security issues. Therefore, the study of access control scheme to protect users’ privacy in cloud environment is of great significance. In this paper, we present an access control system with privilege separation based on privacy protection (PS-ACS). In the PS-ACS scheme, we divide the users into personal domain (PSD) and public domain (PUD) logically. In the PSD, we set read and write access permissions for users respectively. The Key-Aggregate Encryption (KAE) is exploited to implement the read access permission which improves the access efficiency. A high degree of patient privacy is guaranteed simultaneously by exploiting an Improved Attribute-based Signature (IABS) which can determine the users’ write access. For the users of PUD, a hierarchical attribute-based encryption (HABE) is applied to avoid the issues of single point of failure and complicated key distribution. Function and performance testing result shows that the PS-ACS scheme can achieve privacy protection in cloud based services.

Reference IEEE paper :
“Privacy Protection based Access Control Scheme in Cloud-based Services”, IEEE 2017.

Unique ID -SBI1019

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Identity-Based Encryption with Cloud Revocation Authority and
Its Applications

Introduction:
Identity-based encryption (IBE) is a public key crypto system and eliminates the demands of public key infrastructure (PKI) and certificate administration in conventional public key settings. Due to the absence of PKI, the revocation problem is a critical issue in IBE settings. Several revocable IBE schemes have been proposed regarding this issue. Quite recently, by embedding an outsourcing computation technique into IBE, Li et al. proposed a revocable IBE scheme with a key-update cloud service provider (KU-CSP). However, their scheme has two shortcomings. One is that the computation and communication costs are higher than previous revocable IBE schemes. The other shortcoming is lack of scalability in the sense that the KU-CSP must keep a secret value for each user. In the article, we propose a new revocable IBE scheme with a cloud revocation authority (CRA) to solve the two shortcomings, namely, the performance is significantly improved and the CRA holds only a system secret for all the users. For security analysis, we demonstrate that the proposed scheme is semantically secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. Finally, we extend the proposed revocable IBE scheme to present a CRA-aided authentication scheme with period-limited privileges for managing a large number of various cloud services.

Reference IEEE paper:
“Identity-Based Encryption with Cloud Revocation Authority and Its Applications”, IEEE TRANS. CLOUD COMPUTING 2017.

Unique ID -SBI1014

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Fast Phrase Search for Encrypted Cloud Storage

Introduction:
Cloud computing has generated much interest in the research community in recent years for its many advantages, but has also raise security and privacy concerns. The storage and access of confidential documents have been identified as one of the central problems in the area. In particular, many researchers investigated solutions to search over encrypted documents stored on remote cloud servers. While many schemes have been proposed to perform conjunctive keyword search, less attention has been noted on more specialized searching techniques. In this paper, we present a phrase search technique based on Bloom filters that is significantly faster than existing solutions, with similar or better storage and communication cost. Our technique uses a series of n-gram filters to support the functionality. The scheme exhibits a trade-off between storage and false positive rate, and is adaptable to defend against inclusion-relation attacks. A design approach based on an application’s target false positive rate is also described.

Reference IEEE paper:
“Fast Phrase Search for Encrypted Cloud Storage”, IEEE Transactions on Cloud Computing, 2017.

Unique ID -SBI1012

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

Efficient and Expressive Keyword Search Over Encrypted Data in
Cloud

Introduction:
Searchable encryption allows a cloud server to conduct keyword search over encrypted data on behalf of the data users without learning the underlying plain texts. However, most existing searchable encryption schemes only support single or conjunctive keyword search, while a few other schemes that are able to perform expressive keyword search are computationally inefficient since they are built from bilinear pairings over the composite-order groups. In this paper, we propose an expressive public-key searchable encryption scheme in the prime-order groups, which allows keyword search policies (i.e., predicates, access structures) to be expressed in conjunctive, disjunctive or any monotonic Boolean formulas and achieves significant performance improvement over existing schemes. We formally define its security, and prove that it is selectively secure in the standard model. Also, we implement the proposed scheme using a rapid prototyping tool called Charm, and conduct several experiments to evaluate it performance. The results demonstrate that our scheme is much more efficient than the ones built over the composite-order groups.

