Your search keyword '"cloud security"' showing total 1,861 results

1. Verifiable attribute-based multi-keyword search scheme with sensitive information hiding for cloud-assisted e-healthcare sharing systems

Author

Zhao, Jie, Huang, Hejiao, Xu, Yongliang, Zhang, Xiaojun, Du, Hongwei, and Huang, Chao

Published

2025

2. Towards privacy-preserving compressed sensing reconstruction in cloud

Author

Xu, Kaidi, Yu, Jia, and Gao, Wenjing

Published

2025

3. A novel framework to identify cybersecurity challenges and opportunities for organizational digital transformation in the cloud

Author

Liang, Xueping and Xu, Yilin

Published

2025

4. A proposed biometric authentication hybrid approach using iris recognition for improving cloud security

Author

El-Sofany, Hosam, Bouallegue, Belgacem, and Abd El-Latif, Yasser M.

Published

2024

5. Privacy-preserving Boolean range query with verifiability and forward security over spatio-textual data

Author

Ge, Xinrui, Yu, Jia, and Kong, Fanyu

Published

2024

6. ACE: A Consent-Embedded privacy-preserving search on genomic database

Author

Jafarbeiki, Sara, Sakzad, Amin, Steinfeld, Ron, Kasra Kermanshahi, Shabnam, Thapa, Chandra, and Kume, Yuki

Published

2024

7. Multiple Intrusion Detection in Complex Cloud Environments Using Random Forest and Deep Learning on the UNSW-NB15 Benchmark Datasets

Author

Upadhyay, Abhinav, Thakur, Nidhi, Pandey, Abhishek, Khan, Minhaj, Vibhute, Amol D., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Kumar, Adesh, editor, Pachauri, Rupendra Kumar, editor, Mishra, Ranjan, editor, and Kuchhal, Piyush, editor

Published

2025

8. Searchable Encryption for Privacy Preserving with Fine-Grained Access Control

Author

Archana, Manne, Pranathi, Raparthi, Shreya, Kalakota, Nikhitha, Boodida, Patel, Ashokkumar, editor, Kesswani, Nishtha, editor, Mishra, Madhusudhan, editor, and Meher, Preetisudha, editor

Published

2025

9. New Cloud Computing Authentication Based on Secure Hash Algorithm (SHA-3) and Lightweight Sosemanuk Algorithm

Author

Niaf, Jolan Rokan, Kadhim, Aqeel Kamil, Mohammed, Qutaiba Humadi, Hoomod, Haider K., Salman, Muna Muhsen, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Dutta, Soumi, editor, Bhattacharya, Abhishek, editor, Shahnaz, Celia, editor, and Chakrabarti, Satyajit, editor

Published

2025

10. Technical Concepts on Cloud Security and Privacy Using Deep Learning Techniques and Hybridized Encryption

Author

Rajchandar, K., Madanan, Mukesh, Sastry, R. V. L. S. N., Saxena, Monika, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Tan, Kay Chen, Series Editor, Kumar, Amit, editor, Gunjan, Vinit Kumar, editor, Senatore, Sabrina, editor, and Hu, Yu-Chen, editor

Published

2025

11. Chapter 22 - Cloud security for smart sensor network

Author

Divadari, Satyavathi

Published

2025

12. Dark Clouds on the Horizon? Effects of Cloud Storage on Security Breaches.

Author

Li, He, Kettinger, William J., and Yoo, Sungjin

Subjects

CLOUD storage security measures, CLOUD storage, INFORMATION technology security, CLOUD computing, SELECTIVITY (Psychology)

Abstract

This research examines how a firm's cloud storage implementation affects different types of security breaches in both the short- and long-term. Building on the attention-based view, we find that cloud storage implementation positively relates to a firm's external breaches and accidental internal breaches in the short-term. However, the positive relationship between cloud storage implementation and external breaches diminishes over time and becomes insignificant long-term. Our results demonstrate a long-term security advantage of cloud storage in reducing accidental internal breaches. We did not find a significant association between cloud storage and malicious internal breaches. Findings highlight the need for firms to direct limited resources to different security risks in the short- and long-term of cloud storage implementation over time. This research contributes to our understanding of cloud storage's security implications and explicitly theorizes the role of attention in firm IT security management. We contribute to the attention-based view by contextualizing the theory to IT security. We highlight temporal dynamics through distinct attentional mechanisms, including selective attention, attentional flexibility, and attentional vigilance. [ABSTRACT FROM AUTHOR]

Published

2024

13. RT-PPS: Real-time privacy-preserving scheme for cloud-hosted IoT data.

Author

Elhoseny, Mohamed and Riad, Khaled

Abstract

The Internet of Things (IoT) is a rapidly growing network of devices that can communicate with each other and with cloud-based services. These devices generate vast amounts of data that can be used to provide valuable insights into user behavior, environmental conditions, and other important factors. However, as this data is collected and processed by cloud-hosted services, there is a growing concern about privacy and security. Without adequate protection, sensitive information could be exposed to hackers or other malicious actors, putting both individuals and organizations at risk. To address this challenge, real-time privacy-preserving techniques can be used to protect IoT data without compromising its value. This paper introduces an efficient Real-time privacy-preserving scheme (RT-PPS) for cloud-hosted IoT data. RT-PPS employs multi-authority attribute-based encryption on a hybrid cloud environment to keep data secure and private, while still allowing it to be processed and analyzed by cloud-hosted services. RT-PPS has efficient response time and resource consumption, which gives it the ability to handle a huge number of concurrent users at the same time without notable delay. The proposed RT-PPS has been validated through extensive experimental evaluation on a variety of configurations. Moreover, the proposed scheme has been computationally compared with the state-of-the-artwork. RT-PPS has shown excellent performance, effectiveness, and efficiency. The RT-PPS encryption time for a 1 GB dataset while considering 1024 slices is approximately 1000 ms. Also, the RT-PPS decryption time for a 1 GB ciphertext while considering 1024 slices are approximately 235 ms. Finally, RT-PPS is proven secure against any polynomial-time attacks and their variations that have at most a negligible advantage in the introduced security model. Moreover compared to most of the state-of-the-artwork, RT-PPS reduced the ciphertext size and lowered the computations in the encryption, key generation, decryption, and ciphertext update while assuring their security. By implementing RT-PPS, organizations can take advantage of the benefits of IoT data while protecting the privacy of their users and maintaining the security of their systems. [ABSTRACT FROM AUTHOR]

Published

2025

14. Detection and mitigation of TCP-based DDoS attacks in cloud environments using a self-attention and intersample attention transformer model: Detection and mitigation...: K. G. et al.

