access icon free uCloud: a user-centric key management scheme for cloud data protection

© The Institution of Engineering and Technology
Received 18/06/2012, Accepted 28/01/2013, Revised 27/12/2012, Published

One of the most challenging problems of cloud service solicitation is to persuade users to trust the security of cloud service and upload their sensitive data. Although cloud service providers can claim that their services are well-protected by elaborate encryption mechanisms, traditional cloud systems still cannot persuade the users that even if the cloud servers are compromised, the data are still securely protected. This study proposes uCloud, a user-centric key management scheme for cloud data protection, to solve this problem. uCloud utilises RSA and indirectly encrypts users’ data by users’ public keys, but stores the users’ private keys on neither servers nor users’ PCs; instead, the private keys are stored on users’ mobile devices and presented via two-dimensional (2D) barcode images when they are utilised to decrypt users’ sensitive data. In this manner, users’ data are safely protected even if the cloud servers are compromised. Also, uCloud provides users with the experience of managing visible private keys by storing the keys into mobile phones and displaying them via 2D barcodes. Moreover, three scenarios: personal storage, home surveillance and enterprise storage scenarios are proposed to present the practicability of uCloud. In addition, a hierarchical structure is designed for basic key backup and data sharing in the proposed scheme.

Inspec keywords: private key cryptography; public key cryptography; trusted computing; cloud computing; business data processing; home computing; mobile computing

Other keywords: two-dimensional barcode images; home surveillance; uCloud; cloud service providers; cloud service security; cloud servers; data sharing; cloud data protection; user mobile devices; enterprise storage scenarios; 2D barcode images; user sensitive data decryption; personal storage; cloud service solicitation; encryption mechanisms; sensitive data; user public keys; user-centric key management scheme; RSA; user data encryption; user private keys

Subjects: Mobile radio systems; Cryptography; Internet software; Home computing; Data security; Mobile, ubiquitous and pervasive computing

