Improved Cloud Storage Encryption Using Block Cipher-Based DNA Anti-Codify Model

When it comes to data storage, cloud computing and cloud storage providers play a critical role. The cloud data can be accessed from any location with an internet connection. Additionally, the risk of losing privacy when data is stored in a cloud environment is also increased. A variety of security techniques are employed in the cloud to enhance security. In this paper, we aim at maintaining the privacy of stored data in cloud environment by implementing block-based modelling to boost the privacy level with Anti-Codify Technique (ACoT) and block cipher-based algorithms. Initially, the cipher text is generated using Deoxyribo Nucleic Acid (DNA) model. Block-cipher-based encryption is used by ACoT, but the original encrypted file and its extension are broken up into separate blocks. When the original file is broken up into two separate blocks, it raises the security level and makes it more difficult for outsiders to cloud data access. ACoT improves the security and privacy of cloud storage data. Finally, the fuzzy-based classification is used that stores various access types in servers. The simulation results shows that the ACoT-DNA method achieves higher entropy against various block size with reduced computational cost than existing methods.     

基于门限属性加密的安全分布式云存储模型

针对云存储存在越来越多的安全问题,设计了一种新的基于门限属性加密的安全分布式云存储模型。该模型由加密、存储、解密三个阶段组成且均具有分布式特点。利用基于属性加密体制不仅提高数据存储的安全性,而且多属性服务器的模式也使得该模型能支持门限解密功能及任意个属性服务器的加入与撤出问题;在存储阶段使用的分布式删除码可充分保障模型的健壮性,且该模型能抵抗共谋攻击。在一些特有云环境中,该模型可向用户提供较好的安全云存储服务。     

移动网络中心云计算存储数据访问安全自动监测系统设计

为了提高移动网络中心云计算存储数据访问和安全监测能力,提出一种基于深度学习和交叉编译控制的移动网络中心云计算存储数据访问安全自动监测系统设计方法。采用混合属性数据模糊加权聚类方法进行移动网络中心云计算存储数据的优化访问控制模型设计,根据云计算存储数据之间的属性相似度进行离散化数值属性分解,提取移动网络中心云计算存储数据的混合属性特征量,根据最小化云存储数据访问成本为代价进行移动网络中心云计算存储数据访问的安全监测。结合深度学习方法进行数据访问的自适应控制,在交叉编译环境下实现云计算存储数据访问安全自动监测系统开发设计。测试结果表明,采用该方法进行移动网络中心云计算存储数据访问的安全性较好,自动化控制能力较强。     

面向云数据安全存储的分段融合模糊聚类算法

为了提高云数据的安全存储性能,需要对数据进行优化属性聚类归集。针对传统方法采用模糊C均值聚类进行云数据存储归类设计具有对初始聚类中心敏感、容易陷入局部收敛的问题,提出一种基于分段融合模糊聚类的云数据安全存储模型构建方法。建立云数据安全存储的网格分布结构模型并进行数据结构分析,进行云数据属性集的向量量化特征分解,对海量的云存储数据流采用分段匹配检测方法进行特征压缩,实现冗余数据自适应归集合并,挖掘云数据信息流的高阶谱特征。在模糊C均值聚类算法的基础上采用分段数据融合进行数据分簇模糊聚类,提高数据存储的安全性,同时降低云数据存储的负荷。仿真结果表明,采用该方法进行云数据聚类和优化存储设计,能降低数据聚类的误分率,提高云数据存储的吞吐量,确保云数据的安全存储。     

一种基于虚拟隔离机制的云盘安全访问模型

云盘技术是云计算领域的重要研究方向,由于存在数据泄漏方面的安全隐患,目前在持有核心数据的组织(如创新型企业、军队)中往往难以得到广泛应用。提出一种基于虚拟隔离机制的云盘安全访问模型ACIM,理论分析表明该模型能够防止企业内云盘上的敏感文件数据泄露;同时,基于该模型实现了面向企业私有云存储的电子文档集中管控系统(CFS),测试并分析了终端主机上CFS系统对文件读写操作性能的影响。目前该系统已在多个重要用户单位得到成功应用,具有广阔的应用前景。     

