Secure and efficient privacy-preserving public auditing scheme for cloud storage

Cloud computing poses many challenges on integrity and privacy of users’ data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.     

A Lightweight And privacy-preserving public cloud auditing scheme without bilinear pairings in smart cities

Smart Cities have become a global strategy. However, massive data generated by various smart devices need to be uploaded and stored to the cloud servers. It is critical to ensure the integrity and privacy of the stored data. Quite a few public cloud auditing schemes have been proposed recently. However, most of them use bilinear pairing operations in the audit phase, requiring a significant time cost. Meanwhile, users (may be resource-constrained mobile devices or sensor nodes) still need to perform significant computations, like computing meta data for each data block, which bring a huge burden of calculation for these users. Moreover, those schemes cannot effectively protect users’ data privacy. Thus, we propose a lightweight and privacy-preserving public cloud auditing scheme for smart cities that does not require bilinear pairings. First, the proposed scheme is pairing-free, and allowing a third party auditor to generate authentication meta set on behalf of users. Furthermore, it also protects data privacy against the third party auditor and the cloud service providers. In addition, this new scheme can be easily and naturally extended to batch auditing in a multi-user scenario. Detailed security and performance analyses show that the proposed scheme is more secure and efficient compared to the existing public cloud auditing schemes.     

Multi-key privacy-preserving deep learning in cloud computing

Deep learning has attracted a lot of attention and has been applied successfully in many areas such as bioinformatics, imaging processing, game playing and computer security etc. On the other hand, deep learning usually requires a lot of training data which may not be provided by a sole owner. As the volume of data gets huge, it is common for users to store their data in a third-party cloud. Due to the confidentiality of the data, data are usually stored in encrypted form. To apply deep learning to these datasets owned by multiple data owners on cloud, we need to tackle two challenges: (i) the data are encrypted with different keys, all operations including intermediate results must be secure; and (ii) the computational cost and the communication cost of the data owner(s) should be kept minimal. In our work, we propose two schemes to solve the above problems. We first present a basic scheme based on multi-key fully homomorphic encryption (MK-FHE), then we propose an advanced scheme based on a hybrid structure by combining the double decryption mechanism and fully homomorphic encryption (FHE). We also prove that these two multi-key privacy-preserving deep learning schemes over encrypted data are secure.     

具有紧凑标签的基于身份匿名云审计方案

云存储技术具有效率高、可扩展性强等优点。用户可以借助云存储技术节省本地的存储开销,并与他人共享数据。然而,数据存储到云服务器后,用户失去对数据的物理控制,需要有相应的机制保证云中数据的完整性。数据拥有证明（PDP,provable data possession）机制允许用户或用户委托的第三方审计员（TPA,third party auditor）对数据完整性进行验证。但在实际应用中,数据通常由多个用户共同维护,用户在进行完整性验证请求的同时泄露了自己的身份。匿名云审计支持TPA在完成数据完整性验证时保证用户的匿名性。在基于身份体制下,匿名云审计方案通常需要借助基于身份的环签名或群签名技术实现,数据标签的构成元素与用户数量相关,使得数据标签不够紧凑,存储效率较低。为了解决这一问题,提出一种基于身份的匿名云审计方案通用构造,使用一个传统体制下的签名方案和一个传统体制下的匿名云审计方案即可构造一个基于身份的匿名云审计方案。基于该通用构造,使用BLS签名和一个传统体制下具有紧凑标签的匿名云审计方案设计了具有紧凑标签的基于身份匿名云审计方案。该方案主要优势在于数据标签短,能够减少云服务器的存储...     