Author

Kirubavathi, G., Sumathi, I. R., Mahalakshmi, J., and Srivastava, Durgesh

Abstract

TCP-based Distributed Denial of Service (DDoS) attacks pose a significant danger to cloud infrastructures because they can imitate genuine traffic patterns, making them difficult to detect using standard approaches. This study introduces the Self-Attention and Intersample Attention Transformer (SAINT) model, a unique deep learning architecture that incorporates Sparse Logistic Regression to address these issues. The SAINT framework uses dual attention mechanisms-self-attention for capturing complicated intraflow dependencies and intersample attention for assessing interflow relationships-to provide enhanced detection of malicious traffic. SAINT, unlike existing methodologies, prioritizes scalability, interpretability, and computational efficiency, distinguishing it from traditional models such as CNNs, RNNs, and ensemble techniques. The model’s efficacy was evaluated using the BCCC-cPacket-Cloud-DDoS-2024 dataset, which included 700,000 traffic flows across 17 advanced attack scenarios, with state-of-the-art metrics: 95% precision, 95% recall, 96% F1 score, and 97% accuracy. Furthermore, studies on the CICDDoS2019 dataset confirmed SAINT’s resilience and flexibility to a variety of network conditions. SAINT addresses real-world issues in cloud-based DDoS detection, such as temporal and spatial traffic complexities, to provide a viable, high performance solution for protecting current cloud infrastructures. This work establishes the groundwork for scalable, adaptable, and efficient cloud-native security frameworks, paving the path for enhanced countermeasures to changing cyber threats. [ABSTRACT FROM AUTHOR]

Published

2025

15. Enhancing cloud security with intelligent load balancing and malicious request classification.

Author

Krishna Sowjanya, K and Mouleeswaran, S K

Abstract

The cloud computing landscape presents a critical intersection of security and performance. To address this, an intelligent load-balancing system is proposed coupled with a malicious request classification approach. This research tackles the growing threat of malicious requests, which pose a significant risk to cloud systems. By integrating a novel classification mechanism within the load-balancing framework, we can pre-emptively identify and mitigate potential security breaches. The approach combines Intelligent Load Balancing with blockchain technology to enhance cloud security and performance. Users, or clients interacting with cloud-based services, access these systems through the Internet. The proposed system leverages the golden eagle optimizer (GEO), a metaheuristic optimization algorithm, to optimize quality of service (QoS) parameters while managing dynamic workloads. To accurately classify malicious requests, we employ a hybrid graph neural network (GNN) and logistic regression (LR) model. The GNN captures complex relationships among request features (e.g., IP addresses, URLs, user-agent strings) to identify patterns indicative of malicious activity. The LR model then makes the final classification decision based on the GNN’s output. Implemented and evaluated using Jupyter Notebook, the system demonstrates an impressive 98% accuracy in classifying malicious requests, highlighting its effectiveness in safeguarding cloud environments. [ABSTRACT FROM AUTHOR]

Published

2025

16. An efficient position-sensitive fuzzy keyword search scheme for encrypted data on hybrid cloud.

Author

Li, Nan and Su, Qianqian

Abstract

With the growing demand for effective and privacy-preserving data retrieval, searchable encryption has emerged as a promising solution for searching encrypted data stored on remote servers. Compared with exact keyword search, fuzzy keyword search can address misspellings and formatting inconsistencies, thus greatly enhancing the user’s search experience. However, existing fuzzy keyword search schemes tend to ignore the effect of letter position on the sorting of search results, resulting in redundant search results. To address this problem, a novel fuzzy sorting search scheme is proposed to efficiently search encrypted cloud data, which enables sorting while searching. The proposed scheme improves the sorting efficiency while increasing the search accuracy. The proposed scheme considers the alphabetical position of the keywords and uses the Euclidean distance metric to measure the similarity between search keywords and document keywords. To decrease the storage space for indexes, the proposed scheme build a binary index tree and design a tree-based search algorithm based on letter vectors and thresholds. To improve search efficiency, the proposed scheme combines keyword weight and keyword similarity to calculate similarity scores and uses dual servers to search encrypted cloud data. Finally, extensive analysis and experiments certify the effectiveness, efficiency, and accuracy of the proposed scheme, demonstrating its ability to meet the need for security, efficiency, and accuracy. [ABSTRACT FROM AUTHOR]

Published

2025

17. pbins: private bins for top-k semantic search over encrypted data using transformers.

Author

Arockiasamy, John Prakash, Sabarimuthu, Irene, Benjamin, Lydia Elizabeth, and Palaniswami, Srinivasan

Abstract

Traditional searchable encryption constructions are often based on Term-Frequency and Inverse Document Frequency (TF-IDF) to retrieve relevant documents. These vectors are sensitive to the document length, sparse and lacks semantic understanding. Additionally, to address the growing privacy challenges, we propose pbins a novel design for achieving privacy preserving semantic-aware multi-keyword ranked search over encrypted data using “Private bins”. pbins is a method-agnostic encapsulation designed for indexes based on vector embeddings, enabling document retrieval without compromising privacy. Our approach leverages SBERT (Sentence-BERT) like Transformers to capture semantically meaningful sentence embeddings. The private bins group semantically similar documents together based on relevance scores thus allowing users to retrieve information without compromising data confidentiality. Private Bins can be updated dynamically without requiring a complete index reconstruction or uploading new structures to the cloud. Furthermore, pbins supports range-encoded and ranked search allowing users to retrieve the top-k documents efficiently while preserving privacy. The robustness of our approach is substantiated through a thorough security analysis that demonstrates correctness and forward privacy. Experiments on real-world news group dataset demonstrates the performance of pbins in terms of accuracy and efficiency. [ABSTRACT FROM AUTHOR]

Published

2025

18. Integrating blockchain, internet of things, and cloud for secure healthcare.

Author

Kumaran, K. Senthur, Khekare, Ganesh, M., Thanu Athitya, Arulmozhivarman, Aakash, M., Arvind Pranav, and N., Hiritish Chidambaram

Subjects

REMOTE patient monitoring, DATA privacy, MEDICAL personnel, INTERNET of things, INFORMATION architecture, BLOCKCHAINS

Abstract

This research paper shows a decentralized healthcare architecture using the integration of internet of things (IoT), blockchain, and cloud to improve speed up tuple broken security as well as scalability. Real time health information (e.g., pulse rate, sugar level) from patients is captured by IoT devices and preprocessed at the fog computing layer to securely send them to a cloud platform. Immutability and transparency Patient health records recorded by blockchain solutions are highly irreversible due to the underlying technology, while smart contracts take care of data integrity and privacy. The cloud layer delivers storage that scales and works, also including real-time analytics to access patient data from anywhere for healthcare providers while the core helps manage long-term information architecture. It does so by automating healthcare workflows and taking some of the manual interventional processes out such that care delivery becomes even more efficient. Together, these technologies provide a secure, efficient, patient-centered healthcare system whose architecture can easily support future needs in remote patient monitoring and inter-institutional collaboration, responding to emerging demands from modern healthcare systems. [ABSTRACT FROM AUTHOR]

Published

2025

19. ADVANCED SECURITY AND PRIVACY IN CLOUD COMPUTING: ENHANCING DATA PROTECTION WITH MULTIKEYWORD RANKED SEARCH IN ENCRYPTED ENVIRONMENTS.

