HBRSS: Providing high-secure data communication and manipulation in insecure cloud environments

Abstract

Cloud storage and cloud services provide a stronger computing power and distributed computing capability for IoT users with a minimal cost. However, the security issues of cloud always limit the development of cloud computing and storage. In the meanwhile, the channel instability and exposure of the public network make the security of data in transmission challenged (HTTPS protocol cannot guarantee the security of data after receiving by servers). Even if homomorphic encryption can protect IoTs’ sensitive data, attackers still can infer sensitive behaviors about users by listening to the frequency of cloud services usage. To solve the above problems, in this paper, we propose a novel data transmission structure named HBRSS for high-security data transmission and data processing in insecure cloud environments and channels. HBRSS harnesses proposed data splitting principle to divide the data into blocks, packages the block data and forms a block ring based on the concept of blockchain to ensure the non-tamperability and non-destructibility of data. In addition, we propose an improved partial homomorphic encryption algorithm, which adds fuzzy processing for the data service functions to improve function-privacy. We also build a virtual mistrusted cloud service scene by using Docker and Kubernetes to evaluate our method’s performance, which can also be utilized as a standard attack drill platform for all researchers to test their own security algorithms. Based on our best knowledge, this platform is the first open-source automatic cloud attack exploitation system that contains attacks against browsers, channels, and servers. The experimental results indicate that our new encryption algorithm brings larger key-space and lower power consumption compared with some encryption algorithms.