Proof of outsourced encryption: cross verification of security service level agreement

Abstract

With the popularity of cloud and edge computing, user data is often stored at third party service providers. Restricted by the available resources, end users may need to outsource the data encryption operations. However, the security service level agreement (SSLA) are usually hard to verify since it is fairly hard for end users to learn the data status at the service providers. In this paper, we investigate the proof of outsourced encryption problem. We first define the expected properties of the proof of encryption (PoE) mechanisms. Depending on the negotiated encryption algorithm in SSLA, we design two verification mechanisms so that end users can query encryption results at service providers to verify the enforcement of SSLA even when they are not aware of the keys. We formally analyze the protocols with BAN logic. Simulation and experiments show that our approaches can detect a dishonest service provider with high probability.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

References

  1. Akter, S., Whaiduzzaman, M.: Dynamic service level agreement verification in cloud computing. Int. J. Comput. Sci. Inf. Secur. (IJCSIS) 15(9), 183–192 (2017)

    Google Scholar 

  2. Alasmari, S., Wang, W., Qin, T., Wang, Y.: Proof of encryption: enforcement of security service level agreement for encryption. In: IEEE Conference on Dependable and Secure Computing (IDSC) (2019)

  3. Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, New York (2008)

    Google Scholar 

  4. Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: Proc. of CCS, pp. 598—609 (2007)

  5. Bhasker, B., Murali, S.: A survey on security issues in sensor cloud environment for agriculture irrigation management system. J. Crit. Rev. 7(4), 1–10 (2020)

    Google Scholar 

  6. Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.J.: Provably authenticated group Diffie–Hellman key exchange. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 255–264 (2001)

  7. Chaudhary, P., Gupta, R., Singh, A., Majumder, P.: Analysis and comparison of various fully homomorphic encryption techniques. In: International Conference on Computing, Power and Communication Technologies (GUCON), pp. 58–62 (2019)

  8. Chen, B., Wu, X., Lu, W., Ren, H.: Reversible data hiding in encrypted images with additive and multiplicative public-key homomorphism. Signal Process. 164, 48–57 (2019)

    Article  Google Scholar 

  9. CloudTrust Protocol Working Group: Cloudtrust Protocol Data Model and API. Cloud Security Alliance, Seattle (2015)

    Google Scholar 

  10. EC Cloud Select Industry Group (C-SIG).: Cloud service level agreement standardization guidelines. European Commission (2014)

  11. Fun, T.S., Samsudin, A.: A survey of homomorphic encryption for outsourced big data computation. KSII Trans. Internet Inf. Syst. 10(8), 3826–3851 (2016)

    Google Scholar 

  12. Gadepally, V., Hancock, B., Kaiser, B., Kepner, J., Michaleas, P., Varia, M., Yerukhimovich, A.: Computing on masked data to improve the security of big data. In: Proc. of IEEE Symposium HST, pp. 1–6 (2015)

  13. Gao, T., Deng, X., Wang, Y., Kong, X.: PAAS: PMIPv6 access authentication scheme based on identity-based signature in VANETs. IEEE Access 6, 37480–37492 (2018)

    Article  Google Scholar 

  14. Giachino, E., de Gouw, S., Laneve, C., Nobakht, B.: Statically and dynamically verifiable SLA metrics. In: Abraham, E., Bonsangue, M., Johnsen, E. (eds.) Theory and Practice of Formal Methods. Lecture Notes in Computer Science, vol. 9660. Springer, Cham (2016)

    Google Scholar 

  15. Gope, P., Sikdar, B.: Lightweight and privacy-preserving two-factor authentication scheme for IOT devices. IEEE Internet Things J. 6(1), 580–589 (2019)

    Article  Google Scholar 

  16. Gueron, S.: Intel advanced encryption standard (Intel AES) new instructions set. Intel Whitepaper, 323641-001 (2012)

  17. HIPPA.: Encryption almost prevents Humana Data Breach in Wisconsin. HIPAA J. (2015)

  18. Juels, A., Kaliski, B.S.: PORs: proofs of retrievability for large files. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 584—597 (2007)

  19. Khettab, Y., Bagaa, M., Dutra, D.L.C., Taleb, T., Toumi, N.: Virtual security as a service for 5G verticals. In: IEEE Wireless Communications and Networking Conference (WCNC), pp. 1–6 (2018)

  20. Kim, S., Lee, I.: IoT device security based on proxy re-encryption. J. Ambient Intell. Humaniz. Comput. 9(4), 1267–1273 (2018)

    MathSciNet  Article  Google Scholar 

  21. Krotsiani, M., Kloukinas, C., Spanoudakis, G.: Validation of service level agreements using probabilistic model checking. In: IEEE International Conference on Services Computing (SCC), pp. 148–155 (2017)

  22. Lee, C., Kavi, K.M., Paul, R.A., Gomathisankaran, M.: Ontology of secure service level agreement. In: IEEE International Symposium on High Assurance Systems Engineering, pp. 166–172 (2015)

  23. Li, Y., Yu, Y., Yang, B., Min, G., Wu, H.: Privacy preserving cloud data auditing with efficient key update. Future Gener. Comput. Syst. 78, 789–798 (2018)

    Article  Google Scholar 

  24. Luna, J., Suri, N., Iorga, M., Karmel, A.: Leveraging the potential of cloud security service-level agreements through standards. IEEE Cloud Comput. 2(3), 32–40 (2015)

