Posted: April 6th, 2022

Computer Sciences and Information Technology

Proposed Framework
Computer Sciences and Information Technology
Proposed Framework
Introduction
The proposed enhanced framework addresses the problems c-government systems face in protecting data in all its forms and helping users maintain their privacy and integrity. The unexpected COVID-19 has pushed many governments to consider deploying Government Cloud Systems. C-Government enables the provision of various services, including those associated with controlling and handling COVID-19. C-Government has been recently utilized in notifying persons when someone they were in close proximity to has been diagnosed with COVID-19 or develops symptoms. Contact Tracing App is one of the c-government-based applications that has widely used. However, the privacy and confidentiality concerns have been associated with various c-government systems and applications, including unwanted identification of an infected and clandestine collection of data that violate privacy. Protection of privacy has become an essential element in the current fight against COVID-19.
Therefore, the proposed enhanced access control framework provided in this paper will be able to reduce data leakage or tempering by internal parties. Based on recent data from COVID-19 19, we will develop our framework that we discussed earlier by applying a design research methodology. The proposed framework controls access to the personal data of those infected with COVID-19 while using an exposure notifications system. This chapter provides details on the proposed framework, the framework’s implementation, and testing and evaluation.
The Proposed Framework
An Enhanced Access Control Framework Architecture
The architecture of enhanced access control for C-government incorporates various elements that aim to ensure the privacy, integrity, and confidentiality of data is achieved, and c-government can control the access to personal data of those infected with COVID-19. The first element of enhanced access control framework architecture is the incorporation of a Homomorphic Encryption mechanism. Homomorphic encryption enables the cloud provider without knowing the private key to perform algebraic operations and searching on stored encrypted data (cipher text) without access to it and disclosing its confidentiality (Chatterjee & Sengupta, 2015 – Research Paper Writing Help Service). Homomorphic encryption uses various public-key encryption algorithms. It is characterized by two properties: additive homomorphic property that has the ability to calculate the encryption of the sum of two messages without the need to know the original messages like the paillier algorithm, which applied in the electronic voting system. And the multiplicative homomorphic property that can compute the encryption of the product of two messages without knowing the messages themselves such: RSA and ElGamal algorithms applied in digital cash systems due to guaranteeing anonymity and in private information retrieval, and others.
The framework makes use of the CRT-BGN encryption scheme that is applied to data before it is stored in the cloud, which maintain the privacy of personal user information and documents by enabling the cloud service provider to perform computations and statistical analysis on the data without the need of decryption (Hu, 2013). It also enables the user to do the private information retrieval (PIR) with preserving the data without disclosing about it. In addition to that, it enables many parties to perform common functions on their data in a secure way (Sen, 2013). The application of CRT on the BGN scheme eliminates the limitation in the BGN encryption scheme, which is plaintext size because of the required discrete logarithm computation in the decryption process. In the CRT-BGM encryption scheme, the CRT breaks large messages into smaller pieces, while the BGM encrypts the smaller pieces (Hu, 2013).
The other essential element in the enhanced access control framework architecture is the privacy-preserving auditing protocol. The remote data integrity checking (RDIC) scheme is utilized in the framework as the privacy-preserving auditing protocol. RDIC scheme is essential to ensure the reliability of data stored at remote (untrusted server). It enables a data owner (client) to verify that his data is faithfully and properly stored in the cloud server (Yu et al., 2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). The combination of the private and public remote data integrity checking schemes that apply homomorphic encryption techniques to user data before outsourcing it to the cloud is utilized in the framework. The Public RDIC depends on the delegation of a third-party auditor (TPA) to perform the auditing process on behalf of the data owner with the aim of mitigating the burden on the data owner, which characterizes it as more practical in the cloud environment. The Public RDIC schemes architecture involves three entities, including:
1. Client (cloud user): individuals or organization who outsource their data to cloud storage.
2. CSP (cloud server provider): who provides services of data storage and maintenance for the cloud users.
3. TPA (third party auditor): who performs data integrity checking according to user request due to the capabilities and the expertise that he has (Yu et al., 2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay).
