Abstract
With the popularity of cloud and edge computing, user data is often stored at third party service providers. Restricted by the available resources, end users may need to outsource the data encryption operations. However, the security service level agreement (SSLA) are usually hard to verify since it is fairly hard for end users to learn the data status at the service providers. In this paper, we investigate the proof of outsourced encryption problem. We first define the expected properties of the proof of encryption (PoE) mechanisms. Depending on the negotiated encryption algorithm in SSLA, we design two verification mechanisms so that end users can query encryption results at service providers to verify the enforcement of SSLA even when they are not aware of the keys. We formally analyze the protocols with BAN logic. Simulation and experiments show that our approaches can detect a dishonest service provider with high probability.
Similar content being viewed by others
References
Akter, S., Whaiduzzaman, M.: Dynamic service level agreement verification in cloud computing. Int. J. Comput. Sci. Inf. Secur. (IJCSIS) 15(9), 183–192 (2017)
Alasmari, S., Wang, W., Qin, T., Wang, Y.: Proof of encryption: enforcement of security service level agreement for encryption. In: IEEE Conference on Dependable and Secure Computing (IDSC) (2019)
Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, New York (2008)
Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proc. of CCS, pp. 598—609 (2007)
Bhasker, B., Murali, S.: A survey on security issues in sensor cloud environment for agriculture irrigation management system. J. Crit. Rev. 7(4), 1–10 (2020)
Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.J.: Provably authenticated group Diffie–Hellman key exchange. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 255–264 (2001)
Chaudhary, P., Gupta, R., Singh, A., Majumder, P.: Analysis and comparison of various fully homomorphic encryption techniques. In: International Conference on Computing, Power and Communication Technologies (GUCON), pp. 58–62 (2019)
Chen, B., Wu, X., Lu, W., Ren, H.: Reversible data hiding in encrypted images with additive and multiplicative public-key homomorphism. Signal Process. 164, 48–57 (2019)
CloudTrust Protocol Working Group: Cloudtrust Protocol Data Model and API. Cloud Security Alliance, Seattle (2015)
EC Cloud Select Industry Group (C-SIG).: Cloud service level agreement standardization guidelines. European Commission (2014)
Fun, T.S., Samsudin, A.: A survey of homomorphic encryption for outsourced big data computation. KSII Trans. Internet Inf. Syst. 10(8), 3826–3851 (2016)
Gadepally, V., Hancock, B., Kaiser, B., Kepner, J., Michaleas, P., Varia, M., Yerukhimovich, A.: Computing on masked data to improve the security of big data. In: Proc. of IEEE Symposium HST, pp. 1–6 (2015)
Gao, T., Deng, X., Wang, Y., Kong, X.: PAAS: PMIPv6 access authentication scheme based on identity-based signature in VANETs. IEEE Access 6, 37480–37492 (2018)
Giachino, E., de Gouw, S., Laneve, C., Nobakht, B.: Statically and dynamically verifiable SLA metrics. In: Abraham, E., Bonsangue, M., Johnsen, E. (eds.) Theory and Practice of Formal Methods. Lecture Notes in Computer Science, vol. 9660. Springer, Cham (2016)
Gope, P., Sikdar, B.: Lightweight and privacy-preserving two-factor authentication scheme for IOT devices. IEEE Internet Things J. 6(1), 580–589 (2019)
Gueron, S.: Intel advanced encryption standard (Intel AES) new instructions set. Intel Whitepaper, 323641-001 (2012)
HIPPA.: Encryption almost prevents Humana Data Breach in Wisconsin. HIPAA J. (2015)
Juels, A., Kaliski, B.S.: PORs: proofs of retrievability for large files. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 584—597 (2007)
Khettab, Y., Bagaa, M., Dutra, D.L.C., Taleb, T., Toumi, N.: Virtual security as a service for 5G verticals. In: IEEE Wireless Communications and Networking Conference (WCNC), pp. 1–6 (2018)
Kim, S., Lee, I.: IoT device security based on proxy re-encryption. J. Ambient Intell. Humaniz. Comput. 9(4), 1267–1273 (2018)
Krotsiani, M., Kloukinas, C., Spanoudakis, G.: Validation of service level agreements using probabilistic model checking. In: IEEE International Conference on Services Computing (SCC), pp. 148–155 (2017)
Lee, C., Kavi, K.M., Paul, R.A., Gomathisankaran, M.: Ontology of secure service level agreement. In: IEEE International Symposium on High Assurance Systems Engineering, pp. 166–172 (2015)
Li, Y., Yu, Y., Yang, B., Min, G., Wu, H.: Privacy preserving cloud data auditing with efficient key update. Future Gener. Comput. Syst. 78, 789–798 (2018)