Author

JOSHI, NARENDRA SHYAM, SAMBREKAR, KULDEEP P., PATANKAR, ABHIJIT J., RAJAWAT, ANAND SINGH, and MUQEEM, MOHD

Subjects

CLOUD computing security measures, SEARCH algorithms, INFORMATION retrieval, CLOUD storage, DATA protection

Abstract

As cloud services become more popular, encryption becomes more important for user privacy. Establishing reliable solutions for secure and fast data retrieval is crucial. This research article proposes a novel way to search encrypted cloud data. The suggested method optimises queries with multiple terms and synonyms using a greedy depth-first search (DFS) algorithm and a sophisticated rating system. The suggested architecture assumes users would search using many keywords, some of which may be synonyms for article terms. A search algorithm that uses user query synonyms was created to solve this problem. Despite the constant increase of the search universe, greedy methods help us find the most relevant information. Our depth-first search strategy improves the likelihood of finding relevant information. Our study also uses a unique ranking system that considers keyword frequency, synonym precision, and keyword proximity to determine a text's relevance to a search query. Our suggested methodology outperforms state-of-the-art methods in simulated cloud architecture experiments using encrypted datasets and industry-standard protocols. Runtime, accuracy, and recall show this superiority. The greedy Depth-First Search (DFS) algorithm optimises resources, improving efficiency. A grading method helps users quickly find the most relevant publications by naturally arranging the results. This synonym-enhanced search strategy in encrypted cloud storage systems may improve privacy and usability today. [ABSTRACT FROM AUTHOR]

Published

2025

20. Implementing Identity-based Signature Schemes for Secure Data Transfer in Cloud Computing Environments

Author

Paul Osinuga, Ji-Jian Chin, and Terry Shue Chien Lau

Subjects

cha-cheon ibs, cloud security, elliptic curve cryptography, amazon web services, public key infrastructure, key management, Electronic computers. Computer science, QA75.5-76.95, Information technology, T58.5-58.64

Abstract

In this paper, we present the implementation of the Cha-Cheon Identity-Based Signature (IBS) scheme to enhance secure data transfer in cloud computing environments. Cloud computing rely on traditional Public Key Infrastructure (PKI) systems, which is burdened by certificate management infrastructure. The primary focus of this research to simplify key and certificate management by leveraging identity-based elliptic curve cryptography (ECC) within the Cha-Cheon IBS framework. We show that the proposed IBS solution integrates seamlessly with Amazon Web Services (AWS), utilizing services like S3 for secure data storage and KMS for key management. By applying ECC, the Cha-Cheon scheme achieves efficient cryptographic operations with smaller key sizes, resulting in reduced computational overhead, faster key generation, signature creation, and verification times compared to RSA-based systems. We conducted extensive performance evaluations to compare the Cha-Cheon IBS scheme with traditional PKI-based systems. The results demonstrate that our implementation significantly outperforms RSA in terms of key generation, encryption, and signature verification times, especially under increased user loads and data sizes. Moreover, the security analysis confirms the robustness of the Cha-Cheon IBS against key compromise, offering strong resistance to unauthorized access and key revocation issues. The scheme also scales efficiently as the number of users increases, making it ideal for large-scale cloud infrastructures. This research highlights the potential of IBS as a viable alternative to PKI systems, providing a more streamlined and efficient approach to secure data transfers in cloud environments.

Published

2025

21. Exploring Security Enhancements in Kubernetes CNI: A Deep Dive Into Network Policies

Author

Bom Kim, Jinwoo Kim, and Seungsoo Lee

Subjects

Container network interface, cloud security, container security, network policy, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

With the explosive growth of Kubernetes adoption, Container Network Interfaces (CNIs) have become critical components for configuring and securing container networks, but a comprehensive analysis of their security capabilities and performance impact is noticeably lacking. Our study conducts a comprehensive security analysis of the major CNI plugins (Cilium, Calico, WeaveNet, Kube-router, and Antrea) in cloud-native environments with Kubernetes through extensive evaluation of Layer 3/4 policy processing, policy complexity scaling, pod scalability, and Layer 7 policy processing. The experimental results show that eBPF-based Cilium maintains 8.9K Mbps throughput under complex L3/4 policies, but drops to 94 Mbps with L7 processing, while Antrea achieves 6.6K Mbps at L7 through HTTP filtering, with performance degrading as policy complexity increases. Under high concurrent pod loads, iptables-based CNIs show a 60-70% reduction in throughput, while Cilium maintains performance within 10% of baseline. These results reveal critical trade-offs between architectural choices and security capabilities, and provide practical guidelines for CNI selection based on specific operational and security requirements in cloud-native environments.

Published

2025

22. Memory management of firewall filtering rules using modified tree rule approach.

Author

Hakani, Dhwani and Mann, Palvinder Singh

Abstract

Firewalls are essential for safety and are used for protecting a great deal of private networks. A firewall's goal is to examine every incoming and outgoing data before granting access. A notable kind of conventional firewall is the rule-based firewall. However, when it comes to job performance, traditional listed-rule firewalls are limited, and they become useless when utilized with some networks that have extremely big firewall rule sets. This study proposes a model firewall architecture called "Tree-Rule Firewall," which has benefits and functions effectively in large-scale networks like "cloud." In order to improve cloud network security, this study suggests a modified tree rule firewall (MTRF cloud) that eliminates rule discrepancies. For the matching firewall policy, this work creates a tree rule firewall. There are no duplicate rules created by the proposed improved tree rule firewall. Also, memory utilization of different size rules is compared [ABSTRACT FROM AUTHOR]

Published

2025

23. QoS-Aware cloud security using lightweight EfficientNet with Adaptive Sparse Bayesian Optimization.

Author

J, Vinothini and E, Srie Vidhya Janani

Abstract

Cloud security is critical for safeguarding data and services in cloud environments. Traditional deep learning methods focus primarily on improving attack detection accuracy but often neglect Quality of Service (QoS) parameters. These parameters, such as latency, bandwidth, and response time, are essential for the overall performance of cloud services. This research addresses the problem by proposing two novel methods: a lightweight EfficientNet deep learning model for accurate attack detection with minimal QoS impact and Adaptive Sparse Bayesian Optimization (ASBO) to improve hyperparameter tuning efficiency. ASBO reduces computational complexity by using sparse surrogate models, adaptive sampling, and early stopping mechanisms, ensuring the optimization process is efficient and suitable for real-time applications. The research objectives include enhancing attack prediction accuracy and QoS maintenance in cloud security. The study evaluates the proposed methods on the CICIDS2017, CICIDS2018, and UNSW-NB15 datasets, covering various attack types such as DDoS, Brute Force, SQL Injection, Botnet, Port Scanning, and Infiltration. The results demonstrate significant improvements over existing methods, achieving 5–7% higher accuracy in attack detection. The proposed EfficientNet + ASBO method also ensures better QoS, reduces latency, increases bandwidth efficiency, and improves response times compared to other models. [ABSTRACT FROM AUTHOR]

Published

2025

24. AAQ-PEKS: An Attribute-based Anti-Quantum Public Key Encryption Scheme with Keyword Search for E-healthcare Scenarios.

