The Centrifuge of Cloud Service: Separated Cryptographic and Ciphered-storage Services


Zheng-Yun Zhuang;Yi-Chang Hsu;Hsing-Hua Liu;Chien-Hsing Wu

Key Words

service operation risk management ; security service and privacy ; distributed cloud systems organizing principle ; database and storage security ; management and querying of encrypted data ; cryptography and key management



Volume or Term/Year and Month of Publication

22卷4期(2016 / 10 / 01)

Page #

39 - 64

Content Language


English Abstract

This study proposes a business model to provision a security-enabled cloud via splitting cryptographic and cipher-storage sub-services off from the main cloud service, being independently operated by other SPs. The security/privacy enhancements of the model over the existing approaches are proved progressively but cogently. As such, the model can alleviate the improper user data disclosure risk, raise the privacy preservation of sensitive user information and therefore, mitigate the two information-leaking threats. The interoperability (among the centrifuged services) and migration issues (i.e., seamless system transferring and SLA amending) are illustrated and studied by using the extremely security-sensitive e-banking cloud service example.

Topic Category 基礎與應用科學 > 資訊科學
  1. P. McFedries, "The Cloud is the Computer," IEEE Spectrum, Online Electronic Magazine, http://spectrum.ieee.org/computing/hardware/the-cloud-is-the-computer, (2008).
  2. Salesforce.com Inc., "Force.com platform,"http://www.salesforce.com/tw/ (2010)
  3. SAP AG, "SAP services: maximize your success,"http://www.sap.com/services/index.epx (2010)
  4. RSA Laboratories, "PKCS #11 V2.3 Cryptographic token interface standard," RSA Security Inc. Publication, 2009.
  5. Ajili, A.,Salehi, S.,Rezaei-Moghaddam, K.,Hayati, D.,Karbalaee, F.(2012).Estimating the model of investigating attitude and intention in the usage of variable rate irrigation technology.American Journal of Experimental Agriculture,2(3),542-556.
  6. Baker, M.,Buyya, R.,Laforenza,D.(2002).Grids and grid technologies for wide-Area distributed computing.Software: Practice and Experience,32(15),1437-1466.
  7. Buyya, R.,Yeo, C.S.,Venugopal, S.,Broberg, J.,Brandic, I.(2008).Cloud computing and emerging IT platforms: vision, hype and reality for delivering computing as the 5th utility.Future Generation Computer Systems,25(6),599-616.
  8. Carr, N. G.(2003).IT doesn't matter.Harvard Business Review,81(5),41-49.
  9. Chen, P.(1976).The entity-relationship model - Toward a unified view of data.ACM Transactions on Database Systems,1(1),9-36.
  10. Dou, W.,Zhang, X.,Liu, J.,Chen, J.(2015).HireSome-II: Towards privacy-aware cross-cloud service composition for big data applications.IEEE Transactions on Parallel and Distributed Systems,26(2),455-466.
  11. Elgohary, A.,Sobh, T.S.,Zaki, M.(2006).Design of an enhancement for SSL/TLS protocols.Computers & Security,25(4),297-306.
  12. Garg, S. K.,Versteeg, S.,Buyya, R.(2013).A framework for ranking of cloud computing services.Future Generation Computer Systems,29(4),1012-1023.
  13. Hawthorn, N.(2009).Finding security in the cloud.Computer Fraud & Security,10,19-20.
  14. Hwang, J. J.,Hsu, Y.C.,Wu, C.H.,Chuang, H.K.(2011).A business model for cloud computing based on a separate encryption and decryption service.Proc. 2011 International Conference on Information Science and Applications (ICISA)
  15. Jahanirad, M.,AL-Nabhani, Y.,Noor, R.M.(2012).Comprehensive network security approach: security breaches at retail company - A case study.International Journal of Computer Science and Network Security,12(8),107-112.
  16. Kim, J.,Bentley, P.J.,Aickelin, U.,Greensmith, J.,Tedesco, G.,Twycross, J.(2007).Immune system approaches to intrusion detection - A review.Natural Computing,6(4),413-466.
  17. Lamport, L.(1981).Password authentication with insecure communication.Communications of the ACM,24(11),770-772.