The algorithms in the enhanced privacy-preserving auditing protocol that combines private and public remote data integrity checking scheme include:
1. Setup: It takes a security parameter k as input and outputs the system parameters param and the master secret key msk.
2. Extract (param, msk, ID): It is run by the owner with identity ID. It takes the system parameters param, the master secret key msk and a user’s identity ID ∈{0, 1}∗ as input, outputs the secret key skID that corresponds to the identity ID.
3. TagGen (param, F, skID): It identifies the ID by taking the system parameters param, the secret key of the user skID and a file F ∈ {0, 1} to store as input, outputs the tags of each file block, which will be stored on the cloud together with the file F.
4. Challenge (param, F n, ID): Is run by the TPA. It takes the system parameters param, the data owner’s identity ID, and a unique file name F n as input, outputs a challenge chal for the file named F n on behalf of the user ID.
5. ProofGen (param, ID, chal, F, σ): Run by the cloud server. It takes the system parameters param, the challenge chal, the data owner’s identity ID, the tag σ, the file F and its name F n as input, outputs a data possession proof P of the challenged blocks
6. ProofCheck (param, ID, chal, P, F n): Run by the TPA. It takes the system parameters param, the challenge chal, the data owner’s identity ID, the file name F n and an alleged data possession proof P as input, outputs 1 or 0 to indicate if the file F keeps intact (Yu, et al., n.d.).
An Enhanced Access Control Framework Design
The design of the enhanced framework incorporates various factors towards achieving control of access to data in c-government. The framework will enable the data owner to apply the CRT technique on personal users’ data to enhance its encryption. The framework design also offers an option for the data owner to encrypt their personal information using BGN homomorphic encryption scheme. To achieve confidentiality of processed data, only the user of the data can decrypt it. The data owner (government) creates a digital signature for the encrypted data to demonstrate the authenticity of the users ‘data and to give proof of data integrity, making sure that it has not tampered with them and to provide non-repudiation of conducted communications. The data owner shares the decryption key and verification key with the user only, the cloud provider unaware of this decryption key and verification key. Only the authorized user who has the decryption key shared by the data owner can decrypt it to the original data and use the verification key to check its consistency.
The enhanced framework design provides an option to the owner to provide a suitable mechanism to allow the users to get the data and notify the provider. The owner sends documents to the cloud provider. The documents contain homomorphic encrypted trusted usernames and their roles or attributes, defaulting to the minimum amount of permissions. The government then sends to the user with encryption, with the user having to provide their user name, role, and a one-time password to decrypt the document. Cloud provider authenticates user identities and provides users with appropriate levels of data access and permissions based on their roles specified by the government. If necessary, revoke the user and restrict the access when a user should no longer have access. The cloud provider performs that without knowing the username and roles. The enhanced framework will also enable the user to check their data, and therefore they ensure the integrity of their own data; there is a private audit after each number of public audits. Each period, the user applies private auditing by retrieving their data from the cloud and comparing it with the stored encrypted data in their device. If they are equal, so the data has not been tampered with. If they are not equal, it means there is someone tampered with the stored data on the cloud server, and therefore the user should update their data by resending the encrypted data to the government. That will ensure the integrity of data being stored in the cloud.
