Latest IEEE Cloud Computing Projects:
TN Tech World is a pioneer in developing Final Year 2023 Latest IEEE Cloud Computing Project for CSE in online Projects for CSE, IT, and MCA students. TN Tech World offers customized Latest IEEE Cloud Computing projects for CSE in online projects for Final Year Projects. Latest IEEE Cloud Computing Projects for CSE online are developed by using Eclipse IDE and Database as MYSQL. TN Tech World provides Final Year Latest IEEE Cloud Computing Project for CSE in online, Engineering, IT, B.E., B.Tech., M.E., M.Tech., M.S., M.Sc., MCA, B.Sc., BCA, and Diploma Projects.TNTechWorld provides the Latest IEEE Cloud Computing Project for CSE online related to banking projects to permit the secure transfer of KYC verification stamps from one entity to another. In addition, it offers a highly immutable and detailed audit trail on all actions on KYC files.
In the Latest IEEE Cloud Computing Project for CSE in the healthcare system, a lot of patient data is stored, and this data needs to be safe and private. In addition, much Latest IEEE Cloud Computing Project for CSE research can also be done to improve the healthcare system and find quick and more straightforward methods to detect and treat diseases. So, we can implement using Latest IEEE Cloud Computing Project for CSE in which data will be safe, and research will also be conducted instead of other technology. The latest IEEE Cloud Computing Project for CSE projects uses cryptography blocks to ensure a secure and reliable system. The latest IEEE Cloud Computing Project for CSE is rapidly finding services in the government, Healthcare, Industrial, and Banking sectors. Get the Latest IEEE Cloud Computing Project for CSE for Supply Chain, Healthcare, Banking & Government Sectors with customized development systems.
Many people think of the latest IEEE Cloud Computing Project for CSE as very hard to implement and the technology that powers Bitcoin; however, it is much broader. In simple words, it is a distributed database that maintains the records of all transactions that have been executed and shared among different parties. Here, let’s explain some of the most exciting project ideas that can be implemented in the Latest IEEE Cloud Computing Project for CSE. But before that, let’s first understand what’s unique about Latest IEEE Cloud Computing Project for CSE and how it revolutionizes how we interact with data: It stores information in the form of blocks linked together to form a continuous chain of blocks. If you make changes to any partnership, you don’t rewrite it. Instead, the difference gets stored inside a new block. Decentralized and Distributed System creates trust in the data of the Latest IEEE Cloud Computing Project for CSE.
Cloud Computing
Cloud Computing provides different services through the world wide web or the Internet. These resources include tools and apps like data storage, servers, DB, networking, and software. For more details.
Cloud Computing gives users access to storage, files, software, and servers through their internet-connected devices: computers, smartphones, tablets, and wearables. Cloud Computing providers store and process data in a location separate from end-users.
Top benefits of Cloud Computing
- Cost
- Global scale
- Performance
- Security
- Speed
- Productivity
- Reliability. for more details.
Types of Cloud Computing
Public Cloud
Public cloud service provides a shared platform that is easily accessible to the common public through a World wide web or internet connection.
Private Cloud
Private cloud computing needs permission to access the cloud service. Organizations use personal cloud services as part of their infrastructure.
Hybrid Cloud
A hybrid cloud is a combination of public and private clouds. For more details.
Cloud Services:
- IaaS
- PaaS
- Serverless
- SaaS for more Detials.
Latest Cloud Computing Project List:
Abstract
Genes have great significance for the prevention and treatment of some diseases. A vital consideration is the need to find a way to locate pathogenic genes by analyzing the genetic data obtained from different medical institutions while protecting the privacy of patients’ genetic data. In this paper, we present a secure scheme for locating disease-causing genes based on Multi-Key Homomorphic Encryption (MKHE), which reduces the risk of leaking genetic data. First, we combine MKHE with a frequency-based pathogenic gene location function. The medical institutions use MKHE to encrypt their genetic data. The cloud then homomorphically evaluates specific gene-locating circuits on the encrypted genetic data. Second, whereas most location circuits are designed only for locating monogenic diseases, we propose two location circuits (TH-intersection and Top-q) that can locate the disease-causing genes of polygenic diseases. Third, we construct a directed decryption protocol in which the users involved in the homomorphic evaluation can appoint a target user who can obtain the final decryption result. Our experimental results show that compared to the JWB+17 scheme published in the journal Science, our scheme can be used to diagnose polygenic diseases, and the participants only need to upload their encrypted genetic data once, which reduces the communication traffic by a few hundred-fold.
Abstract
With the rapid development of information technology, it becomes more and more popular for the use of electronic information systems in medical institutions. To protect the confidentiality of private EHRs, attribute-based encryption (ABE) schemes that can provide one-to-many encryption are often used as a solution. At the same time, blockchain technology makes it possible to build distributed databases without relying on trusted third-party institutions. This paper proposes a secure and efficient attribute-based encryption with outsourced decryption scheme based on blockchain, which can realize flexible and fine-grained access control and further improve the security of blockchain data sharing.
Abstract
It is becoming fashionable for people to access data outsourced to clouds with mobile devices. To protect data security and privacy, attribute-based encryption (ABE) has been widely used in cloud storage systems. However, one of the main efficiency drawbacks of ABE is the high computation overheads at mobile devices during user revocation and file access. To address this issue, we propose a revocable attribute-based data storage (RADS) scheme equipped with several attracting features. First, our RADS scheme achieves a fine-grained access control mechanism, by which file owners do not need to explicitly specify authorized visitors to their outsourced files. Second, our RADS scheme allows mobile users to authorize the cloud service provider (CSP) to share costly computations in file access, without exposing the file content. Third, our RADS scheme offloads the operations of access-credential update and file re-encryption during revocation process to CSP, leaving all non-revoked users undisturbed. The revocation of RADS achieves a strong data protection, i.e., revoked users can access neither newly uploaded files nor old ones. The security and efficiency of the RADS scheme are validated via both analysis and experimental results.
Abstract
The clustering algorithm is a useful tool for analyzing medical data. For instance, the k-means clustering can be used to study precipitating factors of a disease. In order to implement the clustering algorithm efficiently, data computation is outsourced to cloud servers, which may leak the private data. Encryption is a common method for solving this problem. But cloud servers are difficult to calculate ciphertexts from multiple parties. Hence, we choose multi-key fully homomorphic encryption (FHE), which supports computations on the ciphertexts that have different secret keys, to protect the private data. In this paper, based on Chen’s multi-key FHE scheme, we first propose secure squared euclidean, comparison, minimum, and average protocols. Then, we design the basic and advanced schemes for implementing the secure multi-party k-means clustering algorithm. In the basic scheme, the implementation of homomorphic multiplication includes the process of transforming ciphertexts under different keys. In order to implement homomorphic multiplication efficiently, the advanced scheme uses an improved method to transform ciphertexts. Meanwhile, almost all computations are completely outsourced to cloud servers. We prove that the proposed protocols and schemes are secure and feasible. Simulation results also show that our improved method is helpful for improving the homomorphic multiplication of Chen’s multi-key FHE scheme.
Abstract
Reversible data hiding in ciphertext has potential applications for privacy protection and transmitting extra data in a cloud environment. For instance, an original plain-text image can be recovered from the encrypted image generated after data embedding, while the embedded data can be extracted before or after decryption. However, homomorphic processing can hardly be applied to an encrypted image with hidden data to generate the desired image. This is partly due to that the image content may be changed by pre-processing or/and data embedding. Even if the corresponding plain-text pixel values are kept unchanged by lossless data hiding, the hidden data will be destroyed by outer processing. To address this issue, a lossless data hiding method called random element substitution (RES) is proposed for the Paillier cryptosystem by substituting the to-be-hidden bits for the random element of a cipher value. Moreover, the RES method is combined with another pre-processing-free algorithm to generate two schemes for lossless data hiding in encrypted images. With either scheme, a processed image will be obtained after the encrypted image undergoes processing in the homomorphic encrypted domain. Besides retrieving a part of the hidden data without image decryption, the data hidden with the RES method can be extracted after decryption, even after some processing has been conducted on encrypted images. The experimental results show the efficacy and superior performance of the proposed schemes.
Abstract
In modern digital age, enterprise applications typically outsource user data in pubic cloud storage with the objective of availing flexibility and scalability features of cloud infrastructure, and importantly, making business goal more cost effective. Security and privacy concerns pose a challenging task to handle in cloud setup by both service providers and service consumers. In this landscape, before outsourcing the sensitive data on cloud storage, the data should be protected from unauthorized access and the privacy of the users should be preserved as per application requirement. In this article, we present a scheme, termed as KeySea, keyword-based search over attribute-based encrypted data with receiver anonymity. While searching documents pertaining to the target keyword(s), keeping receiver’s anonymity and ensuring data privacy are important features in applications like healthcare, bureaucracy, social engineering, and so on. The construction of the KeySea scheme uses the hidden access policy in attribute-based searchable encryption. The KeySea scheme provides a secure and practical solution to address the issue of privacy-preserving search over encrypted data in the public cloud storage. We show the security strengths of the KeySea scheme and its practicality with experimental results.
Abstract
The field of cryptography has endeavored to solve numerous security problems. However, a common premise of many of those problems is that the encryptor always generates the ciphertext correctly. Around 10 years ago, this premise was not a problem. However, due to the rapid development and the use of the cloud, which has introduced various access policies and functionalities to provide higher security, it is not correct to assume that this premise is always applied. A “Fake Policy Attack”, which we introduce in this article, is an attack that incorrectly sets the access policy of the ciphertext against the system rules so that users who do not meet the rules can decrypt the ciphertext. In other words, it is an attack that ignores the rules of the system and eventually breaks the security and leaks information. This attack can be more critical for the application environments that require strong security not to leak any related information about ciphertext. In this article, we demonstrate the possible threat of the Fake Policy Attack by providing two relevant examples. Then, we propose a scheme called Policy Authenticable ABE (PA-ABE) to resolve this issue. We provide a formal security analysis of the proposed scheme and performance evaluation results based on our implementation.
Abstract
Mobile cloud storage (MCS) provides clients with convenient cloud storage service. In this article, we propose an efficient, secure and privacy-preserving mobile cloud storage scheme, which protects the data confidentiality and privacy simultaneously, especially the access pattern. Specifically, we propose an oblivious selection and update (OSU) protocol as the underlying primitive of the proposed mobile cloud storage scheme. OSU is based on onion additively homomorphic encryption with constant encryption layers and enables the client to obliviously retrieve an encrypted data item from the cloud and update it with a fresh value by generating a small encrypted vector, which significantly reduces the client’s computation as well as the communication overheads. Compared with previous works, our presented work has valuable properties, such as fine-grained data structure (small item size), lightweight client-side computation (a few of additively homomorphic operations) and constant communication overhead, which make it more suitable for MCS scenario. Moreover, by employing the “verification chunks” method, our scheme can be verifiable to resist malicious cloud. The comparison and evaluation indicate that our scheme is more efficient than existing oblivious storage solutions with the aspects of client and cloud workloads, respectively.
