Chunming Rong

Beyond lightning: A survey on security challenges in cloud computing

Cloud computing is a model to provide convenient, on-demand access to a shared pool configurable computing resources. In cloud computing, IT-related capabilities are provided as services, accessible without requiring detailed knowledge of the underlying technologies, and with minimal management effort. The great savings promised by the cloud are however offset by the perceived security threats feared by users. This paper gives an overview of cloud computing, and discusses related security challenges. We emphasize that although there are many technological approaches that can improve cloud security, there are currently no one-size-fits-all solutions, and future work has to tackle challenges such as service level agreements for security, as well as holistic mechanisms for ensuring accountability in the cloud.

Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography

More and more companies begin to provide different kinds of cloud computing services for Internet users at the same time these services also bring some security problems. Currently the majority of cloud computing systems provide digital identity for users to access their services, this will bring some inconvenience for a hybrid cloud that includes multiple private clouds and/or public clouds. Today most cloud computing system use asymmetric and traditional public key cryptography to provide data security and mutual authentication. Identity-based cryptography has some attraction characteristics that seem to fit well the requirements of cloud computing. In this paper, by adopting federated identity management together with hierarchical identity-based cryptography (HIBC), not only the key distribution but also the mutual authentication can be simplified in the cloud.

A survey of key management in ad hoc networks

The wireless and dynamic nature of mobile ad hoc networks (MANETs) leaves them more vulnerable to security attacks than their wired counterparts. The nodes act both as routers and as communication end points. This makes the network layer more prone to security attacks. A main challenge is to judge whether or not a routing message originates from a trustworthy node. The solution thus far is cryptographically signed messages. The general assumption is that nodes in possession of a valid secret key can be trusted. Consequently, a secure and efficient key-management scheme is crucial. Keys are also required for protection of application data. However, the focus here is on network-layer management information. Whereas keymanagement schemes for the upper layers can assume an already running network service, schemes for the protection of the network layer cannot. Keys are a prerequisite to bootstrap a protected network service. This article surveys the state of the art within key management for ad hoc networks, and analyzes their applicability for network-layer security. The analysis puts some emphasis on their applicability in scenarios such as emergency and rescue operations, as this work was initiated by a study of security in MANETs for emergency and rescue operations.

New families of almost perfect nonlinear power mappings

A power mapping f(x)=x/sup d/ over GF(p/sup n/) is said to be differentially k-uniform if k is the maximum number of solutions x/spl isin/GF(p/sup n/) of f(x+a)-f(x)=b where a, b/spl isin/GF(p/sup n/) and a/spl ne/0. A 2-uniform mapping is called almost perfect nonlinear (APN). We construct several new infinite families of nonbinary APN power mappings.

Trusted Data Sharing over Untrusted Cloud Storage Providers

Cloud computing has been acknowledged as one of the prevaling models for providing IT capacities. The off-premises computing paradigm that comes with cloud computing has incurred great concerns on the security of data, especially the integrity and confidentiality of data, as cloud service providers may have complete control on the computing infrastructure that underpins the services. This makes it difficult to share data via cloud providers where data should be confidential to the providers and only authorized users should be allowed to access the data. This work aims to construct a system for trusted data sharing through untrusted cloud providers, to address the above mentioned issue. The constructed system can imperatively impose the access control policies of data owners, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data.

Detecting spammers on social networks

Social network has become a very popular way for internet users to communicate and interact online. Users spend plenty of time on famous social networks (e.g., Facebook, Twitter, Sina Weibo, etc.), reading news, discussing events and posting messages. Unfortunately, this popularity also attracts a significant amount of spammers who continuously expose malicious behavior (e.g., post messages containing commercial URLs, following a larger amount of users, etc.), leading to great misunderstanding and inconvenience on users? social activities. In this paper, a supervised machine learning based solution is proposed for an effective spammer detection. The main procedure of the work is: first, collect a dataset from Sina Weibo including 30,116 users and more than 16 million messages. Then, construct a labeled dataset of users and manually classify users into spammers and non-spammers. Afterwards, extract a set of feature from message content and users? social behavior, and apply into SVM (Support Vector Machines) based spammer detection algorithm. The experiment shows that the proposed solution is capable to provide excellent performance with true positive rate of spammers and non-spammers reaching 99.1% and 99.9% respectively.

K-means Clustering in the Cloud -- A Mahout Test

The K-Means is a well known clustering algorithm that has been successfully applied to a wide variety of problems. However, its application has usually been restricted to small datasets. Mahout is a cloud computing approach to K-Means that runs on a Hadoop system. Both Mahout and Hadoop are free and open source. Due to their inexpensive and scalable characteristics, these platforms can be a promising technology to solve data intensive problems which were not trivial in the past. In this work we studied the performance of Mahout using a large data set. The tests were running on Amazon EC2 instances and allowed to compare the gain in runtime when running on a multi node cluster. This paper presents some results of ongoing research.

On-line e-wallet system with decentralized credential keepers

We propose a generalization of the architecture of an electronic wallet, as first developed in the seminal European research project CAFE. With this model you can leave most of the content of your electronic wallet at the security of your residential electronic keeper, while roaming with your favorite mobile terminals. Emerging mobile handsets with both short range Bluetooth and cellular GPRS communications provide a sufficient communication platform for this electronic wallet architecture. However, new security requirements must be addressed, and new threats of attack must be carefully analyzed and met with appropriate security protocols. The proposed approach is fundamentally distinct from the remote wallet proposals, in that it protects important user requirements and takes a multiparty security approach using a fully decentralized architecture. Technically, the user remains in control of the input/output and usage of his credentials, likely carried by smart cards. At the same time, the model provides a solution to the pressing practical problem of the multitude of special-branded cards the user has to carry and sort. Currently used magnetic stripe and chip cards with applications such as debit and credit transactions are easily included within the architecture with minor enhancement to these legacy systems and their functionality. We show in this paper how an account-based payment system can be solved with the proposed architecture. Our claim is that users achieve payment mobility and independence of both terminals and payment service providers while maintaining secure access to their payment authorization credentials.

Fine-Grained Data Access Control Systems with User Accountability in Cloud Computing

Cloud computing is an emerging computing paradigm in which IT resources and capacities are provided as services over the Internet. Promising as it is, this paradigm also brings forth new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are likely outside of the same trust domain of data owners. To maintain the confidentiality of, sensitive user data against untrusted servers, existing work usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. In this paper, we present a way to implement, scalable and fine-grained access control systems based on attribute-based encryption (ABE). For the purpose of secure access control in cloud computing, the prevention of illegal key sharing among colluding users is missing from the existing access control systems based on ABE. This paper addresses this challenging open issue by defining and enforcing access policies based on data attributes and implementing user accountability by using traitor tracing. Furthermore, both the user grant and revocation are efficiently supported by using the broadcast encryption technique. Extensive analysis shows that the proposed scheme is highly efficient and provably secure under existing security models.

Identity-Based Key Agreement and Encryption For Wireless Sensor Networks

It is an important challenge to find out suitable cryptography for wireless sensor networks (WSN) because of the limitations of power, computation capability, and storage resources. Many schemes based on public or symmetric key cryptography are investigated. Recently, a practical identity-based encryption technique is proposed. In this article, we present an identity-based key agreement and encryption scheme for WSNs. This scheme is an elliptic curve cryptography type algorithm. First, we briefly review regarding identity-based encryption and decryption, particularly, the Boneh-Franklin algorithms. Then we describe a key agreement and encryption scheme on the basis of the Boneh-Franklin algorithms for WSNs. We discuss the efficiency and security of our scheme by comparing it with traditional public key technique and symmetric key technique.