Professional Documents
Culture Documents
6XUYH\RI'DWDDQG6WRUDJH6HFXULW\LQ
&ORXG&RPSXWLQJ
65DMHVZDUL 5.DODLVHOYL
,QIRUPDWLRQ6FLHQFHDQG(QJLQHHULQJ&RPSXWHU6FLHQFHDQG(QJLQHHULQJ
1HZ+RUL]RQ&ROOHJHRI(QJLQHHULQJ1RRUXO,VODP8QLYHUVLW\
%DQJDORUH,QGLD.XPDUDNRLO,QGLD
UDMLOHFKUDPH#JPDLOFRPNDODLVHOYLU#JPDLOFRP
978-1-5090-6480-9/17/$31.00©2017 IEEE 76
Proceedings of 2017 IEEE International Conference on Circuits and Systems (ICCS 2017)
77
Proceedings of 2017 IEEE International Conference on Circuits and Systems (ICCS 2017)
signature and batch verification techniques, it depend on database model which may incur huge
achieves privacy cheating discouragement. But it storage overhead.
does not provide confidentiality and authorization.
b. Existing works on Access Control
D. Existing works on Data Security
Younis A. Younis et al [1] have proposed a novel
The three important characteristics of data Access Control model for Cloud Computing (AC3)
security are listed below. to satisfy the requirements of access control. It
consists of three hierarchical levels of security
• Data Integrity: It is commonly assured by based on the level of trust. In this model, users are
validations using cryptographic tools such as classified according to their roles and assigned to
message digests, hashing and digital corresponding security domains. But this work
signature etc. does not provide confidentiality and integrity.
• Access Control (AC): An access control Jin Li et al [2] have designed a fine-grained
system includes components and methods to access control system based on ABE. AC policies
specify access control policies for legitimate are defined based on the data attributes. The
users. accountability of user is implemented by applying
the traitor tracing method. Furthermore user
• Attribute based Encryption (ABE): The revocation and user grant operations are
uploaded data is encrypted using ABE that implemented by applying a broadcast encryption
defines access policy on attributes related to technique. But it results in huge communication
the data. Hence only authorized users with overhead.
matching attributes can decrypt and access
the data. Yan Zhu et al [4] have presented encryption
scheme for temporal access control (TACE). In this
algorithm, the access policy contains temporal
a. Existing works on Data Integrity attributes of users based on which the access rights
are defined. TACE enforces temporal constraints.
Laicheng Cao et al [5] have proposed Mobile But this work does not provide confidentiality and
Multi Cloud Data Integrity Verification scheme integrity.
(MMCDIV). This scheme support dynamic data
operations in MMC and integrity verification by Guoyuan Lin et al [23] have provided a trust-
means of lightweight computing techniques. But it based AC technique for cloud computing. It defines
does not provide confidentiality and authorization. trust connections among users and cloud platform.
Moreover, it depends on single TTP server, which It combines role-based access control (RBAC) with
may be subjected to failures. trust model. The trust model is formed by
combining identity trust and behavior trust. But
Nedhal A. Al-Saiyd et al [20] have designed a this work does not provide confidentiality and
cloud computing security model along with the integrity.
discussion of cloud security threats and risks. It
also discuss about various security techniques Varsha D. Mali et al [24] have designed a trust-
which provide solution to the security threats on based cloud storage system in which trust model is
cloud computing. But it fails to present any integrated with RBAC technique. But this work
standard algorithm or technique for providing data does not provide integrity and authentication.
integrity.
c. Existing works on ABE
Ali Mohammed Hameed Al-Saffar et al [21] have
proposed a framework for provable data possession Saravana Kumar et al [3] have proposed a new
(PDP) in the distributed multi-cloud environment. encryption technique based on ABE. It uses digital
It consists of many cloud servers to which the signature and asymmetric encryption algorithms
client’s requests are sent. It ensures data integrity in with hash functions. But since the encryption
multiple clouds. But how the verifier and user got technique is based on simple hash functions, it can
their decryption keys and the process of splitting be compromised.
the data are not clearly explained.