Reference IEEE paper:
“Efficient and Expressive Keyword Search Over Encrypted Data in Cloud”, IEEE Transactions on Dependable and Secure Computing, 2017.

Unique ID -SBI1011

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

A robust reputation management mechanism in the federated
cloud.

Introduction:
In the Infrastructure as a Service (IaaS) paradigm of cloud computing, computational resources are available for rent. Although it offers a cost efficient solution to virtual network requirements, low trust on the rented computational resources prevents users from using it. To reduce the cost, computational resources are shared, i.e., there exists multi-tenancy. As the communication channels and other computational resources are shared, it creates security and privacy issues. A user may not identify a trustworthy co-tenant as the users are anonymous. The user depends on the Cloud Provider (CP) to assign trustworthy co-tenants. But, it is in the CP’s interest that it gets maximum utilization of its resources. Hence, it allows maximum co-tenancy irrespective of the behaviours of users. In this paper, we propose a robust reputation management mechanism that encourages the CPs in a federated cloud to differentiate between good and malicious users and assign resources in such a way that they do not share resources. We show the correctness and the efficiency of the proposed reputation management system using analytical and experimental analysis.

Reference IEEE paper :
“A robust reputation management mechanism in the federated cloud”, IEEE Transactions on Cloud Computing, 2017.

Unique ID -SBI1006

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

A Modified Hierarchical Attribute-Based Encryption Access Control Method for Mobile Cloud Computing

Introduction:

Cloud computing is an Internet-based computing pattern through which shared resources are provided to devices on demand. Its an emerging but promising paradigm to integrating mobile devices into cloud computing, and the integration performs in the cloud based hierarchical multi-user data-shared environment. With integrating into cloud computing, security issues such as data confidentiality and user authority may arise in the mobile cloud computing system, and it is concerned as the main constraints to the developments of mobile cloud computing. In order to provide safe and secure operation, a hierarchical access control method using modified hierarchical attribute-based encryption (M-HABE) and a modified three-layer structure is proposed in this paper. In a specific mobile cloud computing model, enormous data which may be from all kinds of mobile devices, such as smart phones, functioned phones and PDAs and so on can be controlled and monitored by the system, and the data can be sensitive to unauthorized third party and constraint to legal users as well. The novel scheme mainly focuses on the data processing, storing and accessing, which is designed to ensure the users with legal authorities to get corresponding classified data and to restrict illegal users and unauthorized legal users get access to the data, which makes it extremely suitable for the mobile cloud computing paradigms.

Reference IEEE paper :

“A Modified Hierarchical Attribute-Based Encryption Access Control Method for Mobile Cloud Computing”, IEEE Transactions on Cloud Computing, 2017.

Unique ID – SBI1003

Domain – CLOUD COMPUTING

Book your project Now.  Checkout other projects here

A New Service Mechanism for Profit Optimizations of a Cloud
Provider and Its Users

Introduction:
In this paper, we try to design a service mechanism for profit optimizations of both a cloud provider and its multiple users. We consider the problem from a game theoretic perspective and characterize the relationship between the cloud provider and its multiple users as a Stackelberg game, in which the strategies of all users are subject to that of the cloud provider. The cloud provider tries to select and provision appropriate servers and configure a proper request allocation strategy to reduce energy cost while satisfying its cloud users at the same time. We approximate its servers selection space by adding a controlling parameter and configure an optimal request allocation strategy. For each user, we design a utility function which combines the net profit with time efficiency and try to maximize its value under the strategy of the cloud provider. We formulate the competitions among all users as a generalized Nash equilibrium problem (GNEP). We solve the problem by employing variational inequality (VI) theory and prove that there exists a generalized Nash equilibrium solution set for the formulated GNEP. Finally, we propose an iterative algorithm (IA), which characterizes the whole process of our proposed service mechanism. We conduct some numerical calculations to verify our theoretical analyses. The experimental results show that our IA algorithm can benefit both of a cloud provider and its multiple users by configuring proper strategies.

Reference IEEE paper :
“A New Service Mechanism for Profit Optimizations of a Cloud Provider and Its Users”, IEEE Transactions on Cloud Computing, 2017.

Unique ID -SBI1004

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

A Novel Efficient Remote Data Possession Checking Protocol in
Cloud Storage

Introduction:
As an important application in cloud computing, cloud storage offers user scalable, flexible and high quality data storage and computation services. A growing number of data owners choose to outsource data files to the cloud. Because cloud storage servers are not fully trustworthy, data owners need dependable means to check the possession for their files outsourced to remote cloud servers. To address this crucial problem, some remote data possession checking (RDPC) protocols have been presented. But many existing schemes have vulnerabilities in efficiency or data dynamics. In this paper, we provide a new efficient RDPC protocol based on homomorphic hash function. The new scheme is provably secure against forgery attack, replace attack and replay attack based on a typical security model. To support data dynamics, an operation record table (ORT) is introduced to track operations on file blocks. We further give a new optimized implementation for the ORT which makes the cost of accessing ORT nearly constant. Moreover, we make the comprehensive performance analysis which shows that our scheme has advantages in computation and communication costs. Prototype implementation and experiments exhibit that the scheme is feasible for real applications.

Reference IEEE paper :
“A Novel Efficient Remote Data Possession Checking Protocol in Cloud Storage”, IEEE 2017

Unique ID -SBI1005

DomainCLOUD COMPUTING

Book your project Now.  Checkout other projects here

A Lightweight Secure Data Sharing Scheme for Mobile Cloud Computing

Introduction :

With the popularity of cloud computing, mobile devices can store/retrieve personal data from anywhere at any time. Consequently, the data security problem in mobile cloud becomes more and more severe and prevents further development of mobile cloud. There are substantial studies that have been conducted to improve the cloud security. However, most of them are not applicable for mobile cloud since mobile devices only have limited computing resources and power. Solutions with low computational overhead are in great need for mobile cloud applications. In this paper, we propose a lightweight data sharing scheme (LDSS) for mobile cloud computing. It adopts CP-ABE, an access control technology used in normal cloud environment, but changes the structure of access control tree to make it suitable for mobile cloud environments. LDSS moves a large portion of the computational intensive access control tree transformation in CP-ABE from mobile devices to external proxy servers. Furthermore, to reduce the user revocation cost, it introduces attribute description fields to implement lazy-revocation, which is a thorny issue in program based CP-ABE systems. The experimental results show that LDSS can effectively reduce the overhead on the mobile device side when users are sharing data in mobile cloud environments.

Reference IEEE paper :

“A Lightweight Secure Data Sharing Scheme for Mobile Cloud Computing”, IEEE Transactions on Cloud Computing, 2017.

Unique ID -SBI1002

Domain – CLOUD COMPUTING

Book your project Now.  Checkout other projects here

Attribute-Based Storage Supporting Secure Deduplication of Encrypted Data in Cloud

Introduction :

Attribute-Based Storage Supporting Secure Deduplication of Encrypted Data in Cloud. Attribute-based encryption (ABE) has been widely used in cloud computing where a data provider outsources his/her encrypted data to a cloud service provider, and can share the data with users possessing specific credentials (or attributes). However, the standard ABE system does not support secure deduplication, which is crucial for eliminating duplicate copies of identical data in order to save storage space and network bandwidth. In this paper, we present an attribute-based storage system with secure deduplication in a hybrid cloud setting, where a private cloud is responsible for duplicate detection and a public cloud manages the storage. Compared with the prior data deduplication systems, our system has two advantages. Firstly, it can be used to confidentially share data with users by specifying access policies rather than sharing decryption keys. Secondly, it achieves the standard notion of semantic security for data confidentiality while existing systems only achieve it by defining a weaker security notion. In addition, we put forth a methodology to modify a ciphertext over one access policy into ciphertexts of the same plaintext but under other access policies without revealing the underlying plaintext.

