AuthorsD. Unal, A. Al-Ali, F. O. Catak and M. Hammoudeh
TitleA secure and efficient Internet of Things cloud encryption scheme with forensics investigation compatibility based on identity-based encryption
AfilliationSoftware Engineering
Project(s)Department of Engineering Complex Software Systems
StatusPublished
Publication TypeJournal Article
Year of Publication2021
JournalFuture Generation Computer Systems
Volume122175493141111247536739322003156107864941559142vol. 838
Issue331223131621441325
Date PublishedJan-07-2021
PublisherElsevier
ISSN0167739X
Abstract

Data security is a challenge for end-users of cloud services as the users have no control over their data once it is transmitted to the cloud. A potentially corrupt cloud service provider can obtain the end-users’ data. Conventional PKI-based solutions are insufficient for large-scale cloud systems, considering efficiency, scalability, and security. In large-scale cloud systems, the key management requirements include scalable encryption, authentication, and non-repudiation services, as well as the ability to share files with different users and data recovery when the user keys of encrypted data are not accessible. Further requirements in cloud systems include the ability to provide the means for digital forensic investigations on encrypted data. Once data on the cloud is encrypted with a user’s key it becomes impossible to access by forensic investigation teams. In this regard, distributing the trust of key management into multiple authorities is desirable. In the literature, there is no available secure cloud storage system with secure and efficient Type-3 pairings, supporting Encryption-as-a-Service (EaaS) and multiple Public Key Generators (PKGs). This paper proposes an efficient Identity-based cryptography (IBC) architecture for secure cloud storage, named Secure Cloud Storage System (SCSS), which supports distributed key management and encryption mechanisms and support for multiple PKGs. During forensic investigations, the legal authorities will be able to use the multiple PKG mechanism for data access, while an account locking mechanism prevents a single authority to access user data due to trust distribution. We also demonstrate that, the IBC scheme used in SCSS has better performance compared to similar schemes in the literature. For the security levels of 128-bits and above, SCSS has better scalability compared to existing schemes, with respect to encryption and decryption operations. Since the decryption operation is frequently needed for forensic analysis, the improved scalability results in a streamlined forensic investigation process on the encrypted data in the cloud.

URLhttps://www.sciencedirect.com/science/article/abs/pii/S0167739X21002454?via%3Dihub
DOI10.1016/j.future.2021.06.050
Citation Key27906

Contact person