AbstractâWith the rapid development of cloud computing, more users are ... environment by enabling CSUs to (1) encrypt their sensitive data and perform data ...
N5.2.pdf
WOCC 2014 1
Ensuring Data Confidentiality in Cloud Computing: An Encryption and Trust-based Solution Yuhong Liu, Jungwoo Ryoo, and Syed Rizvi Department of Information Sciences and Technology Penn State Altoona, Altoona, PA, 16601 Emails: {yuhong, jryoo, srizvi}@psu.edu Abstract—With the rapid development of cloud computing, more users are attracted by its powerful and cost-efficient computation capability. However, whether CSPs can effectively protect CSUs’ data confidentiality remains a challenging issue. In this work, we aim at ensuring data confidentiality in the cloud environment by enabling CSUs to (1) encrypt their sensitive data and perform data correctness verification from time to time, (2) evaluate the trustworthiness of CSP, and (3) determine whether to allow CSPs to perform diverse computation services according to their trust values. The proposed solution, which integrates the encryption and trust based techniques, has achieved the above design goals.
I. Introduction Cloud computing is revolutionizing the cyberspace by providing users with dynamic resource sharing in an open environment [1]. While this open nature of the cloud has greatly benefited users in terms of storing data and running applications conveniently and cost-efficiently, it also raises many security challenges. One of the most important challenges is the data confidentiality [2]. For example, Amazon’s cloud storage customers recently learned this painful lesson when a security testing company discovered that more than 126 billion data files had been exposed due to inappropriate cloud settings [3]. The potential risk of information breach has become one of the biggest hurdles which make users hesitate to move their sensitive information to the cloud. According to the survey in [4], about 88% of cloud service users are concerned about who might be able to access their data. To address the data confidentiality issue, most of current works rely on the encryption-based schemes, such as [5]– [9], through which sensitive information is encrypted and can only be accessed by users possessing the encryption keys. In encryption-based schemes, one of the key problems is who should keep and manage the encryption keys. There are three different strategies. Each of them has advantages and disadvantages. • The Cloud Service Users (i.e. CSUs) manage the encryption key. In this way, the CSUs have more controls on their own data which allows them to adjust the information security levels according to their specific needs. However, without the encryption keys, Cloud Service Providers (i.e. CSPs) can hardly provide computation services, such as data searches, modifications, additions, deletions and insertions. To take advantages of the computation services provided by the CSPs, the CSUs have to make decisions about whether to assign encryption 978-1-4799-5249-6/14/$31.00 ©2014 IEEE
•
•
keys to a given CSP. This problem cannot be resolved by simple, straightforward encryption schemes. The CSPs manage the encryption key. In this way, the CSPs can easily perform computation services for the CSUs. However, CSPs are not always trustworthy. They may hide a data loss/leakage incident from CSUs to maintain their high reputation. More severely, malicious CSPs (or malicious insiders), who can access the encryption keys, are able to read, modify or even delete sensitive information without the permission of CSUs. The information confidentiality may be at high risks. Third-party manages the encryption key. In this way, CSUs can outsource the encryption key management to third-parties. However, whether third-parties can be trusted remains a critical issue.
When comparing these three strategies, we believe that the first one can relieve CSUs’ data confidentiality concerns most, since CSUs have the power to allow only trusted parties to access their sensitive information. Therefore, in this paper, we will focus on the first strategy. As discussed above, the critical issue for this strategy is how CSUs can determine whether to assign encryption keys to CSPs. This problem cannot be completely addressed by encryption-based schemes. A solution which can help the encryption key holders evaluate the risks of assigning encryption keys to other parties is necessary. The trust model, originated from social science, which has been widely adopted in the cyber security field to describe how much one party believes that another party will perform a certain action or possess a certain property, is inherently suitable to address this problem. In this paper, we propose a framework, named EnTrust, which integrates encryption and trust-based techniques, to ensure the data confidentiality in the cloud computing environment. With the proposed framework, CSUs are able to (1) encrypt their data and hold the encryption keys; (2) evaluate a CSP’s trustworthiness; and (3) make decisions on whether to allow a CSP to perform a specific computation service according its trust value. Here, computation services include data searches, modifications, additions, deletions and insertions. The advantages of this scheme are as follows. •
•
The encryption-based scheme protects the data confidentiality by allowing only users with encryption keys to access sensitive information. The CSUs have more control over their own data, and
N5.2.pdf
they can personalize their data security levels according to their specific needs. • The proposed trust model can complement the CSUoriented encryption scheme to address the encryption key management issue, so that the CSUs can determine whether to assign encryption keys to a CSP according to its trustworthiness. The rest of the paper is organized as follows. We summarize existing studies of ensuring data confidentiality in the cloud in Section II; briefly overview the problem in Section III; present the proposed framework in Section IV, followed by conclusions in Section V. II. Related Work Existing studies address the data confidentiality issue in the cloud environment from several angles. • Security framework. In [10], the authors reviewed the theoretical concept and approach of a security framework and presented a multi-agent-system architecture to facilitate the security of cloud data storage. A cloud Storage Encryption (CSE) architecture was proposed in [11], which protected data during transportation and storage and enabled the search on encrypted data through encryption techniques. • Encryption-based schemes. The performance of eight modern encryption techniques in the cloud environment were evaluated in [12]. The authors in [13] proposed a way to build a reliable cloud environment through encryption and compression. A cipher text policy attributebased encryption (CP-ABE) was proposed in [9] to help the data owners form the definition of their own access property and policy. While these encryption schemes are able to hide sensitive information from malicious access, the CSPs can hardly conduct dynamic data operations on the encrypted data. • Searchable encryption schemes. Searchable encryption has been proposed as a better alternative [14]–[16] to the forementioned encryption schemes. A practical solution is proposed in [17] to conduct search operations on encrypted data by revealing the plaintext of the search results only. In [18], the authors proposed a scheme for CSUs to conduct data correctness verification and error localization. Furthermore, the CSPs can easily conduct dynamic data computation services. However, the searchable encryption schemes are expensive in terms of the computational and bandwidth costs. To balance the efficiency and security, almost all of them will inevitably expose the data access pattern (i.e. which file has been retrieved) and search pattern (e.g. whether two searches were conducted for the same key word) [19]. Such patterns can be further utilized by malicious CSPs to explore even more sensitive information. • Introduction of a third party auditor. A third party auditor, independent from CSPs, was introduced in [20] to verify the integrity of the dynamic data stored in the cloud. In [21], the authors proposed to move the third party auditor function into the cloud service provider’s architecture to reduce the response time and communication traffic. How
WOCC 2014
to ensure the trustworthiness of the third party auditors, however, remains a critical issue. The concept of trust has already been actively applied in the cloud computing environment [22]–[25]. For example, a trust model is proposed in [26] for efficient reconfiguration and allocation of computing resources satisfying various user requests. A fuzzy logic based trust model is proposed in [27] to evaluate the scalability, availability, security and usability of a cloud. An application-oriented remote verification trust model is proposed in [28] to prevent unauthentic users from compromising the security and availability of the computing resources. Few of these trust-based schemes are, however, specifically designed to deal with the data confidentiality issue in the cloud. III. Problem Statement A. Adversary Model In this work, we focus on the threats from two aspects. The first threat is from the untrustworthy CSPs. As mentioned in Section I, CSPs may hide a data loss/leakage incident from CSUs to keep their good service reputation. Furthermore, malicious CSPs may attempt to retrieve private information from CSUs’ data. The second threat is from attackers who are able to compromise cloud servers and manipulate CSUs’ data without being detected by CSPs. Both of these two threats will undermine the data confidentiality in the cloud while not triggering any alarms for CSUs. B. Design Goals To ensure the data confidentiality in the cloud against the adversary model in Section III-A, we aim to design a framework consisting of an encryption module, a trust module and a decision-making module, which enables the CSUs to (1) encrypt their sensitive data and perform data correctness verifications from time to time, (2) evaluate the trustworthiness of a CSP, and (3) determine whether to allow CSPs to perform diverse computation services according to their trust values. C. System Model In the proposed framework, we consider a cloud data storage service involving two different entities, as illustrated in Figure 1, a CSP and a CSU. On one hand, the CSP provides data storage services and data computation services, including data searches, modifications, additions, deletions, and insertions. On the other hand, the CSU conducts three type of operations: • Encrypting its own data. More specifically, the CSU encrypts its data locally and then sends the encrypted data to the CSP. To conduct the data encryption, the CSU can choose any encryption schemes according to security requirements and computational costs. • Evaluating a CSP’s trustworthiness through a challengeresponse mechanism. After the encrypted data is stored in the cloud, the CSU can periodically send data verification requests and evaluate the trustworthiness of the CSP according to whether the CSP responds correctly. The trust value of the CSP will drop for each incorrect response and will increase for each correct response. The
N5.2.pdf
Fig. 1: System Model
•
details about how to evaluate the trust value of a CSP will be presented in Section IV-B. Requesting data computation services. Every time the CSU wants to conduct data computations, it can send computation request to the CSP. To provide such services, the CSP may have to require the encryption keys for a certain part of the data. The CSU can make decisions about whether to assign the required encryption key to the CSP according to the trust value of the CSP.
IV. Proposed Framework In this section, we present the details of the proposed EnTrust framework. More specifically, the proposed framework includes three components: (1) the encryption module described in Section IV-A, where the CSU conducts encryption and holds the encryption keys, (2) the trust module described in Section IV-B, where the CSU evaluates the trustworthiness of the CSP, and (3) the decision making module described in Section IV-C, where the CSU makes decisions on whether to allow a CSP to perform a certain data computation service according to its trust value. A. Encryption Module The first component of the proposed solution is the encryption module. Although a CSU relies on the CSP to store and process its data, it may not want the CSP to arbitrarily access the data without permissions. Therefore, in the proposed EnTrust framework, we would like to employ an encryption scheme which is able to (1) ensure the security of CSUs’ data so that no one can access the plaintext of the data without the encryption keys, (2) enable CSUs to verify the correctness of their data, and (3) allow CSPs to conduct computation services with limited knowledge about the plaintext of the data. To fulfill these requirements, we adopt the encryption scheme proposed in [17] as the basic encryption scheme which supports searches over the encrypted data. Furthermore, we also adopt the erasure-code-based scheme in [18] to conduct the data correctness verification and dynamic data computation. In particular, there are three components in the proposed encryption module.
WOCC 2014
1) Basic Encryption Scheme: In order to encrypt the plaintext of CSUs’ data, we adopt the scheme proposed in [17] as our basic encryption scheme. Assume that a CSU has a document F to store on a CSP. Before sending the file F to the CSP, we first divide it into multiple small blocks B1 , ...Bi ...Bl , so that all the later operations (i.e. encryption and computation) can be done on each individual data block. The basic encryption process is as follows. A pseudorandom generator G is introduced to create a sequence of pseudorandom bits (i.e., S1 , S2 , ...Si ...Sl ) with a special structure to allow searches on the data without revealing anything else about the plaintext. To encrypt a data block Bi , pseudorandom bits Ti is obtained by sending Si through a pseudorandom function f , where Ti =< Si , fki (Si ) >. Note that ki is the encryption key for the data block Bi . The CSU can choose to use an identical key for all data blocks or different keys for different data blocks. The encrypted data (i.e., ciphertext Ci ) is generated as Ci = Ti ⊕ Bi , the bitwise exclusive or (XOR) of the plaintext Bi with a sequence of pseudorandom bits Ti . It is proved that for each data block Bi , if the encryption key ki is unknown, the values Ti are indistinguishable from truly random bits for any computationally-bounded adversary. Therefore, only users with the encryption key ki can access the data block Bi . And the first goal of the proposed encryption module is achieved. 2) Data Correctness Verification: Before distributing the encrypted data on cloud servers, we have to resolve one important issue: how to verify the correctness of the data stored in the cloud. To address this issue, we adopt the erasurecorrecting code employed in [18]. In information theory, an erasure code is a forward error correction code, which transforms a message of m symbols into a longer message with n symbols such that the original message can be recovered from a subset of the n symbols [29]. Specifically, ReedSolomon erasure code is introduced which can recover the original m symbol message from any m symbols of the longer n symbol message. In our cloud computing scenario, the data correctness verification is implemented through a challenge-response scheme. The CSU with l data blocks (i.e., B1 , B2 , ..., Bl ) can create r redundant data blocks based on the Reed-Solomon erasure code and store these l+r data blocks on l+r cloud servers. To verify the data correctness, the CSU will send challenges to each of the l+r cloud servers and collect their responses. If for any combination of l responses, the CSU is able to obtain the same data, the challenge is passed. Otherwise, the challenge is failed, indicating that some data blocks have been modified. The details about how to generate the challenges can be found in [18]. Note that, each time when the CSU launches a challenge, it can make one observation about whether the CSP has processed its data correctly or not. Such observations will be used later by the proposed trust module to evaluate the trustworthiness of the CSP. Generally speaking, the more CSU observes correct responses from a CSP, the more it will trust the CSP. The detailed information about how to evaluate the trust values of a CSP is explained in Section IV-B.
N5.2.pdf
3) Computation Service over Encrypted Data: According to whether the computation services will modify the original data or not, we further differentiate them into two categories: (1) data searches and (2) data updates. Data Searches: The data search service is supported by the proposed basic encryption scheme. The detailed procedure is as follows. If the CSU wants to search a word W , it can provide the CSP with the plaintext of the word W and the encryption keys ki for each possible location where the word W may occur. With the encryption keys ki , the CSP is able to search for W in the encrypted data by checking whether the cipher-text Ci XOR the word Wi is of the form < s, fki (s) > for some s. If yes, a match is found. This way, the CSP can only search the encrypted data at the locations where the CSU releases the encryption keys ki , and the CSP can learn nothing about the plaintext in the positions with unknown ki . Note that, while data search services will not cause changes to the original data, it may still expose some sensitive information, such as the encryption key ki for the searched locations and search patterns. Based on it, malicious CSPs may learn even more sensitive information. Therefore, CSUs have to be very careful in making decisions about whether to assign the encryption key ki to CSPs and to allow the search services. However, the encryption-based scheme itself cannot help CSUs make such decisions. In this work, we propose that a CSU makes such decisions through trust evaluation - only trustworthy CSPs are allowed to conduct data search services. More specifically, a CSU will share its encryption key with a CSP associated with a higher trust value. Details about how to evaluate the trust value of a CSP will be introduced in Section IV-B. Data Updates: In addition to the data search service, a CSU may also need to update some data blocks stored in the cloud, from its current version Bi to a new version Bi +ΔBi . Here, data update operations include modifications, additions, deletions and insertions. Different from the data search services, the update services will inevitably change the original data, which may be more dangerous. In this work, we propose that the CSU conducts the data updates locally and then send the new version of the data to the CSP. Due to the linear property of the Reed-Solomon code adopted in this work, the CSU can efficiently update the data by sending only ΔBi to the cloud servers, without involving any other unchanged blocks. Note that the data insertion operation may be computationally complicated since it will affect all the data blocks after the inserted block. How to improve the efficiency of data insertion is beyond the scope of this work. Since the data update services may be more dangerous, CSPs can only conduct such services by obtaining permissions from CSUs. Otherwise, any modifications of the data detected by the CSU through the data correctness verification mechanism will be considered as malicious operations. A CSP will have its trust value dropped if malicious operations are observed by CSUs. Detailed information on this scenario is provided in Section IV-B.
WOCC 2014
B. Trust Module The second component of the proposed EnTrust framework is the trust module. Through the encryption module, we have achieved our first design goal - allowing CSUs to encrypt their sensitive data and to conduct data correctness verifications. However, to utilize the computation services provided by CSPs, CSUs still have to share some sensitive information about their data. Whether such sharing is secure or not highly relies on the trustworthiness of the CSP, which cannot be guaranteed by encryption-based schemes. Therefore, we propose the trust module, which enables CSUs to evaluate the trustworthiness of CSPs and helps them make their sharing decisions based on the trust values. 1) Basic Trust Model: Beta-Function-based Trust: Regarding evaluating the trustworthiness of another party, one well-known trust model is the Beta-function-based trust model [30], which assumes that the probability distribution of a binary event follows a Beta distribution. More specifically, let us consider a random process with two possible outcomes {x, x ¯}. If the outcome x has been observed for g times and the outcome x ¯ has been observed for b times, the probability expectation value of observing outcome x in the future can be represented as g+1 E(px ) = . g+b+2 In terms of the trust evaluation, it can be explained as follows. Assume that we would like to evaluate the trustworthiness of one party A. If we observed that A conducted g times of good behaviors and b times of bad behaviors, the probability that we would expect A to conduct a good behavior g+1 next time is pg = g+b+2 . In the beta-function based trust model, the probability for A to conduct a good behavior (i.e., pg ) is assigned as its trust value. In this work, we apply the Beta-function based trust model in the cloud environment to evaluate the trustworthiness of CSPs. As mentioned in Section IV-A2, the encryption module allows CSUs