Elsevier

Computers & Security

Volume 62, September 2016, Pages 328-347
Computers & Security

Triangular data privacy-preserving model for authenticating all key stakeholders in a cloud environment

https://doi.org/10.1016/j.cose.2016.08.006Get rights and content

Abstract

Cloud computing is a relatively new paradigm that provides numerous advantages to service providers, developers, and customers with respect to flexibility, scalability, and availability at a lower cost. Motivated by these technical and economical advantages, many data owners outsource their data to centralized large data centers where the data are not only stored but also shared among multiple users. This method of data outsourcing brings many new security challenges for data integrity. There have been several mechanisms proposed lately that allow data owners to use a public verifier (e.g., a third-party auditor (TPA)) for efficiently auditing cloud data integrity. The use of a TPA for this purpose is inevitable, since it provides several advantages to both cloud service users (CSUs) and cloud service providers (CSPs) in terms of efficiency, fairness, trust, etc. – which is essential to achieve economies of scale for cloud computing. Although the existing public auditing schemes are capable of simultaneously performing multiple auditing tasks (including the integrity of cloud data) in an efficient manner, these methods can reveal confidential information to public verifiers which makes a TPA a potential threat to the data security of CSUs and the reputation of CSPs. Therefore, cloud computing requires a holistic approach to security that can deal with all the potential threats that exist in the cloud environment. Taking these points into account, this paper presents a novel triangular data privacy-preserving (TDPP) model that supports public auditing with the capability of auditing all the key stakeholders (i.e., CSU, TPA, and CSP) for achieving optimal security in a cloud environment. Specifically, our proposed TDPP model supports three types of auditing. First, the TPA can audit the CSP for ensuring (a) the correctness of the CSU's data stored at the service provider side and (b) that the CSP is in full compliance of its own service level agreement (SLA). Second, the TPA can audit the CSU to (a) determine any violation of terms and conditions defined in the SLA for the cloud services provided by the CSP and (b) monitor the feedback provided by the CSU for the utilized services. Third, either the CSU or CSP can audit the TPA to minimize the possibility of any potential insider threats or attacks. For instance, the CSU can audit the TPA to (a) ensure that private information being shared with the TPA is not disclosed to any third party or misused by an insider and (b) verify that the TPA performs assigned auditing tasks according to the given specification within the agreed time frame. Our experimental results demonstrate the effectiveness and efficiency of our proposed scheme when auditing all key stakeholders.

Introduction

Cloud computing is an emerging web-based computing paradigm that has achieved unprecedented success and adoption in recent years (Park et al., 2012). Despite the technical and economical advantages of cloud computing, many potential cloud consumers are still hesitant to adopt cloud computing due to security and privacy concerns. These security and privacy concerns exist due to the fact that most of the security controls and measures by cloud service providers (CSPs) are not completely transparent to the cloud service users (CSUs). Due to this lack of transparency, CSUs have limited security visibility which increases the trust deficit between the cloud users and service providers.

Recently, there have been few security evaluation frameworks proposed to measure the security controls of cloud service providers (Garg et al, 2013, Rizvi et al, 2015, Tariq, 2012). For instance, a security metric is proposed by Rizvi et al. (2015) that facilitates the CSUs in evaluating the security status of a service provider and produces a final security index score using the security preferences provided by the CSU. Although the proposed security metric takes minimum user input for security evaluation, the accuracy of the final security index still depends on the values of the top level factors (e.g., transparency, colocation, multitenancy, etc.) as defined by CSUs.