Abstract
Cloud storage and edge computing provide the possibility to address the tremendous storage and computing pressure caused by the explosive growth of traffic at the edge of the networks. In this scene, as data is outsourced to the cloud or edge servers, data privacy can be leaked. For enhancing security and privacy, Attribute-Based Searchable Encryption (ABSE), as an effective technical approach, achieves controllable search of ciphertext. Aiming at addressing the issues of the low search efficiency in single-keyword ABSE scheme and the large computing overhead of the existing multi-keyword ABSE schemes, we propose a novel multi-keyword attribute-based searchable encryption scheme (EMK-ABSE) through cloud-edge coordination. The huge amounts of encrypted data is stored to cloud server, while the corresponding encrypted index is uploaded to the nearest edge node to perform multi-keyword search and assisted decryption. To further release the computational burden of clients, a hybrid online/offline mechanism is adopted in encryption. Security analysis indicates that the multi-keyword index in EMK-ABSE has secure indistinguishability under chosen keyword attack (IND-CKA). The comprehensive evaluation proves that EMK-ABSE achieves not only encrypted multi-keyword retrieval but also fine-grained access control, with lower computation complexity in the three stages of encryption, trapdoor generation, and decryption. We show that the proposed scheme has higher efficiency and practicability than the selected relative works.
Abstract
In the era of big data, data are often outsourced at cloud for storage and computation. As data has become a highly valuable resource, data holder needs retain full privacy and control over it. Privacy-preserving machine learning (PPML) aims at extracting data value while preserving its privacy. Homomorphic encryption (HE), as a privacy-preserving technique, is increasingly used in PPML schemes. However, since bootstrapping is required in Fully Homomorphic Encryption (FHE) after a certain number of homomorphic operations to ensure the correctness of decryption, FHE-based PPML may perform a large number of bootstrappings, which greatly reduces the efficiency. Besides, FHE only supports homomorphic addition and multiplication operations. Most of the existing solutions use Taylor theorem to convert nonlinear function into linear polynomial function with sacrifice of model accuracy. To solve the two problems above, we propose to simulate bootstrapping operation in training phase by a pair of decryption and re-encryption operations, which is further transferred to trusted hardware to avoid information leakage after decryption. With this idea, the performance can be enhanced greatly. In addition, all the calculations of activation function (nonlinear) can be executed in plaintext form directly. In this paper, we propose and implement an efficient and privacy-preserving logistic regression scheme based on Leveled FHE, and deploy the bootstrapping simulation and activation function on Raspberry Pi (a simulated trusted hardware). The scheme achieves practical usability demonstrated on standard UCI datasets.
Abstract
Cloud-based data storage service has drawn increasing interests from both academic and industry in the recent years due to its efficient and low cost management. Since it provides services in an open network, it is urgent for service providers to make use of secure data storage and sharing mechanism to ensure data confidentiality and service user privacy. To protect sensitive data from being compromised, the most widely used method is encryption. However, simply encrypting data (e.g., via AES) cannot fully address the practical need of data management. Besides, an effective access control over download request also needs to be considered so that Economic Denial of Sustainability (EDoS) attacks cannot be launched to hinder users from enjoying service. In this article, we consider the dual access control , in the context of cloud-based storage, in the sense that we design a control mechanism over both data access and download request without loss of security and efficiency. Two dual access control systems are designed in this article, where each of them is for a distinct designed setting. The security and experimental analysis for the systems are also presented.
Abstract
In recent years, numerous incidents of information leakage have not only violated the privacy of users but also been a key issue hindering the development of cloud computing. How to guarantee the confidentiality of shared data while protecting the privacy of users has become a hot topic of research. In this article, we propose a decentralized attribute-based access control mechanism. Compared with the existing well-known schemes, the proposed scheme enhances private security and the confidentiality of shared data. An anonymous key extraction protocol is introduced to help users prove their identities with zero knowledge and help the authorities to generate legitimate private keys without knowing the users global identifiers and specific attributes. We also eliminate linear relationships among the keys appearing in the previous reported works, which makes unauthorized users unable to combine their private keys to generate a legal secret key or combine their respective decryption results to recover the plaintext message. Performance and security analyses show that the new work is secure against collusion attacks, thus protecting users’ privacy and security. Besides, the security of the proposed scheme is reduced to the q-PBDHE assumption in the standard model.
Abstract
At present, the ciphertext-policy attribute based encryption (CP-ABE) has been widely used in different fields of data sharing such as cross-border paperless trade, digital government and etc. However, there still exist some challenges including single point of failure, key abuse and key unaccountable issues in CP-ABE. To address these problems. We propose an accountable CP-ABE mechanism based on block chain system. First, we establish two authorization agencies MskCA and AttrVN(Attribute verify Network),where the MskCA can realize master key escrow, and the AttrVN manages and validates users’ attributes. In this way, our system can avoid the single point of failure and improve the privacy of user attributes and security of keys. Moreover, in order to realize auditability of CP-ABE key parameter transfer, we introduce the did and record parameter transfer process on the block chain. Finally, we theoretically prove the security of our CP-ABE. Through comprehensive comparison, the superiority of CP-ABE is verified. At the same time, our proposed schemes have some properties such as fast decryption and so on.
Abstract
Attribute-based keyword search (ABKS) has been proposed to realize fine-grained access control and provide search service in cloud computing. However, most ABKS schemes focus on single or conjunctive keyword search, while the recent Boolean keyword search schemes only support monotonic query formula mainly involving AND, OR and threshold operators. How to support more expressive Boolean query formulas and return the corresponding accurate search results to users have become challenges for practical ABKS over ciphertexts. In this paper, we introduce an attribute-based expressive and ranked keyword search scheme over encrypted documents named ABERKS, which allows authorized users to submit expressive Boolean query formulas involving AND, OR, NOT and threshold operators. ABERKS utilizes a non-monotonic access tree structure to construct the query formula, and further leverages extended Boolean model to rank the search results. Specifically, the users are able to define the weights in the query formula, and get the relevance score of each matched ciphertext if the attributes and keywords are both satisfied. We prove the security of ABERKS against chosen keyword attack under selective ciphertext policy model and against keyword guessing attack, and also conduct extensive experiments to show the efficiency and practicality of ABERKS.
Abstract
Most of the organizations using the cloud-based data sharing platforms are multi-group in nature. The existing directly revocable attribute-based encryption (ABE) schemes though seem to be a good fit, but they fail to provide any effective solution for secure multi-group data sharing scenarios. To bridge this gap, we first propose Revocable ABE with Verifiable Outsourced decryption (ReVO-ABE)- a directly revocable collusion-resistant ABE scheme that allows any number of user revocation and joining without affecting the secret membership keys of the nonrevoked users. Based on ReVO-ABE, we build a Dynamic Multi-Group Secure Data Sharing scheme called DMG-SDS. For operations that are exclusive to multi-groups like group merge and split can be performed without affecting the attribute secret keys or membership keys of the nonrevoked users, which is not possible with any of the existing schemes. Our proposed scheme meets the necessary security requirements, and the performance assessment shows that it has much better performance benefits when compared with most the recent competitive schemes.
Abstract
The data sharing is a helpful and financial assistance provided by CC. Information substance security also rises out of it since the information is moved to some cloud workers. To ensure the sensitive and important data; different procedures are utilized to improve access manage on collective information. Here strategies, Cipher text-policy attribute based encryption (CP-ABE) might create it very helpful and safe. The conventional CP-ABE concentrates on information privacy only; whereas client’s personal security protection is a significant problem as of now. CP-ABE by hidden access (HA) strategy makes sure information privacy and ensures that client’s protection isn’t exposed also. Nevertheless, the vast majority of the current plans are ineffective in correspondence overhead and calculation cost. In addition, the vast majority of this mechanism takes no thought regarding ability authentication or issue of security spill escape in ability verification stage. To handle the issues referenced over, a security protects CP-ABE method by proficient influence authentication is presented in this manuscript. Furthermore, its privacy keys accomplish consistent size. In the meantime, the suggested plan accomplishes the specific safety in decisional n-BDHE issue and decisional direct presumption. The computational outcomes affirm the benefits of introduced method.
Abstract
As the public cloud becomes one of the leading ways in data-sharing nowadays, data confidentiality and user privacy are increasingly critical. Partially policy-hidden ciphertext policy attribute-based encryption (CP-ABE) can effectively protect data confidentiality while reducing privacy leakage by hiding part of the access structure. However, it cannot satisfy the need of data sharing in the public cloud with complex users and large amounts of data, both in terms of less expressive access structures and limited granularity of policy hiding. Moreover, the verification of access right to shared data and correctness of decryption are ignored or conducted by an untrusted third party, and the prime-order groups are seldom considered in the expressive policy-hidden schemes. This article proposes a fully policy-hidden CP-ABE scheme constructed on linear secret sharing scheme (LSSS) access structure and prime-order groups for public cloud data sharing. To help users decrypt, hidden vector encryption (HVE) with a “convert step” is applied, which is more compatible with CP-ABE. Meanwhile, decentralized credible verification of access right to shared data and correctness of decryption based on blockchain are also provided. We prove the security of our scheme rigorously and compare the scheme with others comprehensively. The results show that our scheme performs better.
Abstract
With the rapid growth of cloud email services, email encryption is beginning to be used more and more to alleviate concerns about cloud privacy and security. However, this increase in usage invites the problem of how to search and filter encrypted emails effectively. Searchable public key encryption is a popular technology to solve encrypted email searching, but encrypted email filtering is still an open problem. We propose an encrypted cloud email searching and filtering scheme based on hidden policy ciphertext-policy attribute-based encryption with keyword search as a new solution. It enables the recipient to search the encrypted cloud email keywords and allows the email filtering server to filter the encrypted email content when receiving the email, as the traditional email keyword filtering service. Our hidden policy scheme is constructed by composite order bilinear groups and proven secure by dual system encryption methodology. Our scheme can be applied to other scenarios such as file searching and filtering and has certain practical value.
Abstract
Attribute Based Encryption that solely decrypts the cipher text’s secret key attribute. Patient information is maintained on trusted third party servers in medical applications. Before sending health records to other third party servers, it is essential to protect them. Even if data are encrypted, there is always a danger of privacy violation. Scalability problems, access flexibility, and account revocation are the main security challenges. In this study, individual patient health records are encrypted utilizing a multi-authority ABE method that permits a multiple number of authorities to govern the attributes. A strong key generation approach in the classic Attribute Based Encryption is proposed in this work, which assures the robust protection of health records while also demonstrating its effectiveness. Simulation is done by using CloudSim Simulator and Statistical reports were generated using Cloud Reports. Efficiency, computation time and security of our proposed scheme are evaluated. The simulation results reveal that the proposed key generation technique is more secure and scalable.
Abstract
In the last few decades, ciphertext-policy attribute-based encryption (CP-ABE) technology has attracted great interest, since it can provide fine-grained, flexible, and access control for sensitive data to implement a high secure and efficient data-sharing mechanism. In this article, based on the linear secret sharing scheme (LSSS), an efficient scheme is proposed to realize a collaborative decryption function. For any user group, when the user’s attribute set cannot access the ciphertext alone, the private key of other users in the same group can be used for collaborative decryption with the permission of the data owner. Our scheme uses the LSSS matrix that can significantly reduce the computation and storage overhead when comparing with the existing schemes. Then, a multiauthorization model is created based on the Bohen–Lynn–Shacham technology in order to solve the key-management issue. Finally, we implemented the specific functions of the framework through JAVA, and built a private chain to verify the feasibility of data transfer between users.
