Lattice-Based Authentication Scheme to Prevent Quantum Attack in Public Cloud Environment

Public cloud computing provides a variety of services to consumers via high-speed internet. The consumer can access these services anytime and anywhere on a balanced service cost. Many traditional authentication protocols are proposed to secure public cloud computing. However, the rapid development of high-speed internet and organizations’ race to develop quantum computers is a nightmare for existing authentication schemes. These traditional authentication protocols are based on factorization or discrete logarithm problems. As a result, traditional authentication protocols are vulnerable in the quantum computing era. Therefore, in this article, we have proposed an authentication protocol based on the lattice technique for public cloud computing to resist quantum attacks and prevent all known traditional security attacks. The proposed lattice-based authentication protocol is provably secure under the Real-Or-Random (ROR) model. At the same time, the result obtained during the experiments proved that our protocol is lightweight compared to the existing lattice-based authentication protocols, as listed in the performance analysis section. The comparative analysis shows that the protocol is suitable for practical implementation in a quantum-based environment.     

Root-Of-Trust for Continuous Integration and Continuous Deployment Pipeline in Cloud Computing

Cloud computing has gained significant use over the last decade due to its several benefits, including cost savings associated with setup, deployments, delivery, physical resource sharing across virtual machines, and availability of on-demand cloud services. However, in addition to usual threats in almost every computing environment, cloud computing has also introduced a set of new threats as consumers share physical resources due to the physical co-location paradigm. Furthermore, since there are a growing number of attacks directed at cloud environments (including dictionary attacks, replay code attacks, denial of service attacks, rootkit attacks, code injection attacks, etc.), customers require additional assurances before adopting cloud services. Moreover, the continuous integration and continuous deployment of the code fragments have made cloud services more prone to security breaches. In this study, the model based on the root of trust for continuous integration and continuous deployment is proposed, instead of only relying on a single sign-on authentication method that typically uses only id and password. The underlying study opted hardware security module by utilizing the Trusted Platform Module (TPM), which is commonly available as a cryptoprocessor on the motherboards of the personal computers and data center servers. The preliminary proof of concept demonstrated that the TPM features can be utilized through RESTful services to establish the root of trust for continuous integration and continuous deployment pipeline and can additionally be integrated as a secure microservice feature in the cloud computing environment.     

Multilayer Self-Defense System to Protect Enterprise Cloud

A data breach can seriously impact organizational intellectual property, resources, time, and product value. The risk of system intrusion is augmented by the intrinsic openness of commonly utilized technologies like TCP/IP protocols. As TCP relies on IP addresses, an attacker may easily trace the IP address of the organization. Given that many organizations run the risk of data breach and cyber-attacks at a certain point, a repeatable and well-developed incident response framework is critical to shield them. Enterprise cloud possesses the challenges of security, lack of transparency, trust and loss of controls. Technology eases quickens the processing of information but holds numerous risks including hacking and confidentiality problems. The risk increases when the organization outsources the cloud storage services through the vendor and suffers from security breaches and need to create security systems to prevent data networks from being compromised. The business model also leads to insecurity issues which derail its popularity. An attack mitigation system is the best solution to protect online services from emerging cyber-attacks. This research focuses on cloud computing security, cyber threats, machine learning-based attack detection, and mitigation system. The proposed SDN-based multilayer machine learning-based self-defense system effectively detects and mitigates the cyber-attack and protects cloud-based enterprise solutions. The results show the accuracy of the proposed machine learning techniques and the effectiveness of attack detection and the mitigation system.     

Efficient Hierarchical Multi-Server Authentication Protocol for Mobile Cloud Computing

With the development of communication technologies, various mobile devices and different types of mobile services became available. The emergence of these services has brought great convenience to our lives. The multi-server architecture authentication protocols for mobile cloud computing were proposed to ensure the security and availability between mobile devices and mobile services. However, most of the protocols did not consider the case of hierarchical authentication. In the existing protocol, when a mobile user once registered at the registration center, he/she can successfully authenticate with all mobile service providers that are registered at the registration center, but real application scenarios are not like this. For some specific scenarios, some mobile service providers want to provide service only for particular users. For this reason, we propose a new hierarchical multi-server authentication protocol for mobile cloud computing. The proposed protocol ensures only particular types of users can successfully authenticate with certain types of mobile service providers. The proposed protocol reduces computing and communication costs by up to 42.6% and 54.2% compared to two superior protocols. The proposed protocol can also resist the attacks known so far.     