Cloud data integrity checking with an identity-based auditing mechanism from RSA

Cloud data auditing is extremely essential for securing cloud storage since it enables cloud users to verify the integrity of their outsourced data efficiently. The computation overheads on both the cloud server and the verifier can be significantly reduced by making use of data auditing because there is no necessity to retrieve the entire file but rather just use a spot checking technique. A number of cloud data auditing schemes have been proposed recently, but a majority of the proposals are based on Public Key Infrastructure (PKI). There are some drawbacks in these protocols: (1) It is mandatory to verify the validity of public key certificates before using any public key, which makes the verifier incur expensive computation cost. (2) Complex certificate management makes the whole protocol inefficient. To address the key management issues in cloud data auditing, in this paper, we propose ID-CDIC, an identity-based cloud data integrity checking protocol which can eliminate the complex certificate management in traditional cloud data integrity checking protocols. The proposed concrete construction from RSA signature can support variable-sized file blocks and public auditing. In addition, we provide a formal security model for ID-CDIC and prove the security of our construction under the RSA assumption with large public exponents in the random oracle model. We demonstrate the performance of our proposal by developing a prototype of the protocol. Implementation results show that the proposed ID-CDIC protocol is very practical and adoptable in real life.     

Protecting Data Mobility in Cloud Networks Using Metadata Security

At present, health care applications, government services, and banking applications use big data with cloud storage to process and implement data. Data mobility in cloud environments uses protection protocols and algorithms to secure sensitive user data. Sometimes, data may have highly sensitive information, leading users to consider using big data and cloud processing regardless of whether they are secured are not. Threats to sensitive data in cloud systems produce high risks, and existing security methods do not provide enough security to sensitive user data in cloud and big data environments. At present, several security solutions support cloud systems. Some of them include Hadoop Distributed File System (HDFS) baseline Kerberos security, socket layer-based HDFS security, and hybrid security systems, which have time complexity in providing security interactions. Thus, mobile data security algorithms are necessary in cloud environments to avoid time risks in providing security. In our study, we propose a data mobility and security (DMoS) algorithm to provide security of data mobility in cloud environments. By analyzing metadata, data are classified as secured and open data based on their importance. Secured data are sensitive user data, whereas open data are open to the public. On the basis of data classification, secured data are applied to the DMoS algorithm to achieve high security in HDFS. The proposed approach is compared with the time complexity of three existing algorithms, and results are evaluated.     

Data storage auditing service in cloud computing: challenges,methods and opportunities

Cloud computing is a promising computing model that enables convenient and on-demand network access to a shared pool of configurable computing resources. The first offered cloud service is moving data into the cloud: data owners let cloud service providers host their data on cloud servers and data consumers can access the data from the cloud servers. This new paradigm of data storage service also introduces new security challenges, because data owners and data servers have different identities and different business interests. Therefore, an independent auditing service is required to make sure that the data is correctly hosted in the Cloud. In this paper, we investigate this kind of problem and give an extensive survey of storage auditing methods in the literature. First, we give a set of requirements of the auditing protocol for data storage in cloud computing. Then, we introduce some existing auditing schemes and analyze them in terms of security and performance. Finally, some challenging issues are introduced in the design of efficient auditing protocol for data storage in cloud computing.     

云存储服务端数据存储加密机制的设计和实现

云存储是一种新型的网络存储形式。随着云存储的广泛使用,云存储中的数据安全问题,如数据泄漏、数据篡改,也成了用户广泛关注的问题。云存储可以分为访问层、应用接口层、基础管理层和存储层,云存储安全可以分为访问层安全、应用接口层安全、基础层安全和存储层安全。为保证云存储中服务端数据存储的机密性,文章设计了数据存储加密机制,在基于云桌面的办公系统个人存储的应用环境中,实现了基础管理层和存储层加密机制。基于JAVA、JSP等技术,实现了基础管理层;基于Bash脚本等技术,实现了基础管理层与存储层的接口;基于开源项目TGT实现了存储层数据加密机制,保证服务端存储数据的机密性。     

