A Protocol for Preventing Insider Attacks in Untrusted Infrastructure-as-a-Service Clouds.

Imran Khan, Zahid Anwar, Behzad Bordbar, Eike Ritter, Habib-ur Rehman

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)
414 Downloads (Pure)


Recent technical advances in utility computing have allowed small and medium sized businesses to move their applications to the cloud, to benefit from features such as auto-scaling and pay-as-you-go facilities. Before clouds are widely adopted, there is a need to address privacy concerns of customer data outsourced to these platforms. In this paper, we present a practical approach for protecting the confidentiality and integrity of client data and computation from insider attacks such as cloud clients as well as from the Infrastructure-as-a-Service (IaaS) based cloud system administrator himself. We demonstrate a scenario of how the origin integrity and authenticity of health-care multimedia content processed on the cloud can be verified using digital watermarking in an isolated environment without revealing the watermark details to the cloud administrator. Finally to verify that our protocol does not compromise confidentiality and integrity of the client data and computation or degrade performance, we have tested a prototype system using two different approaches. Formal verification using ProVerif tool shows that cryptographic operations and protocol communication cannot be compromised using a realistic attacker model. Performance analysis of our implementation demonstrates that it adds negligible overhead.
Original languageEnglish
Pages (from-to)942-954
JournalIEEE Transactions on Cloud Computing
Issue number4
Early online date28 Apr 2016
Publication statusPublished - 1 Oct 2018


Dive into the research topics of 'A Protocol for Preventing Insider Attacks in Untrusted Infrastructure-as-a-Service Clouds.'. Together they form a unique fingerprint.

Cite this