TY - GEN
T1 - Third-Party Auditor (TPA)
T2 - 2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015
AU - Rizvi, Syed S.
AU - Razaque, Abdul
AU - Cover, Katie
PY - 2016/1/4
Y1 - 2016/1/4
N2 - The confidentiality and verification of customer's data at the cloud service provider (CSP) side becomes a critical issue in terms of both reliability (i.e., the trust aspect) and efficiency (i.e., the ease of performing such verifications). As data owners no longer physically possess their data storage, traditional cryptographic primitives for the purpose of data security protection cannot be directly adopted. In such a scenario, the use of a third-party auditor (TPA) provides both efficiency, transparency, and the fairness in performing the required auditing tasks as well as it serves as a bridge between the cloud service users (CSUs) and the CSPs. Thus, for practical use, it seems more rational to equip the verification capabilities with public auditability, which is expected to play a more important role in achieving economies of scale for cloud computing. Although the use of TPA provides several advantages, the fact that TPA is an untrusted entity and it can turn into a malicious user or promote insider threats cannot be ignored. Thus, for a complete realistic security solution where CSUs achieve maximum cloud benefits at minimum computational cost, the auditing of TPA is required. In this paper, we develop an auditing method for CSUs/CSPs to ensure the integrity of the TPA and minimize the possibility of insider threats or malicious activities. The integrity of TPA will be verified using the time-released session keys and the service level agreement (SLA).
AB - The confidentiality and verification of customer's data at the cloud service provider (CSP) side becomes a critical issue in terms of both reliability (i.e., the trust aspect) and efficiency (i.e., the ease of performing such verifications). As data owners no longer physically possess their data storage, traditional cryptographic primitives for the purpose of data security protection cannot be directly adopted. In such a scenario, the use of a third-party auditor (TPA) provides both efficiency, transparency, and the fairness in performing the required auditing tasks as well as it serves as a bridge between the cloud service users (CSUs) and the CSPs. Thus, for practical use, it seems more rational to equip the verification capabilities with public auditability, which is expected to play a more important role in achieving economies of scale for cloud computing. Although the use of TPA provides several advantages, the fact that TPA is an untrusted entity and it can turn into a malicious user or promote insider threats cannot be ignored. Thus, for a complete realistic security solution where CSUs achieve maximum cloud benefits at minimum computational cost, the auditing of TPA is required. In this paper, we develop an auditing method for CSUs/CSPs to ensure the integrity of the TPA and minimize the possibility of insider threats or malicious activities. The integrity of TPA will be verified using the time-released session keys and the service level agreement (SLA).
UR - http://www.scopus.com/inward/record.url?scp=84962911804&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84962911804&partnerID=8YFLogxK
U2 - 10.1109/CSCloud.2015.87
DO - 10.1109/CSCloud.2015.87
M3 - Conference contribution
AN - SCOPUS:84962911804
T3 - Proceedings - 2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015 - IEEE International Symposium of Smart Cloud, IEEE SSC 2015
SP - 31
EP - 36
BT - Proceedings - 2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015 - IEEE International Symposium of Smart Cloud, IEEE SSC 2015
A2 - Zhang, Tao
A2 - Das, Sajal K.
A2 - Zhang, Tao
A2 - Qiu, Meikang
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 3 November 2015 through 5 November 2015
ER -