Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856754
Gabriele Spenger, J. Keller
Chaotic functions have been announced in the literature as promising for implementing low complexity pseudo-random number generators (PRNGs) required e.g. for RFID security applications. They combine good theoretical statistical properties with a computationally simple algorithm. Unfortunately, actual implementations with finite number precision show a disappointing behavior compared to the mathematical theory. This results for example in comparably short cycles in the state space graph, which lead to a repetition of the generated pseudo random values after a small number of iterations. This paper presents a simple way to improve the state space structure of chaotic PRNGs by using a different parametrization of the chaotic function at certain iterations and hereby breaking out of these cycles. This approach reduces this aspect of the weakness of such implementations, which we demonstrate with several examples.
{"title":"Structural improvements of chaotic PRNG implementations","authors":"Gabriele Spenger, J. Keller","doi":"10.1109/ICITST.2016.7856754","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856754","url":null,"abstract":"Chaotic functions have been announced in the literature as promising for implementing low complexity pseudo-random number generators (PRNGs) required e.g. for RFID security applications. They combine good theoretical statistical properties with a computationally simple algorithm. Unfortunately, actual implementations with finite number precision show a disappointing behavior compared to the mathematical theory. This results for example in comparably short cycles in the state space graph, which lead to a repetition of the generated pseudo random values after a small number of iterations. This paper presents a simple way to improve the state space structure of chaotic PRNGs by using a different parametrization of the chaotic function at certain iterations and hereby breaking out of these cycles. This approach reduces this aspect of the weakness of such implementations, which we demonstrate with several examples.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127095823","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856739
C. Law, Wen Xie, Zheng Xu, Yi Dou, Chin Ting Yu, Henry C. B. Chan, Daniel Wai Kei Kwong
In recent years, there has been considerable interest in Intercloud. Inspired by the Internet, Intercloud allows clouds to be interconnected, forming a cloud/network of clouds. With Intercloud, many new and powerful cloud computing services can be provided. One of the basic problems with supporting Intercloud is the need to address the issue of how to ensure that clouds can communicate with each other effectively and efficiently. Inspired by the HyperText Transfer Protocol (HTTP), this paper presents an Intercloud Communications Protocol (ICCP). ICCP allows clouds to communicate with each other using a common protocol, which is transparent to the underlying application programming interfaces of different clouds. It also includes security functions to ensure confidentiality and integrity. Essentially, clouds can communicate with each other based on XML-based request/response messages in a secure manner. An Intercloud Gateway prototype has been developed to demonstrate the basic functionalities of the ICCP, such as transferring data objects securely. The proposed framework is expected to inspire innovative cloud computing services as well as pose challenging research problems.
{"title":"System and Protocols for secure Intercloud Communications","authors":"C. Law, Wen Xie, Zheng Xu, Yi Dou, Chin Ting Yu, Henry C. B. Chan, Daniel Wai Kei Kwong","doi":"10.1109/ICITST.2016.7856739","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856739","url":null,"abstract":"In recent years, there has been considerable interest in Intercloud. Inspired by the Internet, Intercloud allows clouds to be interconnected, forming a cloud/network of clouds. With Intercloud, many new and powerful cloud computing services can be provided. One of the basic problems with supporting Intercloud is the need to address the issue of how to ensure that clouds can communicate with each other effectively and efficiently. Inspired by the HyperText Transfer Protocol (HTTP), this paper presents an Intercloud Communications Protocol (ICCP). ICCP allows clouds to communicate with each other using a common protocol, which is transparent to the underlying application programming interfaces of different clouds. It also includes security functions to ensure confidentiality and integrity. Essentially, clouds can communicate with each other based on XML-based request/response messages in a secure manner. An Intercloud Gateway prototype has been developed to demonstrate the basic functionalities of the ICCP, such as transferring data objects securely. The proposed framework is expected to inspire innovative cloud computing services as well as pose challenging research problems.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114285276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856691
F. Buccafurri, G. Lax, S. Nicolazzo, Antonino Nocera
Cloud computing provides users with the possibility to store their data in third-party servers, but these data centers may be untrusted or susceptible to attacks. This issue becomes particularly crucial in the case a third-party cloud is used to store video surveillance data. A number of methods have been proposed in the literature to allow users to verify that query results are correct. However, in the considered scenario, in which efficiency is a critical factor, classical techniques for query integrity are little suitable. This paper proposes a new solution to overcome these drawbacks.