Abstract
Considered as a promising fine-grained access control mechanism for data sharing without a centralized trusted third-party, the access policy in a plaintext form may reveal sensitive information in the traditional CP-ABE method. To address this issue, a hidden policy needs to be applied to the CP-ABE scheme, as the identity of a user cannot be accurately confirmed when the decryption key is leaked, so the malicious user is traced and revoked as demanded. In this article, a CP-ABE scheme that realizes revocation, white-box traceability, and the application of hidden policy is proposed, and such ciphertext is composed of two parts. One is related to the access policy encrypted by the attribute value, and only the attribute name is evident in the access policy. Another is related to the revocation information and updated when revoking, where the revocation information is generated by the binary tree related to users. The leaf node value of a binary tree in the decryption key is used to trace the malicious user. From experimental results, it is shown that the proposed scheme is proven to be IND-CPA secure under the chosen plaintext attacks and selective access policy based on the decisional q-BDHE assumption in the standard model, efficient, and promising.
Abstract
The vehicular social network (VSN) is an emerging mobile communication system combining a vehicle ad hoc network (VANET) with a social network. It provides a new means of sharing, disseminating, and delivering data for passengers, drivers, and vehicles. However, a VSN may expose users’ private information, such as identities, location information, and trajectories, and tampering with shared data may lead to security and safety problems in vehicle systems. Considering the security and privacy-preservation of shared data, we propose a lightweight decentralized multi-authority access control scheme based on ciphertext-policy attribute-based encryption (CP-ABE) and blockchain, by which a decentralized multi-authorization node supports vehicle users by performing lightweight calculations with the assistance of the vehicle cloud service provider (VCSP). We use blockchain to record storage and access transactions, achieving self-verification by users and tamper-resistance of ciphertexts. An improved smart contract reduces the workload of verification by users and achieves privacy preservation by hiding the policy. It supports user revocation and outsourced decryption, enabling more flexibility and better performance. A security and performance analysis shows that our scheme has clear advantages over existing schemes.
Abstract
The evolution of the Internet of Things has seen data sharing as one of its most useful applications in cloud computing. As eye-catching as this technology has been, data security remains one of the obstacles it faces since the wrongful use of data leads to several damages. In this article, we propose a proxy re-encryption approach to secure data sharing in cloud environments. Data owners can outsource their encrypted data to the cloud using identity-based encryption, while proxy re-encryption construction will grant legitimate users access to the data. With the Internet of Things devices being resource-constrained, an edge device acts as a proxy server to handle intensive computations. Also, we make use of the features of information-centric networking to deliver cached content in the proxy effectively, thus improving the quality of service and making good use of the network bandwidth. Further, our system model is based on blockchain, a disruptive technology that enables decentralization in data sharing. It mitigates the bottlenecks in centralized systems and achieves fine-grained access control to data. The security analysis and evaluation of our scheme show the promise of our approach in ensuring data confidentiality, integrity, and security.
Abstract
With the popularization and growing utilization of electronic health records (EHRs) coupled with the advancements in cloud computing, healthcare providers are interested in storing EHRs in third-party, semi-trusted cloud platforms. Given the collaborative nature of modern e-health environments, integrating access delegation is of paramount importance to strengthen the flexibility of the sharing of health information. However, access delegation has to be enforced in a controlled manner so that it will not jeopardize the security of the system. For such applications, attribute based encryption (ABE) mechanisms are quite useful given the fact that ABE facilitates an efficient way of enforcing secure, fine-grained access control over encrypted data. However, incorporating delegatability with ABE mechanisms is tricky, and the existing schemes lack the control over the process of delegation of encrypted data. As a solution, we propose a novel ABE based access control scheme which can enforce multi-level, controlled access delegation and demonstrated how it could be deployed in an e-health environment to securely share outsourced EHRs of patients. Furthermore, we have shown that the proposed scheme is secure against chosen plaintext attacks as well as attacks mounted via attribute collusion.
Abstract
Attribute-based encryption (ABE) is a preferred technology used to access control the data stored in the cloud servers. However, in many cases, the authorized decryption user may be unable to decrypt the ciphertext in time for some reason. To be on the safe side, several alternate users are delegated to cooperate to decrypt the ciphertext, instead of one user doing that. We provide a ciphertext-policy ABE scheme with shared decryption in this article. An authorized user can recover the messages independently. At the same time, these alternate users (semi-authorized users) can work together to get the messages. We also improve the basic scheme to ensure that the semi-authorized users perform the decryption tasks honestly. An integrated access tree is used to improve the efficiency for our scheme. The new scheme is proved CPA-secure in the standard model. The experimental result shows that our scheme is very efficient on both computational overhead and storage cost.
Abstract
Protecting data-in-use from privileged attackers is challenging. New CPU extensions (notably: Intel SGX) and cryptographic techniques (specifically: Homomorphic Encryption) can guarantee privacy even in untrusted third-party systems. HE allows sensitive processing on ciphered data. However, it is affected by i) a dramatic ciphertext expansion making HE unusable when bandwidth is narrow, ii) unverifiable conditional variables requiring off-premises support. Intel SGX allows sensitive processing in a secure enclave. Unfortunately, it is i) strictly bonded to the hosting server making SGX unusable when the live migration of cloud VMs/Containers is desirable, ii) limited in terms of usable memory, which is in contrast with resource-consuming data processing. In this article, we propose the VIrtual Secure Enclave (VISE), an approach that effectively combines the two aforementioned techniques, to overcome their limitations and ultimately make them usable in a typical cloud setup. VISE moves the execution of sensitive HE primitives (e.g., encryption) to the cloud in a remotely attested SGX enclave, and then performs sensitive processing on HE data-outside the enclave-leveraging all the memory resources available. We demonstrate that VISE meets the challenging security and performance requirements of a substantial application in the Industrial Control Systems domain. Our experiments prove the practicability of the proposed solution.
Abstract
More and more organizations move their data and workload to commercial cloud storage systems. However, the multiplexing and sharing of the resources in a cloud storage system present unpredictable data access latency to tenants, which may make online data-intensive applications unable to satisfy their deadline requirements. Thus, it is important for cloud storage systems to provide deadline guaranteed services. In this paper, to meet a current form of service level objective (SLO) that constrains the percentage of each tenant’s data access requests failing to meet its required deadline below a given threshold, we build a mathematical model to derive the upper bound of acceptable request arrival rate on each server. We then propose a Deadline Guaranteed storage service (called DGCloud) that incorporates three basic algorithms. Its deadline-aware load balancing scheme redirects requests and creates replicas to release the excess load of each server beyond the derived upper bound. Its workload consolidation algorithm tries to maximally reduce servers while still satisfying the SLO to maximize the resource utilization. Its data placement optimization algorithm re-schedules the data placement to minimize the transmission cost of data replication. We further propose three enhancement methods to further improve the performance of DGCloud. A dynamic load balancing method allows an overloaded server to quickly offload its excess workload. A data request queue improvement method sets different priorities to the data responses in a server’s queue so that more requests can satisfy the SLO requirement. A wakeup server selection method selects a sleeping server that stores more popular data to wake up, which allows it to handle more data requests.
Abstract
Verifiable Searchable Symmetric Encryption, as an important cloud security technique, allows users to retrieve the encrypted data from the cloud through keywords and verify the validity of the returned results. Dynamic update for cloud data is one of the most common and fundamental requirements for data owners in such schemes. To the best of our knowledge, the existing verifiable SSE schemes supporting data dynamic update are all based on asymmetric-key cryptography verification, which involves time-consuming operations. The overhead of verification may become a significant burden due to the sheer amount of cloud data. Therefore, how to achieve keyword search over dynamic encrypted cloud data with efficient verification is a critical unsolved problem. To address this problem, we explore achieving keyword search over dynamic encrypted cloud data with symmetric-key based verification and propose a practical scheme in this paper. In order to support the efficient verification of dynamic data, we design a novel Accumulative Authentication Tag (AAT) based on the symmetric-key cryptography to generate an authentication tag for each keyword. Benefiting from the accumulation property of our designed AAT, the authentication tag can be conveniently updated when dynamic operations on cloud data occur. In order to achieve efficient data update, we design a new secure index composed by a search table ST based on the orthogonal list and a verification list VL containing AATs. Owing to the connectivity and the flexibility of ST, the update efficiency can be significantly improved. The security analysis and the performance evaluation results show that the proposed scheme is secure and efficient.
Abstract
The features of decentralization and tamper-proof enable blockchain to be an emerging technology for integrity protection of important data stored on it. Blockchains are also used to combine with cloud storage for access control and sharing of private data. To protect the confidentiality of the private data, attribute-based encryption (ABE) schemes that can provide one-to-many encryption are commonly used as the solutions. However, there are problems, such as inefficiency, key abuse, and inflexibility of access control policy, when adopting ABE solutions. This paper proposes an efficient traceable attribute-based encryption with dynamic access control (TABE-DAC) scheme based on blockchain for fine-grained sharing of encrypted private data on cloud. The proposed TABE-DAC scheme supports traceability for the accountability of malicious users who leak the private key. The proposed solution also realizes dynamic access control where data owners have the flexibility to update access control policy. We also prove the security of the proposed TABE-DAC scheme. Finally, through theoretical comparison and experimental analysis, we verify the efficiency of the proposed solution.
Abstract
The widespread acceptance of cloud based services in the healthcare sector has resulted in cost effective and convenient exchange of Personal Health Records (PHRs) among several participating entities of the e-Health systems. Nevertheless, storing the confidential health information to cloud servers is susceptible to revelation or theft and calls for the development of methodologies that ensure the privacy of the PHRs. Therefore, we propose a methodology called SeSPHR for secure sharing of the PHRs in the cloud. The SeSPHR scheme ensures patient-centric control on the PHRs and preserves the confidentiality of the PHRs. The patients store the encrypted PHRs on the un-trusted cloud servers and selectively grant access to different types of users on different portions of the PHRs. A semi-trusted proxy called Setup and Re-encryption Server (SRS) is introduced to set up the public/private key pairs and to produce the re-encryption keys. Moreover, the methodology is secure against insider threats and also enforces a forward and backward access control. Furthermore, we formally analyze and verify the working of SeSPHR methodology through the High Level Petri Nets (HLPN). Performance evaluation regarding time consumption indicates that the SeSPHR methodology has potential to be employed for securely shar-ing the PHRs in the cloud.