Author

Xu, Gang, Xu, Shiyuan, Cao, Yibo, Xiao, Ke, Mao, Yanhui, Chen, Xiu-Bo, Dong, Mianxiong, and Yu, Shui

Abstract

Internet of Medical Things (IoMT) have been utilized in plentiful medical institutions. Nevertheless, since the security of EMRs in IoMT cannot be guaranteed, the EMRs should be encrypted before uploading to cloud server. Public key Encryption with Keyword Search (PEKS) can help the doctors to search encrypted EMRs, but traditional PEKS algorithms cannot resist to quantum computing attacks and without considering access control. To bridge the gap, we propose an attribute-based public key searchable encryption scheme based on lattice, named AAQ-PEKS. Initially, based on the LWE hardness, we first introduce the attribute-based PEKS that can resist quantum attacks for IoMT. Secondly, we combine Attribute-based Encryption (ABE) into AAQ-PEKS to realize access control for sensitive EMRs in the IoMT. Thirdly, the computational security analysis illustrates that our scheme achieves correctness, Indistinguishability against Chosen Plaintext Attack (IND-CPA) and Indistinguishability against Chosen Keyword Attack (IND-CKA). Lastly, comprehensive performance evaluation in practice elaborates that our AAQ-PEKS is more efficient compared with other existing top-tier schemes. To conclude, our scheme has the characteristics of resisting quantum attacks and fine-grained access control for EMR in the IoMT. [ABSTRACT FROM AUTHOR]

Published

2025

25. Leveraging Towards Access Control, Identity Management, and Data Integrity Verification Mechanisms in Blockchain-Assisted Cloud Environments: A Comparative Study

Author

Swatisipra Das, Rojalina Priyadarshini, Minati Mishra, and Rabindra Kumar Barik

Subjects

access control, IDM, data integrity, cloud security, blockchain, Technology (General), T1-995

Abstract

Today, IT organizations largely rely on cloud computing services to meet their infrastructure needs, making it the backbone of the industry. However, several challenges remain that need to be effectively addressed. Data breaches, identity and access management problems, unsafe interfaces and APIs, data loss, shared technology vulnerabilities, compliance and legal issues, inadequate data encryption, lack of visibility and control, delayed security patching, and the requirement to have faith in the cloud service provider’s security procedures are the primary security challenges in cloud computing. Blockchain technology has emerged as a promising technology to address many of these security issues. In this paper, an extensive study is carried out to analyze the security issues in the cloud and the categorization of gathered security issues in terms of security requirements, such as confidentiality, integrity, availability, authenticity, and privacy. Research questions are framed to dig deeper into the different blockchain-enabled solutions present to resolve cloud security issues, such as access control, identity management (IDM), and data integrity verification, along with their analysis. In-detail comparative analysis of the above blockchain-assisted solutions is also presented along with the future research directions.

Published

2024

26. I-MPaFS: enhancing EDoS attack detection in cloud computing through a data-driven approach

Author

Md. Sharafat Hossain, Md. Alamgir Hossain, and Md. Saiful Islam

Subjects

Economic denial of sustainability (EDoS), Machine learning in cloud security, Financial impact of cyberattacks, EDoS detection framework, Cloud security, Cloud service economic safety, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract Cloud computing offers cost-effective IT solutions but is susceptible to security threats, particularly the Economic Denial of Sustainability (EDoS) attack. EDoS exploits cloud elasticity and the pay-per-use billing model, forcing users to incur unnecessary costs. This research introduces the Integrated Model Prediction and Feature Selection (I-MPaFS) framework to address EDoS attacks. I-MPaFS framework enhances an existing dataset to improve performance, using the generated data to build a Random Forest model for EDoS detection. Our investigation employs the UNSW-NB15, CSE-CIC-IDS18 and NSL-KDD datasets, demonstrating the proposed method’s superiority over existing techniques. The model achieved recall scores of 99.45% on the UNSW-NB15 dataset, 98.19% on the CSE-CIC-IDS18 dataset, and 99.82% on the NSL-KDD dataset, highlighting its reliability and efficacy in safeguarding cloud users from financial exploitation. This study contributes to the field by evaluating current EDoS detection methods, introducing the I-MPaFS framework, validating its performance with benchmark datasets, and comparing its effectiveness against state-of-the-art techniques. The findings affirm the significant potential of I-MPaFS in enhancing cloud security and protecting users from EDoS attacks.

Published

2024

27. Optimizing encrypted search in the cloud using autoencoder-based query approximation.

Author

Mohamed, Mahmoud and Alosman, Khaled

Subjects

EVIDENCE gaps, COMMUNICATION infrastructure, AUTOENCODER, VECTOR data, SCALABILITY

Abstract

Copyright of Baghdad Science Journal is the property of Republic of Iraq Ministry of Higher Education & Scientific Research (MOHESR) and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

28. Improved Machine Learning Techniques for Precise DoS Attack Forecasting in Cloud Security.

Author

Younus, Yasir Mahmood, Ibraheem, Ahmed Salman, Tuama, Murteza Hanoon, and mashloosh, wahhab Muslim

Subjects

*MACHINE learning, *SUPERVISED learning, *DATA warehousing, *TECHNOLOGICAL risk assessment, *CLOUD computing, *DENIAL of service attacks

Abstract

One of the fundamental motives of Cloud based computing for the use of technologies of current era that based on Internet. The concept of cloud computing has exploded in popularity, and the reason for this is the costeffective transmission, storage, and intensive computation that it offers. The goal is to provide end-users with remote storage and data analysis capabilities utilising shared computer resources, lowering an individual's overall cost. Consumers, on the other hand, are still hesitant to use this technology owing to security and privacy concerns. This paper provides a thorough overview of the different risks and technological security problems associated with cloud computing. We use the UNSW dataset to train the supervised machine learning models. We then test these models with ISOT dataset. The algorithm's accuracy for DoS and probe attacks was investigated, and the findings were given as confusion matrices. Cloud computing has changed the technological scope by offering cost-effective transmission, storage, and computation. It’s security especially on Distributed Denial of Service Attacks remains a major concern. This study uses two datasets, UNSW and ISOT, to train and test supervised machine learning models for the prediction of DoS attacks. The model used achieved a remarkable accuracy of 99.6%. These findings present the ability of machine learning to improve cloud security in the near term.We have achieved an accuracy of 99.6% to predict a DoS attack. We present our results and argue that more research in the field of machine learning is still required for its applicability to the cloud security. [ABSTRACT FROM AUTHOR]

Published

2024

29. An Intelligent Lightweight Signing Signature and Secured Jellyfish Data Aggregation (LS3JDA) Based Privacy Preserving Model in Cloud.

Author

Rathinaeswari, S. P. and Santhi, V.