An efficient privacy-preserving multi-keyword search over encrypted cloud data with ranking

Information search and retrieval from a remote database (e.g., cloud server) involves a multitude of privacy issues. Submitted search terms and their frequencies, returned responses and order of their relevance, and retrieved data items may contain sensitive information about the users. In this paper, we propose an efficient multi-keyword search scheme that ensures users’ privacy against both external adversaries including other authorized users and cloud server itself. The proposed scheme uses cryptographic techniques as well as query and response randomization. Provided that the security and randomization parameters are appropriately chosen, both search terms in queries and returned responses are protected against privacy violations. The scheme implements strict security and privacy requirements that essentially disallow linking queries featuring identical search terms. We also incorporate an effective ranking capability in the scheme that enables user to retrieve only the top matching results. Our comprehensive analytical study and extensive experiments using both real and synthetic datasets demonstrate that the proposed scheme is privacy-preserving, effective, and highly efficient.     

基于密文策略属性加密体制的匿名云存储隐私保护方案

针对云存储中数据机密性问题,为解决密钥泄漏与属性撤销问题,从数据的机密性存储以及访问的不可区分性两个方面设计了基于密文策略属性加密体制(CP_ABE)的匿名云存储隐私保护方案。提出了关于密钥泄漏的前向安全的不可逆密钥更新算法;在层次化用户组以及改进的Subset-Difference算法基础上,利用云端数据重加密算法实现属性的细粒度撤销;基于同态加密算法实现k匿名l多样性数据请求,隐藏用户潜在兴趣,并在数据应答中插入数据的二次加密,满足关于密钥泄漏的后向安全。在标准安全模型下,基于l阶双线性Diffie-Hellman(判定性l-BDHE)假设给出所提出方案的选择性安全证明,并分别从计算开销、密钥长度以及安全性等方面验证了方案的性能优势。     

面向云计算隐私保护的5A问责制建模

针对云计算数据安全的核心问题——隐私安全的保护问题,提出了一种面向云计算隐私保护的5A问责机制。并基于该5A问责机制,对服务提供方的隐私安全策略、租户的隐私需求、云隐私暴露条件和安全场景等进行了精确定义和形式化描述与建模。主要以描述逻辑为基础,重点研究面向语义的云隐私需求描述方法,并对云隐私需求和服务提供方的隐私策略一致性等问题进行检测,避免冲突。在界定并形式化描述云隐私暴露条件和云安全场景的基础上,采用Protégé本体建模工具对云租户的隐私需求和云服务提供方的隐私策略、隐私暴露条件和安全场景等进行建模并检验,验证了形式化建模及其描述的一致性和完整性,为后续5A问责制机制的实现奠定了基础。     

2PBDC: privacy-preserving bigdata collection in cloud environment

The Journal of Supercomputing - The combination of two overlapping technologies (bigdata and cloud computing) helps easy access to the evolving applications. In this context, there is a serious...     

A privacy-preserving multi-keyword ranked retrieval scheme in cloud computing

ABSTRACT

Big data and cloud computing could bring security problems. In order to ensure data security and user privacy, people would choose to store data in the cloud with ciphertext. How to search data efficiently and comprehensively without decryption has become the focus of this paper. In this paper, we propose an efficient privacy protection scheme. In this scheme, Elliptic Curve Cryptography (ECC) is adopted to encrypt the data. It can reduce the computing cost of encryption and decryption uploading the encrypted files and indexes to the cloud server. Then it can authorize users to generate trap door using hash conflict function, and send it to Cloud Service Provider (CSP) for searching for matched ciphertext. The CSP uses the Apriori algorithm to extend keywords and search index to match the ciphertext. In this paper, we will use the Apriori algorithm to extend the keywords’ semantics, match the index list based on these keywords, and return the requested file-set which is more consistent with the user’s search. Experiments show that compared with traditional methods, files can be encrypted, decrypted, and recovered more quickly when we use this method. It can also ensure the privacy of data and reduce the communication overhead.     

Practical cloud storage auditing using serverless computing

Cloud storage auditing research is dedicated to solving the data integrity problem of outsourced storage on the cloud. In recent years, researchers have proposed various cloud storage auditing schemes using different techniques. While these studies are elegant in theory, they assume an ideal cloud storage model;that is, they assume that the cloud provides the storage and compute interfaces as required by the proposed schemes. However, this does not hold for mainstream cloud storage systems becau...     