Abstract
Cloud computing provides an appearing application for compelling vision in managing big-data files and responding queries over a distributed cloud platform. To overcome privacy revealing risks, sensitive documents and private data are usually stored in the clouds in a cipher-based manner. However, it is inefficient to search the data in traditional encryption systems. Searchable encryption is a useful cryptographic primitive to enable users to retrieve data in ciphertexts. However, the traditional searchable encryptions provide lower search efficiency and cannot carry out fuzzy multikey word queries. To solve this issue, in this article, we propose a searchable encryption that supports privacy-preserving fuzzy multikey word search (SE-PPFM) in cloud systems, which is built by asymmetric scalar-product-preserving encryptions and Hadamard product operations. In order to realize the functionality of efficient fuzzy searches, we employ Word2vec as the primitive of machine learning to obtain a fuzzy correlation score between encrypted data and queries predicates. We analyze and evaluate the performance in terms of token of multikey word, retrieval and match time, file retrieval time and matching accuracy, etc. The experimental results show that our scheme can achieve a higher efficiency in fuzzy multikey word ciphertext search and provide a higher accuracy in retrieving and matching procedure.
Abstract
Cloud computing is an emergent paradigm to provide reliable and resilient infrastructure enabling the users (data owners) to store their data and the data consumers (users) can access the data from cloud servers. This paradigm reduces storage and maintenance cost of the data owner. At the same time, the data owner loses the physical control and possession of data which leads to many security risks. Therefore, auditing service to check data integrity in the cloud is essential. This issue has become a challenge as the possession of data needs to be verified while maintaining the privacy. To address these issues this work proposes a secure and efficient privacy preserving provable data possession (SEPDP). Further, we extend SEPDP to support multiple owners, data dynamics and batch verification. The most attractive feature of this scheme is that the auditor can verify the possession of data with low computational overhead.
Abstract
Keyword search over encrypted data is essential for accessing outsourced sensitive data in cloud computing. In some circumstances, the keywords that the user searches on are only semantically related to the data rather than via an exact or fuzzy match. Hence, semantic-based keyword search over encrypted cloud data becomes of paramount importance. However, existing schemes usually depend upon a global dictionary, which not only affects the accuracy of search results but also causes inefficiency in data updating. Additionally, although compound keyword search is common in practice, the existing approaches only process them as single words, which split the original semantics and achieve low accuracy. To address these limitations, we initially propose a compound concept semantic similarity (CCSS) calculation method to measure the semantic similarity between compound concepts. Next, by integrating CCSS with Locality-Sensitive Hashing function and the secure kk<; inline-graphic xlink:href=”wang-ieq1-2847318.gif”/>-Nearest Neighbor scheme, a semantic-based compound keyword search (SCKS) scheme is proposed. SCKS achieves not only semantic-based search but also multi-keyword search and ranked keyword search. Additionally, SCKS also eliminates the predefined global library and can efficiently support data update. The experimental results on real-world dataset indicate that SCKS introduces low overhead on computation and the search accuracy outperforms the existing schemes.
Abstract
The increasing popularity of remote Cloud File Sharing (CFS) has become a major concern for privacy breach of sensitive data. Aiming at this concern, we present a new resource sharing framework by integrating enterprise-side Attribute-Based Access Control/eXtensible Access Control Markup Language (ABAC/XACML) model, client-side Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme, and cloud-side CFS service. The framework workflow is provided to support the encrypted-file writing and reading algorithms in accordance with ABAC/XACML-based access policy and attribute credentials. However, an actual problem of realizing this framework is that policy matrix, derived from access policy, seriously affects the performance of existing CP-ABE from Lattice (CP-ABE-L) schemes. To end it, we present an optimal generation algorithm of Small Policy Matrix (SPM), which only consists of small elements, and generates an all-one reconstruction vector. Based on SPM, the improved CP-ABE-L scheme is proposed to reduce the cumulative errors to the minimum. Furthermore, we give the optimal estimation of system parameters to implement a valid Error Proportion Allocation (EPA). Our experiments indicate that our scheme has short size of parameters and enjoys efficient computation and storage overloads. Thus, our new framework with optimization methods is conducive to enhancing the security and efficiency of remote work on CFS.
Abstract
With the ever-increasing amount of data resided in a cloud, how to provide users with secure and practical query services has become the key to improve the quality of cloud services. Fuzzy searchable encryption (FSE) is identified as one of the most promising approaches for enabling secure query services, since it allows searching encrypted data by using keywords with spelling errors. However, existing FSE schemes are far from the practical use for the following reasons: (1) Inflexibility. It is hard for them to simultaneously support AND and OR semantics in a multi-keyword query. (2) Inefficiency. They require sequentially scanning a whole dataset to find matched files, and thus are difficult to apply to a large-scale dataset. (3) Limited robustness. It is difficult for them to resist the linear analysis attack in the known-background model. To fix the above problems, this article proposes matrix-based multi-keyword fuzzy search (M2FS) schemes, which support approximate keyword matching by exploiting the indecomposable property of primes. Specifically, we first present a basic scheme, called M2FS-B, where multiple keywords in a query or a file are constructed as prime-related matrices such that the result of matrix multiplication can be employed to determine the level of matching for different query semantics. Then, we construct an advanced scheme, named M2FS-E, which builds a searchable index as a keyword balanced binary (KBB) tree for dynamic and parallel searches, while adding random noises into a query matrix for enhanced robustness. Extensive analyses and experiments demonstrate the validity of our M2FS schemes.
Abstract
The emergence of cloud infrastructure has significantly reduced the costs of hardware and software resources in computing infrastructure. To ensure security, the data is usually encrypted before it’s outsourced to the cloud. Unlike searching and sharing the plain data, it is challenging to search and share the data after encryption. Nevertheless, it is a critical task for the cloud service provider as the users expect the cloud to conduct a quick search and return the result without losing data confidentiality. To overcome these problems, we propose a ciphertext-policy attribute-based mechanism with keyword search and data sharing (CPAB-KSDS) for encrypted cloud data. The proposed solution not only supports attribute-based keyword search but also enables attribute-based data sharing at the same time, which is in contrast to the existing solutions that only support either one of two features. Additionally, the keyword in our scheme can be updated during the sharing phase without interacting with the PKG. In this article, we describe the notion of CPAB-KSDS as well as its security model. Besides, we propose a concrete scheme and prove that it is against chosen ciphertext attack and chosen keyword attack secure in the random oracle model. Finally, the proposed construction is demonstrated practical and efficient in the performance and property comparison.
Abstract
E-Healthcare systems are increasingly popular due to the introduction of wearable healthcare devices and sensors. Personal health records (PHRs) are collected by these devices and stored in a remote cloud. Due to privacy concern, these records should not be accessible by any unauthorized party, and the cloud providers should not be able to learn any information from the stored records. To address the above issues, one promising solution is to employ attribute based encryption (ABE) for fine-grained access control and searchable encryption for keyword search on encrypted data. However, most of existing ABE schemes leak the privacy of access policy which may also contain sensitive information. On the other hand, for users’ devices with limited computing power and bandwidth, the mechanism should enable them to be able to search the PHRs efficiently. Unfortunately, most existing works on ABE do not support efficient keyword search on encrypted data. In this work, we propose an efficient hidden policy ABE scheme with keyword search. Our scheme enables efficient keyword search with constant computational overhead and constant storage overhead. Moreover, we enhance the recipient’s privacy which hides the access policy. As of independent interest, we present a trapdoor malleability attack and demonstrate that some of previous schemes may suffer from such attack.
Abstract
With the development of outsourcing services, users with limited resources tend to store encrypted images on remote servers and search them anytime and anywhere. However, existing encrypted image search schemes are proposed for cloud computing scenarios, and have some defects, such as excessive bandwidth resource consumption or network delay, which are not suitable for Internet of Things (IoT) devices in edge computing environment. Therefore, we propose a secure and verifiable multikey image search (SVMIS) scheme in cloud-assisted edge computing. First, the pretrained convolutional neural network model is employed to extract image feature vectors to improve search accuracy. Then, a key distribution protocol is designed to convert the encrypted indexes of different owners, and a transformation key list is constructed to support the multikey setting in edge computing. Next, the learning with errors based secure k-nearest neighbor algorithm is used to encrypt feature vectors to improve security. Finally, the Merkle hash tree is utilized to check the correctness of search results returned by edge servers. Theoretical analysis and extensive experiments using a real-world dataset evaluate the security and effectiveness of SVMIS.
Abstract
Mobile cloud computing (MCC) as an emerging computing paradigm enables mobile devices to offload their computation tasks to nearby resource-rich cloudlets so as to augment computation capability and reduce energy consumption of mobile devices. However, due to the mobility of mobile devices and the admission of cloudlets, the connection between mobile devices and cloudlets may be unstable, which will affect offloading decision, even cause offloading failure. To address such an issue, in this paper, we propose a robust computation offloading strategy with failure recovery (RoFFR) in an intermittently connected cloudlet system aiming to reduce energy consumption and shorten application completion time. We first provide an optimal cloudlet selection policy when multiple cloudlets are available near mobile devices. Furthermore, we formulate the RoFFR problem as two optimization problems, i.e., local execution cost minimization problem and offloading execution cost minimization problem while satisfying the task-dependency requirement and application completion deadline constraint. By solving both optimization problems, we present a distributed RoFFR algorithm for CPU clock frequency configuration in local execution and transmission power allocation and data rate control in cloudlet execution. Experimental results in a real testbed show that our distributed RoFFR algorithm outperforms several baseline policies and existing offloading schemes in terms of application completion cost and offloading data rate.
Abstract
Cloud computing has become prevalent due to its nature of massive storage and vast computing capabilities. Ensuring a secure data sharing is critical to cloud applications. Recently, a number of identity-based broadcast proxy re-encryption (IB-BPRE) schemes have been proposed to resolve the problem. However, the IB-BPRE requires a cloud user (Alice) who wants to share data with a bunch of other users (e.g., colleagues) to participate the group shared key renewal process because Alice’s private key is a prerequisite for shared key generation. This, however, does not leverage the benefit of cloud computing and causes the inconvenience for cloud users. Therefore, a novel security notion named revocable identity-based broadcast proxy re-encryption (RIB-BPRE) is presented to address the issue of key revocation in this work. In a RIB-BPRE scheme, a proxy can revoke a set of delegates, designated by the delegator, from the re-encryption key. The performance evaluation reveals that the proposed scheme is efficient and practical.
Abstract
Secure and efficient file storage and sharing via authenticated physical devices remain challenging to achieve in a cyber-physical cloud environment, particularly due to the diversity of devices used to access the services and data. Thus in this paper, we present a lightweight identity-based authenticated data sharing protocol to provide secure data sharing among geographically dispersed physical devices and clients. The proposed protocol is demonstrated to resist chosen-ciphertext attack (CCA) under the hardness assumption of decisional-Strong Diffie-Hellman (SDH) problem. We also evaluate the performance of the proposed protocol with existing data sharing protocols in terms of computational overhead, communication overhead, and response time.
Abstract
With the popularization of location-based services (LBS), encryption techniques have been utilized to protect data security when outsourcing LBS to cloud. However, existing schemes only consider spatial range search or keyword search, while expressive and practical search over encrypted LBS data is still a challenging problem. In this paper, we introduce PrivSTL, a privacy-preserving spatio-temporal keyword search framework over the encrypted LBS data based on attribute-based encryption and linear encryption. It allows mobile users to submit LBS query with spatial range, time interval and Boolean keyword expression, and provides accurate and authorized search by matching these query conditions and also the access policy. Then we introduce an extended scheme PrivSTG, which utilizes Geohash to divide the locations into grids, and outsources an encrypted index tree to cloud servers. PrivSTG improves the service efficiency by searching only over the ciphertexts in the surrounding grids of mobile user. Finally, we analyze the security of PrivSTL against chosen-plaintext, chosen-keyword and outside keyword-guessing attacks in generic bilinear group model, and show that PrivSTL guarantees the spatio-temporal keyword profile privacy, and also protects the query privacy of mobile user. The experimental results indicate that our scheme is practical and efficient for outsourced LBS.