The Proposed Solution in Detail
The enhanced access control framework for preserving user’s data privacy and Integrity on Government Cloud will provide the solution required in providing privacy and confidentiality. As protecting the privacy of individuals’ data is of utmost importance in the solution that fights COVID-19, the enhanced framework will enable the access control that will reduce data leakage or tempering by internal parties as a solution to privacy concerns notifying individuals involved in COVID-19 related situations. The enhanced framework provides the best privacy-preserving method to encrypt data while enabling CSPs to perform their task is somewhat homomorphic encryption (BGN), and the most appropriate auditing method with our interest and for achieving the objectives of this research is the combination of the two schemes to take the public auditing scheme advantages and reduces the defect of the private auditing scheme. The enhanced framework will reduce the burden on the user and guarantee them the data’s integrity and privacy. The framework will also achieve to preserve the confidentiality of data in all forms, including at rest, in transit, and in use. Therefore the data involving COVID-19 will remain private only to be delivered and viewed by the user, which will also reduce the possibility of tampering with the information internally.
Source Of Data Collections and Selected Data Analysis Technique
The information gathering and processing regarding an enhanced access control framework was conducted through various data collection and data analysis techniques. The sources utilized in collecting data include literature sources, which provided information about the generic security framework. The literature analysis also availed information regarding operational Government Clouds and their framework to identify the best framework to be implemented for access control that will ensure data privacy and confidentiality are achieved in the c-government. Another source of data collection that was utilized is the surveys. Surveys were conducted to identify various government cloud use cases, including Estonia, Spain, the United Kingdom, and Greece. The use cases were selected for their adoption and use of the government cloud and their willingness to provide the required data for conducting validation. The information was also obtained through a survey, whereby the use case scenarios of initially defined generic security framework and strategies that had been adopted in the case studies analyzed from the perspective of the security life cycle were used by identifying and engaging relevant stakeholders and representatives from the selected c-government use cases. The interviews were conducted through telephone, web conference, and email communication. The adopted data collection methodologies enabled the c-government use cases’ characterization based on different security aspects, including requirements, contracts, SLAs, and certifications. It also provided the relevant security challenges of the use cases, such as resilience, continuous monitoring, portability, and access control. The method applied resulted in a comprehensive analysis of selected government cloud security frameworks provided as use cases, which promoted the definition of a reference access control strategy blueprint.
Various data analysis techniques were deployed in the analysis of the information obtained on use cases. The Monte Carlo simulation method was utilized in generating models of possible outcomes and their probability distribution concerning the security framework that had been defined and those from the use cases. The methodology analyzed the security risks associated with data privacy and integrity in the identified security framework and c-government sue cases. Cluster analysis was also utilized in analyzing data obtained from documentation in the use cases. Through cluster analysis, various security concern patterns concerning data privacy and integrity were obtained. The methodologies provided the cons and pros of the adopted security framework in c-government, which enabled an enhanced access control framework strategy to be defined.
Implementation
The implementation of the enhanced access control framework goes back to back with existing c-government implementations. The implementation is a structure based on a Deming cycle that consists of four faces: Plan, Do, Check, Act (Lucidchart, 2020). The phases used in the implementation were selected based on studies that identified them as the general steps government agencies mostly follow when deploying a secure service in c-government.
Plan Phase
It is the first critical step in the implementation of the enhanced access control framework in c-government, which involves defining risk profiles and identifying security requirements. The steps involved in the planning phase include risk profiling, which various activities. The activities that are conducted in the risk profiling include the selection of the set of services to cloudfy; selecting relevant security dimension for each service, such as confidentiality, availability, privacy, and integrity; evaluating individual impact to dimensions; determining the risk category of the service under evaluation; and determining the overall risk profile (ENISA, 2015 – Research Paper Writing Help Service). The second step of the planning phase is the architectural model, which involves deciding the cloud deployment model and service model. The last step in the planning phase involves establishing security and privacy requirements.
Do Phase
The phase involves the implementation of the specific security controls required in achieving the security requirements established in the Plan phase. The steps involved in the Do phase include security controls, which involves the selection of appropriate security controls to be outsourced to the cloud service provider. The second step is the implementation, deployment, and accreditation, which involves three activities: formalization and implementation of the selected security controls, verification of the cloud service’s suitability to provide a sufficient level of assurance, and starting the operation of the government cloud service.
