Title: Privacy preserving framework for brute force attacks in cloud environment

Authors: Ambika Vishal Pawar; Ajay R. Dani

Addresses: Symbiosis Institute of Technology (SIT), Symbiosis International University (SIU), Lavale, Pune – 412 115, Maharashtra, India ' G.H. Raisoni Institute of Engineering and Technology, Wagholi, Pune – 412207, Maharashtra, India

Abstract: Cloud model of computing will be widely adopted by different organisations if it can support a higher level of data privacy than currently supported. The higher level of data privacy is mandatory to store and query the sensitive data in cloud-based information system applications such as customer relationship management (CRM) systems. Identity-based homomorphic encryption and tokenisation has proved its efficiency in providing privacy and simultaneously querying encrypted data. However, in cloud-based software-as-a-service (SaaS) model, the adversary can run brute force attacks which can reveal the attribute values by colluding with the service provider. It is a significant challenge to detect and prevent such attacks. This paper presents a comprehensive solution using application-independent metrics consisting of different types of vulnerability measures. This paper also presents the detailed design of a system that uses application-independent metrics to prevent brute force attacks.

Keywords: privacy preservation; privacy protection; querying; cloud computing; information systems; brute force attacks; vulnerability metrics; homomorphic encryption; cryptography; cloud security; customer relationship management; CRM; attack prevention; tokenisation; software-as-a-service; SaaS.

DOI: 10.1504/IJHPCN.2017.083205

International Journal of High Performance Computing and Networking, 2017 Vol.10 No.1/2, pp.91 - 99

Received: 30 Jun 2015
Accepted: 22 Sep 2015
Published online: 22 Mar 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article