Client-side encryption and key management: enforcing data confidentiality in the cloud.
Loading...
Date
2016
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Cloud computing brings flexible, scalable and cost effective services. This is a computing paradigm
whose services are driven by the concept of virtualization and multi-tenancy. These concepts bring
various attractive benefits to the cloud. Among the benefits is reduction in capital costs, pay-per-use
model, enormous storage capacity etc. However, there are overwhelming concerns over data
confidentiality on the cloud. These concerns arise from various attacks that are directed towards
compromising data confidentiality in virtual machines (VMs). The attacks may include inter-VM and VM
sprawls. Moreover, weaknesses or lack of data encryption make such attacks to thrive. Hence, this
dissertation presents a novel client-side cryptosystem derived from evolutionary computing concepts. The
proposed solution makes use of chaotic random noise to generate a fitness function. The fitness function
is used to generate strong symmetric keys. The strength of the encryption key is derived from the chaotic
and randomness properties of the input noise. Such properties increase the strength of the key without
necessarily increasing its length. However, having the strongest key does not guarantee confidentiality if
the key management system is flawed. For example, encryption has little value if key management
processes are not vigorously enforced. Hence, one of the challenges of cloud-based encryption is key
management. Therefore, this dissertation also makes an attempt to address the prevalent key management
problem. It uses a counter propagation neural network (CPNN) to perform key provision and revocation.
Neural networks are used to design ciphers. Using both supervised and unsupervised machine learning
processes, the solution incorporates a CPNN to learn a crypto key. Using this technique there is no need
for users to store or retain a key which could be compromised. Furthermore, in a multi-tenant and
distributed environment such as the cloud, data can be shared among multiple cloud users or even
systems. Based on Shamir's secret sharing algorithm, this research proposes a secret sharing scheme to
ensure a seamless and convenient sharing environment. The proposed solution is implemented on a live
openNebula cloud infrastructure to demonstrate and illustrate is practicability.
Description
Master of Science in Computer Science. University of KwaZulu-Natal, Durban 2016.
Keywords
Theses - Computer Science.