A Cross-Tenant RBAC Model for Collaborative Cloud Services

Tenants in the cloud computing environment share various services, including storage, network, computing, and applications. For better use of services in the cloud computing environment, tenants collaborate in tasks, resulting in challenges to the traditional access control. This study proposes a cross-tenant role-based access control (CT-RBAC) model for collaborative cloud services. This model covers the CT-RBAC0, CT-RBAC1, CT-RBAC2, and CT-RBAC3 models. The model not only extends the RBAC model in the multi-tenant cloud computing mode but also includes four types of authorization modes among tenants. Consequently, the role inheritance constraint is increased, and fine-grained authorization access among trusted tenants is realized.     

A Multi-Tenant Usage Access Model for Cloud Computing

Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures. It offers tremendous advantages for enterprises and service providers. It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service. To realize access control in a multi-tenant cloud computing environment, this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants. The model consists of three submodels, which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios. With an established trust relation in MT-UCON (Multi-tenant Usage Access Control), the trustee can precisely authorize cross-tenant accesses to the trustor’s resources consistent with constraints over the trust relation and other components designated by the trustor. In addition, the security of the model is analyzed by an information flow method. The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants.     

Blockzone: A Decentralized and Trustworthy Data Plane for DNS

The domain name system (DNS) provides a mapping service between memorable names and numerical internet protocol addresses, and it is a critical infrastructure of the Internet. The authenticity of DNS resolution results is crucial for ensuring the accessibility of Internet services. Hundreds of supplementary specifications of protocols have been proposed to compensate for the security flaws of DNS. However, DNS security incidents still occur frequently. Although DNS is a distributed system, for a specified domain name, only authorized authoritative servers can resolve it. Other servers must obtain the resolution result through a recursive or iterative resolving procedure, which renders DNS vulnerable to various attacks, such as DNS cache poisoning and distributed denial of service (DDoS) attacks. This paper proposes a novel decentralized architecture for a DNS data plane, which is called Blockzone. First, Blockzone utilizes novel mechanisms, which include on-chain authorization and off-chain storage, to implement a decentralized and trustworthy DNS data plane. Second, in contrast to the hierarchical authentication and recursive query of traditional DNS, Blockzone implements a decentralized operation model. This model significantly increases the efficiency of domain name resolution and verification and enhances the security of DNS against DDoS and cache poisoning attacks. In addition, Blockzone is fully compatible with the traditional DNS implementation and can be incrementally deployed as a plug-in service of DNS without changing the DNS protocol or system architecture. The Blockzone scheme can also be generalized to address security issues in other areas, such as the Internet of things and edge computing.     

A Secure Method for Data Storage and Transmission in Sustainable Cloud Computing

Cloud computing is a technology that provides secure storage space for the customer’s massive data and gives them the facility to retrieve and transmit their data efficiently through a secure network in which encryption and decryption algorithms are being deployed. In cloud computation, data processing, storage, and transmission can be done through laptops and mobile devices. Data Storing in cloud facilities is expanding each day and data is the most significant asset of clients. The important concern with the transmission of information to the cloud is security because there is no perceivability of the client’s data. They have to be dependent on cloud service providers for assurance of the platform’s security. Data security and privacy issues reduce the progression of cloud computing and add complexity. Nowadays; most of the data that is stored on cloud servers is in the form of images and photographs, which is a very confidential form of data that requires secured transmission. In this research work, a public key cryptosystem is being implemented to store, retrieve and transmit information in cloud computation through a modified Rivest-Shamir-Adleman (RSA) algorithm for the encryption and decryption of data. The implementation of a modified RSA algorithm results guaranteed the security of data in the cloud environment. To enhance the user data security level, a neural network is used for user authentication and recognition. Moreover; the proposed technique develops the performance of detection as a loss function of the bounding box. The Faster Region-Based Convolutional Neural Network (Faster R-CNN) gets trained on images to identify authorized users with an accuracy of 99.9% on training.     

Towards Privacy-Preserving Cloud Storage: A Blockchain Approach

With the rapid development of cloud computing technology, cloud services have now become a new business model for information services. The cloud server provides the IT resources required by customers in a self-service manner through the network, realizing business expansion and rapid innovation. However, due to the insufficient protection of data privacy, the problem of data privacy leakage in cloud storage is threatening cloud computing. To address the problem, we propose BC-PECK, a data protection scheme based on blockchain and public key searchable encryption. Firstly, all the data is protected by the encryption algorithm. The privacy data is encrypted and stored in a cloud server, while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain. Secondly, based on the characteristics of trusted execution of smart contract technology, a control mechanism for data accessing and sharing is given. Data transaction is automatically recorded on the blockchain, which is fairer under the premise of ensuring the privacy and security of the data sharing process. Finally, we analyzed the security and fairness of the current scheme. Through the comparison with similar schemes, we have shown the advantages of the proposed scheme.     

