• Journal of Information Processing Systems
• /
• 제15권3호
• /
• pp.538-549
• /
• 2019

Cloud computing is the concept of providing information technology services on the Internet, such as software, hardware, networking, and storage. These services can be accessed anywhere at any time on a pay-per-use basis. However, storing data on servers is a challenging aspect of cloud computing. This paper utilizes cryptography and access control to ensure the confidentiality, integrity, and proper control of access to sensitive data. We propose a model that can protect data in cloud computing. Our model is designed by using an enhanced RSA encryption algorithm and a combination of role-based access control model with extensible access control markup language (XACML) to facilitate security and allow data access. This paper proposes a model that uses cryptography concepts to store data in cloud computing and allows data access through the access control model with minimum time and cost for encryption and decryption.

• 한국컴퓨터정보학회논문지
• /
• 제22권8호
• /
• pp.55-61
• /
• 2017

Cloud computing is cost-effective in terms of system configuration and maintenance and does not require special IT skills for management. Also, cloud computing provides an access control setting where SSO is adopted to secure user convenience and availability. As the SSO user authentication structure of cloud computing is exposed to quite a few external security threats in wire/wireless network integrated service environment, researchers explore technologies drawing on distributed SSO agents. Yet, although the cloud computing access control using the distributed SSO agents enhances security, it impacts on the availability of services. That is, if any single agent responsible for providing the authentication information fails to offer normal services, the cloud computing services become unavailable. To rectify the environment compromising the availability of cloud computing services, and to protect resources, the current paper proposes a security policy that controls the authority to access the resources for cloud computing services by applying the authentication policy of user authentication agents. The proposed system with its policy of the authority to access the resources ensures seamless and secure cloud computing services for users.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권3호
• /
• pp.1523-1545
• /
• 2019

Cloud computing is now a widespread and economical option when data owners need to outsource or share their data. Designing secure and efficient data access control mechanism is one of the most challenging issues in cloud storage service. Anonymous broadcast encryption is a promising solution for its advantages in the respects of computation cost and communication overload. We bring forward an efficient anonymous identity-based broadcast encryption construction combined its application to the data access control mechanism in cloud storage service. The lengths for public parameters, user private key and ciphertext in the proposed scheme are all constant. Compared with the existing schemes, in terms of encrypting and decrypting computation cost, the construction of our scheme is more efficient. Furthermore, the proposed scheme is proved to achieve adaptive security against chosen-ciphertext attack adversaries in the standard model. Therefore, the proposed scheme is feasible for the system of data access control in cloud storage service.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권5호
• /
• pp.2754-2767
• /
• 2019

Cloud computing is widely used in information spreading and processing, which has provided a easy and quick way for users to access data and retrieve service. Generally, in order to prevent the leakage of the information, the data in cloud is transferred in the encrypted form. As one of the traditional security technologies, access control is an important part for cloud security. However, the current access control schemes are not suitable for cloud, thus, it is a vital problem to design an access control scheme which should take account of complex factors to satisfy the various requirements for cipher text protection. We present a novel access control scheme based on proxy re-encryption(PRE) technology (PreBAC) for cipher text. It will suitable for the protection of data confidently and information privacy. At first, We will give the motivations and related works, and then specify system model for our scheme. Secondly, the algorithms are given and security of our scheme is proved. Finally, the comparisons between other schemes are made to show the advantages of PreBAC.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권1호
• /
• pp.282-304
• /
• 2014

Each cloud service has numerous owners and tenants, so it is necessary to construct a privacy preserving identity management and access control mechanism for cloud computing. On one hand, cloud service providers (CSP) depend on tenant's identity information to enforce appropriate access control so that cloud resources are only accessed by the authorized tenants who are willing to pay. On the other hand, tenants wish to protect their personalized service access patterns, identity privacy information and accessing newfangled cloud services by on-demand ways within the scope of their permissions. There are many identity authentication and access control schemes to address these challenges to some degree, however, there are still some limitations. In this paper, we propose a new comprehensive approach, called Privacy pReserving Identity and Access Management scheme, referred to as PRIAM, which is able to satisfy all the desirable security requirements in cloud computing. The main contributions of the proposed PRIAM scheme are threefold. First, it leverages blind signature and hash chain to protect tenant's identity privacy and implement secure mutual authentication. Second, it employs the service-level agreements to provide flexible and on-demand access control for both tenants and cloud services. Third, it makes use of the BAN logic to formally verify the correctness of the proposed protocols. As a result, our proposed PRIAM scheme is suitable to cloud computing thanks to its simplicity, correctness, low overhead, and efficiency.

• 한국컴퓨터정보학회논문지
• /
• 제24권8호
• /
• pp.67-76
• /
• 2019

Along with the diversification of digital content services using wired/wireless networks, the market for the construction of base systems is growing rapidly. Cloud computing services are recognized for a reasonable cost of service and superior system operations. Cloud computing is convenient as far as system construction and maintenance are concerned; however, owing to the security risks associated with the system construction of actual cloud computing service, the ICT(Information and Communications Technologies) market is lacking regardless of its many advantages. In this paper, we conducted an experiment on a cloud computing security enhancement model to strengthen the security aspect of cloud computing and provide convenient services to the users. The objective of this study is to provide secure services for system operation and management while providing convenient services to the users. For secure and convenient cloud computing, a single sign-on (SSO) technique and a system access control technique are proposed. For user authentication using SSO, a security level is established for each user to facilitate the access to the system, thereby designing the system in such a manner that the rights to access resources of the accessed system are not abused. Furthermore, using a user authentication ticket, various systems can be accessed without a reauthorization process. Applying the security technique to protect the entire process of requesting, issuing, and using a ticket against external security threats, the proposed technique facilitates secure cloud computing service.

