USA flag logo/image

An Official Website of the United States Government

Assured Information Sharing in Clouds

Award Information

Agency:
Department of Defense
Branch:
Air Force
Award ID:
Program Year/Program:
2012 / STTR
Agency Tracking Number:
F11B-T30-0227
Solicitation Year:
2011
Solicitation Topic Code:
AF11-BT30
Solicitation Number:
2011.B
Small Business Information
InfoBeyond Technology LLC
Suite 220 10400 Linn Station Road Louisville, KY -
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2012
Title: Assured Information Sharing in Clouds
Agency / Branch: DOD / USAF
Contract: FA8750-12-C-0140
Award Amount: $100,000.00
 

Abstract:

ABSTRACT: In the future, numerous military database, documentation, and mission-critical information systems will be migrated to the clouds, due to cloud cost-efficiency and accessing flexibility. However, the cloud servers are generally untrusted either for data owners or users. In this proposal, A3IS (Attribute-based Algorithms for Assured Information Sharing) is proposed for dynamically and securely data storage, query, and access in a policy-based manner. Basically, A3IS transfers all DoD policies into the corresponding attributes in such a way to validate whether the security policy is enforced for any data manipulation. All the data are encrypted on the cloud servers. The confidentiality and privacy of the owner are protected. On the other hands, only the user satisfying the predefined policies can fetch and decrypt the data with the corresponding keys. For flexible data access, A3IS has the secure fuzzy searching algorithm for users to search the data of his interest from the encrypted data in the cloud. The cloud server is unable to access the decrypted data or infer any additional information. Furthermore, A3IS achieves a fine-granted and flexible access control on the data, having the functions of authentication, authorization, and key distribution for of data owner and users. BENEFIT: Database applications, document management, mission-critical management are the leading applications in the Cloud. Cloud security is enhanced, compared to other distributed systems. However, the military and government cloud adoption in these applications still relies on the system security while the data security is the top concern, according to the Lockheed Martin Cyber Security Alliance survey on cloud computing and cyber security conducted by Market Connections, Inc. A3IS represents a vital advance on the cloud security where the data access control have to be secured by user policies. Once it is developed as a COTS/GOTS security product, A3IS leads to three critical business benefits. At first, A3IS offers data storage security across different sources. All data are encrypted by the data owner before uploading them into the cloud data servers. For data storage, the data owner is authenticated by the third party (e.g., attribute authority), instead of the cloud data server. The attribute authority enables secure data sharing across Air Force, Navy, Army, CIA, FBI, and DHS, and other agencies. Secondly, A3IS provides flexible and efficient policy-based data sharing security as the policy is transited to data attribute. The policies are created at the attribute authority by the data owner. They are then transferred into attributes imposed on the data. Only the user satisfying the policy can access the data with corresponding policy. Thirdly, A3IS achieves flexible and efficient secure query. It allows data query and other operations on the encrypted data. In addition, the fuzzy keyword search accommodates users typos in the querying keywords. The Air Force would gain significant value from the commercialized dual-use A3IS products. By flexible production options, the marketing cost can be reduced through an economical license model that offers attractive development, demonstration, and production options. The use of A3IS would increase return-on-investment through protecting the Air Force and other DoD information systems. The A3IS design would enable rapid technology transition and commercialization success. In the private sector market, A3IS can be used for hospitals, healthcare, and financial organizations. It can also be used for enterprise cloud database and document management applications if the data are accessed by user policies. The private market size is much larger than that of military applications, and the cloud market will reach $2.5bn by 2015, according to research from International Data Corporation (IDC). Such a large market need will help attract a great amount of potential investment. Our effort is to transition the application of our technologies into actual security products. We will closely work with our partners to transfer this technology into the military and commercial worlds.

Principal Investigator:

Bin Xie
President
(502) 742-9770
Bin.Xie@InfoBeyonds.com

Business Contact:

Bin Xie
President
(502) 742-9770
Bin.Xie@InfoBeyonds.com
Small Business Information at Submission:

InfoBeyond Technology LLC
Suite 220, Atrium Center 10400 Linn Station Road Louisville, KY 40223-

EIN/Tax ID: 262783072
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
Research Institution Information:
Stevens Institute of Technology
Office of Sponsored Research
Castle Point on Hudson
Hoboken, NJ 07030-7030
Contact: Chrissa P. P.e
Contact Phone: (201) 216-8051