1.

An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing

Ciphertext-policy attribute-based encryption (CP-ABE) has been a preferred encryption technology

to solve the challenging problem of secure data sharing in cloud computing. The shared data files
generally have the characteristic of multilevel hierarchy, particularly in the area of healthcare and the
military. However, the hierarchy structure of shared files has not been explored in CP-ABE. In this
paper, an efficient file hierarchy attribute-based encryption scheme is proposed in cloud computing.
The layered access structures are integrated into a single access structure, and then, the
hierarchical files are encrypted with the integrated access structure. The ciphertext components
related to attributes could be shared by the files. Therefore, both ciphertext storage and time cost of
encryption are saved. Moreover, the proposed scheme is proved to be secure under the standard
assumption. Experimental simulation shows that the proposed scheme is highly efficient in terms of
encryption and decryption. With the number of the files increasing, the advantages of our scheme
become more and more conspicuous.

2. CCA Security for Self-Updatable Encryption: Protecting Cloud Data When Clients
Read/Write Ciphertexts

Self-updatable encryption (SUE) is a new kind of public-key encryption, motivated by cloud

computing, which enables anyone (i.e. cloud server with no access to private keys) to update a past
ciphertext to a future ciphertext by using a public key. The main applications of SUE are revocable-
storage attribute-based encryption (RS-ABE) that provides an efficient and secure access control to
encrypted data stored in cloud storage. In this setting, there is a new threat such that a revoked user
still can access past ciphertexts given to him by a storage server. RS-ABE solves this problem by
combining user revocation and ciphertext updating functionalities. We propose the first SUE and RS-
ABE schemes secure against a relevant form of chosen-ciphertext security (CCA). Due to the fact
that some ciphertexts are easily derived from others, we employ a different notion of CCA that
avoids easy challenge related messages. Specifically, we define “time extended challenge” CCA
security for SUE which excludes ciphertexts that are easily derived from the challenge (over time
periods) from being queried on. We then propose an efficient SUE scheme with such CCA security,
and we also present an RS-ABE scheme with this CCA security.

3. Secure data storage and intrusion detection in the cloud using MANN and dual encryption
through various attacks

Nowadays, it is very important to maintain a high level security to ensure safe and trusted
communication of information between various organisations. But secured data communication over
the Internet and any other network is always under threat of intrusions and misuses. So intrusion
detection system (IDS) has become a needful component in terms of computer and network
security. In this research, the authors have intended to propose an effective method for text data
based IDS and secure data storage. In the proposed preprocessing steps, the input text document is
preprocessed and then change to the desired format. Next the resultant output is fed to the IDS.
Here user text data is checked; whether the given data is normal or intrusive based on a modified
artificial neural network (MANN). Here traditional neural network is modified by means of modified
particle swarm optimisation. The final process of the authors' proposed method is to encrypt the file
using dual encryption algorithms (RSA and AES). To improve the storage security of the proposed
method, steganography techniques are utilised after the dual encryption. Their proposed system is
implemented with the help of Cloud simulator in the working platform Java.

4. Constructing certificateless encryption with keyword search against outside and inside
keyword guessing attacks

Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy
server to retrieve the encrypted data without revealing the contents of the data. It offers a promising
solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key
cryptography (CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key
escrow problem in identity-based cryptography (IBC) and the cumbersome certificate problem in
conventional public key cryptography (PKC). Motivated by the appealing features of CLPKC, several
certificateless encryption with keyword search (CLEKS) schemes have been presented in the
literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks
suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security
weakness in the previous frameworks and provide resistance against both inside and outside
keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we
design a concrete CLEKS scheme and formally prove its security in the random oracle model.
Compared with previous two CLEKS schemes, the proposed scheme has better overall performance
while offering stronger security guarantee as it withstands the existing known types of keyword
guessing attacks.