{"title":"Range query integrity in the cloud: the case of video surveillance","authors":"F. Buccafurri, G. Lax, S. Nicolazzo, Antonino Nocera","doi":"10.1109/ICITST.2016.7856691","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856691","url":null,"abstract":"Cloud computing provides users with the possibility to store their data in third-party servers, but these data centers may be untrusted or susceptible to attacks. This issue becomes particularly crucial in the case a third-party cloud is used to store video surveillance data. A number of methods have been proposed in the literature to allow users to verify that query results are correct. However, in the considered scenario, in which efficiency is a critical factor, classical techniques for query integrity are little suitable. This paper proposes a new solution to overcome these drawbacks.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"32 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114122692","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856707
Tiago Vieira, C. Serrão
Nowadays, information security is an increasing concern in institutions and organizations. This concern is even greater in the finance sector, not only because the financial amount involved but also clients and organization's private and sensitive information. As a way to test security in infrastructures, networks, deployed web applications and many other assets, organizations have been performing penetration testing (pentest) which simulates an attacker's behavior in a controlled environment in order to identify its vulnerabilities. This article focusses on the analysis of the results of security audits conducted on several financial web applications from one institution with aid of automatic tools in order to assess their web applications security level. To help in security matters, many organizations build security frameworks for vulnerability assessment, security assessment, threat modeling, penetration testing, risk management and many more. As for penetration testing, organizations such as OWASP provide vulnerability and security information, a testing methodology, risk analysis and penetration testing tools.
{"title":"Web security in the finance sector","authors":"Tiago Vieira, C. Serrão","doi":"10.1109/ICITST.2016.7856707","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856707","url":null,"abstract":"Nowadays, information security is an increasing concern in institutions and organizations. This concern is even greater in the finance sector, not only because the financial amount involved but also clients and organization's private and sensitive information. As a way to test security in infrastructures, networks, deployed web applications and many other assets, organizations have been performing penetration testing (pentest) which simulates an attacker's behavior in a controlled environment in order to identify its vulnerabilities. This article focusses on the analysis of the results of security audits conducted on several financial web applications from one institution with aid of automatic tools in order to assess their web applications security level. To help in security matters, many organizations build security frameworks for vulnerability assessment, security assessment, threat modeling, penetration testing, risk management and many more. As for penetration testing, organizations such as OWASP provide vulnerability and security information, a testing methodology, risk analysis and penetration testing tools.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129948009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856690
Louis Tajan, D. Westhoff, Christian A. Reuter, Frederik Armknecht
In the work at hand, we combine a Private Information Retrieval (PIR) protocol with Somewhat Homomorphic Encryption (SHE) and use Searchable Encryption (SE) with the objective to provide security and confidentiality features for a third party cloud security audit. During the auditing process, a third party auditor will act on behalf of a cloud service user to validate the security requirements performed by a cloud service provider. Our concrete contribution consists of developing a PIR protocol which is proceeding directly on a log database of encrypted data and allowing to retrieve a sum or a product of multiple encrypted elements. Subsequently, we concretely apply our new form of PIR protocol to a cloud audit use case where searchable encryption is employed to allow additional confidentiality requirements to the privacy of the user. Exemplarily we are considering and evaluating an audit of client accesses to a controlled resource provided by a cloud service provider.
{"title":"Private information retrieval and Searchable Encryption for privacy-preserving multi-client cloud auditing","authors":"Louis Tajan, D. Westhoff, Christian A. Reuter, Frederik Armknecht","doi":"10.1109/ICITST.2016.7856690","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856690","url":null,"abstract":"In the work at hand, we combine a Private Information Retrieval (PIR) protocol with Somewhat Homomorphic Encryption (SHE) and use Searchable Encryption (SE) with the objective to provide security and confidentiality features for a third party cloud security audit. During the auditing process, a third party auditor will act on behalf of a cloud service user to validate the security requirements performed by a cloud service provider. Our concrete contribution consists of developing a PIR protocol which is proceeding directly on a log database of encrypted data and allowing to retrieve a sum or a product of multiple encrypted elements. Subsequently, we concretely apply our new form of PIR protocol to a cloud audit use case where searchable encryption is employed to allow additional confidentiality requirements to the privacy of the user. Exemplarily we are considering and evaluating an audit of client accesses to a controlled resource provided by a cloud service provider.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123039048","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856705
Sanjay Kumar, A. Viinikainen, T. Hämäläinen
With an enormous increase in number of mobile users, mobile threats are also growing rapidly. Mobile malwares can lead to several cybersecurity threats i.e. stealing sensitive information, installing backdoors, ransomware attacks and sending premium SMSs etc. Previous studies have shown that due to the sophistication of threats and tailored techniques to avoid detection, not every antivirus system is capable of detecting advance threats. However, an extra layer of security at the network side can protect users from these advanced threats by analyzing the traffic patterns. To detect these threats, this paper proposes and evaluates, a Machine Learning (ML) based model for Network based Intrusion Detection Systems (NIDS). In this research, several supervised ML classifiers were built using data-sets containing labeled instances of network traffic features generated by several malicious and benign applications. The focus of this research is on Android based malwares due to its global share in mobile malware and popularity among users. Based on the evaluation results, the model was able to detect known and unknown threats with the accuracy of up to 99.4%. This ML model can also be integrated with traditional intrusion detection systems in order to detect advanced threats and reduce false positives.