to periodically verify the data correctness by sending challenges to the CSP. The trustworthiness of the CSP can be evaluated based on its responses. In particular, we assume that the CSP’s response is a random process with binary outcomes, either correct or incorrect, indicating whether the CSP has modified the data (i.e., a bad behavior) or not (i.e., a good behavior). Assume that the CSU has checked the data correctness for N times in total, and the CSP responds correctly for g times, and incorrectly for b times. The trust value of the CSP can be calculated as: g+1 TCSP = . g+b+2 We demonstrate the trust calculation in several scenarios. First, when a CSU chooses a CSP for the first time, it has no observation about the CSP’s behavior at all. In this case, we have b = 0 and g = 0. The initial trust value assigned ini to this CSP will be TCSP = 0+1 0+2 = 0.5. If the CSU decides to use the services provided by the CSP, after several rounds, the CSU will gain more observations about this CSP. Second, assume that the CSU observes 3 times of good behavior, and 0 times of bad behavior, the trust value of the CSP is
N5.2.pdf
Here, Wi represents the weight for the ith good behavior, and Wj represents the weight for the j th bad behavior. In summary, through the proposed trust module, CSUs are able to evaluate the trustworthiness of CSPs through their own observations. A CSP with a higher trust value will be more trusted by a CSU. The trust values will be used to help CSUs make decisions about whether to allow the CSP to conduct diverse data computation services. We will explain it more in Section IV-C. C. Decision Module Based on a CSP’s trust value, a CSU can make decisions about whether to allow the CSP to conduct a certain type of data computation. In this work, we consider that the computations conducted by a CSP will affect a CSU’s data confidentiality with different severity levels. If we order the computation services as data storage, searches and updates (including modifications, additions, deletions and insertions), the severity level is gradually increasing. For example, to store encrypted data through a CSP, the CSU does not need to assign encryption keys to the CSP and no modifications will be made to the original data. If the CSP is allowed to search the data, some sensitive information, such as the encryption keys for the searched locations and some patterns
1 0.9
storage, searches and updates th3
0.8 0.7 Trust Value
� calculated as TCSP = 3+1 3+2 = 0.8, which is higher than the initial trust value. It indicates that the CSU will trust the CSP more if it observes more good behaviors. Third, if sometime later, the CSU observes 3 times of good behavior and 2 times of bad behavior, the trust value of the CSP will 3+1 �� be TCSP = 3+2+2 = 0.57. It shows that the CSU will trust the CSP less if more bad behaviors are observed. Through diverse scenarios, we can observe that the beta-function-based trust model can dynamically evaluate the trustworthiness of the CSP according to its behaviors. 2) Time Factor: In the basic trust model, we evaluate the trustworthiness of a CSP only based on the number of its good behaviors and bad behaviors. However, the CSP’s behavior may change over time. A previously secure CSP may be compromised by attackers; or a malicious CSP may behave good to obtain a high trust value and then conduct bad behaviors. To consider these more complicated scenarios, we need to involve a time factor into the trust evaluation process. Generally speaking, recent observations should have higher weights than observations made long time ago. In other words, we are gradually forgetting older observations. Specifically, we assume that the impact of an observation drops exponentially along the time, indicating that as time goes by, the weight of a particular observation drops faster and faster. For a given observation o, assume that tcurr represents the current time and that to represents the time when this observation was made. The weight of this observation is calculated as Wo = etcurr −to . By considering the forgetting factor, the trust model will be expressed as follows. � ∗ gi + 1 i Wi � TCSP = � . i Wi ∗ g i + j Wj ∗ bj + 2
WOCC 2014
0.6 th
2
0.5 0.4
th
1
0.3 0.2 0.1 0
0
2
4
6
8
10
Time
Fig. 2: Decision Making of the data, may be exposed to the CSP although it will not cause any changes to the original data. The update operations will, however, inevitably change the original data and may thus cause more severe damage. Therefore, CSUs have to consider these computations differently and require the CSP to maintain different trust levels in order to conduct these services. In this work, a CSU is able to set different thresholds as {th1 , th2 , th3 }, where th1 ≤ th2 ≤ th3 . Whether a CSP can conduct a certain type of computation services is determined as follows. ⎧ TCSP < th1 , None ⎪ ⎪ ⎨ th2 > TCSP ≥ th1 , data storage th3 > TCSP ≥ th2 , data storage and searches ⎪ ⎪ ⎩ TCSP ≥ th3 , data storage, searches and updates In this way, a CSU stores its data in the cloud of the CSPs with trust values higher than or equal