• 한국컴퓨터정보학회논문지
• /
• 제28권11호
• /
• pp.73-80
• /
• 2023

본 논문은 클라우드 서비스 시장을 활성화하기 위해 중요 정보의 접근을 보호하는 기술을 제안하였다. 클라우드 서비스 시장의 여러가지 저해요소 중에 클라우드 시스템에 저장되는 중요한 대외비 및 개인정보가 유출될 수 있는 문제를 해결하기 위한 기술을 제안하였다. 클라우드 서비스 제공자와 일반 사용자가 클라우드 자원에 대한 접근을 통제하여 중요 정보를 보호 할 수 있도록 하였다. 시스템 관리자는 시스템의 유지 및 관리를 위해 슈퍼유저의 권한을 갖는다. 클라이언트 컴퓨팅 서비스는 외부의 클라우드 서비스 공급자가 관리하고 정보 또한 외부시스템에 저장된다. 이러한 환경으로부터 사내의 중요 정보를 보호하기 위해 클라우드 서비스 공급자를 포함한 모든 사용자가 인증을 받고 자원을 접근할 수 있도록 하였다. 제안한 접근통제 기술을 통해 클라우드 컴퓨팅 자원에 대한 기밀성과 신뢰성 서비스를 제공하여 클라우드 서비스 시장의 활성화를 기대한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권1호
• /
• pp.145-164
• /
• 2023

Cloud computing offers a platform that is both adaptable and scalable, making it ideal for outsourcing data for sharing. Various organizations outsource their data on cloud storage servers for availing management and sharing services. When the organizations outsource the data, they lose direct control on the data. This raises the privacy and security concerns. Cryptographic encryption methods can secure the data from the intruders as well as cloud service providers. Data owners may also specify access control policies such that only the users, who satisfy the policies, can access the data. Attribute based access control techniques are more suitable for the cloud environment as they cover large number of users coming from various domains. Multi-authority attribute-based encryption (MA-ABE) technique is one of the propitious attribute based access control technique, which allows data owner to enforce access policies on encrypted data. The main aim of this paper is to comprehensively survey various state-of-the-art MA-ABE schemes to explore different features such as attribute and key management techniques, access policy structure and its expressiveness, revocation of access rights, policy updating techniques, privacy preservation techniques, fast decryption and computation outsourcing, proxy re-encryption etc. Moreover, the paper presents feature-wise comparison of all the pertinent schemes in the field. Finally, some research challenges and directions are summarized that need to be addressed in near future.

• International Journal of Advanced Culture Technology
• /
• 제7권4호
• /
• pp.208-221
• /
• 2019

The inference for this research was concentrated on client's data protection in cloud computing i.e. data storages protection problems and how to limit unauthenticated access to info by developing access control model then accessible preparations were introduce after that an access control model was recommend. Cloud computing might refer as technology base on internet, having share, adaptable authority that might be utilized as organization by clients. Compositely cloud computing is software's and hardware's are conveying by internet as a service. It is a remarkable technology get well known because of minimal efforts, adaptability and versatility according to client's necessity. Regardless its prevalence large administration, propositions are reluctant to proceed onward cloud computing because of protection problems, particularly client's info protection. Management have communicated worries overs info protection as their classified and delicate info should be put away by specialist management at any areas all around. Several access models were accessible, yet those models do not satisfy the protection obligations as per services producers and cloud is always under assaults of hackers and data integrity, accessibility and protection were traded off. This research presented a model keep in aspect the requirement of services producers that upgrading the info protection in items of integrity, accessibility and security. The developed model helped the reluctant clients to effectively choosing to move on cloud while considerate the uncertainty related with cloud computing.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권10호
• /
• pp.4136-4156
• /
• 2020

Recently, data can be safely shared or stored using the infrastructure of cloud computing in various fields. However, issues such as data security and privacy affect cloud environments. Thus, a variety of security technologies are required, one of them is security technology using CP-ABE. Research into the CP-ABE scheme is currently ongoing, but the existing CP-ABE schemes can pose security threats and are inefficient. In terms of security, the CP-ABE approach should be secure against user collusion attacks and masquerade attacks. In addition, in a dynamic cloud environment where users are frequently added or removed, they must eliminate user access when they leave, and so users will not be able to access the cloud after removal. A user who has left should not be able to access the cloud with the existing attributes, secret key that had been granted. In addition, the existing CP-ABE scheme increases the size of the ciphertext according to the number of attributes specified by the data owner. This leads to inefficient use of cloud storage space and increases the amount of operations carried out by the user, which becomes excessive when the number of attributes is large. In this paper, CP-ABE access control is proposed to block access of withdrawn users in dynamic cloud environments. This proposed scheme focuses on the revocation of the attributes of the withdrawn users and the output of a ciphertext of a constant-size, and improves the efficiency of the user decryption operation through outsourcing.