{"title":"Machine learning classification model for Network based Intrusion Detection System","authors":"Sanjay Kumar, A. Viinikainen, T. Hämäläinen","doi":"10.1109/ICITST.2016.7856705","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856705","url":null,"abstract":"With an enormous increase in number of mobile users, mobile threats are also growing rapidly. Mobile malwares can lead to several cybersecurity threats i.e. stealing sensitive information, installing backdoors, ransomware attacks and sending premium SMSs etc. Previous studies have shown that due to the sophistication of threats and tailored techniques to avoid detection, not every antivirus system is capable of detecting advance threats. However, an extra layer of security at the network side can protect users from these advanced threats by analyzing the traffic patterns. To detect these threats, this paper proposes and evaluates, a Machine Learning (ML) based model for Network based Intrusion Detection Systems (NIDS). In this research, several supervised ML classifiers were built using data-sets containing labeled instances of network traffic features generated by several malicious and benign applications. The focus of this research is on Android based malwares due to its global share in mobile malware and popularity among users. Based on the evaluation results, the model was able to detect known and unknown threats with the accuracy of up to 99.4%. This ML model can also be integrated with traditional intrusion detection systems in order to detect advanced threats and reduce false positives.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"252 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117300412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856736
T. Nawrath, D. Fischer, B. Markscheffel
Our research work presents findings from literature review and expert interviews with more detailed knowledge of privacy-sensitive data in connected cars. At first we explore which privacy-sensitive data are collected in cars and how they are collected. Then we describe who receives the data, for what purposes and how car users can determine if their privacy-sensitive data are being collected and used. Furthermore, we analyze exemplary security measures for privacy-sensitive data in connected cars and consider which threats can be prevented or mitigated by these measures. Examples of measures to improve the transparency and security of privacy-sensitive data in connected cars are presented.
{"title":"Privacy-sensitive data in connected cars","authors":"T. Nawrath, D. Fischer, B. Markscheffel","doi":"10.1109/ICITST.2016.7856736","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856736","url":null,"abstract":"Our research work presents findings from literature review and expert interviews with more detailed knowledge of privacy-sensitive data in connected cars. At first we explore which privacy-sensitive data are collected in cars and how they are collected. Then we describe who receives the data, for what purposes and how car users can determine if their privacy-sensitive data are being collected and used. Furthermore, we analyze exemplary security measures for privacy-sensitive data in connected cars and consider which threats can be prevented or mitigated by these measures. Examples of measures to improve the transparency and security of privacy-sensitive data in connected cars are presented.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115186685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856681
Robin M. Fay, C. Ruland
Compressed Sensing may offer confidentiality with a good level of security that comes at limited extra costs. By this means, encryption can be added right into the sampling process. Previous proposals of Compressive Sensing encryption schemes are based on the randomness introduced by the sensing matrix. Once the matrix is fixed, the encryption becomes deterministic and therefore it can hardly be secure when encrypting more than a single signal. The work presented in this paper is built on the theoretical results on the secrecy of one-time Compressive Sensing encryption, and it proposes practical realizations, which extend this kind of encryption so that multiple signals may be encrypted under a single key. The confidentiality of the signal is thereby solely given by the inherent secrecy of the compressed measurements. In contrast to recent suggestions, the modes of operation defined in this paper are able to encrypt signals with different energy without exposing the signals energy to an eavesdropper. A general design for Compressive Sensing encryption modes is presented along with two realizations: one designed for parallel processing and another one that is self-synchronizing. The secrecy of the proposed modes is reduced to the secrecy of known and trusted cryptographic primitives. Compressive Sensing encryption modes are useful in a wide range of practical applications by providing a joint end-to-end encryption and compression that starts at the sensor level.