A secure cloud storage system supporting privacy-preserving fuzzy deduplication

Deduplication is an important technology in the cloud storage service. For protecting user privacy, sensitive data usually have to be encrypted before outsourcing. This makes secure data deduplication a challenging task. Although convergent encryption is used to securely eliminate duplicate copies on the encrypted data, these secure deduplication techniques support only exact data deduplication. That is, there is no tolerance of differences in traditional deduplication schemes. This requirement is too strict for multimedia data including image. For images, typical modifications such as resizing and compression only change their binary presentation but maintain human visual perceptions, which should be eliminated as duplicate copies. Those perceptual similar images occupy a lot of storage space on the remote server and greatly affect the efficiency of deduplication system. In this paper, we first formalize and solve the problem of effective fuzzy image deduplication while maintaining user privacy. Our solution eliminates duplicated images based on the measurement of image similarity over encrypted data. The robustness evaluation is given and demonstrates that this fuzzy deduplication system is able to duplicate perceptual similar images, which optimizes the storage and bandwidth overhead greatly in cloud storage service.     

A security evaluation framework for cloud security auditing

Cloud computing is clearly one of today’s most enticing technologies due to its scalable, flexible, and cost-efficient access to infrastructure and application services. Despite these benefits, cloud service users (CSUs) have serious concerns about the data security and privacy. Currently, there are several cloud service providers (CSPs) offering a wide range of services to their customers with varying levels of security strengths. Due to the vast diversity in the available cloud services, from the customer’s perspective, it has become difficult to decide which CSP they should use and what should be the selection criteria. Presently, there is no framework that can allow CSUs to evaluate CSPs based on their ability to meet the customer’s security requirements. We propose a framework and a mechanism that evaluate the security strength of CSPs based on the customer’s security preferences. We have shown the applicability of our security evaluation framework using a case study.     

Achieving fully privacy-preserving private range queries over outsourced cloud data

With the prevalence of cloud computing, data owners are motivated to outsource their databases to the cloud server. However, to preserve data privacy, sensitive private data have to be encrypted before outsourcing, which makes data utilization a very challenging task. Existing work either focus on keyword searches and single-dimensional range query, or suffer from inadequate security guarantees and inefficiency. In this paper, we consider the problem of multidimensional private range queries over encrypted cloud data. To solve the problem, we systematically establish a set of privacy requirements for multidimensional private range queries, and propose a multidimensional private range query (MPRQ) framework based on private block retrieval (PBR), in which data owners keep the query private from the cloud server. To achieve both efficiency and privacy goals, we present an efficient and fully privacy-preserving private range query (PPRQ) protocol by using batch codes and multiplication avoiding technique. To our best knowledge, PPRQ is the first to protect the query, access pattern and single-dimensional privacy simultaneously while achieving efficient range queries. Moreover, PPRQ is secure in the sense of cryptography against semi-honest adversaries. Experiments on real-world datasets show that the computation and communication overhead of PPRQ is modest.     

POISIDD: privacy-preserving outsourced image sharing scheme with illegal distributor detection in cloud computing

Privacy-preserving outsourced image sharing schemes can help relieve the local storage of image owners and protect images’ privacy by sending encrypted images to receivers, but they cannot prevent the decrypted image from being illegally distributed by illegal distributors. To cope with this issue, we propose a privacy-preserving image sharing scheme with illegal distributor detection (POISIDD). POISIDD embeds the authentication information of image receiver in the encrypted form based on discrete cosine transform (DCT) and privacy-preserving outsourced calculation on floating point numbers (POCF) . Moreover, in order to prevent all operations from being carried out by the single cloud which may lead to privacy disclosure, we adopt two platforms (Storage Center and Authentication Center) to achieve the embedding of authentication information(AI) by the communications between them. Furthermore, in order to better defend against attackers, we generate random vectors based on the original AI and use them instead of the AI as the embedded data. The aim of identifying illegal distributor will be achieved with the help of Authentication Center. The scheme is secure under the defined attack model, and its robustness under different attacks has been shown by experiments.