Prediction of Cloud Ranking in a Hyperconverged Cloud Ecosystem Using Machine Learning

Cloud computing is becoming popular technology due to its functional properties and variety of customer-oriented services over the Internet. The design of reliable and high-quality cloud applications requires a strong Quality of Service QoS parameter metric. In a hyperconverged cloud ecosystem environment, building high-reliability cloud applications is a challenging job. The selection of cloud services is based on the QoS parameters that play essential roles in optimizing and improving cloud rankings. The emergence of cloud computing is significantly reshaping the digital ecosystem, and the numerous services offered by cloud service providers are playing a vital role in this transformation. Hyperconverged software-based unified utilities combine storage virtualization, compute virtualization, and network virtualization. The availability of the latter has also raised the demand for QoS. Due to the diversity of services, the respective quality parameters are also in abundance and need a carefully designed mechanism to compare and identify the critical, common, and impactful parameters. It is also necessary to reconsider the market needs in terms of service requirements and the QoS provided by various CSPs. This research provides a machine learning-based mechanism to monitor the QoS in a hyperconverged environment with three core service parameters: service quality, downtime of servers, and outage of cloud services.     

Practical Reliability and Maintainability Analysis Tool for an Open Source Cloud Computing

We focus on a cloud computing environment by using open source softwares such as OpenStack and Eucalyptus because of the unification management of data and low cost. A cloud computing is attracting attention as a network service to share the computing resources, that is, networks, servers, storage, applications, and services. We propose jump diffusion models based on stochastic differential equations in order to consider the interesting aspect of the provisioning process. Especially, the reliability and maintainability analysis tool for cloud computing is developed in this paper. Also, we analyze actual data to show numerical illustrations of application of the software analysis tool considering the characteristics of cloud computing. Copyright © 2015 John Wiley & Sons, Ltd.     

Prediction of Web Services Reliability Based on Decision Tree Classification Method

With the development of the service-oriented computing (SOC), web service has an important and popular solution for the design of the application system to various enterprises. Nowadays, the numerous web services are provided by the service providers on the network, it becomes difficult for users to select the best reliable one from a large number of services with the same function. So it is necessary to design feasible selection strategies to provide users with the reliable services. Most existing methods attempt to select services according to accurate predictions for the quality of service (QoS) values. However, because the network and user needs are dynamic, it is almost impossible to accurately predict the QoS values. Furthermore, accurate prediction is generally timeconsuming. This paper proposes a service decision tree based post-pruning prediction approach. This paper first defines the five reliability levels for measuring the reliability of services. By analyzing the quality data of service from the network, the proposed method can generate the training set and convert them into the service decision tree model. Using the generated model and the given predicted services, the proposed method classifies the service to the corresponding reliability level after discretizing the continuous attribute of service. Moreover, this paper applies the post-pruning strategy to optimize the generated model for avoiding the over-fitting. Experimental results show that the proposed method is effective in predicting the service reliability.     

基于云计算的标准化资源共享服务平台构建研究

云计算架构是实现标准资源信息共享的有效手段之一。本文通过对标准化资源共享服务平台的建设方案调查,结合云计算环境下的标准化资源共享服务平台构建研究,构建基于云计算的标准化资源共享服务平台。在介绍了标准化资源服务技术的发展现状基础上,阐述了云计算、标准化资源共享服务平台的概念、内涵及特点,设计出标准化资源共享服务平台的体系架构,并基于该平台设计了资源检索、管理、分析等多种云服务。实现政府、行业、机构、企业、专家、公众等标准化资源数字信息资源的共知共建共享,按需为用户提供个性化标准化数字资源（如查询、阅读、下载、分享等等）服务。     

A Novel Anonymous Authentication Scheme Based on Edge Computing in Internet of Vehicles

The vehicular cloud computing is an emerging technology that changes vehicle communication and underlying traffic management applications. However, cloud computing has disadvantages such as high delay, low privacy and high communication cost, which can not meet the needs of real-time interactive information of Internet of vehicles. Ensuring security and privacy in Internet of Vehicles is also regarded as one of its most important challenges. Therefore, in order to ensure the user information security and improve the real-time of vehicle information interaction, this paper proposes an anonymous authentication scheme based on edge computing. In this scheme, the concept of edge computing is introduced into the Internet of vehicles, which makes full use of the redundant computing power and storage capacity of idle edge equipment. The edge vehicle nodes are determined by simple algorithm of defining distance and resources, and the improved RSA encryption algorithm is used to encrypt the user information. The improved RSA algorithm encrypts the user information by reencrypting the encryption parameters . Compared with the traditional RSA algorithm, it can resist more attacks, so it is used to ensure the security of user information. It can not only protect the privacy of vehicles, but also avoid anonymous abuse. Simulation results show that the proposed scheme has lower computational complexity and communication overhead than the traditional anonymous scheme.     