Abstract
Privacy-preserving similarity search plays an essential role in data analytics, especially when very large encrypted datasets are stored in the cloud. Existing mechanisms on privacy-preserving similarity search were not able to support secure updates (addition and deletion) efficiently when frequent updates are needed. In this article, we propose a new mechanism to support parallel privacypreserving similarity search in a distributed key-value store in the cloud, with a focus on efficient addition and deletion operations, both executed with sublinear time complexity. If search accuracy is the top priority, we further leverage Yao’s garbled circuits and the homomorphic property of Hash-ElGamal encryption to build a secure evaluation protocol, which can obtain the top-R most accurate results without extensive client-side post-processing. We have formally analyzed the security strength of our proposed approach, and performed an extensive array of experiments to show its superior performance as compared to existing mechanisms in the literature. In particular, we evaluate the performance of our proposed protocol with respect to the time it takes to build the index and perform similarity queries. Extensive experimental results demonstrated that our protocol can speedup the index building process by up to 800x with 2 threads and the similarity queries by up to -7x with comparable accuracy, as compared to the state-of-the-art in the literature.
Abstract
In this paper, we propose a privacy-preserving clinical decision support system using Naïve Bayesian (NB) classifier, hereafter referred to as Peneus, designed for the outsourced cloud computing environment. Peneus allows one to use patient health information to train the NB classifier privately, which can then be used to predict a patient’s (undiagnosed) disease based on his/her symptoms in a single communication round. Specifically, we design secure Single Instruction Multiple Data (SIMD) integer circuits using the fully homomorphic encryption scheme, which can greatly increase the performance compared with the original secure integer circuit. Then, we present a privacy-preserving historical Personal Health Information (PHI) aggregation protocol to allow different PHI sources to be securely aggregated without the risk of compromising the privacy of individual data owner. Also, secure NB classifier is constructed to achieve secure disease prediction in the cloud without the help of an additional non-colluding computation server. We then demonstrate that Peneus achieves the goal of patient health status monitoring without privacy leakage to unauthorized parties, as well as the utility and the efficiency of Peneus using simulations and analysis.
Abstract
Benefiting from cloud computing and mobile devices, a huge number of media contents, such as videos are shared in mobile networks. Although scalable video coding can be utilized to provide flexible adaptation, the cloud poses a serious threat to media privacy. In this paper, we propose a privacy-preserving multi-dimensional media sharing scheme named SMACD in mobile cloud computing. First, each media layer is encrypted with an access policy based on attribute-based encryption, which guarantees media confidentiality as well as fine-grained access control. Then, we present a multi-level access policy construction with secret sharing scheme. It ensures that the mobile consumers who obtain a media layer at a higher access level must satisfy the access trees of its child layers at the lower access level, which is compatible with the characteristics of multi-dimensional media and also reduces the complexity of access policies. Moreover, we introduce decentralized key servers to achieve both intra-server and inter-server deduplication by associating different access policies into the same encrypted media. Finally, we conduct experimental evaluation on mobile device and cloud platform with real-world datasets. The results indicate that SMACD protects media privacy against cloud media center and unauthorized parties, while incurring less computational and storage cost.
Abstract
Users accessing services are often required to provide personal information, for example, age, profession and location, in order to satisfy access polices. This personal information is evident in the application of e-ticketing where discounted access is granted to visitor attractions or transport services if users satisfy policies related to their age or disability or other defined over attributes. We propose a privacy-preserving electronic ticket scheme using attribute-based credentials to protect users’ privacy. The benefit of our scheme is that the attributes of a user are certified by a trusted third party so that the scheme can provide assurances to a seller that a user’s attributes are valid. The scheme makes the following contributions: (1) users can buy different tickets from ticket sellers without releasing their exact attributes; (2) two tickets of the same user cannot be linked; (3) a ticket cannot be transferred to another user; (4) a ticket cannot be double spent. The novelty of our scheme is to enable users to convince ticket sellers that their attributes satisfy the ticket policies and buy discounted tickets anonymously. This is a step towards identifying an e-ticketing scheme that captures user privacy requirements in transport services. The security of our scheme is proved and reduced to a well-known complexity assumption. The scheme is also implemented and its performance is empirically evaluated.
Abstract
Privacy has become a considerable issue when the applications of big data are dramatically growing in cloud computing. The benefits of the implementation for these emerging technologies have improved or changed service models and improve application performances in various perspectives. However, the remarkably growing volume of data sizes has also resulted in many challenges in practice. The execution time of the data encryption is one of the serious issues during the data processing and transmissions. Many current applications abandon data encryptions in order to reach an adoptive performance level companioning with privacy concerns. In this paper, we concentrate on privacy and propose a novel data encryption approach, which is called Dynamic Data Encryption Strategy (D2ES). Our proposed approach aims to selectively encrypt data and use privacy classification methods under timing constraints. This approach is designed to maximize the privacy protection scope by using a selective encryption strategy within the required execution time requirements. The performance of D2ES has been evaluated in our experiments, which provides the proof of the privacy enhancement.
Abstract
The cloud Storage Providers (CSPs) present geological documents are put away with a few memory space classes with arranging costs. A noteworthy issue encountering by the cloud customers can be the methods by which to blow this additional room classes for you to serve a license request with a period, contrasting residual job that needs to be done about its materials at any rate aggregate expense. Records intermittent notwithstanding replication approaches have a fundamental activity around appropriated methodologies over the electronic encouraging. In this paper arranged DRA Criteria to determine the technique which will complete a capacity zone strategy in which utilizes the specific Division and even Replication approach to putting away the data. In this procedure, the report will be isolated and these zones will be replicated and blend as demonstrated by the duplication factor before taking care of the idea upon the cloud. Usually, the parts are normally dissipated with the end goal that progressive clients in the electronic encouraging don’t hold the areas of any proportionate convenience in this way while a PC is yielded no huge information is emphatically spilled on the attacker. This structure will improve cloud prosperity gauges using Category and Duplication of data on Cloud proposed for Optimal Functionality and Safety gauges reasoning.
IEEE Privacy-Preserving Continuous Data Collection for Predictive Maintenance in Vehicular Fog-Cloud
Abstract
With the advances of Internet of Things (IoT) solutions in intelligent transportation systems, collected vehicle data can produce insights on emerging vehicular phenomenon, and further contribute to the further improvement of innovative and efficient vehicular systems. Particularly, by leveraging data collected from vehicle sensors and maintenance models constructed from operation and repair history, predictive maintenance aims to detect the anomalies of vehicles and provide early warnings before the occurrence of failure. However, privacy preservation still remains as one of the top concerns for vehicle owners in predictive maintenance, as the sensory data could potentially violate their location and identity privacy. To address this challenge, in this article, we propose a privacy-preserving and verifiable continuous data collection scheme with the intent of predictive maintenance in vehicular fog, which gathers and organizes the sensor data of each individual vehicle on a sliding window basis. Specifically, our proposed scheme exploits the homomorphic Paillier cryptosystem and truncated α-geometric technique to protect the content of each individual piece of sensory data. Meanwhile, our proposed scheme also aggregates and authenticates the collected sensory data reports on a time-series sliding window basis, which achieves the continuous observation of the recently collected vehicular sensory data. Detailed security analysis is carried out to demonstrate the security properties of our proposed scheme, including confidentiality, authentication and privacy preservation. In performance evaluations, we also compare our proposed scheme with a traditional scheme, and our scheme shows great improvement in terms of communication and computation overheads. Furthermore, to show the feasibility of our proposed scheme, we also compare and discuss the expected squared error introduced by the differential privacy mechanism.
Abstract
In this paper, we propose privacy-preserving user-based CF protocols using the BGV fully homomorphic encryption scheme, named BGV-CF and optimized BGV-CF (OBGV-CF), in order to protect privacy of users in recommender systems. The proposed schemes are implemented by C++, and testbeds using the MovieLens dataset demonstrate that the proposed protocols successfully achieve their design goals.
Abstract
Biometric authentication is getting increasingly popular and demands a wide range of solutions to against increasing cybercrimes and digital identity thefts. This paper proposes a new privacy-preserving cancelable biometric authentication key agreement scheme, which improves the existing authentication scheme based on ECC. We are going to integrate the fuzzy commitment and cancelable biometrics to guarantee the security for user’s biometric information. The cancelable biometrics named as the random distance method (RDM) which can generate non-invertible and privacy-preserving revocable pseudo-biometric identities. The proposed scheme realizes the mutual authentication of participants, and the privacy of biometric information and also can resist the vast majority of existing attacks. We use the widely accepted BPR adversary model to formally prove the safety features of our scheme. Further, the comparison of other existing related schemes shows that the performance of this scheme has greater advantages in terms of computation and communication costs. The experiments demonstrate that this scheme can achieves higher accuracy, while preserving biometric information privacy.
Abstract
With the development of big data and cloud computing, data analysis technologies play an important role to produce huge market values. Customers with limited computing resources may resort to the cloud to perform some association rule mining tasks. Data owners may have a risk of personal sensitive information leakage in this process. To preserve privacy in outsourced data, data owners may encrypt raw data before uploading. Data analysis of encrypted data is a challenge that has attracted the attention of many researchers in recent years. Homomorphic encryption is a cryptographic tool, which is one of the ways to solve this challenge. It allows data processing of encrypted data without decryption. Researching homomorphic encryption schemes that support privacy-preserving data mining in a multikey environment has become a significant direction. In this article, we propose a novel homomorphic cryptosystem, which supports multiple cloud users to have different public keys. Besides, we propose a privacy-preserving association rule mining scheme on outsourced data uploaded from multiple parties in a twin-cloud architecture. Our scheme uses a transaction record representation method in databases for large shopping malls based on real-world situations, and our experiments on a real transaction database show that our technology is reasonably feasible.
Abstract
Searchable encryption facilitates cloud server to search over encrypted data without decrypting the data. Single keyword based searchable encryption enables a user to access a subset of documents, which contains the keyword of the user’s interest. In this paper, we present a single keyword based searchable encryption scheme for the applications where multiple data owners upload their data and then multiple users can access the data. The scheme uses attribute based encryption that allows user to access the selective subset of data from cloud without revealing his/her access rights to the cloud server. The scheme is proven adaptively secure against chosen-keyword attack in the random oracle model. We have implemented the scheme on Google cloud instance and the performance of the scheme found practical in real-world applications.