     

Efficient privacy-preserving frequent itemset query over semantically secure encrypted cloud database

World Wide Web - In recent years, more users tend to use data mining as a service (DMaaS) provided by cloud service providers. However, while enjoying the convenient pay-per-use mode and powerful...     

CP2EH: a comprehensive privacy-preserving e-health scheme over cloud

The Journal of Supercomputing - In the Attribute-Based Encryption (ABE) scheme, patients encrypt their electronic health record (EHR), attach the appropriate attributes with it, and outsource them...     

面向公有云的数据完整性公开审计方案

针对云数据完整性公开审计中隐私泄漏给第三方审计者（TPA）以及云存储服务器（CSS）发起替代攻击的问题,提出一种面向公有云的数据完整性公开审计方案。该方案首先利用哈希值混淆方法,模糊化云存储服务器返回的证据,以防止TPA分析证据计算出原始数据;然后,在审计过程中,由TPA自行计算出文件Merkle哈希树（MHT）对应挑战请求所选数据块的覆盖树,并与CSS返回的覆盖树作结构匹配,以防止云存储服务器用其他已有数据响应审计挑战。实验结果表明,该方案解决了现有方案隐私问题及攻击问题后,在计算开销、存储开销和通信开销方面的性能不会有数量级变化。     

On the security of auditing mechanisms for secure cloud storage

Cloud computing is a novel computing model that enables convenient and on-demand access to a shared pool of configurable computing resources. Auditing services are highly essential to make sure that the data is correctly hosted in the cloud. In this paper, we investigate the active adversary attacks in three auditing mechanisms for shared data in the cloud, including two identity privacy-preserving auditing mechanisms called Oruta and Knox, and a distributed storage integrity auditing mechanism. We show that these schemes become insecure when active adversaries are involved in the cloud storage. Specifically, an active adversary can arbitrarily alter the cloud data without being detected by the auditor in the verification phase. We also propose a solution to remedy the weakness without sacrificing any desirable features of these mechanisms.     

Privacy-preserving public auditing for educational multimedia data in cloud computing

Nowadays, as distance learning is being widly used, multimedia data becomes an effective way for delivering educational contents in online educational systems. To handle the educational multimedia data efficiently, many distance learning systems adopt a cloud storage service. Cloud computing and storage services provide a secure and reliable access to the outsourced educational multimedia contents for users. However, it brings challenging security issues in terms of data confidentiality and integrity. The straightforward way for the integrity check is to make the user download the entire data for verifying them. But, it is inefficient due to the large size of educational multimedia data in the cloud. Recently many integrity auditing protocols have been proposed, but most of them do not consider the data privacy for the cloud service provider. Additionally, the previous schemes suffer from dynamic management of outsourced data. In this paper, we propose a public auditing protocol for educational multimedia data outsourced in the cloud storage. By using random values and a homomorphic hash function, our proposed protocol ensures data privacy for the cloud and the third party auditor (TPA). Also, it is secure against lose attack and temper attack. Moreover, our protocol is able to support fully dynamic auditing. Security and performance analysis results show that the proposed scheme is secure while guaranteeing minimum extra computation costs.     

基于代理重签名的支持用户可撤销的云存储数据公共审计方案

针对用户动态可撤销需要新的数据管理员对其前任所管理的数据进行完整性验证的问题,基于单向代理重签名技术提出了具有隐私保护的支持用户可撤销的云存储数据公共审计方案。首先,该方案中所采用的单向代理重签名算法,其代理重签名密钥由当前用户私钥结合已撤销用户公钥生成,不存在私钥泄露问题,能够安全实现数据所有权的转移;其次,该方案证明了恶意的云服务器不能产生伪造的审计证明响应信息来欺骗第三方审计者（TPA）通过审计验证过程;更进一步,该方案采用了随机掩饰码技术,能够有效防止好奇的第三方审计者恢复原始数据块。和Panda方案相比较,所提方案在增加抗合谋攻击功能的基础上,其审计过程中通信开销与计算代价仍全部低于Panda方案。