ARCHIVES

Abstract: Cloud data storage service has drawn increasing interests from both academic and industry in the recent years due to its efficient and low cost management. In recent years, the rapid adoption of cloud-based data storage services has revolutionized data management practices across academia and industry due to its effectiveness and affordability. While encryption techniques like AES (Advanced Encryption Standard) are widely employed to prevent the compromise of sensitive data, they alone are insufficient to meet the complex requirements of real-world data management scenarios Since it provides services in an open network, it is urgent for service providers to make use of secure data storage and sharing mechanism to ensure data confidentiality and service user privacy. To protect sensitive data from being compromised, the most widely used method is encryption. However, simply encrypting data (e.g., via AES) cannot fully address the practical need of data management. Besides, an effective accesscontrol over download request also needs to be considered so that Economic Denial of Sustainability (EDoS) attacks cannot be launched to hinder users from enjoying service. In this paper, we consider the dual security control, in the context of cloud- based storage, in the sense that we design a control mechanism over both data access and download request without loss of security and efficiency. Two dual security control systems are designed in this paper, where each of them is for a distinct designed setting. The security and experimental analysis for the systems are also presented. By ensuring that only authenticated and authorized users can access and manipulate data, we mitigate the risk of unauthorized access and data breaches. This work addresses these challenges by proposing a comprehensive approach: Our solution recognizes that effective security in cloud environments requires not only encryption but also a strong access control mechanism to mitigate threats such as Economic Denial of Sustainability (EDoS) attacks, which aim to disrupt service availability by preventing legitimate users from accessing their data.