to th1 ; allows only the CSPs with trust values higher than or equal to th2 to search over their encrypted data; and enables the CSPs with trust values higher than or equal to th3 to conduct all types of data computations. An example is illustrated in Figure 2, where the x-axis represents time and y-axis represents a CSP’s trust value. When the CSP’s trust value is higher than or equal to th3 , CSU will trust CSP in terms of providing data storage, searches and updates. V. C ONCLUSION In this work, we aim at ensuring the data confidentiality in the cloud environment by helping CSUs (1) encrypt their sensitive data and perform data correctness verification from time to time, (2) evaluate the trustworthiness of CSPs, and (3) allow CSPs to perform diverse computation services according to their trust values. To achieve these goals, an EnTrust framework which integrates the encryption and trust-based techniques is proposed. Specifically, the proposed framework contains three components: an encryption module, a trust evaluation module and a decision module. Through the encryption module, CSUs are able to encrypt their sensitive data before storing it in the cloud. Furthermore, the encryption schemes selected in this work allow CSUs to verify the data correctness
N5.2.pdf
from time to time and enable searches over the encrypted data by CSPs with provided encryption keys. However, to utilize the computation services provided by CSPs, CSUs have to expose some private information to CSPs. Therefore, CSUs have to carefully select trustworthy CSPs to perform the computation services. The trust evaluation module provides an effective way for CSUs to calculate the trust values of CSPs based on CSPs’ behaviors. With such trust values, the CSUs are able to make decisions about whether to allow a CSP to perform a certain type of data computation service. To ensure a high level security, in this paper, we propose that CSUs perform both the encryption and trust evaluation process, which may cause relatively heavy workloads for CSUs, especially individual cloud users. In the future work, we can consider to involve third party auditors who can take over complicated computations and reduce CSUs’ workload. Then how CSUs can assign workloads to the third party auditors while not exposing too much sensitive information will require further discussions. R EFERENCES [1] P. Kumar, V. K. Sehgal, D. S. Chauhan, P. Gupta, and M. Diwakar, “Effective ways of secure, private and trusted cloud computing,” IJCSI International Journal of Computer Science Issues, vol. 8, no. 2, May, 2011. [2] J. W. Rittinghouse and J. F. Ransome, Cloud computing: implementation, management, and security. CRC press, 2009. [3] staff writer, Clouds leak Amazon torrents of data, April, 2013, available at http://www.tgdaily.com/hardware-brief/70705-clouds-leakamazon-torrents-of-data. [4] F. R. Institute, Personal data in the cloud: a global survey of customer attitudes, 2010, [Online]. Available at http://www.fujitsu.com/downloads/SOL/fai/reports/fujitsu personaldata-in-the-cloud.pdf. [5] Nasuni, Top 5 Security Challenges of Cloud Storage, [Online]. Available at http://www.nasuni.com/news/press releases/26top 5 security challenges of cloud storage. [6] Y. Peng, W. Zhao, F. Xie, Z. hua Dai, Y. Gao, and D. qing Chen, “Secure cloud storage based on cryptographic techniques,” The Journal of China Universities of Posts and Telecommunications, vol. 19, pp. 182–189, 2012. [7] A. Bessani, M. Correia, B. Quaresma, F. Andr´e, and P. Sousa, “Depsky: dependable and secure storage in a cloud-of-clouds,” in Proceedings of the sixth conference on Computer systems. ACM, 2011, pp. 31–46. [8] G. Danezis and B. Livshits, “Towards ensuring client-side computational integrity,” in Proceedings of the 3rd ACM workshop on Cloud computing security workshop. ACM, 2011, pp. 125–130. [9] B. R. Sekhar, B. S. Kumar, L. S. Reddy, and V. PoornaChandar, “Cpabe based encryption for secured cloud storage access,” International Journal of Scientific & Engineering Research, vol. 3, no. 9, 2012. [10] A. M. Talib, R. Atan, M. A. A. Murad, and R. Abdullah, “Security framework of cloud data storage based on multi agent,” Computer and Information Science, vol. 3, no. 4, pp. 175–186, 2010. [11] H. M. Al-Sabri and S. M. Al-Saleem, “Building a cloud storage encryption (cse) architecture for enhancing cloud security,” International journal of computer science issues, vol. 10, no. 2, p. 259, 2013. [12] S. El-etriby, E. M. Mohamed, and H. S. Abdul-kader, “Modern encryption techniques for cloud computing,” 2012. [13] S. Sajithabanu and D. E. G. P. Raj, “Data storage security in cloud,” IJCST, vol. 2, no. 4, 2011. [14] R. Rughinis, “Enhancing performance of searchable encryption in cloud computing,” in Proceedings of the Third ACM Conference on Data and Application Security and Privacy, ser. CODASPY ’13, 2013, pp. 157– 160. [15] J.-Y. Huang and I.-E. Liao, “A searchable encryption scheme for outsourcing cloud storage,” in Communication, Networks and Satellite (ComNetSat), 2012 IEEE International Conference on, July 2012, pp. 142–146.
