Londy
-
Posts
10 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Londy
-
-
Hi all,
I'm making progress in my research on Cloud storage security. I'm looking at incorporating both Symmetric and Asymmetric Algorithms (AES, 3DES, RC5, Serpent, RSA, DHKE, ECC, etc) into a system design such that the user can as matter of choice select any of combinations of the algorithms to encrypt their data before they upload to a cloud server.
My challenge now is a modelling and simulation platform or tool that I can use to model this system and test several possibilities.
Your contributions are highly appreciated. Thanks!
0 -
On 9/10/2019 at 2:43 PM, Ghideon said:
security research methodologies could be different depending on purpose with storage and what content to store.
Hi Gidheon,
Please what are those different research methodologies that you pointed out above? You can give me some, irrespective of their purpose with storage or whatever content to store, as you mentioned also.
0 -
2 minutes ago, Strange said:
Is this chapter something you have read, or something you are expected to write? If the latter, then I think you would just describe what areas of security you decided to look at (the various technologies, the reasons for security vulnerabilities, the types of attack, etc) and why, where you looked for information, who you interviewed, etc.
If this is for a course, why not ask your lecturer / tutor for advise?
The chapter is part of what I am expected to write. I have reviewed several models proposed and implemented in the literature about security systems applied to data before upload to the cloud. i'm looking at an improvement to the existing system which is application of an encryption algorithm to the data. I can send you the background to the study so you can see.
2 minutes ago, Strange said:As this is more technology focussed, then I think the methodology would need to discuss the evaluation of the different algorithms (e.g performance, cost (such as compute time), security, etc), how you evaluated them (running simulations, mathematical analysis, finding research papers who have done that), why you chose that set of algorithms, etc.
Or ... ask your tutor.
Yes, its technology focused, and yet has a dept of academic connection. The focus has been chosen already to improve on existing systems. The existing systems chosen adopt the BRING YOUR OWN ENCRYPTION, which enables the data owner to manage their encryption and keys. But yet, there are issues of data breach, because some data owners employ a trusted third party to manage their encryption and keys. Some, even after encrypting their data also send the encrypted data with keys to cloud server. Then, another uses Hardware Security Module which the provider has a sync with. Now, improving on these weaknesses is the focus of this research, and your guide towards the methodology is well appreciated.
0 -
23 hours ago, iNow said:
This is a bit broad as a question. You must keep in mind that there are elements of security, a similar but different focus on privacy, and then depending on the nature of your cloud or business there are also elements of compliance with certain international standards and laws.
Even just within the concept of security, you have to consider encryption type, vulnerability to brute force or DDoS attacks, back doors in the code allowing entry or APIs that can extract info, spear phishing and Ops convincing users to click links or share passwords, and even whether or not there's a physical guard at the door of your server stacks or datacenter.
There's also concepts of have disaster recovery plans and the ability to transfer to alternate systems in the event of hardware failures, or backup generators in the case of power outages, and how granular the different user permissions models are (admin god-like access versus limited oversight access to subcomponents versus read-only access), etc.
Once you get into the topics of privacy and compliance, then things get even more squirrely with GDPR and other regulatory issues from one country to the next, so you really need to narrow your focus, IMO.
Ok, look at it this way.
It's an academic research. The choice or focus is on encryption of data offsite before upload to the cloud. The algorithms (Symmetric/Asymmetric) will be considered, and ways to better apply them to the system when implemented to better secure the data prio upload to cloud. In the reporting of the research, section of the report requires Research methodology, and I seem to be at wits end finding an appropriate research methodology to present the report.
Your guide is hence appreciated.
0 -
19 hours ago, Ghideon said:
@iNow covered most aspects. Depending on situation one could add geographic* redundancy/failover, likelihood or possibility of an insider attack, software revisions in use and how fast reported vulnerabilities are addressed. What kind of monitoring is in use? How stable is the business? Very fast growing or an economically struggling business could possibly partially neglect security policies. To what degree do you have insight in, or the possibility to monitor, that that contracts, rules and policies stated is actually followed? Will several competing cloud storages be compared, or are you assessing one specific storage?
That said, there is also the information aspect; to which degree each concept applies depends on the purpose of storing and what kind of information that is stored:
-How sensitive will it be when information is stolen? How sensitive is it if data is not stolen but lost? Example: completely public information may not sensitive to theft but may be valuable and must be protected against accidental or intentional deletion. Company secrets, medical records or similar should not be lost or stolen.
-What are the likely parties interested in the information? Who are you protecting the information from? Casual hackers? Competitors? Intelligence agencies?
So, depending on which aspects that are to be investigated, different methods for research will be applicable and different properties will be interesting to evaluate.
*) A secondary site may have less strict security, be the older of two sites, having older or weaker perimeter protection, weaker fire protection or similar weaknesses.
I need a scientific research methodology, that can specifically be adopted in carrying out this research on Cloud storage security. In reporting, a chapter is dedicated to Research Methodology. Now what methodology can one adopt among others for a cloud storage security, specifically?
I don't know if you are still missing the point.
0 -
23 hours ago, Ghideon said:
The examples you list above are probably not research methodologies. They are more methods for management or collaboration in general. Are you looking for scientific research methodologies or more like methods for information gathering? Cloud storage is a broad area; security research methodologies could be different depending on purpose with storage and what content to store.
Hi Ghideon,
Yes, am looking for scientific research methodologies that can be recommended as suitable in carrying out research on Cloud storage security. As ab extension, I will also not mind methods for information gathering, as it will also form great part of my work.
0 -
Thanks Strange,
Your contribution is heavily appreciated. However, what I'm actually looking at is a research methodology or strategy to embark on. E.g. Agile methodology, waterfall methodology, Object Oriented Programming methodology, etc. Which one is suitable for Cloud security, and why?
0 -
Hi MigL,
Please send across their contact links so I can contact any or all of them.
Cheers!
1 -
Hi all,
Please what is the appropriate research methodology or methodologies suitable in carrying out research on Cloud storage security?
0
Cloud Security Modelling and Simulation
in Computer Help
Posted
Sorry you did not get it.
I am looking for a suitable modelling and simulation tool (eg MATLAB, OPNET, etc) that is suitable for modelling cloud encryption systems. thanks you.