Shulan Wang et al [25] have proposed a file
Edoardo Gaetani et al [22] have applied hierarchy based ABE scheme for cloud computing.
Blockchain technology for providing data integrity. In this scheme, hierarchical files are encrypted
In this paper, the case study of European SUNFISH using an integrated access structure. The ciphertext
project is considered for which a blockchain-based portions of attributes are shared by the files. But it
database is designed. But the operations mainly does not provide data integrity. Moreover, it
78
Proceedings of 2017 IEEE International Conference on Circuits and Systems (ICCS 2017)
depends on single TA which may be subjected to access policy is protected using hidden ciphertext
failure. policy. However, the key escrow problem is not
resolved.
Shulan Wang et al [26] have proposed an
improved two-party key distribution protocol. In Entao Luo et al [28] have proposed a hierarchical
this protocol, any user’s secret key cannot be multi-authority and CB-ABE based friend
compromised by either the key authority or CSP. discovery scheme. It uses character attribute
Moreover, they have included weights for each subsets to avoid single point failure and
attributes to enhance the expression of attribute performance overhead. But this work does not
from binary to arbitrary level. Because of this, the provide data integrity.
storage cost and encryption cost are reduced. But
the access policy is not hidden and the single TA IV. COMPARISON OF EXISTING WORKS
may be subjected to failure.
A comparative study shown below in Table 1,
Tran Viet Xuan Phuong et al [27] have proposed reveals the proposed scheme, services, privacy,
CP-ABE scheme. In this scheme, AND-gate with confidentiality, integrity, access control and storage
wildcards is used to define the access policy. The from 21 existing paper works by different authors.
79
Proceedings of 2017 IEEE International Conference on Circuits and Systems (ICCS 2017)
attributes
Tran Viet Hidden ABE using No Yes No Yes No
Xuan Ciphertext hidden access
Phuong et al Policy policy
Entao Luo et Hierarchical ABE using No Yes No Yes No
al Multi- multi
Authority and authority,
ABE Friend friend
Discovery discovery
Scheme schemes
Nedhal A. et Data Integrity Data Integrity No No Yes No No
al In Cloud checking
Computing algorithm
Security
Laicheng Data Integrity Mobile No No Yes No No
Cao et al Verification Multiple cloud
Scheme Data integrity
Verification
Ali Identity Data integrity No Yes Yes No No
Mohammed Based and
Hameed Al- technique Confidentiality
Saffar et al in the multiple
cloud
environment.
Edoardo Block chain- Integrity No No Yes No No
Gaetani et al based verification
Database to using Block
Ensure Data chain database
Integrity
L. Malina et Privacy- Non bilinear Yes Yes Yes No No
al preserving group
security signature
solution scheme
Haralambos A framework Modelling Yes No No No No
Mouratidisa to support language and
et al selection of selection of CSP
cloud providers
Ulrich Cloud Trust model Yes No Yes Yes No
Greveler et Computing prevents CSP
al with a System from accessing
that Preserves outsourced data.
Privacy
Lifei Wei et Security and Discouragement Yes No Yes No Yes
al privacy for of Privacy
storage and cheating and
computation auditing of
secure
computation
Yan Zhu et Cooperative Homomorphic No No Yes No Yes
al Provable Data verifiable
Possession response and
for Integrity hash index
Verification hierarchy
Qian Wang Auditing and verify the No No Yes No Yes
et al Data integrity of the
Dynamics dynamic data
for Storage stored in the
Security cloud
Kan Yang et Secure privacy- Yes No Yes No Yes
al Dynamic preserving
80
Proceedings of 2017 IEEE International Conference on Circuits and Systems (ICCS 2017)
Auditing auditing
Protocol protocol
Table 1: Comparison of Existing Works Based on Data and Storage Security in Cloud Computing
81