Luna, J., Suri, N., Iorga, M., Karmel, A.: Leveraging the potential of cloud security service-level agreements through standards. IEEE Cloud Comput. 2(3), 32–40 (2015)
Popa, R., Redfield, C.: CryptDB: protecting confidentiality with encrypted query processing. In: Proc. of ACM SOSP, pp 85–100 (2011)
Pornin, T.: Bearssl: a smaller SSL/TLS library. https://bearssl.org (2018)
Pourpouneh, M., Ramezanian, R.: A short introduction to two approaches in formal verification of security protocols: model checking and theorem proving. ISC Int. J. Inf. Secur. 8(1), 3–24 (2016)
Rios, E., Iturbe, E., Larrucea, X., Rak, M., et al.: Service level agreement-based GDPR compliance and security assurance in (multi)cloud-based systems. IET Softw. 13, 213–22 (2019)
Sfondrini, N., Motta, G., You, L.: Service level agreement (SLA) in public cloud environments: a survey on the current enterprises adoption. In: International Conference on Information Science and Technology (ICIST), pp. 181–185 (2015)
Shacham, H., Waters, B.: Compact proofs of retrievability. Proc. of Asiacrypt 5350, 90–107 (2008)
Stephen J, SSavvides, Seidel, R., Eugster, P.: Practical confidentiality preserving big data analysis. In: Proc. of USENIX HotCloud, pp 10–16 (2014)
Sun, Y., Nanda, S., Jaeger, T.: Security-as-a-service for microservices-based cloud applications. In: IEEE International Conference on Cloud Computing Technology and Science, pp 50–57 (2015)
Tan, C.B., Hijazi, M.H.A., Lim, Y., Gani, A.: A survey on proof of retrievability for cloud data integrity and availability: cloud storage state-of-the-art, issues, solutions and future trends. J. Netw. Comput. Appl. 110, 75–86 (2018)
Tetali, S., Lesani, M., Majumar, R., Millstein, T.: Mrcrypt: static analysis for secure cloud computations. In: Proc. of ACM SIGPLAN, pp. 271–286 (2013)
Tian, H., Nan, F., Chang, C.C., Huang, Y., Lu, J., Du, Y.: Privacy-preserving public auditing for secure data storage in fog-to-cloud computing. J. Netw. Comput. Appl. 127, 59–69 (2019)
Tu, T., Rao, L., Huan, Z., Wen, Q., Xiao, J.: Privacy-preserving outsourced auditing scheme for dynamic data storage in cloud. Secur. Commun. Netw. 2017, 1–17 (2017)
Wang, W., Qin, T., Wang, Y.: Encryption-free data transmission and hand-over in two-tier body area networks. Elsevier Comput. Methods Progr. Biomed. 192, 105411 (2020). https://doi.org/10.1016/j.cmpb.2020.105411
Wang, C., Chow, S.S.M., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Comput. 62(2), 362–375 (2013)
Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling public verifiability and data dynamics for storage security in cloud computing. In: Proceedings of the 14th European Conference on Research in Computer Security, pp. 355—370 (2009)
Wang, W., Shi, X., Qin, T.: Encryption-free authentication and integrity protection in body area networks through physical unclonable functions. Smart Health 12(2), 66–81 (2019)
Wang, W., Qin, T., Wang, Y.: Encryption-free data transmission and hand-over in two-tier body area networks. Elsevier Comput. Methods Progr. Biomed. 192, 105411 (2020)
Xiao, Y., Hao, Q., Yao, D.: Neural cryptanalysis: metrics, methodology, and applications in cps ciphers. In: IEEE Conference on Dependable and Secure Computing (IDSC) (2019)
Yang, Y., Huang, X., Liu, X., Cheng, H., Weng, J., Luo, X., Chang, V.: A comprehensive survey on secure outsourced computation and its applications. IEEE Access 7, 159426–159465 (2019)
Zhao, M., Geng, Y.: Homomorphic encryption technology for cloud computing. Procedia Comput. Sci. 154, 73–83 (2019)
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
On behalf of all authors, the corresponding author states that there is no conflict of interest.
Additional information
Paper Statement: This paper is an extension of the paper “Proof of Encryption: Enforcement of Security Service Level Agreement for Encryption” Alasmari et al. (2019) that was originally published in IEEE IDSC 2019. Section 1 to Section 3.3, Section 4.1 and 4.2 of the journal paper are the same as our conference paper. Section 3.4, 3.5, 4.3, and 4.4 are new contributions. The original conference paper studied the POE problem in symmetric encryption environments. The new extension focuses on the POE problem in asymmetric encryption environments, the proof of its safety, its difference from public auditing of cloud storage, and performance evaluation.
Rights and permissions
About this article
Cite this article
Alasmari, S., Wang, W., Qin, T. et al. Proof of outsourced encryption: cross verification of security service level agreement. CCF Trans. Netw. 3, 229–244 (2020). https://doi.org/10.1007/s42045-020-00046-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s42045-020-00046-7