Check Phase
The phase involves monitoring the deployed security controls to verify their efficiency and effectiveness. It involves two activities: log/monitoring that involves periodic checking of the security controls to ensure they are in place and being followed, and the audit, which involves verifying that the contracted levels of security are being fulfilled.
Act phase
The phase involves the action taken as remedies to deficiencies identified in the Check phase by improving or mitigating the deficiencies. The Act phase consists of two workflow activities. They include change management, which involves actions concerning changes in the service’s operation that does not imply service finalization and acting upon them (ENISA, 2015 – Research Paper Writing Help Service). It also involves the exit management task, which includes detecting finalization, and contracting termination, the return of data to the customer, and data deletion.
Testing and Evaluation
The testing and evaluation of the enhanced access control framework verify and validates its solution. It is required to ensure that data privacy and confidentiality concerns are eliminated by reducing data leakage or tempering by internal parties. To evaluate the enhanced framework’s security requirement agent, the use of an untrusted device by trusted and untrusted internal parties is used to access the system (Almarhabi et al., 2018: 2024 – Write My Essay For Me | Essay Writing Service For Your Papers Online). It is expected that the enhanced access control framework will enable the c-government system to detect an untrusted device that does not meet security access requirements. The access control framework is attacked during the processing, transfer, and storage phase of data to evaluate the individuals’ data privacy. It is expected that the proposed enhanced access control framework will deny access and block the attacks by monitoring the hash value. Privacy, integrity, and confidentiality capabilities of the enhanced access control framework based c-government; a test of 20 access control policies is conducted during the transfer phase. The test incorporates correct and incorrect digital signatures and the original and modified cipher text. It is expected that the enhanced access control framework will be able to detect the correct digital signatures and original cipher text and allow access while denying to those with access to incorrect digital signatures and modified cipher text.

References
Almarhabi, K., Jambi, K., Eassa, F., & Batarfi, O. (2018: 2024 – Write My Essay For Me | Essay Writing Service For Your Papers Online). An Evaluation of the Proposed Framework for Access Control in the Cloud and BYOD Environment. International Journal of Advanced Computer Science and Applications. 9(10). doi: 10.14569/IJACSA.2018: 2024 – Write My Essay For Me | Essay Writing Service For Your Papers Online.091026
Chatterjee, A., & Sengupta, I. (2015 – Research Paper Writing Help Service). Searching and Sorting of Fully Homomorphic Encrypted Data on Cloud. IACR Cryptology ePrint Archive 2015 – Research Paper Writing Help Service: 981.
ENISA. (2015 – Research Paper Writing Help Service). Security Framework for Governmental Clouds. Retrieved from www.enisa.europa.eu.
Hu, Y. (2013). Improving the Efficiency of Homomorphic Encryption Schemes. A Dissertation. Retrieved from https://web.wpi.edu/Pubs/ETD/Available/etd-042513-154859/unrestricted/YHu.pdf
Lucidchart. (2020). How to apply the Plan-Do-Check-Act (PDCA) model to improve your business. Retrieved from https://www.lucidchart.com/blog/plan-do-check-act-cycle
Sen, J. (2013). Homomorphic encryption-Theory and Application. Theory and Practice of Cryptography and Network Security Protocols and Technologies.1-21.
Yu, Y., Au, M., Mu, Y., Tang, S., Ren, J., Susilo, W. & Dong, L. (2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). Enhanced privacy of a remote data integrity-checking protocol for secure cloud storage. International Journal of Information Security: 1-11. https://core.ac.uk/download/pdf/189854791.pdf
Yu, Y., Au, M., Ateniese, G., Huang, X., Dai, Y., Susilo, W., & Min, G. (n.d.). Identity-based Remote Data Integrity Checking with Perfect Data Privacy Preserving for Cloud Storage. Retrieved from https://core.ac.uk/download/pdf/77033316.pdf

Order | Check Discount