References

    1. 1)
      • 14. Sanka, S., Hota, C., Rajarajan, M.: ‘Secure data access in cloud computing’. IEEE Fourth Int. Conf. Internet Multimedia Systems Architectures and Applications (IMSAA 2010), Bangalore, December 2010.
    2. 2)
      • 4. Heiser, J., Nicolett, M.: ‘Assessing the security risks of cloud computing’. Gartner, Incorporated, 3 June 2008.
    3. 3)
      • 20. Gao, J.Z., Prakash, L., Jagatesan, R.: ‘Understanding 2D-BarCode technology and applications in M-commerce – design and implementation of a 2D barcode processing solution’. Proc. 31st Int. Conf. Annual International Computer Software and Applications, 2007, pp. 4956.
    4. 4)
      • 10. Kannan, S., Gavrilovska, A., Schwan, K.: ‘Cloud4Home – enhancing data services with @Home clouds’. Int. Conf. Distributed Computing Systems (ICDCS 2011), 2011.
    5. 5)
      • 22. Seino, K., Kuwabara, S., Mikami, S., et al: ‘Development of the traceability system which secures the safety of fishery products using the QR code and a digital signature’. Proc. MTS/IEEE TECHNO-OCEAN, Kobe, 2004, vol. 1, pp. 476481.
    6. 6)
      • 7. Kornowski, R., Zeeli, D., Averbuch, M.: ‘Intensive home-care surveillance prevents hospitalization and improves morbidity rates among elderly patients with severe congestive heart failure’, Am. Heart J., 1995, 129, pp. 762766 (doi: 10.1016/0002-8703(95)90327-5).
    7. 7)
      • 12. Kamara, S., Lauter, K.: ‘Cryptographic cloud storage’. ACM Workshop on Cloud Security, 2009.
    8. 8)
      • 24. Chaisatien, P., Akahori, K.: ‘Introducing QR code in classroom management and communication via mobile phone application system’. Proc. World Conf. Educational Multimedia, Hypermedia and Telecommunications, 2006, pp. 21812187.
    9. 9)
      • 27. Critchlow, D., Zhang, N.: ‘Revocation invocation for accountable anonymous PKI certificate trees’. Proc. Ninth IEEE Symp. Computers and Communications (ISCC'2004), 2004, pp. 386392.
    10. 10)
      • 9. Lu, M.T., Yao, J.J., Chen, H.H.: ‘A complexity-aware video adaptation mechanism for live streaming systems’, EURASIP J. Adv. Signal Process., 2007, 2007, pp. 110 (doi: 10.1155/2007/47921).
    11. 11)
      • 13. Dai, L., Zhou, Q.: ‘A PKI-based mechanism for secure and efficient access to outsourced data’. Proc. Second Int. Conf. Networking and Digital Society (ICNDS), June 2010, (1), pp. 640.
    12. 12)
      • 11. Curino, C., Jones, E.P.C., Popa, R.A., et al: ‘Relational cloud: a database-as-a-service for the cloud’. Proc. Fifth Biennial Conf. Innovative Data Systems Research (CIDR'11|), 2011.
    13. 13)
      • 23. Ohbuchi, E., Hanaizumi, H., Hock, L.A.: ‘Barcode readers using the camera device in mobile phones’. IEEE Int. Conf. Cyberworlds (CW04), 2004.
    14. 14)
      • 21. Kato, H., Tan, K.T.: ‘2D barcodes for mobile phones’. Proc. Second Int. Conf. Mobile Technology, Applications and Systems, 2005, p 8.
    15. 15)
      • 26. Khurana, H., Gligor, V.D.: ‘Review and revocation of access privileges distributed with PKI certificates’. Proc. Security Protocols Workshop, 2002, pp. 100112.
    16. 16)
      • 30. McCune, J.M., Li, Y., Qu, N., et al: ‘TrustVisor: efficient TCB reduction and attestation’. Proc. IEEE Symp. Security and Privacy, Oakland, 2010.
    17. 17)
      • 31. Goyal, V., Pandey, O., Sahai, A., Waters, B.: ‘Attribute-based encryption for fine-grained access control of encrypted data’. Proc. CCS'06, 2006.
    18. 18)
      • 18. Michahelles, F., Thiesse, F., Schmidt, A., Williams, J.R.: ‘Pervasive RFID and near field communication technology’, IEEE Pervasive Comput., 2007, 6, (3), 39, pp. 25 (doi: 10.1109/MPRV.2007.64).
    19. 19)
      • 15. Corner, M.D., Noble, B.D.: ‘Zero-interaction authentication’. Proc. Eighth Annual Int. Conf. Mobile Computing and Networking (MobiCom '02), 2002.
    20. 20)
      • 1. Vouk, M.A.: ‘Cloud computing – issues, research and implementations’, J. Comput. Inf. Technol., 2008, 16, (4), pp. 235246.
    21. 21)
      • 17. Haselsteiner, E., Breitfuss, K.: ‘Security in near field communication (NFC) strengths and weaknesses’. Workshop on RFID Security, 2006.
    22. 22)
      • 6. Chow, R., Golle, P., Jakobsson, M., et al: ‘Controlling data in the cloud: outsourcing computation without outsourcing control’. Proc. 2009 ACM workshop on Cloud Computing Security, 13 November 2009.
    23. 23)
      • 32. Blaze, M., Bleumer, G., Strauss, M.: ‘Divertible protocols and atomic proxy cryptography’. Proc. EUROCRYPT '98, 1998.
    24. 24)
      • 28. Bajikar, S.: ‘Trusted Platform Module (TPM) based security on notebook PCs-white paper’ (Mobile Platforms Group Intel Corporation, 2002), pp. 120.
    25. 25)
      • 2. Weiss, A.: ‘Computing in the clouds’, NetWorker, 2007, 11, (4), pp. 1625 (doi: 10.1145/1327512.1327513).
    26. 26)
      • 25. Arnes, A., Knapskog, S.J.: ‘Selecting revocation solutions for PKI’. Proc. Fifth Nordic Workshop on Secure IT Systems (NORDSEC 2000), 2000.
    27. 27)
      • 3. Wang, L., Laszewski, G., Kunze, M., Tao, J.: ‘Cloud computing: a perspective study’, New Gener. Comput., 2010, 28, pp. 137146 (doi: 10.1007/s00354-008-0081-5).
    28. 28)
      • 5. Kandukuri, B.R., Paturi, R., Rakshit, A.: ‘Cloud security issues’. Proc. Working IEEE SCC 2009: Int. Conf. Services Computing 2009 (SCC 2009 WIP), 2009.
    29. 29)
      • 8. Kapoor, B., Chhabra, A.: ‘Dynamic probe window based optimization for surveillance in home security system’, Int. J. Comput. Sci. Inf. Technol. (IJCSIT), 2010, 2, (1), pp. 106114.
    30. 30)
      • 16. Finkenzeller, K.: ‘RFID handbook: fundamentals and applications in contactless smart cards, radio frequency identification and near-field communication’ (Wiley & Sons LTD, 2010, 3rd edn.).
    31. 31)
      • 29. Bressoud, T.C., Schneider, F.B.: ‘Hypervisor-based fault-tolerance’. Proc. Symp. Operating Systems Principles, 1995, pp. 111.
    32. 32)
      • 19. Ottaviani, E., Pava, A., Bottazi, M., Brunclli, E., Casclli, F., Guerreo, M.: ‘A common image processing framework for 2D barcode reading’. Proc. Seventh Int. Conf. Image Processing and its Applications, 1999, pp. 652655.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2012.0198
Loading

Related content

content/journals/10.1049/iet-ifs.2012.0198
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading