A SECURITY AND PRIVACY INFRASTRUCTURE FOR CLOUD COMPUTING USING GROUP SIGNATURES
Fırat Hamit Tahaoğlu
Computer Science and Engineering, Master Thesis, 2012
Assoc. Prof. Albert Levi (Thesis Supervisor), Assoc. Prof. Berrin Yanıkoğlu, Assoc. Prof. Erkay Savaş, Asst. Prof. Cemal Yılmaz, Prof. Dr. Alev Topuzoğlu
Date &Time: February 2nd, 2012 - 13:00
Place: FENS G032
Keywords: Group Signatures, Cloud Computing, Cloud Security
New software applications are being developed every day by software development groups, ranging from the most professional to smaller amateur ones. The structures of the software development groups are very diverse, and a development environment should satisfy the needs of different kinds of group structure. Considering the advantages of low resource requirement, accessibility through mobile devices with restricted resources, and compatibility with collaborative working environments, Cloud computing is a perfect match for software developers, especially for the groups. However, since Cloud computing operates on insecure Internet, security against malicious third parties is a crucial issue. Files should be kept safe in the Cloud, and should only be accessed by those who have the authorization. Revocation and addition of the group members and the organization of the access rights should also be performed in an efficient and robust way, fulfilling the needs of different groups.
In this thesis, we propose a security and privacy infrastructure for a software development environment running in the Cloud. We propose to solve the security issues using the anonymous credential system, idemix, provided by IBM Research which relies on the Camenisch-Lysyanskaya group signature scheme. Group signatures can provide flexibility in the groups’ inner organization and are also helpful for handling the access rights. Moreover, using an anonymous credential system also provides to the group members the ability to keep their anonymity while interacting with Cloud. In this way, we aim to provide an infrastructure to serve the groups with different inner organizations by not compromising their privacy. In order to evaluate the performance of the proposed system, we develop a simulation environment using M/D/m/m queues and analyze the proposed system under different scenarios and access control structures. Our results show that the proposed system is an efficient one and can serve up to 1000 concurrent users with response time under one second using four servers.