@MASTERSTHESIS\{IMM2012-06307,
    author       = "A. Amini",
    title        = "Secure Storage in Cloud Computing",
    year         = "2012",
    school       = "Technical University of Denmark, {DTU} Informatics, {E-}mail: reception@imm.dtu.dk",
    address      = "Asmussens Alle, Building 305, {DK-}2800 Kgs. Lyngby, Denmark",
    type         = "",
    note         = "Supervised by Associate Professor Christian Damsgaard Jensen, cdj@imm.dtu.dk, {DTU} Informatics",
    url          = "http://www.imm.dtu.dk/English.aspx",
    abstract     = "In this Master’s thesis a security solution for data storage in cloud computing is examined. The solution encompasses confidentiality and integrity of the stored data, as well as a secure data sharing mechanism in the cloud storage systems. For this purpose, cryptographic access control is used, which is mainly based on cryptography. Based on an analysis of the cryptographic access control mechanism, a design is created for a system, which is intended to demonstrate the security mechanism in practice. Finally, on the basis of the proposed design, a prototype is implemented. Data confidentiality and integrity are ensured by data encryption and digital signature respectively. For encryption of data, symmetric cryptography, and for digital signature process, asymmetric cryptography is used. The main quality of the system is that all cryptographic operations are performed on the client side, which gives the users more control on the security of their data, and thus the data are not dependent on the security solutions provided by the servers. The proposed mechanism also supports a secure file sharing mechanism. A user is able to grant other users “read access”, or “read and write access” permission to his stored data. The different levels of access permission are granted by exchanging the corresponding keys between users. For granting read access, public key and symmetric key, and for granting read/write access, public, private and symmetric keys have to be exchanged between shared users. The process of exchanging keys is performed by first creating a so called key ring, which contains a list of the necessary keys, and then the key ring is distributed in order to grant access permission to other users."
}