Abstract
Data sharing is one important service provided by cloud storage. In order to share data conveniently and securely, Shen et al. proposed a cloud storage auditing scheme for data sharing, which uses the sanitizable signature to hide sensitive information. However, it may cause unauthorized access to the data, since anyone can access the data stored on the cloud server. This article proposes a privacy-preserving cloud storage auditing (PP-CSA) scheme for data sharing, where only authorized users can access the data. Furthermore, PP-CSA adopts the Diffie-Hellman protocol to avoid the secure channel between the data owner and the sanitizer. Finally, the security analysis and the experimental results prove that the security and efficiency of PP-CSA can be accepted.
Abstract
Cloud computing enables users and organizations to conveniently store and share data in large volumes and to enjoy on-demand services. Security and the protection of big data sharing from various attacks is the most challenging issue. Proxy re-encryption (PRE) is an effective method to improve the security of data sharing in the cloud environment. However, in PRE schemes, offloading big data for re-encryption will impose a heavy computational burden on the cloud proxy server, resulting in an increased computation delay and response time for the users. In this paper, we propose a novel parallel PRE workload distribution scheme to dynamically route the big data re-encryption process into the fog of the network. Moreover, this paper proposes a dynamic load balancing technique to avoid an excessive workload for the fog nodes. It also uses lightweight asymmetric cryptography to provide end-to-end security for the big data sharing between users. Within the proposed scheme, the offloading overhead on the centralized cloud server is effectively mitigated. Meanwhile, the processing delay incurred by the big data re-encryption process is efficiently improved.
Abstract
In the era of Big Data, with data growing massively in scale and velocity, cloud computing and its pay-as-you-go model continues to provide significant cost benefits and a seamless service delivery model for cloud consumers. The evolution of small-scale and large-scale geo-distributed datacenters operated and managed by individual Cloud Service Providers (CSPs) raises new challenges in terms of effective global resource sharing and management of autonomously-controlled individual datacenter resources towards a globally efficient resource allocation model. Earlier solutions for geo-distributed clouds have focused primarily on achieving global efficiency in resource sharing, that although tries to maximize the global resource allocation, results in significant inefficiencies in local resource allocation for individual datacenters and individual cloud provi ders leading to unfairness in their revenue and profit earned. In this paper, we propose a new contracts-based resource sharing model for federated geo-distributed clouds that allows CSPs to establish resource sharing contracts with individual datacenters apriori for defined time intervals during a 24 hour time period. Based on the established contracts, individual CSPs employ a contracts cost and duration aware job scheduling and provisioning algorithm that enables jobs to complete and meet their response time requirements while achieving both global resource allocation efficiency and local fairness in the profit earned. The proposed techniques are evaluated through extensive experiments using realistic workloads generated using the SHARCNET cluster trace. The experiments demonstrate the effectiveness, scalability and resource sharing fairness of the proposed model.
Abstract
Recently, Yang et al. proposed a privacy-preserving cross-domain data deduplication scheme in cloud to achieve both privacy-preserving and data availability and to resist brute-force attacks. Their scheme was claimed to resist the brute-force attack from Cloud Server Provider. Unfortunately, in this work, we analyze the security of Yang et al. scheme, analysis indicates that their scheme can be brute-force attack, therefore, their scheme is insecure. After analyzing the reasons to produce such an attack, we suggest an improved method to overcome such an attack
Abstract
Searchable Encryption (SE) is an important technique to guarantee data security and usability in the cloud at the same time. Leveraging Ciphertext-Policy Attribute-Based Encryption (CP-ABE), the Ciphertext-Policy Attribute-Based Keyword Search (CP-ABKS) scheme can achieve keyword-based retrieval and fine-grained access control simultaneously. However, the single attribute authority in existing CP-ABKS schemes is tasked with costly user certificate verification and secret key distribution. In addition, this results in a single-point performance bottleneck in distributed cloud systems. Thus, in this paper, we present a secure Multi-authority CP-ABKS (MABKS) system to address such limitations and minimize the computation and storage burden on resource-limited devices in cloud systems. In addition, the MABKS system is extended to support malicious attribute authority tracing and attribute update. Our rigorous security analysis shows that the MABKS system is selectively secure in both selective-matrix and selective-attribute models. Our experimental results using real-world datasets demonstrate the efficiency and utility of the MABKS system in practical applications.
Abstract
With the development of medical digitization, smart medical care and medical big data technologies, secure storage and sharing of medical data have become the hotspot of research in the field of medical technology. However, Fragmentation of medical data is much more serious, and many data becomes data islands that are difficult to apply to medical research. At the same time, the centralized control of medical data by third-party institutions has security bottlenecks and performance bottlenecks, which also lead to frequent data leakage incidents. To solve this problem, we propose a medical health data sharing scheme based on blockchain and attribute-based encryption. The model implements decentralized, tamper-proof, traceable data sharing based on a distributed blockchain system. And an attribute-based encryption is used to protect the privacy of patient’s medical data. The cryptographic method is used to implement fine-grained access control of the data. The model can reduce the cost of data sharing and improve the efficiency of data utilization while protecting the data security. Finally, compared with the existing medical data sharing methods, our model has certain advantages and good scalability in some aspects.
Abstract
Cloud storage has been in widespread use nowadays, which alleviates users’ burden of local data storage. Meanwhile, how to ensure the security and integrity of the outsourced data stored in a cloud storage server has also attracted enormous attention from researchers. Proofs of storage (POS) is the main technique introduced to address this problem. Publicly verifiable POS allowing a third party to verify the data integrity on behalf of the data owner significantly improves the scalability of cloud service. However, most of existing publicly verifiable POS schemes are extremely slow to compute authentication tags for all data blocks due to many expensive group exponentiation operations, even much slower than typical network uploading speed, and thus it becomes the bottleneck of the setup phase of the POS scheme. In this article, we propose a new variant formulation called “Delegatable Proofs of Storage (DPOS)”. Then, we construct a lightweight privacy-preserving DPOS scheme, which on one side is as efficient as private POS schemes, and on the other side can support third party auditor and can switch auditors at anytime, close to the functionalities of publicly verifiable POS schemes. Compared to traditional publicly verifiable POS schemes, we speed up the tag generation process by at least several hundred times, without sacrificing efficiency in any other aspect. In addition, we extend our scheme to support fully dynamic operations with high efficiency, reducing the computation of any data update to O(log n) and simultaneously only requiring constant communication costs. We prove that our scheme is sound and privacy preserving against auditor in the standard model. Experimental results verify the efficient performance of our scheme.
Abstract
Causal consistency has emerged as an attractive middle-ground to architecting cloud storage systems, as it allows for high availability and low latency, while supporting semantics stronger than eventual consistency. However, causally-consistent cloud storage systems have seen limited deployment in practice. A key factor is these systems employ full replication of all the data in all the data centers (DCs), incurring high cost. A simple extension of current causal systems to support partial replication by clustering DCs into rings incurs availability and latency problems. We propose Karma, the first system to enable causal consistency for partitioned data stores while achieving the cost advantages of partial replication without the availability and latency problems of the simple extension. Our evaluation with 64 servers emulating 8 geo-distributed DCs shows that Karma (i) incurs much lower cost than a fully-replicated causal store (obviously due to the lower replication factor); and (ii) offers higher availability and better performance than the above partial-replication extension at similar costs.
Abstract
The e-healthcare cloud system has shown its potential to improve the quality of healthcare and individuals’ quality of life. Unfortunately, security and privacy impede its widespread deployment and application. There are several research works focusing on preserving the privacy of the electronic healthcare record (EHR) data. However, these works have two main limitations. First, they only support the `black or white’ access control policy. Second, they suffer from the inference attack. In this paper, for the first time, we design an inference attack-resistant e-healthcare cloud system with fine-grained access control. We first propose a two-layer encryption scheme. To ensure an efficient and fine-grained access control over the EHR data, we design the first-layer encryption, where we devise a specialized access policy for each data attribute in the EHR, and encrypt them individually with high efficiency. To preserve the privacy of role attributes and access policies used in the first-layer encryption, we systematically construct the second-layer encryption. To take full advantage of the cloud server, we propose to let the cloud execute computationally intensive works on behalf of the data user without knowing any sensitive information. To preserve the access pattern of data attributes in the EHR, we further construct a blind data retrieving protocol. We also demonstrate that our scheme can be easily extended to support search functionality. Finally, we conduct extensive security analyses and performance evaluations, which confirm the efficacy and efficiency of our schemes.
Abstract
Although cloud storage service enables people easily maintain and manage amounts of data with lower cost, it cannot ensure the integrity of people’s data. In order to audit the correctness of the data without downloading them, many remote data integrity checking (RDIC) schemes have been presented. Most existing schemes ignore the important issue of data privacy preserving and suffer from complicated certificate management derived from public key infrastructure. To overcome these shortcomings, this article proposes a new Identity-based RDIC scheme that makes use of homomorphic verifiable tag to decrease the system complexity. The original data in proof are masked by random integer addition, which protects the verifier from obtaining any knowledge about the data during the integrity checking process. Our scheme is proved secure under the assumption of computational Diffie-Hellman problem. Experiment result exhibits that our scheme is very efficient and feasible for real-life applications.
Abstract
In cloud computing, an important concern is to allocate the available resources of service nodes to the requested tasks on demand and to make the objective function optimum, i.e., maximizing resource utilization, payoffs, and available bandwidth. This article proposes a hierarchical multi-agent optimization (HMAO) algorithm in order to maximize the resource utilization and make the bandwidth cost minimum for cloud computing. The proposed HMAO algorithm is a combination of the genetic algorithm (GA) and the multi-agent optimization (MAO) algorithm. With maximizing the resource utilization, an improved GA is implemented to find a set of service nodes that are used to deploy the requested tasks. A decentralized-based MAO algorithm is presented to minimize the bandwidth cost. We study the effect of key parameters of the HMAO algorithm by the Taguchi method and evaluate the performance results. The results demonstrate that the HMAO algorithm is more effective than two baseline algorithms of genetic algorithm (GA) and fast elitist non-dominated sorting genetic algorithm (NSGA-II) in solving the large-scale optimization problem of resource allocation. Furthermore, we provide the performance comparison of the HMAO algorithm with two heuristic Greedy and Viterbi algorithms in on-line resource allocation.
Abstract
Cloud service providers (CSP) and cloud consumers often need to forecast the cloud price to optimize their business strategy. However, pricing of cloud services is a challenging task due to its services complexity and dynamic nature of the ever-changing environment. Moreover, the cloud pricing based on consumers’ willingness to pay (W2P) becomes even more challenging due to the subjectiveness of consumers’ experiences and implicit values of some non-marketable features, such as burstable CPU, dedicated server, and cloud data center global footprints. Unfortunately, many existing pricing models often cannot support value-based pricing. In this paper, we propose a novel solution based on value-based pricing, which does not only consider how much does the service cost (or intrinsic values) to a CSP but also how much a customer is willing to pay (or extrinsic values) for the service. We demonstrate that the cloud extrinsic values would not only become one of the competitive advantages for CSPs to lead the cloud market but also increase the profit margin. Our approach is often referred to as a hedonic pricing model. We show that our model can capture the value of non-marketable features. This value is about 43.4 percent on average above the baseline, which is often ignored by many traditional cloud pricing models. We also show that Average Annual Growth Rate (AAGR) of Amazon Web Services’ (AWS) is about -20.0 percent per annum between 2008 and 2017, ceteris paribus. In comparison with Moore’s law (-50 percent per annum), it is at a far slower pace. We argue this value is Moore’s law equivalent in the cloud. The primary goal of this research is to provide a less biased pricing model for cloud decision makers to develop their optimizing investment strategy.