Reference IEEE paper:

“Attribute-Based Storage Supporting Secure Deduplication of Encrypted Data in Cloud”, IEEE Transactions on Big Data, 2017.

Unique ID – SBI1082

DomainBIG DATA

Book your project Now.  Checkout other projects here

Cross tenant access control model for cloud computingSharing of resources on the cloud can be achieved on a large scale since it is cost effective and location independent. Despite the hype surrounding cloud computing, organizations are still reluctant to deploy their businesses in the cloud computing environment due to concerns in secure resource sharing. In this paper, we propose a cloud resource mediation service offered by cloud service providers, which plays the role of trusted third party among its different tenants. This paper formally specifies the resource sharing mechanism between two different tenants in the presence of our proposed cloud resource mediation service. The correctness of permission activation and delegation mechanism among different tenants using four distinct algorithms (Activation, Delegation, Forward Revocation and Backward Revocation) is also demonstrated using formal verification. The performance analysis suggest that sharing of resources can be performed securely and efficiently across different tenants of the cloud.

Cross tenant access control model for cloud computing

EXISTING SYSTEM:

  • Zhao et al. propose a cross-domain single sign on authentication protocol for cloud users, whose security was also proven mathematically. In the approach, the CSP is responsible for verifying the user’s identity and making access control decisions.
  • As computing resources are being shared between tenants and used in an on-demand manner, both known and zeroday system security vulnerabilities could be exploited by the attackers (e.g. using side-channel and timing attacks).
  • In existing, a fine grained data-level access control model (FDACM) designed to provide role-based and data-based access control for multi-tenant applications was presented. Relatively lightweight expressions were used to represent complex policy rules.

DISADVANTAGES OF EXISTING SYSTEM:

  • Traditional access control models, such as role based access control, are generally unable to adequately deal with cross-tenant resource access requests.
  • Specification level security is difficult to achieve at the user and provider ends.
  • The security of the approach was not provided.

PROPOSED SYSTEM:

  • We use model checking to exhaustively explore the system and verify the finite state concurrent systems. Specifically, we use High Level Petri Nets (HLPN) and Z language for the modeling and analysis of the CTAC model.
  • We present a CTAC model for collaboration, and the CRMS to facilitate resource sharing amongst various tenants and their users.
  • We also present four different algorithms in the CTAC model, namely: activation, delegation, forward revocation and backward revocation.
  • We then provide a detailed presentation of modeling, analysis and automated verification of the CTAC model using the Bounded Model Checking technique with SMTLIB and Z3 solver, in order to demonstrate the correctness and security of the CTAC model.

ADVANTAGES OF PROPOSED SYSTEM:

  • HLPN provides graphical and mathematical representations of the system, which facilitates the analysis of its reactions to a given input. Therefore, we are able to understand the links between different system entities and how information is processed.
  • We then verify the model by translating the HLPN using bounded model checking. For this purpose, we use Satisfiability Modulo Theories Library (SMT-Lib) and solver. We remark that such formal verification has previously been used to evaluate security protocols

HARDWARE REQUIREMENTS:

System : Pentium Dual Core.
Hard Disk : 120 GB.
Monitor : 15” LED
Input Devices : Keyboard, Mouse
Ram : 1 GB

SOFTWARE REQUIREMENTS:

Operating system : Windows 7.
Coding Language : JAVA/J2EE
Tool : Netbeans 7.2.1
Database : MYSQL

Book your project Now.

Checkout other projects here