Subjects

*DATA privacy, *FOREST conservation, *RANDOM forest algorithms, *DATA security, *SECURITY systems

Abstract

Developing a secured and accurate disease diagnosis framework in the healthcare cloud systems are still remains one of the crucial problems in recent times. Due to the rapid growth of information and technology, it is highly essential to protect the patient health information against the unauthenticated users for ensuring the privacy and security. For this purpose, the different types of security approaches are developed in the conventional works, which are mainly focused on increasing the privacy of medical data stored in the cloud systems. However, it lacks with the major issues of increased computational overhead, communication cost, lack of security, complex mathematical modeling, and increased time consumption. Therefore, the proposed work objects to implement an intelligent and advanced privacy preserving framework, named as, lightweight signing signature based secured jellyfish data aggregation (LS3JDA) for ensuring the privacy of medical data in the healthcare cloud systems. The main contribution of this research work is to develop a new and lightweight privacy preservation model by incorporating the functions of both AI and signing signature algorithms for assuring data security in cloud systems. Moreover, it simplified the process of entire privacy preservation system with low computational burden and high data security. It also objects to accurately predict the type of disease based on the patients' medical history by using an advanced random forest (RF) machine learning methodology. The novel contributions of this work are, a message signing signature generation algorithm is used to strengthen the security of patients' medical data, and a jelly fish optimization (JFO) methodology is used to improve the process of data aggregation. The primary advantages of the proposed system are reduced processing time, low computational burden, and simple to deploy. For validating the results of the proposed model, several parameters include level of security, time, throughput, latency, signature cost, and communication overhead are assessed during evaluation. Moreover, the results are contrasted with some of the recent privacy preservation models for assuring the superiority of the proposed framework. Here, the overall processing time is reduced up to 1.5 ms, and communication overhead is reduced up to 100 bytes with the use of optimization integrated data aggregation model. [ABSTRACT FROM AUTHOR]

Published

2024

30. Securing cloud access with enhanced attribute-based cryptography.

Author

Kumar, Ashutosh and Verma, Garima

Subjects

*DATA privacy, *TECHNOLOGICAL innovations, *CLOUD computing, *CRYPTOGRAPHY, *GLOBALIZATION

Abstract

With technological advancements and increasing globalization, cloud computing has emerged as one of the most favoured environments for managing and maintaining data, information, and services worldwide. However, this widespread use of cloud computing necessitates addressing various security challenges and implementing adequate provisions for ensuring data confidentiality and privacy. This paper proposes a modified model to address the above challenges. An improved access control system utilizing attribute-based encryption (ABE) has been proposed for secure cloud access. In this system, the message is broadcasted by the owner, and only precise users possessing definite attributes and constraints are authorized to access shared data. The encryption is carried out on the basis of attributes of the users, and each user's secret share is generated based on their given identity information. The distributed hash table (DHT) is used to distribute ciphertext share and decryption key. The authorized users can receive the disseminated ciphertext only by utilizing their secret shares and the required attributes. The proposed model has been experimentally evaluated and compared with existing state-of-the-art systems, demonstrating its effectiveness and superiority. Additionally, the model incorporates extra features such as a time limit for data availability, biometrics-based identity verification, and resistance to various attacks. [ABSTRACT FROM AUTHOR]

Published

2024

31. KubeDeceive: Unveiling Deceptive Approaches to Protect Kubernetes Clusters.

Author

Aly, Abdelrahman, Fayez, Mahmoud, Al-Qutt, Mirvat, and Hamad, Ahmed M.

Subjects

CONTAINERIZATION, DESIGN competitions, DECEPTION, MIDDLEWARE, POSTURE

Abstract

The widespread adoption of containerization platforms, such as Kubernetes, has revolutionized application deployment and management. However, this evolution brings with it sophisticated security challenges. Deception-based strategies provide a powerful approach to address these challenges by misleading attackers with simulated resources. This paper presents KubeDeceive, a cutting-edge security framework specifically designed to enhance the security posture of Kubernetes environments through tailored deception techniques. KubeDeceive operates as a middleware, intercepting requests to the Kubernetes API server and guiding malicious users towards decoy components. Its effectiveness was evaluated in a Capture the Flag (CTF) competition designed to simulate real-world attacks. KubeDeceive proved highly effective, achieving a 100% success rate in preventing any participant from deploying a master node pod--the main target and final flag of the challenge--and trapping 89% of participants in deception decoys. Additionally, participants expended an average of 160 minutes in their unsuccessful attempts during dynamic scenarios, highlighting KubeDeceive's ability to prolong attacker engagement and decisively thwart their objectives. [ABSTRACT FROM AUTHOR]

Published

2024

32. Leveraging Towards Access Control, Identity Management, and Data Integrity Verification Mechanisms in Blockchain-Assisted Cloud Environments: A Comparative Study.

Author

Das, Swatisipra, Priyadarshini, Rojalina, Mishra, Minati, and Barik, Rabindra Kumar

Subjects

CLOUD computing security measures, DATA integrity, DATA security failures, BLOCKCHAINS, RESEARCH questions, DATA encryption, ACCESS control, CLOUD computing

Abstract

Today, IT organizations largely rely on cloud computing services to meet their infrastructure needs, making it the backbone of the industry. However, several challenges remain that need to be effectively addressed. Data breaches, identity and access management problems, unsafe interfaces and APIs, data loss, shared technology vulnerabilities, compliance and legal issues, inadequate data encryption, lack of visibility and control, delayed security patching, and the requirement to have faith in the cloud service provider's security procedures are the primary security challenges in cloud computing. Blockchain technology has emerged as a promising technology to address many of these security issues. In this paper, an extensive study is carried out to analyze the security issues in the cloud and the categorization of gathered security issues in terms of security requirements, such as confidentiality, integrity, availability, authenticity, and privacy. Research questions are framed to dig deeper into the different blockchain-enabled solutions present to resolve cloud security issues, such as access control, identity management (IDM), and data integrity verification, along with their analysis. In-detail comparative analysis of the above blockchain-assisted solutions is also presented along with the future research directions. [ABSTRACT FROM AUTHOR]

Published

2024

33. Forensic Investigation Capabilities of Microsoft Azure: A Comprehensive Analysis and Its Significance in Advancing Cloud Cyber Forensics.

Author

Morić, Zlatan, Dakić, Vedran, Kapulica, Ana, and Regvart, Damir

Subjects

DIGITAL forensics, FORENSIC sciences, VIRTUAL machine systems, CYBERTERRORISM, COMPUTER network security

Abstract

This article delves into Microsoft Azure's cyber forensic capabilities, focusing on the unique challenges in cloud security incident investigation. Cloud services are growing in popularity, and Azure's shared responsibility model, multi-tenant nature, and dynamically scalable resources offer unique advantages and complexities for digital forensics. These factors complicate forensic evidence collection, preservation, and analysis. Data collection, logging, and virtual machine analysis are covered, considering physical infrastructure restrictions and cloud data transience. It evaluates Azure-native and third-party forensic tools and recommends methods that ensure effective investigations while adhering to legal and regulatory standards. It also describes how AI and machine learning automate data analysis in forensic investigations, improving speed and accuracy. This integration advances cyber forensic methods and sets new standards for future innovations. Unified Audit Logs (UALs) in Azure are examined, focusing on how Azure Data Explorer and Kusto Query Language (KQL) can effectively parse and query large datasets and unstructured data to detect sophisticated cyber threats. The findings provide a framework for other organizations to improve forensic analysis, advancing cloud cyber forensics while bridging theoretical practices and practical applications, enhancing organizations' ability to combat increasingly sophisticated cybercrime. [ABSTRACT FROM AUTHOR]

Published

2024

34. Securing IoMT Applications: An Approach for Enhancing the Reliability of Security Policies within Cloud Databases.

Author

KSIBI, SONDES, JAIDI, FAOUZI, and BOUHOULA, ADEL

Subjects

DATABASES, ACCESS control, DATA warehousing, ELECTRONIC data processing, DATA security failures, INTERNET of medical things