Abstract
Air pollution is one of the greatest problems being faced by mankind. Millions of people die each year because of reasons directly or indirectly related to air pollution. Effective strategies to counter the harmful effects of air pollution are an imperative need of the times. The responses to the air pollution problems are usually knee-jerk reactions, which don’t help in the long run. For developing an effective counter-strategy for combating air pollution, it is necessary to focus the efforts on the pollutants that are most responsible for the air pollution. This paper focuses on identifying the pollutant that plays the most important role in defining the Air Quality Index of a region and also attempts to establish the trend patterns followed by the identified pollutant. This will help the decision makers to devise counter-strategies well in advance for countering the harmful effects of the main pollutant thereby helping to reduce air pollution.
Abstract
In cloud computing, attribute based encryption (ABE) is often used to solve the challenging issue in secure data storage. In order to lighten the burden of authority center, hierarchical ABE schemes is a very effective way. File hierarchy attribute based encryption (FH-CP-ABE) is a scheme, which both saves storage space of ciphertext and reduces the computation overhead of encryption. However, it’s impossible to encrypt multiple files on the same access level in existing FH-CP-ABE scheme. The scheme is obviously not practical. In this paper, an efficient extended file hierarchy CP-ABE scheme (EFH-CP-ABE) is proposed, which can encrypt multiple files on the same access level. Our scheme is very practical especially for those big institutions or companies which have many hierarchical sectors, since it greatly saves storage space and computation cost for them on the cloud servers. Furthermore, our solution also achieves secure and flexible access control for users in cloud storage. We formally prove the security for our new scheme under the standard model. Finally, we implement the corresponding experiment for EFH-CP-ABE scheme and achieve desirable experimental results.
Abstract
Despite the numerous and noticeable inherited gains of Mobile Cloud Computing (MCC) in healthcare, its growth is being hindered by privacy and security challenges. Such issues require the utmost urgent attention to realize its full scale and efficient usage. There is a need to secure Health Information worldwide, regionally, and locally. To fully avail of the health services, it is crucial to put in place the demanded security practices for the prevention of security breaches and vulnerabilities. Hence, this research is deliberated on to provide requirement-oriented health information security using the Modular Encryption Standard (MES) based on the layered modeling of the security measures. The performance analysis shows that the proposed work excels, compared to other commonly used algorithms against the health information security at the MCC environment in terms of better performance and auxiliary qualitative security ensuring measures.
Abstract
Provable Data Possession (PDP) model provides an efficient means for people to audit the integrity of data stored in cloud storage. When sensitive data is shared among multiple users based on cloud storage, it is critical to preserve the anonymity of the data uploader against the auditor. That is, the auditor should not get data uploader’s identity through the data audition. To address this problem, many PDP schemes with user identity privacy-persevering are proposed. However, most proposed schemes are designed based on PKI technique which suffers from big burden of certificate management. Moreover, data auditors in most proposed schemes bear heavy computation cost which results to the lower efficiency of the scheme. To overcome the shortcomings, we present a novel identity-based PDP protocol to audit efficiently the integrity of group shared data with uploader’s privacy-preserving. Due to the inherent structural advantage of identity-based crypto mechanism, our PDP scheme is able to avoid the problem of certificate management. Different from previous works, our scheme ensures the relationship of the data and the data uploader in the phase of proof generation not the phase of integrity audition. Therefore, the data auditor does not know the relationship at all as well as the extract data uploader of the challenged data. At the same time, establishing the relationship by cloud server in proof generation step can reduce the computational cost of data auditor greatly. Furthermore, the relationship of data uploader and challenged data in the proof is randomized so as to strength the security of the scheme. All these efforts are made in our scheme to efficiently realize the anonymity protection of the data uploader. We give the detailed security proof of our scheme under the computational Diffie-Hellman assumption. Many experiments are performed to evaluate the efficiency of our scheme, the results show that our new scheme is efficient and feasible.
Abstract
The rapid development of the Internet of Things (IoT) has led to the emergence of more and more novel applications in recent years. One of them is the e-health system, which can provide people with high-quality and convenient health care. Meanwhile, it is a key issue and challenge to protect the privacy and security of the user’s personal health record. Some cryptographic methods have been proposed such as encrypt user’s data before sharing it. However, it is complicated to share the data with multiple parties (doctors, health departments, etc.), due to the fact that data should be encrypted under each recipient’s keys. Although several (t, n) threshold secret sharing schemes can share the data only need one encryption operation, there is a limitation that the decryption private key has to be reconstructed by one party. To offset this shortcoming, in this paper, we propose an efficient identity-based distributed decryption scheme for personal health record sharing system. It is convenient to share their data with multiple parties and does not require to reconstruct the decryption private key. We prove that our scheme is secure under chosen-ciphertext attack (CCA). Moreover, we implement our scheme by using the Java pairing-based cryptography (JPBC) library on a laptop and an Android phone. The experimental results show that our system is practical and effective in the electronic personal health record system.
Abstract
Fog-to-cloud computing has now become a new cutting-edge technique along with the rapid popularity of Internet of Things (IoT). Unlike traditional cloud computing, fog-to-cloud computing needs more entities to participate in, including mobile sinks and fog nodes except for cloud service provider (CSP). Hence, the integrity auditing in fog-to-cloud storage will also be different from that of traditional cloud storage. In the recent work of Tian et al., they took the first step to design public auditing system for fog-to-cloud computing. However, their scheme becomes very inefficient since they uses intricate public key cryptographic techniques, including bilinear mapping, proof of knowledge etc. In this paper, we design a general and more efficient auditing system based on MAC and HMAC, both of which are popular private key cryptographic techniques. By implementing MAC and HMAC, we give a concrete instantiation of our auditing system. Finally, the theoretical analysis and experiment results show that our proposed system has more efficiency in terms of communication and computational costs.
Abstract
A combination of mobile and cloud computing delivers many advantages such as mobility, resources, and accessibility through seamless data transmission via the Internet anywhere at any time. However, data transmission through vulnerable channels poses security threats such as man-in-the-middle, playback, impersonation, and asynchronization attacks. To address these threats, we define an explicit security model that can precisely measure the practical capabilities of an adversary. A systematic methodology consisting of 16 evaluation criteria is used for comparative evaluation, thereby leading other approaches to be evaluated through a common scale. Finally, we propose a dynamic reciprocal authentication protocol to secure data transmission in mobile cloud computing (MCC). In particular, our proposed protocol develops a secure reciprocal authentication method, which is free of Diffie-Hellman limitations, and has immunity against basic or sophisticated known attacks. The protocol utilizes multifactor authentication of usernames, passwords, and a one-time password (OTP). The OTP is automatically generated and regularly updated for every connection. The proposed protocol is implemented and tested using Java to demonstrate its efficiency in authenticating communications and securing data transmitted in the MCC environment. Results of the evaluation process indicate that compared with the existing works, the proposed protocol possesses obvious capabilities in security and in communication and computation costs.
Abstract
As an important security property of cloud storage, data integrity has not been sufficiently studied under the multi-writer model, where a group of users work on shared files collaboratively and any group member can update the data by modification, insertion, and deletion operations. Existing works under such multi-writer model would bring large storage cost to the third-party verifiers. Furthermore, to the best of our knowledge, none of the existing works for shared files supports fully dynamic operations, which implies that users cannot freely perform the update operations. In this paper, we propose the first public auditing scheme for shared data that supports fully dynamic operations and achieves constant storage cost for the verifiers. Our scheme, named PRAYS, is boosted by a new paradigm for remote data integrity checking. To implement the new paradigm, we proposed a specially designed authenticated structure, called blockless Merkle tree, and a novel cryptographic primitive, called permission-based signature. Extensive evaluation demonstrates that PRAYS is as efficient as the existing less-functional solutions. We believe that PRAYS is an important step towards designing practical multi-writer cloud storage systems.
Abstract
For the last few years, Cloud computing has been considered an attractive high-performance computing platform for individuals as well as organizations. The Cloud service providers (CSPs) are setting up data centers with high performance computing resources to accommodate the needs of Cloud users. The users are mainly interested in the response time, whereas the Cloud service providers are more concerned about the revenue generation. Concerning these requirements, the task scheduling for the users’ applications in Cloud computing attained focus from the research community. Various task scheduling heuristics have been proposed that are available in the literature. However, the task scheduling problem is NP-hard in nature and thus finding optimal scheduling is always challenging. In this research, a resource-aware dynamic task scheduling approach is proposed and implemented. The simulation experiments have been performed on the Cloudsim simulation tool considering three renowned datasets, namely HCSP, GoCJ, and Synthetic workload. The obtained results of the proposed approach are then compared against RALBA, Dynamic MaxMin, DLBA, and PSSELB scheduling approaches concerning average resource utilization (ARUR), Makespan, Throughput, and average response time (ART). The DRALBA approach has revealed significant improvements in terms of attained ARUR, Throughput, and Makespan.This fact is endorsed by the average resource utilization results (i.e., 98 % for HCSP dataset, 75 % for Synthetic workload (improve ARUR by 72.00 %, 77.33 %, 78.67 %, and 13.33 % as compared to RALBA, Dynamic MaxMin, DLBA and PSSELB respectively), and 77 % for GoCJ (i.e., the second best attained ARUR)).
Abstract
With the concern of privacy, a user usually encrypts the images before they were uploaded to the cloud service providers. Classification over encrypted images is essential for the service providers to collect coarse-grained statistical information about the images, therefore offering better services without sacrificing users’ privacy. In this paper, we propose CryptoEyes to address the challenges of privacy-preserving classification over encrypted images. We present a two-stream convolutional network architecture for classification over encrypted images to capture the contour of encrypted images, therefore significantly boosting the classification accuracy. By sharing a secret sequence between the service provider and the image owner, CryptoEyes allows the service provider to obtain category information of encrypted images while preventing the unauthorized users from learning it. We implemented and evaluated CryptoEyes on popular datasets and the experimental results demonstrate the superiority of CryptoEyes over existing state of the arts in terms of classification accuracy over encrypted images and better privacy preservation performance.
Abstract
In this letter, we discuss the security weakness of Wang et al.’s attribute-based data sharing scheme, in IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (TIFS) (DOI: 10.1109/TIFS.2016.2549004). Through designing two concrete attacks, we identify two serious security flaws in their scheme. 1) First, we show that their scheme is insecure because in their scheme any authenticated user can freely tamper with the weight of his own attribute to gain higher level decryption privilege to arbitrarily decrypt the ciphertext belonging to another user with higher weight of attribute. 2) Second, we further demonstrate that their scheme is trivial insecure because in their scheme even any malicious authenticated user’s attribute does not match the access policy of a ciphertext, he/she still has the power to decrypt the ciphertext, i.e., the decryption power is independent of attributes, thus, their scheme is not a rigorous attribute-based scheme. The two weaknesses discovered may hinder their scheme infeasible for practical deployment. Accordingly, we present a remedy solution to the issues while preserving all the security features of the original scheme. We hope that our cryptoanalysis and remedy scheme may contribute to avoiding similar design flaws in future designs
Abstract
The scheme [1] is flawed because: (1) its circuit access structure is confusingly described; (2) the cloud server cannot complete the related computations; (3) some users can conspire to generate new decryption keys, without the help of the key generation authority.