{"title":"Compressive Sensing encryption modes and their security","authors":"Robin M. Fay, C. Ruland","doi":"10.1109/ICITST.2016.7856681","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856681","url":null,"abstract":"Compressed Sensing may offer confidentiality with a good level of security that comes at limited extra costs. By this means, encryption can be added right into the sampling process. Previous proposals of Compressive Sensing encryption schemes are based on the randomness introduced by the sensing matrix. Once the matrix is fixed, the encryption becomes deterministic and therefore it can hardly be secure when encrypting more than a single signal. The work presented in this paper is built on the theoretical results on the secrecy of one-time Compressive Sensing encryption, and it proposes practical realizations, which extend this kind of encryption so that multiple signals may be encrypted under a single key. The confidentiality of the signal is thereby solely given by the inherent secrecy of the compressed measurements. In contrast to recent suggestions, the modes of operation defined in this paper are able to encrypt signals with different energy without exposing the signals energy to an eavesdropper. A general design for Compressive Sensing encryption modes is presented along with two realizations: one designed for parallel processing and another one that is self-synchronizing. The secrecy of the proposed modes is reduced to the secrecy of known and trusted cryptographic primitives. Compressive Sensing encryption modes are useful in a wide range of practical applications by providing a joint end-to-end encryption and compression that starts at the sensor level.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"61 7-8","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114111582","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856753
Michal Kvet, Monika Vajsová
Development in information systems has brought the need for universal access to data stored in computer systems using database approach. It should ensure quality, reliability, performance with emphasis on rising data amount. The first part of the paper deals with the index structure definition, index access methods, which delimit access type. However, another significant factor is the data security. The second part of the paper deals with the audit as one element of complex activities. Standard database auditing does not influence defined index, but can generate too much data regardless the query type. Fine-grained auditing is new opportunity based on attribute granularity. Experiment section highlights limitations of index access methods, when adding new audit policy. As we can see, new audit characteristic definition can significantly degrade performance due to adding new conditions to the query consequencing sequential table data processing.
{"title":"Performance study of the index structures in audited environment","authors":"Michal Kvet, Monika Vajsová","doi":"10.1109/ICITST.2016.7856753","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856753","url":null,"abstract":"Development in information systems has brought the need for universal access to data stored in computer systems using database approach. It should ensure quality, reliability, performance with emphasis on rising data amount. The first part of the paper deals with the index structure definition, index access methods, which delimit access type. However, another significant factor is the data security. The second part of the paper deals with the audit as one element of complex activities. Standard database auditing does not influence defined index, but can generate too much data regardless the query type. Fine-grained auditing is new opportunity based on attribute granularity. Experiment section highlights limitations of index access methods, when adding new audit policy. As we can see, new audit characteristic definition can significantly degrade performance due to adding new conditions to the query consequencing sequential table data processing.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114248923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856693
A. Michalas
Cloud storage has rapidly become a cornerstone of many businesses and has moved from an early adopters stage to an early majority, where we typically see explosive deployments. As companies rush to join the cloud revolution, it has become vital to create the necessary tools that will effectively protect users' data from unauthorized access. Nevertheless, sharing data between multiple users' under the same domain in a secure and efficient way is not trivial. In this paper, we propose Sharing in the Rain - a protocol that allows cloud users' to securely share their data based on predefined policies. The proposed protocol is based on Attribute-Based Encryption (ABE) and allows users to encrypt data based on certain policies and attributes. Moreover, we use a Key-Policy Attribute-Based technique through which access revocation is optimized. More precisely, we show how to securely and efficiently remove access to a file, for a certain user that is misbehaving or is no longer part of a user group, without having to decrypt and re-encrypt the original data with a new key or a new policy.
{"title":"Sharing in the rain: Secure and efficient data sharing for the Cloud","authors":"A. Michalas","doi":"10.1109/ICITST.2016.7856693","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856693","url":null,"abstract":"Cloud storage has rapidly become a cornerstone of many businesses and has moved from an early adopters stage to an early majority, where we typically see explosive deployments. As companies rush to join the cloud revolution, it has become vital to create the necessary tools that will effectively protect users' data from unauthorized access. Nevertheless, sharing data between multiple users' under the same domain in a secure and efficient way is not trivial. In this paper, we propose Sharing in the Rain - a protocol that allows cloud users' to securely share their data based on predefined policies. The proposed protocol is based on Attribute-Based Encryption (ABE) and allows users to encrypt data based on certain policies and attributes. Moreover, we use a Key-Policy Attribute-Based technique through which access revocation is optimized. More precisely, we show how to securely and efficiently remove access to a file, for a certain user that is misbehaving or is no longer part of a user group, without having to decrypt and re-encrypt the original data with a new key or a new policy.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124960817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: