Information Technology Reference
In-Depth Information
Summary
Clouds are increasingly being used to store personal and sensitive information
such as health records and important documents. We address the problem of
storing sensitive information in the cloud so that the cloud service provider
cannot tamper with the stored data. We present three problems: computing on
encrypted data, access control of stored data, and auditing techniques for integ-
rity verification. The first problem uses a cryptographic primitive called
homo-
morphic encryption
; the second problem uses
attribute-based encryption
(
ABE
),
and the third uses
provable data possession
(
PDP
) and
proof of retrievability
(
PoR
).
We survey recent results and discuss some open problems in this domain.
3.1 Introduction
Security is an important aspect of cloud computing because much informa-
tion is sensitive. For example, private clouds are increasingly being used
for storing medical records. There are also proposals for digitizing health
records and storing them in public clouds. This not only will enable patients
to access their information from anywhere in the world but also will enable
other patients to seek suggestions depending on their symptoms and
diseases. The patient's name and vital details can be hidden so that other
patients can access their records without knowing the identity of the patient.
This will benefit researchers, doctors, and other patients. Since health infor-
mation is sensitive, proper measures should be taken to secure the data.
Another area of interest is social networks. The data are stored in clouds
and can be accessed from anywhere using the Internet. With the growing
interest in Facebook, Twitter, LinkedIn, and other social and professional
networks, there is a need to protect the privacy of individuals. Privacy pro-
tection and access control are central to social networking. Security and
privacy issues have been addressed [19, 21].
The following are the important security vulnerabilities in the cloud:
1. Data theft or loss: The cloud servers are distrusted in terms of both
security and reliability. The cloud servers are prone to Byzantine
attacks, in which they might fail in arbitrary ways. The cloud ser-
vice provider (CSP) might also corrupt the data, sell data, or violate
service-level agreements (SLAs). Administration errors may cause
data loss during backup and restore and data migration.
2. Privacy issues: The CSP must make sure that the customer's personal
information is protected from other users.
3. Infected application: Applications running on the cloud can be
malicious and corrupt servers, user devices, and other applications.
Search WWH ::
Custom Search