Attribute-Based
Encryption Algorithm
Ciphertext-policy
ABE (CP-ABE)
In the CP-ABE, the
encryptor controls access strategy, as the strategy gets more complex, the
design of system public key becomes more complex, and the security of the
system is proved to be more difficult. The main research work of CP-ABE is
focused on the design of the access structure.
Key-policy
ABE (KP-ABE)
In the KP-ABE, attribute
sets are used to explain the encrypted texts and the private keys with the
specified encrypted texts that users will have the left to decrypt.
Fully
homomorphic encryption (FHE)
Fully Homomorphic
encryption allows straightforward computations on encrypted information, and
also allows computing sum and product for the encrypted data without
decryption.
Searchable
Encryption (SE)
Searchable Encryption is a
cryptographic primitive which offers secure search functions over encrypted
data. In order to improve search efficiency, an SE solution generally builds
keyword indexes to securely perform user queries. Existing SE schemes can be
classified into two categories: SE based on secret-key cryptography and SE
based on public-key cryptography.
Compliance
Numerous laws and
regulations pertain to the storage and use of data. In the US these include
privacy or data protection laws, Payment
Card Industry Data Security Standard (PCI DSS), the Health
Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act, the Federal
Information Security Management Act of 2002 (FISMA), and Children's Online Privacy Protection Act of 1998, among others.Similar laws may apply in different legal jurisdictions and may differ quite markedly from those enforced in the US. Cloud service users may often need to be aware of the legal and regulatory differences between the jurisdictions. For example, data stored by a Cloud Service Provider may be located in, say, Singapore and mirrored in the US.
Many of these regulations mandate particular controls (such as strong access controls and audit trails) and require regular reporting. Cloud customers must ensure that their cloud providers adequately fulfil such requirements as appropriate, enabling them to comply with their obligations since, to a large extent, they remain accountable.
Business
continuity and data recovery
Cloud providers have business continuity and data
recovery plans in place to ensure that service can be maintained in case of a
disaster or an emergency and that any data loss will be recovered. These plans may be shared with and reviewed by their customers, ideally
dovetailing with the customers' own continuity arrangements. Joint continuity
exercises may be appropriate, simulating a major Internet or electricity supply
failure for instance.
Logs and
audit trails
In addition to producing logs and audit trails,
cloud providers work with their customers to ensure that these logs and audit
trails are properly secured, maintained for as long as the customer requires,
and are accessible for the purposes of forensic investigation (e.g., eDiscovery).
Unique
compliance requirements
In addition to the requirements to which
customers are subject, the data centers used by cloud providers may also be
subject to compliance requirements. Using a cloud service provider (CSP) can
lead to additional security concerns around data jurisdiction since customer or
tenant data may not remain on the same system, or in the same data center or
even within the same provider's cloud.
0 commentaires:
Enregistrer un commentaire