Abstract

Applications of the Internet-of-Things (IoT) in healthcare have a great potential since they bring, in a cost effective manner, supreme solutions to large scale medical-care. The Internet-of-Medical-Things (IoMT) connects patients to caregivers and facilitates remote healthcare capabilities. Regardless of their expansion, especially during the COVID19 pandemic, IoMT applications encounter critical types of security risks. Many research efforts were conducted to help designing reliable E-Health Systems (EHS), but compliance and privacy-preserving solutions for EHS still require a lot of work. To address this requirement, we focus on reliability enhancement of security policies in the context of EHS. We especially deal with risk management within the data processing and storage area, in IoMT systems, composed mainly of cloud/private databases that store confidential medical data. Malicious users and attackers can discover and leak unauthorized data via exploiting authorized information and may expand their rights by using advanced features such as database functional dependencies. In such critical systems, identifying and evaluating risks associated to non authorized accesses and policies misconfigurations is highly required. We address, in this paper, the analysis and the management of the compliance of concrete security policies based on appropriate risk metrics. Our solution enhances a well-established formal verification and validation approach that allows identifying non-compliance anomalies in concrete policies with a quantified risk-assessment approach for evaluating risks. A case of application is presented as an example to illustrate the relevance of our proposal. [ABSTRACT FROM AUTHOR]

Published

2024

35. Enhancing network security using unsupervised learning approach to combat zero-day attack.

Author

Perumal, Rajakumar, Karuppiah, Tamilarasi, Panneerselvam, Uppiliraja, Annamalai, Venkatesan, and Kaliyaperumal, Prabu

Subjects

SUPPORT vector machines, DEEP learning, MACHINE learning, COMPUTER network security

Abstract

Machine learning (ML) and advanced neural network methodologies like deep learning (DL) techniques have been increasingly utilized in developing intrusion detection systems (IDS). However, the growing quantity and diversity of cyber-attacks pose a significant challenge for IDS solutions reliant on historical attack signatures. This highlights the industry's need for resilient IDSs that can identify zero-day attacks. Current studies focusing on outlier-based zero-day detection are hindered by elevated false-negative rates, thereby constraining their practical efficacy. This paper suggests utilizing an autoencoder (AE) approach for zero-day attack detection, aiming to achieve high recall while minimizing false negatives. Evaluation is conducted using well-established IDS datasets, CICIDS2017 and CSECICIDS2018. The model's efficacy is demonstrated by contrasting its performance with that of a one-class support vector machine (OCSVM). The research underscores the OCSVM's capability in distinguishing zero-day attacks from normal behavior. Leveraging the encoding-decoding capabilities of AEs, the proposed model exhibits promising results in detecting complex zero-day attacks, achieving accuracies ranging from 93% to 99% across datasets. Finally, the paper discusses the balance between recall and fallout, offering valuable insights into model performance. [ABSTRACT FROM AUTHOR]

Published

2024

36. I-MPaFS: enhancing EDoS attack detection in cloud computing through a data-driven approach.

Author

Hossain, Md. Sharafat, Hossain, Md. Alamgir, and Islam, Md. Saiful

Subjects

SUSTAINABLE development, INFORMATION technology, FEATURE selection, RANDOM forest algorithms, MACHINE learning

Abstract

Cloud computing offers cost-effective IT solutions but is susceptible to security threats, particularly the Economic Denial of Sustainability (EDoS) attack. EDoS exploits cloud elasticity and the pay-per-use billing model, forcing users to incur unnecessary costs. This research introduces the Integrated Model Prediction and Feature Selection (I-MPaFS) framework to address EDoS attacks. I-MPaFS framework enhances an existing dataset to improve performance, using the generated data to build a Random Forest model for EDoS detection. Our investigation employs the UNSW-NB15, CSE-CIC-IDS18 and NSL-KDD datasets, demonstrating the proposed method's superiority over existing techniques. The model achieved recall scores of 99.45% on the UNSW-NB15 dataset, 98.19% on the CSE-CIC-IDS18 dataset, and 99.82% on the NSL-KDD dataset, highlighting its reliability and efficacy in safeguarding cloud users from financial exploitation. This study contributes to the field by evaluating current EDoS detection methods, introducing the I-MPaFS framework, validating its performance with benchmark datasets, and comparing its effectiveness against state-of-the-art techniques. The findings affirm the significant potential of I-MPaFS in enhancing cloud security and protecting users from EDoS attacks. [ABSTRACT FROM AUTHOR]

Published

2024

37. Technical sandbox for a Global Patient co-Owned Cloud (GPOC).

Author

Davids, Joe, ElSharkawy, Mohamed, Ashrafian, Hutan, Herlenius, Eric, and Lidströmer, Niklas

Subjects

*MEDICAL records, *DIGITAL health, *TECHNOLOGICAL innovations, *ARTIFICIAL intelligence in medicine, *BLOCKCHAINS

Abstract

Background: The use of Cloud-based storage personal health records has increased globally. The GPOC series introduces the concept of a Global Patient co-Owned Cloud (GPOC) of personal health records. Technical sandboxes allow the capability to simulate different scientific concepts before making them production ready. None exist for the medical fields and cloud-based research. Methods: We constructed and tested the sandbox using open-source infrastructures (Ubuntu, Alpine Linux, and Colaboratory) and demonstrated it on a cloud platform. Data preprocessing utilised standard and in-house libraries. The Mina protocol, implementing zero-knowledge proofs, ensured secure blockchain operations, while the Ethereum smart contract protocol within Hyperledger Besu supported enterprise-grade sandbox development. Results: Here, we present the GPOC series' technical sandbox. This is to facilitate future online research and testing of the concept and its security, encryption, movability, research potential, risks and structure. It has several protocols for homomorphic encryption, decentralisation, transfers, and file management. The sandbox is openly available online and tests authorisation, transmission, access control, and integrity live. It invites all committed parties to test and improve the platform. Individual patients, clinics, organisations and regulators are invited to test and develop the concept. The sandbox displays co-ownership of personal health records. Here it is trisected between patients, clinics and clinicians. Patients can actively participate in research and control their health data. The challenges include ensuring that a unified underlying protocol is maintained for cross-border delivery of care based on data management regulations. Conclusions: The GPOC concept, as demonstrated by the GPOC Sandbox, represents an advancement in healthcare technology. By promoting patient co-ownership and utilising advanced technologies like blockchain and homomorphic encryption, the GPOC initiative enhances individual control over health data and facilitates collaborative medical research globally. The justification for this research lies in its potential to improve evidence-based medicine and AI dissemination. The significance of the GPOC initiative extends to various aspects of healthcare, patient co-ownership of health data, promoting access to resources and healthcare democratisation. The implications include better global health outcomes through continued development and collaboration, ensuring the successful adoption of the GPOC Sandbox and advancing innovation in digital health. [ABSTRACT FROM AUTHOR]

Published

2024

38. Harnessing DBSCAN and auto-encoder for hyper intrusion detection in cloud computing.

Author

Kaliyaperumal, Prabu, Periyasamy, Sudhakar, Periyasamy, Muthusamy, and Alagarsamy, Abinaya