双通道云数据存储安全方案研究

为了改善解决云计算中热点问题之一～数据存储安全,该文在研究现有经典云数据存储体系架构的基础上,根据云本身的超强计算能力和代价低廉等特性,提出了一种优化的双通道并行云存储架构,配以非对称数据加密手段,在硬件与架构层面直接针对安全问题作出优化部署。在大量的节约成本、提高效率、精简架构的情况下保证了云环境下数据存储安全性的提升。模拟部署表明,双通道并行云架构及非对称数据加密能有效的提高云数据存储的安全性。     

基于ElGamal的同态云端密文存储检索方案

云端数据存储的安全性和检索效率是网络空间安全亟待解决的问题之一.本文提出了一个新的密文检索模型,并在此基础上利用ElGamal同态密码算法和SM4分组密码算法,设计了一种基于混合同态加密的云端密文存储检索方案.首先,该检索方案能够在数据上传、检索和下载的过程中,保证数据的安全,可用于个人云端U盘等应用场景.其次,对该方案的正确性和安全性进行分析.最后,通过实验的方式对方案的正确性进行了证明.实验结果表明该方案在保证数据安全的情况下,检索结果正确,效率高.     

保证云存储的数据安全

近几年来,云存储的使用越来越广泛,不仅是中小型企业,而且针对个体用户也可以购买云存储服务,但如何在云存储中保证数据的安全性和机密性,单靠云存储服务供应商的承诺是难以让人信服的。本文提出了一种保证数据安全的云存储框架,并且使用服务等级协议（SLA）作为用户和供应商之间的共同标准。此外,本文还提及了几种保证云存储数据安全的技术,这些技术可以被分成三类：存储保护,传输保护和授权保护。     

A novel DNA-inspired encryption strategy for concealing cloud storage

Over the last few years, the need of a cloud environment with the ability to detect illegal behaviours along with a secured data storage capability has increased largely. This study presents such a secured cloud storage framework comprising of a deoxyribonucleic acid (DNA) based encryption key which has been generated to make the framework unbreakable, thus ensuring a better and secured distributed cloud storage environment. Furthermore, this work proposes a novel DNAbased encryption technique inspired by the biological characteristics of DNA and the protein synthesis mechanism. The introduced DNA based model also has an additional advantage of being able to decide on selecting suitable storage servers from an existing pool of storage servers on which the data must be stored. A fuzzy-based technique for order of preference by similarity to ideal solution (TOPSIS) multi-criteria decisionmaking (MCDM) model has been employed to achieve the above-mentioned goal. This can decide the set of suitable storage servers and also results in a reduction in execution time by keeping up the level of security to an improved grade. This study also investigates and analyzes the strength of the proposed S-Box and encryption technique against some standard criteria and benchmarks, such as avalanche effect, correlation coefficient, information entropy, linear probability, and differential probability etc. After the avalanche effect analysis, the average change in cipher-text has been found to be 51.85%. Moreover, thorough security, sensitivity and functionality analysis show that the proposed scheme guarantees high security with robustness.     

Research on the security mechanism of cloud computing service model

With the development of network technology, cloud computing as an emerging network technology has drawn more and more attention. At the same time, the security and efficiency of cloud computing technology has become major issues restricting the rapid development and popularization of cloud computing technology. By exploring the security of cloud computing service model, this study puts forward the architecture of a service model based on cloud computing. In order to implement the service model safely, a hybrid encryption algorithm is designed to ensure that data cannot be easily stolen during transmission and storage. Besides, this thesis also discusses different implementation mechanisms on data security storage, isolation and backup.     

Provably secure cloud storage for mobile networks with less computation and smaller overhead

Secure cloud storage (SCS) guarantees the data outsourced to the cloud to remain intact as it was before being outsourced. Previous schemes to ensure cloud storage reliability are either computationally heavy or admitting long overheads, thus are not suitable for mobile networks with strict computation/bandwidth restrictions. In this paper, we build an efficient SCS system for mobile networks based on homomorphic MAC and propose domain extension to enhance the security level and flexibility of the system. In addition, we give a formal security model which is compatible to previous ones and analyze our system in that model. We also give implementations on mobile devices to verify the effectiveness of our system.     