  18. Mell, P.,Grance, T.(2011).The NIST definition of cloud computing.NIST Institute of Standards and Technology.
  19. Miller, V.(1986).Uses of elliptic curves in cryptography.Lecture Notes in Computer Science,218,417-426.
  20. Nallur, V.,Bahsoon, R.(2013).A decentralized self-adaptation mechanism for service-based applications in the cloud.IEEE Transactions on Software Engineering,39(5),591-612.
  21. Nevo, S.,Wade, M.R.(2010).The formation and value of IT-enabled resources: Antecedents and consequences of synergistic relationships.MIS Quarterly,34(1),163-183.
  22. Opitz, N.,Langkau, T.F.,Schmidt, N.H.,Kolbe, L.M.(2012).Technology acceptance of cloud computing: Empirical evidence from German IT departments.Proc. 45th Hawaii International Conference on System Sciences (HICSS 2012)
  23. Oppliger, R.,Rytz, R.,Holderegger, T.(2009).Internet banking: client-side attacks and protection mechanisms.IEEE Computer Security,42(6),27-33.
  24. Parakh, A.,Kak, S.(2009).Online data storage using implicit security.Information Sciences,179(19),3323-3333.
  25. Peter, P.,Ekabua, O.(2013).Implementation of novel accounting, pricing and charging models in a cloud-based service provisioning environment.Proc. International Conference on Electrical and Electronics Engineering, Clean Energy and Green Computing 2013 (EEECEGC'13, The Society of Digital Information and Wireless Communication)
  26. Petitcolas, F.A.P.,Anderson, R.J.,Kuhn, M.G.(1999).Information hiding - A survey.Proceedings of the IEEE,87(7),1062-1078.
  27. Rivest, R.,Shamir, A.,Adleman, L.(1978).A method for obtaining digital signatures and public-key cryptosystems.Communications of the ACM,21(2),120-126.
  28. Rong, , S.T.,Nguyen, S.T.,Jaatun, M.G.(2013).Beyond lightning: A survey on security challenges in cloud computing.Computers and Electrical Engineering,39,47-57.
  29. Schneier, B.(1996).Applied Cryptography.New York:John Wiley & Sons.
  30. Sookhak, M.,Gani, A.,Khan, M. K.,Buyya, R.(2015).Dynamic remote data auditing for securing big data storage in cloud computing.Information Sciences
  31. Sookhak, M.,Talebian, H.,Ahmed, E.,Gani, A.,Khan, M. K.(2014).A review on remote data auditing in single cloud server: Taxonomy and open issues.Journal of Network and Computer Applications,43,121-141.
  32. Sterritt, R.(2005).Autonomic computing.Innovations in Systems and Software Engineering,1(1),79-88.
  33. Subashini, S.,Kavitha, V.(2011).A survey on security issues in service delivery models of cloud computing.Journal of Network and Computer Applications,34(1),1-11.
  34. The Identity Theft Resource Center(2009).,未出版
  35. US National Institute of Standards and Technology(2001).Advanced encryption standard.Federal Information Processing Standard=FIPS.
  36. Vaquero, L.M.,Rodero-Merino, L.,Caceres, J.,Lindner, M.(2009).A break in the clouds: Towards a cloud definition.ACM SIGCOMM Computer Communication Review,39(1),50-55.
  37. Weinhardt, C.,Anandasivam, A.,Blau, B.,Borissov, N.,Meinl, T.,Michalk, W.,Stößer, J.(2009).Cloud computing: a classification, business models, and research directions.Business & Information Systems Engineering,1(5),391-399.
  38. Whaiduzzaman, M.,Sookhak, M.,Gani, A.,Buyya, R.(2014).A survey on vehicular cloud computing.Journal of Network and Computer Applications,40,325-344.
  39. Yang, H.,Li, T.,Hu, X.,Wang, F.,Zou, Y.(2014).A survey of artificial immune system based intrusion detection.The Scientific World Journal
  40. Yeo, C.S.,Venugopal, S.,Chu, X.,Buyya, R.(2009).Autonomic metered pricing for a utility computing service.Future Generation Computer Systems,26(8),1368-1380.
  41. Yusop, Z.M.,Abawajy, J.(2014).Analysis of insiders attack mitigation strategies.Procedia-Social and Behavioral Sciences,129,581-591.
  42. Zissis, D.,Lekkas, D.(2012).Addressing cloud computing security issues.Future Generation Computer Systems,28(3),583-592.