Enhancing cloud computing security and privacy

Western Sydney University thesis: Master's thesis

Abstract

This thesis aims to enhance cloud computing security by proposing a solution based on the DCS approach. The research towards achieving this aim starts with a systematic review of the literature to establish a framework to utilize DCS concepts for improving data security and privacy in cloud environments. The DCS concept is based on providing security at the data level. Hence, the data are self-describing, self-defending and self-protecting during their lifecycle in the cloud environments. The data owner is solely responsible to set and manage the data privacy and security measures. These requirements can be achieved without depending on trusting the cloud provider or/and a trusted third party assistance. Then, this conceptual framework is developed into an applied solution. The proposed solution is based on the Chinese Remainder Theorem (CRT) and utilizes symmetric and asymmetric encryption techniques. To reduce the computational and management overheads, access control policy enforcement and sharing the symmetric key of encrypted data are accomplished in an efficient manner based on the CRT. For enhancing security, the data owner is able to use a unique symmetric key for encrypting each set of data and to attach it securely to the encrypted data. Only authorized users are given access to the key. Additionally, the privacy of access is improved by keeping the number of authorized users and their identities hidden even from the cloud provider. Moreover, secure search capabilities on the encrypted data are an integral part of the proposed solution. All the required security parameters, including integrity and authenticity proof parameters, are attached to the encrypted data to create a secure file container, which is referred to as a DCS file. Only authorized users can search and access DCS files, based on the embedded policies that are set and managed exclusively by the data owner. This work also examines the relevant implementation issues and overheads of the proposed solution, mainly in terms of the required computation and storage capabilities. The experimental evaluations and the implementations use Java for the main operations. These operations include; creating the DCS files at the data owner side, searching through them at the server, and decrypting their contents at client side. The implementation and experiments show that the proposed solution can be used practically and efficiently. In summary, one of the main contributions of this work is to take advantage of the benefits of the DCS approach in achieving practical solutions to security and privacy issues encountered in the cloud computing environments. In approaches developed here, all the security measures are created and managed by the data owner and are tightly attached to the data without requiring additional key management overhead or complex computations. The solutions strengthen the security to the level that even the cloud provider cannot compromise the integrity and privacy of users' data.
Date of Award2013
Original languageEnglish

Keywords

  • cloud computing
  • security measures
  • computer networks
  • data protection
  • computer security

Cite this

'