CSP storage security has been investigated thoroughly (Hao, Yu, 2010, Sebé et al, 2008, Singh et al, 2012, Wang et al, 2009, Wang et al, 2012). Data availability and integrity are two highly demanded features of CSPs to guarantee privacy protection. Furthermore, since the cloud users do not have physical access to the outsourced data, it raises the question of data privacy protection in cloud computing, particularly for users with very limited computing resources (Huang et al., 2014). There are also several motivations regarding the corruption of the CSP that can unfaithfully destroy the CSUs' outsourced data. Furthermore, CSPs can also attempt to sustain their reputation by hiding the lost data (Shah et al., 2008). However, the outsourcing of data storage with cloud services could parsimoniously be available for large-scale storage. On the other hand, there is no solid promise and indemnity to preserve the integrity and availability of the data stored on the cloud. If this issue is not accurately addressed, it may obstruct and weaken the realization of the cloud computing environment. Considering the large amount of outsourced data and limited financial resources of CSUs, the auditing task to guarantee perfection and correctness of cloud data could be extremely challenging and costly for the CSUs (Brunette and Mogull, 2009). Thus, the cloud storage overhead should be reduced as much as possible by performing limited operations for retrieving data. Besides these challenges, preserving the data privacy is of paramount significance to build the trust of CSUs to the cloud computing.

The TPA could play a substantial role to guarantee data privacy by preserving the computational means, as well as online burden of CSUs through impartial and fair auditing processes. In addition, the auditing process of TPA would also help CSPs in improving the Quality of Service (QoS) of cloud-based platforms and functions for free and impartial determinations. However, the reliability of a TPA could be an unpredictable challenge because the TPA itself could become a malicious adversary. To handle privacy protection, the researchers have introduced distributed protocols to confirm data correctness and privacy across multiple peers and servers (Bowers et al, 2009, Dodis et al, 2009, Juels, Kaliski, 2007, Zheng, Xu, 2011). Many of the proposed protocols support publicly certifiable remote integrity checking processes except these (Shacham, Waters, 2008, Sqalli et al, 2011, Wang et al, 2010). However, without proper implementation, publicly certifiable auditing would perpetrate cloud users a false perception that their data stored with the CSP are undamaged. Privacy-preserving public auditing with blind technique was first proposed by Wang et al. (2010) following the idea introduced by Shacham and Waters (2008). In Wang et al. (2010), the verifier disguises the proof with some randomness so that the TPA cannot detect the file blocks. Subsequently, Xu (2011) exploits the potential threats originating from Wang et al. (2010) when the designated file blocks possess low entropy and allow cloud users to audit the TPA by reviewing its audit process. Ensuring the integrity of remotely stored data, secure auditable models have been proposed by Ateniese et al, 2007, Shacham, Waters, 2008, Shah et al, 2007, and Wang et al. (2010).

Although the above approaches seem quite effective in providing the security information in a quantitative way, they have only focused on helping CSUs evaluate the security controls and security measures deployed at the service provider side. However, not all CSUs are capable of evaluating CSPs by themselves. This is mainly because of two reasons: (a) CSUs are not assumed to have a sufficient knowledge of security and privacy (i.e., an average CSU does not have cloud-audit specific knowledge; Ryoo et al., 2014) and (b) CSUs are not assumed to have high processing power to perform such large computations (i.e., that will put too much burden on a cloud user; Liu et al., 2014).

To lower the computational burden on CSUs, the concept of a third party auditor (TPA) has been introduced by many researchers (Wang et al, 2010, Wang et al, 2011, Zhuo et al, 2011). It has been shown by Rizvi et al. (2015a) that TPAs are not only successful in lowering the computational burden from the CSUs but also help in establishing the trust between the two entities. Researchers believe that the TPA will become a standard service for cloud computing in the near future as it is critical to audit and evaluate the performance of CSPs (Zhang et al., 2014). For instance, the following research works (Habib et al, 2013, Ko et al, 2011) use the TPA in establishing the time-variant trust of CSUs on a service provider by assigning a security rank or a trust-value to the CSP. The security rank is typically computed by performing the security audit of a CSP and taking the customer feedback into account. The value of the security rank causes variation in trust-value over time. These ranking methods mainly consider the customer feedback as one main factor that increases/decreases the value of a security rank for a given CSP. As a result, continuously-biased negative feedback from one particular CSU can unfairly damage the trustworthiness of a CSP. The current research work does not provide any method for auditing the CSUs and monitoring their activities to minimize the possibility of biased behavior. This implies that a security ranking system that solely depends on customer feedback cannot accurately reflect the true security status of a CSP.