5. Secure and efficient online data storage and sharing over cloud environment using probabilistic
with homomorphic encryption

Cloud computing is one of the great tasks in the business world nowadays, which provides
shared processing resources. In cloud area network, security is the main challenge faced by
cloud providers and their customers. The advantage of cloud computing includes reduced cost,
re-provisioning of resources etc. The cloud network makes use of standard encryption method
to secure documents while storing in online. In this paper, we have depicted two efficient
encryption algorithms that meet security demand in cloud. Probabilistic encryption, one of
these algorithms may be used to produce randomness of text encryption. With this algorithm, if
the same message is encrypted twice it should yield different secret coded texts on both
calculations. Another crucial algorithm is homomorphic encryption, is a cryptographic method
to define the sample system and to provide a software implementation. In order to maintain
quality of service (QoS) and improve customer satisfaction, we are going to propose an efficient
algorithm which combines the characteristics of both probabilistic and homomorphic
encryption techniques, to provide high level of security. Our proposed scheme will yield better
encryption techniques reduce security attacks, increased throughput and improve the QoS.

6. A fully homomorphic–elliptic curve cryptography based encryption algorithm for ensuring

the privacy preservation of the cloud data

Enabling a security and privacy preservation for the cloud data is one of the demanding and
crucial tasks in recent days. Because, the privacy of the sensitive data should be safeguard from
the unauthorized access for improving its security. So, various key generation, encryption and
decryption mechanisms are developed in the traditional works for privacy preservation in
cloud. Still, it remains with the issues such as increased computational complexity, time
consumption, and reduced security. Also, the traditional works use the symmetric key
cryptography based. Thus, this paper aims to develop a new privacy preservation mechanism
by implementing a fully homomorphic–elliptic curve cryptography (FH-ECC) algorithm. The
data owner encrypts the original data by converting it into the cipher format with the use of
ECC algorithm, and applies the FH operations on the encrypted data before storing it on the
cloud. When the user gives the data request to the cloud, the Cloud Service Provider verifies the
access control policy of the user for enabling the restricted access on the data. If the access
policy is verified, the encrypted data is provided to the user, from that the cipher text is
extracted. Then, the ECC decryption and FH operations are applied to generate the original
text. Based on the several analysis, the research work is evaluated with the help of different
performance measures such as execution time, encryption time, and decryption time. In
addition the effectiveness of the novel FHE technique is justified by the comparative analysis
made with the traditional techniques.

7. Efficient searchable public key encryption against keyword guessing

attacks for cloud-based EMR systems
Due to the tremendous benefits of cloud computing, an increasing number of health care
providers tend to deploy the electronic medical record (EMR) storages and application services
into cloud. To protect patients’ privacy, sensitive EMRs have to be encrypted before being
uploaded to cloud. This makes effective utilization of EMRs, such as plaintext keyword search,
a very challenging problem. Public key encryption with keyword search (PEKS) provides a
promising cryptographic solution to encrypted EMR data retrieval, because it allows one to
delegate to an untrusted storage server the capability of searching on publicly encrypted EMR
data without compromising the security of original EMR data. Recently, two secure channel
free PEKS schemes were proposed for cloud-based EMR systems. However, our cryptanalysis
demonstrates that both of these two schemes suffer from the security vulnerabilities caused by
the keyword guessing attack. To deal with this problem, a novel secure channel free PEKS
scheme is developed in this paper. The proposed scheme not only provides the resistance to the
existing known three types of keyword guessing attacks, but also has the merit of no designated
server. In the standard model, it is formally proven to achieve both the keyword ciphertext
indistinguishability and the trapdoor indistinguishability under the adaptive chosen-keyword
attacks. The comparisons indicate that the scheme is secure and practicable.

8.

Security Protection of System Sharing Data with Improved CP-ABE

Encryption Algorithm under Cloud Computing Environment
As the scale of cloud computing expands gradually, the security of data sharing in cloud
computing environment is facing more and more challenges. In this study, an improved,
efficient data encryption method was proposed, which was based on ciphertext policy attribute-
based encryption and controlled time cost using fixed-length ciphertext. The generation and
aggregation of public and private keys and the encryption and decryption of data were
introduced. Then simulation experiments were carried out in the cloud computing
environment. Compared with the traditional ciphertext-policy attribute-based encryption (CP-
ABE) algorithm, the improved algorithm had better performance in dealing with massive data
and multi-user attributes although the steps increased. The comparison with other improved
algorithms suggested that the improved algorithm put forward in this study had a high
reliability, which indicated a good practicability of the improved algorithm in safe data sharing
under cloud computing environment.

