A Protocol for Preventing Insider Attacks in Untrusted Infrastructure-as-a-Service Clouds.

Imran Khan; Zahid Anwar; Behzad Bordbar; Eike Ritter; Habib-ur Rehman

doi:10.1109/TCC.2016.2560161

A Protocol for Preventing Insider Attacks in Untrusted Infrastructure-as-a-Service Clouds.

Imran Khan, Zahid Anwar, Behzad Bordbar, Eike Ritter, Habib-ur Rehman

Computer Science

Research output: Contribution to journal › Article › peer-review

3 Citations (Scopus)

425 Downloads (Pure)

Abstract

Recent technical advances in utility computing have allowed small and medium sized businesses to move their applications to the cloud, to benefit from features such as auto-scaling and pay-as-you-go facilities. Before clouds are widely adopted, there is a need to address privacy concerns of customer data outsourced to these platforms. In this paper, we present a practical approach for protecting the confidentiality and integrity of client data and computation from insider attacks such as cloud clients as well as from the Infrastructure-as-a-Service (IaaS) based cloud system administrator himself. We demonstrate a scenario of how the origin integrity and authenticity of health-care multimedia content processed on the cloud can be verified using digital watermarking in an isolated environment without revealing the watermark details to the cloud administrator. Finally to verify that our protocol does not compromise confidentiality and integrity of the client data and computation or degrade performance, we have tested a prototype system using two different approaches. Formal verification using ProVerif tool shows that cryptographic operations and protocol communication cannot be compromised using a realistic attacker model. Performance analysis of our implementation demonstrates that it adds negligible overhead.

Original language	English
Pages (from-to)	942-954
Journal	IEEE Transactions on Cloud Computing
Volume	6
Issue number	4
Early online date	28 Apr 2016
DOIs	https://doi.org/10.1109/TCC.2016.2560161
Publication status	Published - 1 Oct 2018

Access to Document

10.1109/TCC.2016.2560161Licence: None: All rights reserved

Khan_et_al_A_protocol_for_preventing_insider_IEEE_Transactions_on_Cloud_Computing_2016
(c) 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.
Accepted author manuscript, 555 KBLicence: Other (please specify with Rights Statement)

Cite this

@article{fb152a04e4dd45b789810b3987ff90c9,

title = "A Protocol for Preventing Insider Attacks in Untrusted Infrastructure-as-a-Service Clouds.",

abstract = "Recent technical advances in utility computing have allowed small and medium sized businesses to move their applications to the cloud, to benefit from features such as auto-scaling and pay-as-you-go facilities. Before clouds are widely adopted, there is a need to address privacy concerns of customer data outsourced to these platforms. In this paper, we present a practical approach for protecting the confidentiality and integrity of client data and computation from insider attacks such as cloud clients as well as from the Infrastructure-as-a-Service (IaaS) based cloud system administrator himself. We demonstrate a scenario of how the origin integrity and authenticity of health-care multimedia content processed on the cloud can be verified using digital watermarking in an isolated environment without revealing the watermark details to the cloud administrator. Finally to verify that our protocol does not compromise confidentiality and integrity of the client data and computation or degrade performance, we have tested a prototype system using two different approaches. Formal verification using ProVerif tool shows that cryptographic operations and protocol communication cannot be compromised using a realistic attacker model. Performance analysis of our implementation demonstrates that it adds negligible overhead.",

author = "Imran Khan and Zahid Anwar and Behzad Bordbar and Eike Ritter and Habib-ur Rehman",

year = "2018",

month = oct,

day = "1",

doi = "10.1109/TCC.2016.2560161",

language = "English",

volume = "6",

pages = "942--954",

journal = "IEEE Transactions on Cloud Computing",

issn = "2168-7161",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

number = "4",

}

TY - JOUR

T1 - A Protocol for Preventing Insider Attacks in Untrusted Infrastructure-as-a-Service Clouds.

AU - Khan, Imran

AU - Anwar, Zahid

AU - Bordbar, Behzad

AU - Ritter, Eike

AU - Rehman, Habib-ur

PY - 2018/10/1

Y1 - 2018/10/1

N2 - Recent technical advances in utility computing have allowed small and medium sized businesses to move their applications to the cloud, to benefit from features such as auto-scaling and pay-as-you-go facilities. Before clouds are widely adopted, there is a need to address privacy concerns of customer data outsourced to these platforms. In this paper, we present a practical approach for protecting the confidentiality and integrity of client data and computation from insider attacks such as cloud clients as well as from the Infrastructure-as-a-Service (IaaS) based cloud system administrator himself. We demonstrate a scenario of how the origin integrity and authenticity of health-care multimedia content processed on the cloud can be verified using digital watermarking in an isolated environment without revealing the watermark details to the cloud administrator. Finally to verify that our protocol does not compromise confidentiality and integrity of the client data and computation or degrade performance, we have tested a prototype system using two different approaches. Formal verification using ProVerif tool shows that cryptographic operations and protocol communication cannot be compromised using a realistic attacker model. Performance analysis of our implementation demonstrates that it adds negligible overhead.

AB - Recent technical advances in utility computing have allowed small and medium sized businesses to move their applications to the cloud, to benefit from features such as auto-scaling and pay-as-you-go facilities. Before clouds are widely adopted, there is a need to address privacy concerns of customer data outsourced to these platforms. In this paper, we present a practical approach for protecting the confidentiality and integrity of client data and computation from insider attacks such as cloud clients as well as from the Infrastructure-as-a-Service (IaaS) based cloud system administrator himself. We demonstrate a scenario of how the origin integrity and authenticity of health-care multimedia content processed on the cloud can be verified using digital watermarking in an isolated environment without revealing the watermark details to the cloud administrator. Finally to verify that our protocol does not compromise confidentiality and integrity of the client data and computation or degrade performance, we have tested a prototype system using two different approaches. Formal verification using ProVerif tool shows that cryptographic operations and protocol communication cannot be compromised using a realistic attacker model. Performance analysis of our implementation demonstrates that it adds negligible overhead.

U2 - 10.1109/TCC.2016.2560161

DO - 10.1109/TCC.2016.2560161

M3 - Article

SN - 2168-7161

VL - 6

SP - 942

EP - 954

JO - IEEE Transactions on Cloud Computing

JF - IEEE Transactions on Cloud Computing

IS - 4

ER -

A Protocol for Preventing Insider Attacks in Untrusted Infrastructure-as-a-Service Clouds.

Abstract

Access to Document

Fingerprint

Cite this