Therefore, an ideal data security and privacy model demands a TPA that is not only capable of evaluating the security readiness of a given CSP but also capable of auditing the CSUs. The obvious advantage of using a TPA-based system is two-fold: First, it (a) assists the CSU in evaluating the security controls and security measures of a CSP; (b) performs the necessary computations on behalf of a CSU and lowers its computational burden; and (c) facilitates the decision making process at the client side. Second, it facilitates the CSP by (a) auditing and monitoring the CSUs behavior and activities to minimize the possibility of any unfair negative feedback for cloud services and (b) enforcing the CSUs to strictly comply with the service level agreement (SLA).

Although the use of a TPA provides several advantages to both CSUs and CSPs in terms of security, efficiency, and enforcing the compliance policies, this approach requires CSUs to fully trust a TPA after moving its sensitive information (Liu et al, 2014, Rizvi et al, 2015b). In such a situation where a CSU has to trust a TPA, it is possible that an internal employee (i.e., an insider) with a higher level of privileges can gain access to confidential data and cause a considerable amount of damage to both the CSP and CSU (Lombardi and Pietro, 2010). Therefore, for a strong and a complete data security and privacy model, it is critical to have the capability of periodically checking the integrity of the TPA to minimize the possibility of insider attacks.

Hence, existing schemes address the auditability process, but not dealing with the security concerns of these three entities. To provide an optimal security solution, this paper presents a novel triangular data privacy-preserving protocol for increasing the trust level of three important stakeholders (i.e., CSU, CSP and TPA). There is no defined mechanism available to authenticate these three stakeholders to improve the trust level. The main focus of this paper is to provide a complete satisfaction for these three entities, as CSU obtains the services from CSP by using pay-by-usage-service. To keep the data secure and available, it is the responsibility of the CSP to maintain data integrity. On the other hand, the TPA protects the data privacy and rights of CSUs through its neutral and fair auditing process. There is a challenge to improve the trust level among these three stakeholders. The triangular data privacy preserving protocol introduces the unique authentication process among these three stakeholders. The proposed TDPP consists of three major components: Dual Authentication for Cloud Service User (DA-CSU), Malicious Detection Role for Cloud Service Provider (MDR-CSP), and Malicious Detection Role for Third Party Auditor (MDR-TPA). The DA-CSU consists of three features: secure policy enforcement point (SPEP), secure identity provider (SIDP), and secure policy decision point (SPDP). It authenticates the CSU to minimize potential malicious behaviors. The MDR-CSP is used to check for malicious activities. In addition, MDR-CSP provides CSUs the right to set their QoS requirements (e.g., bandwidth, throughput, reliability, availability, and data loss etc.) and anticipate the time needed for each task to be complete. To restrict the malicious role of the TPA, the MDR-TPA is introduced. The MDR-TPA provides the verification of data outsourced to the CSP and also keeps the accountability of the TPAs. Thus, TPAs cannot get a chance to share the confidential information of any CSU with a prohibited party. In addition, the TPA also does not get a chance to exploit the resources of CSPs. When the authenticity of these stakeholders is validated, the trust-level is established and expected to evolve over a period of time.

To build a secure cloud environment, we envision a triangular data privacy-preserving model that provides the line of trust among three key stakeholders (i.e., CSU, TPA, and CSP). In this research work, the scope of the auditing capability is limited to (a) authenticating all the stakeholders, (b) ensuring the integrity of the TPA, (c) enforcing the strict compliance of the SLA by both CSUs and CSPs, (d) ensuring the message authentication at the provider side, and (e) determining the conspiracy role of TPA. Specifically, the TPA audits the CSP for ensuring (a) the correctness of the CSU's data stored at the service provider side and (b) that the CSP is in full compliance of its own SLA. Similarly, the CSP audits the CSU to (a) determine any violation of terms and conditions defined in the SLA for the cloud services provided by the CSP and (b) monitor the feedback provided by the CSU for the utilized services and (c) assigning the role to CSU to audit the CSP. Finally, an audit of the TPA can be performed by both the CSU and CSP to minimize the possibility of any potential insider threats or attacks. For instance, the CSU can audit the TPA to (a) ensure that the TPA performs its neutral role in auditing and not hiding the malfunctioning or misbehaving role of CSP and (b) verify that the TPA performs assigned auditing tasks according to the given specification within the agreed time frame.