9. A pairing-based cryptographic approach for data security in the cloud

This paper presents AES4SeC, a security scheme fully constructed over cryptographic pairings.
The main building blocks of AES4SeC are attribute-based encryption (ABE) and short
signatures (SSign), with generalized constructions for the Type 3 pairing. AES4SeC was
developed as an end-to-end storage service for hybrid cloud models and integrated to a file-
sharing application for scenarios where data owners upload content to the cloud and selectively
decide who is able to access that content. An experimental evaluation of AES4SeC was
conducted by testing different security levels, recommended key sizes, and cryptographic
engine constructions. This led to a wide experimental evaluation in terms of the running times
of the primitive operations (encrypt, decrypt, sign, verify) and the space complexity of the
ciphertexts, private and public keys, and the signatures. The implementation results revealed
the feasibility and flexibility of AES4SeC in real scenarios, whereas a fine-tuning evaluation
revealed that the best results in terms of performance and memory requirements are obtained
using Type 3 pairings over type F elliptic curves. This is a relevant result because most of the
ABE and SSign schemes in the literature are provided for the Type 1 pairing (symmetric) over
type A curves, which exhibited poorer results.

10. Security and privacy aware data aggregation on cloud computing

The use of cloud computing has become common due to advantages such as low cost and sizing
of computing resources according to demand. However, it also raises security and privacy
concerns, because critical data – for example, in IoT applications – are stored and processed in
the cloud. This paper proposes a software architecture that supports multiple approaches to
secure data aggregation. For validation purposes, this software architecture was used in the
development of applications for smart grids, computing instantaneous consumption of a region
and the monthly bill of an individual consumer. The consumption data can be collected by
smart meters, enabling consumers to reduce electricity costs through close monitoring.
However, such data may reveal sensitive information if no privacy techniques are applied.
Therefore, the proposed software architecture proved to be viable from experiments with
techniques such as homomorphic encryption and hardware security extensions (Intel SGX).

11.Enhancing cloud storage security against a new replay attack with an

efficient public auditing scheme
The cloud storage service becomes a popular tendency based on the cloud computing, which
can solve user’s storage bottleneck problem. Data security problems are solved by remote data
auditing in cloud storage, which attracts more researchers to pay attention to data verification.
In this paper, a new replay attack is defined, and attack process is analyzed in some schemes
which cannot avoid the new replay attack. An auditing protocol is proposed that can withstand
this attack and supports public auditing, dynamic auditing and batch auditing. The proposed
scheme introduces a new data structure which is stored locally by users for dynamic operation.
It can avoid the third part auditor getting the outsourced data information. Compared with the
related schemes, the experimental results show that the computation costs of the proposal are
reasonable and are highly efficient in the stage of verification.

12. Trust Establishment and Estimation in Cloud Services: A Systematic

Literature Review

Cloud computing has increasingly attracted a large number of entrepreneurs to deploy

innovative web services to expand the horizon of their businesses. The selection of trustworthy
services, by considering the adequate QoS parameters, is imperative for the cloud service
consumers to fulfill their requirements. Over the years, many studies have been carried out to
establish trust between service providers and cloud service consumers. The findings of these
studies need to be analyzed in order to explore the essential features and limitations with
respect to the essential QoS requirements. Therefore, a systematic literature review has been
performed in this study with an aim to identify and classify the existing research on trust
establishment and estimation in cloud services. A critical review of the existing literature has
been presented along with the identification of potential future research avenues. This study
has also highlighted the need of improving the service selection process by employing user
preferences based on their particular application domains in the context of utility.