Subjects

COMPUTER network traffic, COMPUTER network security, DEEP learning, CLOUD computing, SCALABILITY, DENIAL of service attacks

Abstract

The widespread availability of internet services has led to a surge in network attacks, raising serious concerns about cybersecurity. Intrusion detection systems (IDS) are pivotal in safeguarding networks by identifying malicious activities, including denial of service (DoS), distributed denial of service (DDoS), botnet, brute force, probe, remote-to-local, and user-to-root attacks. To counter these threats effectively, this research focuses on utilizing unsupervised learning to train detection models. The proposed method involves employing auto-encoders (AE) for attack detection and densitybased spatial clustering of applications with noise (DBSCAN) for attack clustering. By using preprocessed and unlabeled normal network traffic data, the approach enables the identification of unknown attacks while minimizing the impact of imbalanced training data on model performance. The autoencoder method utilizes the reconstruction error as an anomaly detection metric, while DBSCAN employs a density-based approach to identify clusters, manage noise, accommodate diverse shapes, automatically determine cluster count, ensure scalability, and minimize false positives. Tested on standard datasets such as KDDCup99, UNSW-NB15, CICIDS2017, and CSE-CIC-IDS2018, this proposed model achieves accuracies exceeding 98.36%, 98.22%, 98.45%, and 98.51%, respectively. These results demonstrate the effectiveness of unsupervised learning in detecting and clustering novel intrusions while managing imbalanced data. [ABSTRACT FROM AUTHOR]

Published

2024

39. Enhancing Cloud Security Through Block Chain: A Data Integrity and Trust Approach.

Author

Tanam, Aparna and Raja, G.

Subjects

BLOCKCHAINS, DATA integrity, CYBERTERRORISM, DATA warehousing, CLOUD computing

Abstract

With cloud computing leading the way in today's digital landscape, the safeguarding of data in cloud environments remains a major challenge. Established security methods usually do not meet the rising challenges posed by cyber threats such as insider attacks and breaches of data. This investigation finds flaws in current security practices and presents an innovative strategy that combines block chain technology to augment cloud safety. With its traits of immutability and decentralization, block chain opens avenues to build reliable data storage frameworks. Utilizing these aspects allows the proposed solution to lower the risk of unauthorized entry and data alteration while confirming the integrity of data in the cloud. The research shows how block chain helps preserve data integrity by effectively verifying data segments and increasing attack resistance. Using cryptographic hashing along with decentralized ledger technology improves safety and maintains efficiency. These results show that solutions utilizing block chain can greatly lower security vulnerabilities in the cloud and build confidence to boost cloud acceptance. [ABSTRACT FROM AUTHOR]

Published

2024

40. Data Recovery in Cloud Data Storage.

Author

Abdalhameed, Ahmed Ayad and Kadhim, Ammar Ismael

Subjects

DATA recovery, WIRELESS sensor networks, DATA integrity, DATA integration, DATA warehousing

Abstract

Due to its ability to provide unlimited computer resources and vast storage spaces immediately, cloud computing (CC) has gained great fame in recent years. However, the approach to deporting data to cloud computing raises serious security issues. Data safety monitoring requires regular verification processes to ensure data integration to solve this problem. In the proposed solution, we use a conservative compressor sensor to help multiple features (PPCS-MAA) and encryption AES to ensure data safety on unreliable servers. This algorithm aims to improve the accuracy and efficiency of data recovery, as PPCS allows data recovery with high accuracy and effectiveness, while adding MAA increases the accuracy of the restoration more. Since users cannot effectively monitor data on cloud servers, these methods provide important security measures. To ensure the recovery and authenticity of user data, we rely on an external audit company that performs data safety checks on behalf of customers to reduce the burden of maintaining data safety for customers/users. This solution can be applied in various fields and industries that depend on cloud computing, including wireless sensing networks, as the transfer of data to cloud servers require safely and effectively. [ABSTRACT FROM AUTHOR]

Published

2024

41. Cloud Security

Author

Jajodia, Sushil, editor, Samarati, Pierangela, editor, and Yung, Moti, editor

Published

2025

42. Cloud computing security assurance modelling through risk analysis using machine learning

Author

Sharma, Abhishek and Singh, Umesh Kumar

Published

2025

43. Enhancing data security in the cloud using MECC-SIDH enhanced CL-HPAEKS scheme

Author

Thamil Selvi, C. P., Lakshmana Kumar, R., and Punitha, P.

Published

2025

44. The significance of artificial intelligence in zero trust technologies: a comprehensive review

Author

Deepa Ajish

Subjects

Artificial intelligence, Cloud security, Cybersecurity, Zero trust, Electrical engineering. Electronics. Nuclear engineering, TK1-9971, Information technology, T58.5-58.64

Abstract

Abstract In the era of cloud computing, cybersecurity has assumed paramount importance. As organizations transition to cloud-based solutions, cyberattackers increasingly target cloud services as a lucrative avenue for unauthorized access to sensitive information. The traditional security perimeter, once robust, now exhibits porosity, necessitating a reevaluation of security strategies to counter these evolving threats. This paper delves into the critical role of artificial intelligence (AI) within zero trust security technologies. The convergence of AI and zero trust has garnered significant attention, particularly in the domains of security enhancement, risk mitigation, and the redefinition of trust paradigms. My exploration aims to uncover how AI actively observes and supports various technologies in zero trust model. By evaluating existing research findings, I illuminate the transformative potential of AI in fortifying security within zero trust security models. This scholarly perspective underscores the critical interplay between AI and zero trust technologies, highlighting their collective potential in safeguarding digital ecosystems.

Published

2024

45. Trust value evaluation of cloud service providers using fuzzy inference based analytical process

Author

Jomina John and K. John Singh

Subjects

Fuzzy logic, Cloud computing, Trust model, Cloud service provider, Cloud security, Trust parameters, Medicine, Science

Abstract

Abstract Users can purchase virtualized computer resources using the cloud computing concept, which is a novel and innovative way of computing. It offers numerous advantages for IT and healthcare industries over traditional methods. However, a lack of trust between CSUs and CSPs is hindering the widespread adoption of cloud computing across industries. Since cloud computing offers a wide range of trust models and strategies, it is essential to analyze the service using a detailed methodology in order to choose the appropriate cloud service for various user types. Finding a wide variety of comprehensive elements that are both required and sufficient for evaluating any cloud service is vital in order to achieve that. As a result, this study suggests an accurate, fuzzy logic-based trust evaluation model for evaluating the trustworthiness of a cloud service provider. Here, we examine how fuzzy logic raises the efficiency of trust evaluation. Trust is assessed using Quality of Service (QoS) characteristics like security, privacy, dynamicity, data integrity, and performance. The outcomes of a MATLAB simulation demonstrate the viability of the suggested strategy in a cloud setting.

