Enhancing data privacy and access anonymity in cloud computing

Communications of the IBIMA Pub Date : 2013-01-19 DOI:10.5171/2013.462966

Nabil Giweli, S. Shahrestani, Hon Cheung

{"title":"Enhancing data privacy and access anonymity in cloud computing","authors":"Nabil Giweli, S. Shahrestani, Hon Cheung","doi":"10.5171/2013.462966","DOIUrl":null,"url":null,"abstract":"There is a growing interest in cloud computing due to its various benefits such as the efficient utilization of computing resources. However, privacy and security concerns are among the main obstacles facing the widespread adoption of this new technology. For instance, it is more desirable for many potential organizations and users that privacy protections and access authorizations on their data stored in the cloud remain under their control and only authorized entities can have access to the data even for the cloud server. In this paper, we propose a method that enables cloud clients more control of data security requirements on their data stored in the cloud. The data is protected by a client before it is sent to the cloud in a secure manner that only authorized users can access it. To provide a complete protection from unauthorized access, even the cloud provider is prevented from revealing the data content and access control policies. The client or data owner has complete control on what methods to use to protect the data and on who can have access on the data. The proposed method is based on a combination of cryptography techniques, including the Chines Remainder Theorem, symmetric and asymmetric encryptions. The proposed method combines access control and key sharing in one mechanism. In addition, the proposed method allows a client to use a unique key to encrypt the data and attaches it securely to its encrypted data. Only authorized users can have access to the key in order to decrypt the encrypted data. The data has all the security requirements independently attached to it including the integrity proof. The proposed method is efficient and has its computational overheard minimized. With all the security requirements and metadata stored with the data itself, the proposed method is also flexible and suitable for protecting clients’ data in the cloud computing environment.","PeriodicalId":187676,"journal":{"name":"Communications of the IBIMA","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-01-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Communications of the IBIMA","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5171/2013.462966","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

Abstract

There is a growing interest in cloud computing due to its various benefits such as the efficient utilization of computing resources. However, privacy and security concerns are among the main obstacles facing the widespread adoption of this new technology. For instance, it is more desirable for many potential organizations and users that privacy protections and access authorizations on their data stored in the cloud remain under their control and only authorized entities can have access to the data even for the cloud server. In this paper, we propose a method that enables cloud clients more control of data security requirements on their data stored in the cloud. The data is protected by a client before it is sent to the cloud in a secure manner that only authorized users can access it. To provide a complete protection from unauthorized access, even the cloud provider is prevented from revealing the data content and access control policies. The client or data owner has complete control on what methods to use to protect the data and on who can have access on the data. The proposed method is based on a combination of cryptography techniques, including the Chines Remainder Theorem, symmetric and asymmetric encryptions. The proposed method combines access control and key sharing in one mechanism. In addition, the proposed method allows a client to use a unique key to encrypt the data and attaches it securely to its encrypted data. Only authorized users can have access to the key in order to decrypt the encrypted data. The data has all the security requirements independently attached to it including the integrity proof. The proposed method is efficient and has its computational overheard minimized. With all the security requirements and metadata stored with the data itself, the proposed method is also flexible and suitable for protecting clients’ data in the cloud computing environment.

查看原文本刊更多论文

增强云计算中的数据隐私和访问匿名性

由于云计算的各种好处(如有效利用计算资源)，人们对云计算的兴趣越来越大。然而，隐私和安全问题是这项新技术广泛采用所面临的主要障碍。例如，对于许多潜在的组织和用户来说，更希望存储在云中的数据的隐私保护和访问授权仍然在他们的控制之下，只有授权实体才能访问数据，甚至对于云服务器也是如此。在本文中，我们提出了一种方法，使云客户端能够更好地控制其存储在云中的数据的数据安全需求。数据在以只有授权用户才能访问的安全方式发送到云端之前，由客户端进行保护。为了提供完整的保护，防止未经授权的访问，甚至阻止云提供商泄露数据内容和访问控制策略。客户端或数据所有者可以完全控制使用什么方法来保护数据，以及谁可以访问数据。所提出的方法是基于密码学技术的组合，包括中国剩余定理，对称和非对称加密。该方法将访问控制和密钥共享结合在一个机制中。此外，所建议的方法允许客户端使用唯一的密钥来加密数据，并将其安全地附加到其加密的数据上。只有经过授权的用户才能访问密钥，以便解密加密的数据。数据具有独立附加的所有安全要求，包括完整性证明。该方法效率高，计算开销最小。由于该方法满足了所有的安全要求，并且元数据与数据本身一起存储，因此该方法也非常灵活，适合在云计算环境中保护客户端数据。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Communications of the IBIMA

自引率

0.00%

发文量