Service task partition and distribution in star topology computer grid subject to data security constraints

The paper considers grid computing systems in which the resource management systems (RMS) can divide service tasks into execution blocks (EBs) and send these blocks to different resources. In order to provide a desired level of service reliability the RMS can assign the same blocks to several independent resources for parallel execution.The data security is a crucial issue in distributed computing that affects the execution policy. By the optimal service task partition into the EBs and their distribution among resources, one can achieve the greatest possible service reliability and/or expected performance subject to data security constraints. The paper suggests an algorithm for solving this optimization problem. The algorithm is based on the universal generating function technique and on the evolutionary optimization approach. Illustrative examples are presented.     

Optimal resource allocation on grid systems for maximizing service reliability using a genetic algorithm

Grid computing system is different from conventional distributed computing systems by its focus on large-scale resource sharing and open architecture for services. The global grid technologies and the Globus Toolkit in particular, are evolving toward an open grid service architecture (OGSA) with which a grid system provides an extensible infrastructure so that various organizations can offer their own services and integrate their resources. Hence, this paper aims at solving the problem of optimally allocating services on the grid to maximize the grid service reliability. Since no existing study has analyzed the grid service reliability, this paper develops initial modeling and evaluation algorithms to evaluate the grid service reliability. Based on the grid service reliability evaluation, we present an optimization model for the grid service allocation problem and develop a genetic algorithm (GA) to effectively solve it. A numerical example is given to show the modeling procedures and efficiency of the GAs.     

Cloud Data Encryption and Authentication Based on Enhanced Merkle Hash Tree Method

Many organizations apply cloud computing to store and effectively process data for various applications. The user uploads the data in the cloud has less security due to the unreliable verification process of data integrity. In this research, an enhanced Merkle hash tree method of effective authentication model is proposed in the multi-owner cloud to increase the security of the cloud data. Merkle Hash tree applies the leaf nodes with a hash tag and the non-leaf node contains the table of hash information of child to encrypt the large data. Merkle Hash tree provides the efficient mapping of data and easily identifies the changes made in the data due to proper structure. The developed model supports privacy-preserving public auditing to provide a secure cloud storage system. The data owners upload the data in the cloud and edit the data using the private key. An enhanced Merkle hash tree method stores the data in the cloud server and splits it into batches. The data files requested by the data owner are audit by a third-party auditor and the multi-owner authentication method is applied during the modification process to authenticate the user. The result shows that the proposed method reduces the encryption and decryption time for cloud data storage by 2–167 ms when compared to the existing Advanced Encryption Standard and Blowfish.     

Correlation-aware manufacturing service composition model using an extended flower pollination algorithm

Due to the emergence of cloud computing technology, many services with the same functionalities and different non-functionalities occur in cloud manufacturing system. Thus, manufacturing service composition optimisation is becoming increasingly important to meet customer demands, where this issue involves multi-objective optimisation. In this study, we propose a new manufacturing service composition model based on quality of service as well as considerations of crowdsourcing and service correlation. To address the problem of multi-objective optimisation, we employ an extended flower pollination algorithm (FPA) to obtain the optimal service composition solution, where it not only utilises the adaptive parameters but also integrates with genetic algorithm (GA). A case study was conducted to illustrate the practicality and effectiveness of the proposed method compared with GA, differential evolution algorithm, and basic FPA.     

XML-Based Information Fusion Architecture Based on Cloud Computing Ecosystem

Considering cloud computing from an organizational and end user computing point of view, it is a new paradigm for deploying, managing and offering services through a shared infrastructure. Current development of cloud computing applications, however, are the lack of a uniformly approach to cope with the heterogeneous information fusion. This leads cloud computing to inefficient development and a low potential reuse. This study addresses these issues to propose a novel Web 2.0 Mashups as a Service, called WMaaS, which is a fundamental cloud service model. The WMaaS is developed based on a XML-based Mashups Architecture (XMA) that is composed of Web 2.0 Mashups technologies, including Web Data, Web API, Web Interaction, and Web Presentation to associate with existing service models. To demonstrate the feasibility of this approach, this study implemented a Ubiquitous Location-based Service System (ULSS) that is a cloud computing application developed based on WMaaS to provide continuous and location-based schedule information for organization monitoring and end user needs.