Published

2024

46. Optimizing data retrieval for enhanced data integrity verification in cloud environments

Author

KC Akshay, Muniyal Balachandra, and Parashar Vikalp

Subjects

cloud security, information security, cloud auditing, cloud computing, cryptography, elliptic curve encryption, data integrity verification, Engineering (General). Civil engineering (General), TA1-2040

Abstract

In today’s rapidly evolving digital landscape, the urgency to secure data within expansive cloud storage systems has reached unprecedented levels. Conventional remote storage methods, while widely used, are inherently vulnerable to security breaches, corruption, and tampering. Recognizing this critical challenge, a state-of-the-art protocol has emerged to address these vulnerabilities head-on. This innovative solution integrates a sophisticated binary search tree (BST) structure with elliptic curve cryptography, ensuring not only efficient data retrieval but also robust encryption mechanisms. The protocol goes further by meticulously computing secure hashing algorithm hash values to verify the integrity of files, leaving no room for unauthorized modifications or tampering attempts. A thorough comprehensive benchmarking analysis has been conducted comparing this protocol with established techniques such as Rivest, Shamir, Adleman encryption and doubly linked list-based index table structures. The findings reveal that the proposed protocol outperforms these conventional methods, showcasing superior security features and computational efficiency. Remarkably, the proposed method reduces overheads by an impressive 5%, making it a highly favorable choice for both businesses and academic institutions. This marks a significant advancement toward fortified data security in cloud environments, contributing substantially to the ongoing discourse on secure data storage and management.

Published

2024

47. PRC6: Hybrid lightweight cipher for enhanced cloud data security in parallel environment.

Author

Mohammed, Zahraa A. and Hussein, Khalid Ali

Subjects

*CLOUD computing security measures, *DATA security, *ENCRYPTION protocols, *SOLUTION strengthening, *DATA protection

Abstract

Modern technologies of computing cloud are showing great promise, but at the same time create new security challenges that hinder full acceptance. Given that most of these services often use cloud networks as channels for communication, securing data transmission is crucial. This paper introduce a new hybrid encryption algorithm, the proposed two‐layered PRC6 cipher, tailored address security concerns in cloud computing environments with minimal resource constraints. The PRC6 cipher incorporates enhancements from Cha‐cha into an extension of the RC6 cipher. PRC6 implements double encryption. At the first level, the plain text is divided into four equal parts, each encrypted by processes derived from RC6, which include shifting, summation, modulo arithmetic, and XOR with a generated key. The second level incorporates a Quarter round function, among others, to further obscure the encoded message. PRC6 is implemented in a parallel computing model to significantly reduce overall computation time, especially important for lightweight applications. Experimental results show that the algorithm can achieve a high level of security for cloud workloads. It activates parallel mode in just seven encryption rounds, cutting calculation time to 50% in a matter of seconds. Performance evaluations against popular encryption standards also indicate that PRC6 offers promising security benefits when computational resources are limited. This hybrid approach presents a viable solution for strengthening data protection in modern cloud systems and it stand against the most popular attacks like brute force. [ABSTRACT FROM AUTHOR]

Published

2024

48. Malicious clouds coalition management for business processes deployment.

Author

Ahmed Nacer, Amina, Abdmeziem, Mohammed Riyadh, and Aid, Asma

Subjects

*CLOUD computing, *BUSINESS process management, *ACCESS to information, *COALITIONS

Abstract

Cloud computing has raised concerns about security, causing many companies to hesitate in adopting it. Despite these concerns, there are methods available to address the risks associated with implementing a business process (BP) in the cloud. One common approach involves breaking down the BP model into smaller fragments, allowing each cloud provider access to a specific part of the overall model. However, this method fails to protect against collaboration between malicious cloud providers, which, by pooling their knowledge, can exploit the logic of the process. To tackle this issue, our paper proposes an approach that effectively manages coalitions when they arise. To do this, we introduce observer and deceiver fragments, which play a crucial role in redirecting the process execution toward a fake task. This strategic redirection prevents access to important information. The obtained results demonstrate that our proposed solution enhances security, mitigates risks, and does not necessarily lead to higher costs compared to other methods based solely on splitting. [ABSTRACT FROM AUTHOR]

Published

2024

49. An Improved Co-Resident Attack Defense Strategy Based on Multi-Level Tenant Classification in Public Cloud Platforms.

Author

Peng, Yuxi, Jiang, Xinchen, Wang, Shaoming, Xiang, Yanping, and Xing, Liudong

Subjects

VIRTUAL machine systems, CLOUD computing, PROBLEM solving, CLASSIFICATION, ALGORITHMS, CLASSIFICATION algorithms

Abstract

Co-resident attacks are serious security threats in multi-tenant public cloud platforms. They are often implemented by building side channels between virtual machines (VMs) hosted on the same cloud server. Traditional defense methods are troubled by the deployment cost. The existing tenant classification methods can hardly cope with the real dataset that is quite large and extremely unevenly distributed, and may have problems in the processing speed considering the computation complexity of the DBSCAN algorithm. In this paper, we propose a novel co-resident attack defense strategy which solve these problems through an improved and efficient multi-level clustering algorithm and semi-supervised classification method. We propose a novel multi-level clustering algorithm which can efficiently reduce the complexity, since only a few parameter adjustments are required. Built on the proposed clustering algorithm, a semi-supervised classification model is designed. The experimental results of the classification effect and training speed show that our model achieves F-scores of over 85% and is significantly faster than traditional SVM classification methods. Based on the classification of unlabeled tenants into different security groups, the cloud service provider may modify the VM placement policy to achieve physical isolation among different groups, reducing the co-residency probability between attackers and target tenants. Experiments are conducted on a large-scale dataset collected from Azure Cloud Platform. The results show that the proposed model achieves 97.86% accuracy and an average 96.06% F-score, proving the effectiveness and feasibility of the proposed defense strategy. [ABSTRACT FROM AUTHOR]

Published

2024

50. Machine learning-based intelligent security framework for secure cloud key management.

Author

Ahmad, Shahnawaz, Mehfuz, Shabana, Urooj, Shabana, and Alsubaie, Najah

Subjects

*ENCRYPTION protocols, *ACCESS control, *REGULATORY compliance, *FINANCIAL institutions, *HAZARDS

Abstract

Ensuring the confidentiality, integrity, and availability of sensitive data in cloud environments relies heavily on the robust management of cryptographic keys. With the expansion of cloud usage and the increase in data volumes, ensuring the security and reliability of key management services is becoming an essential aspect of overall cloud security. These policies encompass various aspects, such as the lifecycle management of keys, controlling access, encryption protocols, and safeguarding keys, all of which collectively contribute to enhanced security and compliance with regulatory requirements. Two case studies demonstrate the application of existing frameworks in a financial institution and a healthcare organization. The paper concludes by highlighting potential applications and use cases across different industries. This study introduces a secure application management framework within the realm of cloud security called the secure policies of cloud security framework (SPCSF). SPCSF is built around the idea of implementing precise control over application permissions and encrypting REST API communications to enhance protection against malicious attacks. The framework is made up of two main parts: (i) a permission detection engine that determines whether an application's permissions are legitimate. By looking at permission manifests, byte codes, and cross-referencing permissions against a well-defined list of sensitive APIs, it accomplishes this. (ii) Registration Authorization Engine: this engine makes it easier for applications to register securely with the controller. It makes use of a suggested technique for safe authentication, allowing or denying applications access to requested REST APIs based on the level of danger they pose. With this strategy, approved and secure access to vital resources is guaranteed. [ABSTRACT FROM AUTHOR]

Published

2024