13. Continuous security assessment of cloud based applications using

distributed hashing algorithm in SDLC
Cloud computing is a very rapidly growing technology with more facilities but also with more
issues in terms of vulnerabilities before and after deploying the applications into the cloud. The
vulnerabilities are assessed before the applications are deployed into the cloud. However, after
deploying the applications, periodical checking of systems for vulnerabilities is not carried out.
This paper assesses the applications online for vulnerabilities at regular intervals and if any
changes are made in the code, Webhook will trigger the vulnerability checking tool based on
Hashing algorithm to check for vulnerabilities in the updated application. The main aim of this
system is to constantly scan the applications that are deployed in the cloud and check for
vulnerabilities as part of the continuous integration and continuous deployment process. This
process of checking for vulnerabilities after every update in the application should be included
in the software development lifecycle.

14. An enhancing reversible data hiding for secured data using shuffle
block key encryption and histogram bit shifting in cloud environment
Nowadays there are numerous intruders trying to get the privacy information from cloud
resources and consequently need a high security to secure our data. Moreover, research
concerns have various security standards to secure the data using data hiding. In order to
maintain the privacy and security in the cloud and big data processing, the recent crypto policy
domain combines key policy encryption with reversible data hiding (RDH) techniques.
However in this approach, the data is directly embedded resulting in errors during data
extraction and image recovery due to reserve leakage of data. Hence, a novel shuffle block key
encryption with RDH technique is proposed to hide the data competently. RDH is applied to
encrypted images by which the data and the protection image can be appropriately recovered
with histogram bit shifting algorithm. The hidden data can be embedded with shuffle key in the
form of text with the image. The proposed method generates the room space to hide data with
random shuffle after encrypting image using the definite encryption key. The data hider
reversibly hides the data, whether text or image using data hiding key with histogram shifted
values. If the requestor has both the embedding and encryption keys, can excerpt the secret
data and effortlessly extract the original image using the spread source decoding. The proposed
technique overcomes the data loss errors competently with two seed keys and also the
projected shuffle state RDH procedure used in histogram shifting enhances security hidden
policy. The results show that the proposed method outperforms the existing approaches by
effectively recovering the hidden data and cover image without any errors, also scales well for
large amount of data.

15. Secure and efficient data forwarding in untrusted cloud environment

Nowadays, cloud storage services increased the popular for data storage in the cloud and
retrieve from any location without any time limitations. In recent days one of the most
important demands required in cloud is secured data transmission in un-trusted cloud
applications. Due to user’s data security, the encrypted data is stored in cloud server to protect
from unauthorized users. Existing methods offer either data transformation efficiency or
security. They fail to maintain end to end security during massive transformations. However,
existing methods are not capable of solving the key complexity and avoiding key secrecy
disclosure. The main objective of this study is to design and develop a secured efficient data
forwarding algorithm for increasing the security level. It is developed specially for untrusted
cloud environment. In order to provide a better solution, an efficient framework is proposed for
forwarding and retrieving the content in the untrusted cloud environment. Proposed system
implements dual privacy for reliable data transmission in an untrusted cloud environment. It
develops efficient secret key exposure to minimize the key complexity during data
transmission. SEDFA is used for one to many communications as a public key used for
encryption and decryption. This scheme provides reliable data transmission between the data
owner and end user in untrusted Cloud Environment. Proposed mechanisms minimized the
data encryption time, decryption time and improved the communication cost. Based on
experimental results, SEDFA reduces the communication cost 5%, encryption time (ET), 2 s,
decryption time (DT) 0.5 s.

16. Secure Inverted Index Based Search over Encrypted Cloud Data with
User Access Rights Management
Cloud computing is a technology that provides users with a large storage space and an
enormous computing power. However, the outsourced data are often sensitive and confidential,
and hence must be encrypted before being outsourced. Consequently, classical search
approaches have become obsolete and new approaches that are compatible with encrypted data
have become a necessity. For privacy reasons, most of these approaches are based on the vector
model which is a time consuming process since the entire index must be loaded and exploited
during the search process given that the query vector must be compared with each document
vector. To solve this problem, we propose a new method for constructing a secure inverted
index using two key techniques, homomorphic encryption and the dummy documents
technique. However, 1) homomorphic encryption generates very large ciphertexts which are
thousands of times larger than their corresponding plaintexts, and 2) the dummy documents
technique that enhances the index security produces lots of false positives in the search results.
The proposed approach exploits the advantages of these two techniques by proposing two
methods called the compressed table of encrypted scores and the double score formula.
Moreover, we exploit a second secure inverted index in order to manage the users’ access rights
to the data. Finally, in order to validate our approach, we performed an experimental study
using a data collection of one million documents. The experiments show that our approach is
many times faster than any other approach based on the vector model.