    Article  Google Scholar 

  25. Popa, R., Redfield, C.: CryptDB: protecting confidentiality with encrypted query processing. In: Proc. of ACM SOSP, pp 85–100 (2011)

  26. Pornin, T.: Bearssl: a smaller SSL/TLS library. https://bearssl.org (2018)

  27. Pourpouneh, M., Ramezanian, R.: A short introduction to two approaches in formal verification of security protocols: model checking and theorem proving. ISC Int. J. Inf. Secur. 8(1), 3–24 (2016)

    Google Scholar 

  28. Rios, E., Iturbe, E., Larrucea, X., Rak, M., et al.: Service level agreement-based GDPR compliance and security assurance in (multi)cloud-based systems. IET Softw. 13, 213–22 (2019)

    Article  Google Scholar 

  29. Sfondrini, N., Motta, G., You, L.: Service level agreement (SLA) in public cloud environments: a survey on the current enterprises adoption. In: International Conference on Information Science and Technology (ICIST), pp. 181–185 (2015)

  30. Shacham, H., Waters, B.: Compact proofs of retrievability. Proc. of Asiacrypt 5350, 90–107 (2008)

    MathSciNet  MATH  Google Scholar 

  31. Stephen J, SSavvides, Seidel, R., Eugster, P.: Practical confidentiality preserving big data analysis. In: Proc. of USENIX HotCloud, pp 10–16 (2014)

  32. Sun, Y., Nanda, S., Jaeger, T.: Security-as-a-service for microservices-based cloud applications. In: IEEE International Conference on Cloud Computing Technology and Science, pp 50–57 (2015)

  33. Tan, C.B., Hijazi, M.H.A., Lim, Y., Gani, A.: A survey on proof of retrievability for cloud data integrity and availability: cloud storage state-of-the-art, issues, solutions and future trends. J. Netw. Comput. Appl. 110, 75–86 (2018)

    Article  Google Scholar 

  34. Tetali, S., Lesani, M., Majumar, R., Millstein, T.: Mrcrypt: static analysis for secure cloud computations. In: Proc. of ACM SIGPLAN, pp. 271–286 (2013)

  35. Tian, H., Nan, F., Chang, C.C., Huang, Y., Lu, J., Du, Y.: Privacy-preserving public auditing for secure data storage in fog-to-cloud computing. J. Netw. Comput. Appl. 127, 59–69 (2019)

    Article  Google Scholar 

  36. Tu, T., Rao, L., Huan, Z., Wen, Q., Xiao, J.: Privacy-preserving outsourced auditing scheme for dynamic data storage in cloud. Secur. Commun. Netw. 2017, 1–17 (2017)

    Article  Google Scholar 

  37. Wang, W., Qin, T., Wang, Y.: Encryption-free data transmission and hand-over in two-tier body area networks. Elsevier Comput. Methods Progr. Biomed. 192, 105411 (2020). https://doi.org/10.1016/j.cmpb.2020.105411

    Article  Google Scholar 

  38. Wang, C., Chow, S.S.M., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Comput. 62(2), 362–375 (2013)

    MathSciNet  Article  Google Scholar 

  39. Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling public verifiability and data dynamics for storage security in cloud computing. In: Proceedings of the 14th European Conference on Research in Computer Security, pp. 355—370 (2009)

  40. Wang, W., Shi, X., Qin, T.: Encryption-free authentication and integrity protection in body area networks through physical unclonable functions. Smart Health 12(2), 66–81 (2019)

    Article  Google Scholar 

  41. Wang, W., Qin, T., Wang, Y.: Encryption-free data transmission and hand-over in two-tier body area networks. Elsevier Comput. Methods Progr. Biomed. 192, 105411 (2020)

    Article  Google Scholar 

  42. Xiao, Y., Hao, Q., Yao, D.: Neural cryptanalysis: metrics, methodology, and applications in cps ciphers. In: IEEE Conference on Dependable and Secure Computing (IDSC) (2019)

  43. Yang, Y., Huang, X., Liu, X., Cheng, H., Weng, J., Luo, X., Chang, V.: A comprehensive survey on secure outsourced computation and its applications. IEEE Access 7, 159426–159465 (2019)

    Article  Google Scholar 

  44. Zhao, M., Geng, Y.: Homomorphic encryption technology for cloud computing. Procedia Comput. Sci. 154, 73–83 (2019)

    Article  Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Weichao Wang.

Ethics declarations

Conflict of interest

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Additional information

Paper Statement: This paper is an extension of the paper “Proof of Encryption: Enforcement of Security Service Level Agreement for Encryption” Alasmari et al. (2019) that was originally published in IEEE IDSC 2019. Section 1 to Section 3.3, Section 4.1 and 4.2 of the journal paper are the same as our conference paper. Section 3.4, 3.5, 4.3, and 4.4 are new contributions. The original conference paper studied the POE problem in symmetric encryption environments. The new extension focuses on the POE problem in asymmetric encryption environments, the proof of its safety, its difference from public auditing of cloud storage, and performance evaluation.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Alasmari, S., Wang, W., Qin, T. et al. Proof of outsourced encryption: cross verification of security service level agreement. CCF Trans. Netw. 3, 229–244 (2020). https://doi.org/10.1007/s42045-020-00046-7

Download citation

Keywords

  • Proof of Encryption
  • Security Service Level Agreement
  • User Initiated Verification