WOCC 2014
[16] Z. Yaling, J. Zhipeng, and W. Shangping, “A multi-user searchable symmetric encryption scheme for cloud storage system,” in Intelligent Networking and Collaborative Systems (INCoS), 2013 5th International Conference on, Sept 2013, pp. 815–820. [17] D. X. Song, D. Wagner, and A. Perrig, “Practical techniques for searches on encrypted data,” in 2000 IEEE Symposium on Security and Privacy, 2000, pp. 44–55. [18] C. Wang, Q. Wang, K. Ren, and W. Lou, “Ensuring data storage security in cloud computing,” in 17th International Workshop on Quality of Service (IWQoS), July 2009, pp. 1–9. [19] C. Wang, N. Cao, K. Ren, and W. Lou, “Enabling secure and efficient ranked keyword search over outsourced cloud data,” Parallel and Distributed Systems, IEEE Transactions on, vol. 23, no. 8, pp. 1467–1479, 2012. [20] Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, “Enabling public auditability and data dynamics for storage security in cloud computing,” Parallel and Distributed Systems, IEEE Transactions on, vol. 22, no. 5, pp. 847–859, 2011. [21] S. Han and J. Xing, “Ensuring data storage security through a novel third party auditor scheme in cloud computing,” in 2011 IEEE International Conference on Cloud Computing and Intelligence Systems (CCIS), Sept 2011, pp. 264–268. [22] K. M. Khan and Q. Malluhi, “Establishing trust in cloud computing,” IT professional, vol. 12, no. 5, pp. 20–27, 2010. [23] J. Abawajy, “Establishing trust in hybrid cloud computing environments,” in Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on. IEEE, 2011, pp. 118–125. [24] W. Wang, G. Zeng, D. Tang, and J. Yao, “Cloud-dls: Dynamic trusted scheduling for cloud computing,” Expert Systems with Applications, vol. 39, no. 3, pp. 2321–2329, 2012. [25] R. K. Ko, P. Jagadpramana, M. Mowbray, S. Pearson, M. Kirchberg, Q. Liang, and B. S. Lee, “Trustcloud: A framework for accountability and trust in cloud computing,” in 2011 IEEE World Congress on Services (SERVICES). IEEE, 2011, pp. 584–588. [26] H. Kim, H. Lee, W. Kim, and Y. Kim, “A trust evaluation model for cloud computing,” in Grid and Distributed Computing. Springer, 2009, pp. 184–192. [27] M. Alhamad, T. Dillon, and E. Chang, “Trust-evaluation metric for cloud applications,” International Journal of Machine Learning and Computing, vol. 1, no. 4, pp. 416–421, 2011. [28] X. Zhang, H. Liu, B. Li, X. Wang, H. Chen, and S. Wu, “Applicationoriented remote verification trust model in cloud computing,” in 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom). IEEE, 2010, pp. 405–408. [29] Wikipedia, Erasure Code, avaiable at http://en.wikipedia.org/wiki/Erasure code. [30] A. Jøsang and R. Ismail, “The beta reputation system,” in Proceedings of the 15th Bled Electronic Commerce Conference, 2002.