17. A secure data sharing scheme with cheating detection based on

Chaum-Pedersen protocol for cloud storage
With the development of cloud computing technology, data can be outsourced to the cloud and
conveniently shared among users. However, in many circumstances, users may have concerns
about the reliability and integrity of their data. It is crucial to provide data sharing services that
satisfy these security requirements. We introduce a reliable and secure data sharing scheme,
using the threshold secret sharing technique and the Chaum-Pedersen zero-knowledge proof.
The proposed scheme is not only effective and flexible, but also able to achieve the semantic
security property. Moreover, our scheme is capable of ensuring accountability of users’
decryption keys as well as cheater identification if some users behave dishonestly. The
efficiency analysis shows that the proposed scheme has a better performance in terms of
computational cost, compared with the related work. It is particularly suitable for application
to protect users’ medical insurance data over the cloud.

18.Towards secure and flexible EHR sharing in mobile health cloud under static
assumptions

Electronic health record (EHR) systems are promising in the management of individual’s
health. However, before widely deployed in practical applications, EHR systems have to tackle
the privacy and efficiency challenges. Most of existing EHR sharing schemes suffer from severe
efficiency drawbacks, resulting in inapplicability in mobile EHR system. Furthermore, the
security assumptions in the previous schemes are usually based on non-static assumptions. In
this paper, we propose a flexible EHR sharing scheme supporting offline encryption of EHR
and outsourced decryption of EHR ciphertexts in mobile cloud computing. The proposed
scheme is proven secure in the random oracle model under the static decisional bilinear Diffie–
Hellman assumption. In our EHR sharing system, an EHR owner only need one multiplication
in bilinear groups to generate the final EHR ciphertexts based on the offline ciphertexts
computation, and an EHR user can easily decrypt the EHR cipheretext without requiring
bilinear pairing operations based on the transformed ciphertexts from the EHR cloud. Our
EHR sharing scheme allows access structures encoded in linear secret sharing schemes.
Performance comparisons indicate that our scheme is very suitable for mobile health clouds.

19. A countermeasure against cryptographic key leakage in cloud: public-

key encryption with continuous leakage and tampering resilience
Public-key encryption is an important security mechanism used in cloud environment. To
ensure the confidentiality of data encrypted using public-key encryption, countermeasures
against cryptographic key leakage by side-channel attacks should be applied to the encryption
scheme implemented both in locality and in cloud server. Traditional public-key encryption
does not capture side-channel attacks. Moreover, the adversary can inject fault to tamper with
the secret key and observe the output of the public-key encryption scheme under this modified
key which is called “tampering attack”. In this paper, we present two continuous leakage and
tampering resilient CCA secure public-key encryption schemes. For implementations of our
schemes during the key update, bounded number of tampering queries for arbitrary key
relations and bounded leakage is allowed. By updating the secret key, our schemes are secure
against continuous leakage and tampering attacks.

20. Virtualization layer security challenges and intrusion

detection/prevention systems in cloud computing: a comprehensive
review
Virtualization plays a vital role in the construction of cloud computing. However, various
vulnerabilities are existing in current virtualization implementations, and thus there are
various security challenges at virtualization layer. In this paper, we investigate different
vulnerabilities and attacks at virtualization layer of cloud computing. We examine the
proposals of cloud intrusion detection system (IDS) and intrusion detection and prevention
system frameworks. We recommend the cloud IDS requirements and research scope to achieve
desired level of security at virtualization layer of cloud computing.