Issue No. 04 - Oct.-Dec. (2017 vol. 5)
Mazhar Ali , Department of Computer Science, COMSATS Institute of Information Technology, Pakistan
Saif U. R. Malik , Department of Computer Science, COMSATS Institute of Information Technology, Pakistan
Samee U. Khan , Department of Electrical and Computer Engineering, North Dakota State University, ND, Fargo
Off-site data storage is an application of cloud that relieves the customers from focusing on data storage system. However, outsourcing data to a third-party administrative control entails serious security concerns. Data leakage may occur due to attacks by other users and machines in the cloud. Wholesale of data by cloud service provider is yet another problem that is faced in the cloud environment. Consequently, high-level of security measures is required. In this paper, we propose data security for cloud environment with semi-trusted third party (DaSCE), a data security system that provides
(a) key management (b) access control, and (c) file assured deletion. The DaSCE utilizes Shamir's ( k, n) threshold scheme to manage the keys, where k out of n shares are required to generate the key. We use multiple key managers, each hosting one share of key. Multiple key managers avoid single point of failure for the cryptographic keys. We (a) implement a working prototype of DaSCE and evaluate its performance based on the time consumed during various operations, (b) formally model and analyze the working of DaSCE using high level petri nets (HLPN), and (c) verify the working of DaSCE using satisfiability modulo theories library (SMT-Lib) and Z3 solver. The results reveal that DaSCE can be effectively used for security of outsourced data by employing key management, access control, and file assured deletion.
Silicon, Cloud computing, Public key, Encryption, Petri nets
M. Ali, S. U. Malik and S. U. Khan, "DaSCE: Data Security for Cloud Environment with Semi-Trusted Third Party," in IEEE Transactions on Cloud Computing, vol. 5, no. 4, pp. 642-655, 2017.