Section snippets

System model and design goals

This section addresses the security and privacy-related challenges among three entities: CSU, CSP, and TPA. These three different system model entities can be defined as follows:

  • i.

    Cloud Service Users (CSUs): They are individual consumers and organizations that store their data in the cloud data center and trust the service provider for data computations.

  • ii.

    Cloud Service Provider (CSP): This is the organization that possesses the substantial resources and expertise for managing the distributed cloud

Proposed triangular data privacy-preserving (TDPP) model

In this section, we present our proposed TDPP model which provides mechanisms for authenticating all of the stakeholders (i.e., CSU, CSP, and the TPA). This model aims to ensure the integrity of the client's data stored in the cloud data center, which can be retrieved on-demand and is unable to be tampered by the CSP. Recent work has focused more on evaluating the reliability of the CSP in terms of its security and data privacy measures or on complying with its SLA. However, little work has

Performance evaluation of the proposed scheme

To show the practicality of the proposed scheme, we tested the TDPP in a variety of different scenarios. The system is modeled in C++ and tested on the GreenCloud simulator. The GreenCloud simulator is installed with Ubuntu 14.04 operating system. The experiments are conducted on a computer with 2.8 GHz Pentium Dual Core CPU and 5 GB RAM. The test machine uses the 64-bit version of Windows 10. The data center supported scenarios are generated using the GreenCloud simulator. The highly scalable

Related work

In this section, we focus on the salient features of the most related recent research work for the data privacy preservation/protection of the cloud computing environment. Many authors have discussed cloud services and their privacy protection model. The model is based on the web services, which addressed the data control issues for cloud users, e.g. data access, data integrity, data recovery, data separation, data disposition and data regulations (Chadwick and Fatema, 2012). Sengupta et al.

Conclusion

This paper presented a novel TDPP model to audit all the key stakeholders (i.e., CSU, TPA, and CSP) in a cloud environment to achieve optimal security. The paper discussed how a public verifier (i.e., a TPA) could be used to perform regular auditing tasks (e.g., auditing CSP on the request of the CSU and vice versa) to significantly reduce the computational burden on other stakeholders and introduce fairness into the cloud system that develops the trust between the CSU and CSP. The capability

Syed S. Rizvi is an Assistant Professor of Information Sciences and Technology at the Pennsylvania State University. His research interests lie at the intersection of computer networking, information security and modeling and simulation. Recently, he has been working on security issues in cloud computing, cognitive radios for wireless communications, and modeling and simulation of large-scale networks. He has authored and co-authored several technical refereed and non-refereed papers in various

References (54)

  • G. Brunette et al.

    Security guidance for critical areas of focus in cloud computing v2. 1

    Cloud Secur Alliance

    (2009)
  • Y. Dodis et al.

    Proofs of retrievability via hardness amplification

  • C. Gentry

    Computing arbitrary functions of encrypted data

    Commun ACM

    (2010)
  • S.M. Habib et al.

    A trust-aware framework for evaluating security controls of service providers in cloud marketplaces

    (2013)
  • HaoZ. et al.

    A multiple-replica remote data possession checking protocol with public verifiability

  • HaoZ. et al.

    A privacy-preserving remote data integrity checking protocol with data dynamics and public verifiability

    IEEE Trans Knowl Data En

    (2011)
  • HuangK. et al.

    Securing the cloud storage audit service: defending against frame and collude attacks of third party auditor

    IET Commun

    (2014)
  • A. Juels et al.

    PORs: proofs of retrievability for large files

  • R. Ko et al.

    TrustCloud: a framework for accountability and trust in cloud computing

    (2011)
  • I.T. Lien et al.

    A novel privacy preserving location-based service protocol with secret circular shift for K-NN search

    IEEE Trans Inf Forensics Security

    (2013)
  • F. Lombardi et al.

    Transparent security for cloud

    (2010)
  • J. Park et al.

    Near-real-time cloud auditing for rapid response

    (2012)
  • S. Pearson et al.

    A privacy manager for cloud computing

  • S. Ramgovind et al.

    The management of security in cloud computing

  • S. Rizvi et al.

    A stakeholder-oriented assessment index for cloud security auditing

    (2015)
  • S. Rizvi et al.

    Cloud data integrity using a designated public verifier

  • S. Rizvi et al.

    Third-party auditor (TPA): a potential solution for securing a cloud environment

  • Cited by (35)

    • TIIA: A blockchain-enabled Threat Intelligence Integrity Audit scheme for IIoT

      2022, Future Generation Computer Systems
      Citation Excerpt :

      Thus, the integrity audit is essential to the queried threat intelligence on blockchain. The existing integrity audit schemes generally resort to a centralized trusted Third Party Auditor (TPA) to carry out the verification between the user and service providers, which may be unrealistic to find a reliable TPA in practice [14–18]. Meanwhile, they are also troubled by general centralization problems like single points of failure, TPA performance limitations [19].

    • An efficient and scalable privacy preserving algorithm for big data and data streams

      2019, Computers and Security
      Citation Excerpt :

      Data encryption and data perturbation-based solutions have proven to be more viable for privacy-preserving data publishing and analysis than methods based on authentication and authorization (Verykios et al., 2004). Some recent examples for encryption based privacy-preserving approaches for cloud computing include PPM (Razaque and Rizvi, 2017), Sca-PBDA (Wu et al., 2016) and TDPP (Razaque and Rizvi, 2016), which provide scalable privacy-preserving data processing infrastructures. However, cryptographic mechanisms are less popular in PPDM for “controlled information release” due to the high computational complexity, hence not suitable for resource-constrained devices.

    • Improved TOPSIS: A multi-criteria decision making for research productivity in cloud security

      2019, Computer Standards and Interfaces
      Citation Excerpt :

      Based on literature [32,44–46,67] this section aims to list techniques and properties that should be inherited to CC architecture. Table 1 illustrates various security techniques and properties listed in literature [21,68–115]. As per literature security technique is an action, device, or procedure that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective measures and action can be taken [70,110–112,118].

    • Review on Privacy and Trust Methodologies in Cloud Computing

      2024, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    • Cloud Dynamic and Public Auditing Scheme for Secure Data by using RSA with Modified Dynamic Hash Table

      2024, International Journal of Intelligent Systems and Applications in Engineering
    • C-Wall: Conflict-Resistance in Privacy-Preserving Cloud Storage

      2023, IEEE Transactions on Cloud Computing
    View all citing articles on Scopus

    Syed S. Rizvi is an Assistant Professor of Information Sciences and Technology at the Pennsylvania State University. His research interests lie at the intersection of computer networking, information security and modeling and simulation. Recently, he has been working on security issues in cloud computing, cognitive radios for wireless communications, and modeling and simulation of large-scale networks. He has authored and co-authored several technical refereed and non-refereed papers in various international conferences, journal articles, and book chapters in research and pedagogical techniques. He is a member of IEEE Communications Society and the ACM.

    Abdul Razaque received his PhD degree in Computer Science & Engineering from the University of Bridgeport, USA. His research interests include the wireless sensor networks, cloud computing security, design and development of mobile learning environments, multimedia applications and ambient intelligence. He has authored over 80 international academic publications including journals, conferences and book chapters. He is currently active researcher of Wireless and Mobile Communication (WMC) laboratory, UB, USA. He is Editor-in-Chief for International Journal for Engineering and Technology (IJET), Singapore. In addition, he is Editor, Associate Editor and Member of Editorial Board for several international Journals.

    View full text