Privacy preserving framework for brute force attacks in cloud environment

Abstract

Cloud model of computing will be widely adopted by different organisations if it can support a higher level of data privacy than currently supported. The higher level of data privacy is mandatory to store and query the sensitive data in cloud-based information system applications such as customer relationship management (CRM) systems. Identity-based homomorphic encryption and tokenisation has proved its efficiency in providing privacy and simultaneously querying encrypted data. However, in cloud-based software-as-a-service (SaaS) model, the adversary can run brute force attacks which can reveal the attribute values by colluding with the service provider. It is a significant challenge to detect and prevent such attacks. This paper presents a comprehensive solution using application-independent metrics consisting of different types of vulnerability measures. This paper also presents the detailed design of a system that uses application-independent metrics to prevent brute force attacks.