SecGOD - Google Docs: Now I Feel Safer!

This paper presents SecGOD. A tool that protects the privacy of documents created with online office suites. SecGOD is implemented as a Greasemonkey java-script making it deployable on all popular greesemonkey compatible browsers and utilizes symmetric key encryption. All operations run on the client side, with SecGOD operating invisibly as concerned by the cloud, with no changes needed to the code that is provided to the cloud server provider. Finally, the effectiveness of SecGOD is demonstrated by conducting extensive experiments measuring the processing time for the three versions of AES (128, 192, 256 bits).

Providing User Security Guarantees in Public Infrastructure Clouds

The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants - insulated from the minutiae of hardware maintenance - rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.

From traditional resource to global commodities: a comparison of Rhodiola species using NMR spectroscopy - metabolomics and HPTLC

The fast developing international trade of products based on traditional knowledge and their value chains has become an important aspect of the ethnopharmacological debate. The structure and diversity of value chains and their impact on the phytochemical composition of herbal medicinal products has been overlooked in the debate about quality problems in transnational trade. Different government policies and regulations governing trade in herbal medicinal products impact on such value chains. Medicinal Rhodiola species, including Rhodiola rosea L. and Rhodiola crenulata (Hook.f. & Thomson) H.Ohba, have been used widely in Europe and Asia as traditional herbal medicines with numerous claims for their therapeutic effects. Faced with resource depletion and environment destruction, R. rosea and R. crenulata are becoming endangered, making them more economically valuable to collectors and middlemen, and also increasing the risk of adulteration and low quality. We compare the phytochemical differences among Rhodiola raw materials available on the market to provide a practical method for Rhodiola authentication and the detection of potential adulterant compounds. Samples were collected from Europe and Asia and nuclear magnetic resonance spectroscopy coupled with multivariate analysis software and high performance thin layer chromatography techniques were used to analyse the samples. A method was developed to quantify the amount of adulterant species contained within mixtures. We compared the phytochemical composition of collected Rhodiola samples to authenticated samples. Rosavin and rosarin were mainly present in R. rosea whereas crenulatin was only present in R. crenulata. 30% of the Rhodiola samples purchased from the Chinese market were adulterated by other Rhodiola spp. Moreover, 7 % of the raw-material samples were not labelled satifactorily. The utilisation of both 1H-NMR and HPTLC methods provided an integrated analysis of the phytochemical differences and novel identification method for R. rosea and R. crenulata. Using 1H-NMR spectroscopy it was possible to quantify the presence of R. crenulata in admixtures with R. rosea. This quantitative technique could be used in the future to assess a variety of herbal drugs and products. This project also highlights the need to further study the links between producers and consumers in national and trans-national trade.

Sharing in the Rain: Secure and Efficient Data Sharing for the Cloud

Cloud storage has rapidly become a cornerstone of many businesses and has moved from an early adopters stage to an early majority, where we typically see explosive deployments. As companies rush to join the cloud revolution, it has become vital to create the necessary tools that will effectively protect users' data from unauthorized access. Nevertheless, sharing data between multiple users' under the same domain in a secure and efficient way is not trivial. In this paper, we propose Sharing in the Rain – a protocol that allows cloud users' to securely share their data based on predefined policies. The proposed protocol is based on Attribute-Based Encryption (ABE) and allows users' to encrypt data based on certain policies and attributes. Moreover, we use a Key-Policy Attribute-Based technique through which access revocation is optimized. More precisely, we show how to securely and efficiently remove access to a file, for a certain user that is misbehaving or is no longer part of a user group, without having to decrypt and re-encrypt the original data with a new key or a new policy.

LocLess: Do You Really Care Where Your Cloud Files Are?

Physical location of data in cloud storage is a problem that gains a lot of attention not only from the actual cloud providers but also from the end users' who lately raise many concerns regarding the privacy of their data. It is a common practice that cloud service providers create replicate users' data across multiple physical locations. However, moving data in different countries means that basically the access rights are transferred based on the local laws of the corresponding country. In other words, when a cloud service provider stores users' data in a different country then the transferred data is subject to the data protection laws of the country where the servers are located. In this paper, we propose LocLess, a protocol which is based on a symmetric searchable encryption scheme for protecting users' data from unauthorized access even if the data is transferred to different locations. The idea behind LocLess is that "Once data is placed on the cloud in an unencrypted form or encrypted with a key that is known to the cloud service provider, data privacy becomes an illusion". Hence, the proposed solution is solely based on encrypting data with a key that is only known to the data owner.