云存储环境下的支持隐私保护方案

作为云存储技术中的突出问题,安全始终受到用户的关注。针对云存储安全中的用户身份隐私保护和数据隐私保护设计了一种安全、高效的云存储方案。在该方案中构建了基于时间序列的多叉树存储结构（MTTS）,并在该结构基础上设计了一种密钥推导算法,不仅方便了密钥的生成和管理,并且节省了存储空间。通过对方案的安全性分析,结果表明该方案在确保数据存储安全的基础上也能很好地保护用户身份隐私。     

基于融合模糊聚类算法的云信息存储加密仿真

为了提高云信息存储的安全性,需要进行信息加密设计,提出基于融合模糊聚类算法的云信息存储加密算法。在同态公钥加密体系下构建云信息存储加密的数据分布式结构模型,提取云存储信息加密统计特征量,采用同态数据融合方法进行云信息的模糊聚类处理,结合模糊C均值聚类方法进行云信息的分段融合调度;在分段区间内采用随机线性编码方案进行云信息存储加密的编码设计,基于融合模糊聚类算法构建加密密钥,实现云信息存储加密优化设计。仿真结果表明,采用该方法进行云信息存储加密的信息融合性较好,抗破译能力较强,提高了云存储数据的安全性。     

基于Paillier加密的数据多副本持有性验证方案

云存储服务中,用户将数据存储在不可信的云储存服务器上,为检查云存储中服务提供商(CSP)是否按协议完整地存储了用户的所有数据副本,提出一种 支持对数据副本进行动态操作 的基于Paillier加密的数据多副本持有性验证方案, 即DMR-PDP方案。该方案为实现多副本检查,将文件块以文件副本形式存储在云服务器上,将各副本编号与文件连接后利用Paillier密码系统生成副本文件以防止CSP各服务器的合谋攻击。利用BLS签名实现对所有副本的批量验证。将文件标志和块位置信息添加到数据块标签中,以保证本方案的安全性,支持对文件的动态更新操作。安全性分析和仿真实验结果表明,该方案在安全性、通信和计算开销方面的性能优于其他文献提出的方案,极大地提高了文件存储和验证的效率,减少了计算开销。     

分布式云灾备平台搭建及性能分析

云存储服务,作为云计算的衍生产物,目的是为网络海量数据的存储提供有效的解决方案,节约存储成本和系统资源,提供一个完善的备份、容灾的数据中心,并能够保证数据安全性、容错性.现阶段云灾备模型局限于有限的网络位置,使用虚拟化技术,依托本地服务器实现,与传统云灾备模型不同,介绍了一种基于DHT的云灾备模型,可适用于广域网的、普适的数据级灾备解决方案;最后,在本地云计算集群中对该方案进行模拟,验证该模型的可行性.     

Application-Aware Client-Side Data Reduction and Encryption of Personal Data in Cloud Backup Services

Cloud backup has been an important issue ever since large quantities of valuable data have been stored on the personal computing devices. Data reduction techniques, such as deduplication, delta encoding, and Lempel-Ziv （LZ） compression, performed at the client side before data transfer can help ease cloud backup by saving network bandwidth and reducing cloud storage space. However, client-side data reduction in cloud backup services faces efficiency and privacy challenges. In this paper, we present Pangolin, a secure and efficient cloud backup service for personal data storage by exploiting application awareness. It can speedup backup operations by application-aware client-side data reduction technique, and mitigate data security risks by integrating selective encryption into data reduction for sensitive applications. Our experimental evaluation, based on a prototype implementation, shows that our scheme can improve data reduction efficiency over the state-of-the-art methods by shortening the backup window size to 33%-75%, and its security mechanism for＇ sensitive applications has negligible impact on backup window size.