Abstract
This article develops a cloud-based protocol for a constrained quadratic optimization problem involving multiple parties, each holding private data. The protocol is based on the projected gradient ascent on the Lagrange dual problem and exploits partially homomorphic encryption and secure communication techniques. Using formal cryptographic definitions of indistinguishability, the protocol is shown to achieve computational privacy. We show the implementation results of the protocol and discuss its computational and communication complexity. We conclude this article with a discussion on privacy notions.
Abstract
User activity logs can be a valuable source of information in cloud forensic investigations; hence, ensuring the reliability and integrity of such logs is crucial. Most existing solutions for secure logging are designed for conventional systems rather than the complexity of a cloud environment. In this paper, we propose the Cloud Log Assuring Soundness and Secrecy (CLASS) process as an alternative scheme for the securing of logs in a cloud environment. In CLASS, logs are encrypted using the individual user’s public key so that only the user is able to decrypt the content. In order to prevent unauthorized modification of the log, we generate proof of past log (PPL) using Rabin’s fingerprint and Bloom filter. Such an approach reduces verification time significantly. Findings from our experiments deploying CLASS in OpenStack demonstrate the utility of CLASS in a real-world context.
Abstract
We present Charon, a cloud-backed storage system capable of storing and sharing big data in a secure, reliable, and efficient way using multiple cloud providers and storage repositories to comply with the legal requirements of sensitive personal data. Charon implements three distinguishing features: (1) it does not require trust on any single entity, (2) it does not require any client-managed server, and (3) it efficiently deals with large files over a set of geo-dispersed storage services. Besides that, we developed a novel Byzantine-resilient data-centric leasing protocol to avoid write-write conflicts between clients accessing shared repositories. We evaluate Charon using micro and application-based benchmarks simulating representative workflows from bioinformatics, a prominent big data domain. The results show that our unique design is not only feasible but also presents an end-to-end performance of up to 2.5×2.5× better than other cloud-backed solutions.
Abstract
Cloud storage service supplies people with an efficient method to share data within a group. The cloud server is not trustworthy, so lots of remote data possession checking (RDPC) protocols are proposed and thought to be an effective way to ensure the data integrity. However, most of RDPC protocols are based on the mechanism of traditional public key infrastructure (PKI), which has obvious security flaw and bears big burden of certificate management. To avoid this shortcoming, identity-based cryptography (IBC) is often chosen to be the basis of RDPC. Unfortunately, IBC has an inherent drawback of key escrow. To solve these problems, we utilize the technique of certificateless signature to present a new RDPC protocol for checking the integrity of data shared among a group. In our scheme, user’s private key includes two parts: a partial key generated by the group manager and a secret value chosen by herself/himself. To ensure the right public keys are chosen during the data integrity checking, the public key of each user is associated with her unique identity, for example the name or telephone number. Thus, the certificate is not needed and the problem of key escrow is eliminated too. Meanwhile, the data integrity can still be audited by public verifier without downloading the whole data. In addition, our scheme also supports efficient user revocation from the group. The security of our scheme is reduced to the assumptions of computational Diffie-Hellman (CDH) and discrete logarithm (DL). Experiment results exhibit that the new protocol is very efficient and feasible.
Abstract
Rapid development of cloud storage services, users are allowed to upload heavy storage and computational cost to cloud to reduce the local resource and energy consumption. While people enjoy the desirable benefits from the cloud storage service, critical security concerns in data outsourcing have been raised seriously. In the cloud storage service, data owner loses the physical control of the data and these data are fully controlled by the cloud server. As such, the integrity of outsourced data is being put at risk in reality. Remote data integrity checking (RDIC) is an effective solution to checking the integrity of uploaded data. However, most RDIC schemes are rely on traditional public key infrastructure (PKI), which leads communication and storage overhead due to the certificate management. Identity-based RDIC scheme is not need the storage management, but it has a drawback of key escrow. To solve these problems, we propose a practical certificateless RDIC scheme. Moreover, many public auditing schemes authorize the third party auditor (TPA) to check the integrity of remote data and the TPA is not fully trusted. Thus, we take the data privacy into account. The proposed scheme not only can overcome the above deficiencies but also able to preserve the data privacy against the TPA. Our theoretical analyses prove that our mechanism is correct and secure, and our mechanism is able to audit the integrity of cloud data efficiently.
Abstract
With the widespread application of cloud computing technology, data privacy security problem becomes more serious. The recent studies related to searchable encryption (SE) area have shown that the data owners can share their private data with efficient search function and high-strength security. However, the search method has yet to be perfected, compared with the plaintext search mechanism. In this paper, based LSSS matrix, we give a new searchable algorithm, which is suitable for many search method, such as exact search, Boolean search and range search. In order to improve the search efficiency, the 0, 1-coding theory is introduced in the process of ciphertext search. Meanwhile it is shown that multi-search mechanism can improve the efficiency of data sharing. Finally, the performance analysis is presented, which prove our scheme is secure, efficient, and human-friendly.
Abstract
Recent advances in information technologies have facilitated applications to generate, collect or process large amounts of sensitive personal data. Emerging cloud storage services provide a better paradigm to support the needs of such applications. Such cloud based solutions introduce additional security and privacy challenges when dealing with outsourced data including that of supporting fine-grained access control over such data stored in the cloud. In this paper, we propose an integrated, privacy-preserving user-centric attribute based access control framework to ensure the security and privacy of users’ data outsourced and stored by a cloud service provider (CSP). The core component of the proposed framework is a novel privacy-preserving, revocable ciphertext policy attribute-based encryption (PR-CP-ABE) scheme. To support advanced access control features like write access on encrypted data and privacy-preserving access policy updates, we propose extended Path-ORAM access protocol that can also prevent privacy disclosure of access patterns. We also propose an integrated secure deduplication approach to improve the storage efficiency of CSPs while protecting data privacy. Finally, we evaluate the proposed framework and compare it with other existing solutions with regards to the security and performance issues.
Abstract
Due to its wide accessibility, cloud services are susceptible to attacks. Data manipulation is a serious threat to data integrity which can occur in cloud computing – a relatively new offering under the umbrella of cloud services. Data can be tampered with, and malicious actors could use this to their advantage. Cloud computing clients in various application domains want to be assured that their data is accurate and trustworthy. On another spectrum, blockchain is a tamper-proof digital ledger that can be used alongside cloud technology to provide a tamper-proof cloud computing environment. This paper proposes a scheme that combines cloud computing with blockchain that assures data integrity for all homomorphic encryption schemes. To overcome the cloud service provider’s (CSP) ultimate authority over the data, the proposed scheme relies on the Byzantine Fault Tolerance consensus to build a distributed network of processing CSPs based on the client requirements. After certain computations performed by all CSPs, they produce a master hash value for their database. To ensure immutable data is produced, master hash values are preserved in Bitcoin or Ethereum blockchain networks. The master hash values can be obtained by tracking the block header address for verification purposes. A theoretical analysis of the overhead costs associated with creating master hash values for each of the cryptocurrencies is presented. We found that Ethereum leads to lower client financial costs and better online performance than Bitcoin. We also specify the data security requirements the proposed scheme provides, the ground-level implementation, and future work. The proposed verification scheme is based on public cryptocurrency as a back-end service and does not require additional setup actions by the client other than a wallet for the chosen cryptocurrency.
Abstract
Cloud protection is a collection of policies, rules, appropriate technical and organizational measures which work with each other to protect cloud-based systems, critical infrastructure. These protections are set up for the safety of cloud information, regulatory enforcement and safety of the privacy of consumers, as well as the authentication of individual users and devices. Cloud protection can be tailored to the exact needs of the firm from validating access to filtering traffic. And since these regulations can be set up and handled in a single location, overhead administration is minimized and IT teams can concentrate on other business areas. Depending upon the cloud provider or the cloud safety solutions in place, the way cloud protection is provided. However, it should be a shared responsibility of the company owner and the solutions provider to execute cloud protection processes. This is the content-centered cloud face serious challenges as they meet a wide variety of content demands, secure and express complaints material how effectively and safely to protect data over the network seems to be an issue. In this paper, a blockchain-based framework has been proposed to address data security problems in content-centered cloud. Here, we exercise reciprocal trust between users and service providers. The transparency and the resistance to exploitation of the blockchain network protect the provider’s protection and access control. Selected from the users with the aid of a common record can be kept secretly by the content owners. The article shares the low overhead interesting data, delay and congestion of the network and then green contact. To fix this, we suggest a solution cross-cut the gap with the use of a local peer network.
Abstract
Proxy re-encryption (PRE) provides a promising solution for encrypted data sharing in public cloud. When data owner Alice is going to share her encrypted data with data consumer Bob, Alice generates a re-encryption key and sends it to the cloud server (proxy); by using it, the proxy can transform Alice’s ciphertexts into Bob’s without learning anything about the underlying plaintexts. Despite that existing PRE schemes can prevent the proxy from recovering Alice’s secret key by collusion attacks with Bob, due to the inherent functionality of PRE, it is inevitable that the proxy and Bob together are capable to gain and distribute Alices decryption capabilities. Even worse, the malicious proxy can deny that it has leaked the decryption capabilities and has very little risk of getting caught. To tackle this problem, we introduce the concept of Accountable Proxy Re-Encryption (APRE), whereby if the proxy is accused to abuse the re-encryption key for distributing Alice’s decryption capability, a judge algorithm can decide whether it is innocent or not. We then present a non-interactive APRE scheme and prove its CPA security and accountability under DBDH assumption in the standard model. Finally, we show how to extend it to a CCA secure one.
Abstract
Biometric identification allows people to be identified by their unique physical characteristics. Among such schemes, fingerprinting is well-known for biometric identification. Many studies related to fingerprint-based biometric identification have been proposed; however, they are based purely on heavy cryptographic primitives such as additively homomorphic encryption and oblivious transfer. Therefore, it is difficult to apply them to large databases because of the expense. To resolve this problem, some schemes have been proposed that are based on simple matrix operations rather than heavy cryptographic primitives. Recently, Liu et al. proposed an improved matrix-based scheme using the properties of orthogonal matrices. Despite being more efficient when compared to previous systems, it still fails to provide sufficient security against various types of attackers. In this paper, we demonstrate that their scheme is vulnerable to an attacker who operates with a cloud server by introducing statistical-inference attack algorithms. Moreover, we propose concrete identity confirmation parameters that an adversary must always pass, and present experimental results to demonstrate that our algorithms are both feasible and practical.
Abstract
The rapid growth of digital images motivates organizations and individuals to outsource image storage and computation to the cloud. However, the defenseless upload will raise the risk of privacy leakage while the simple encryption would impede the efficient usage of data. In this paper, we propose a privacy-preserving image retrieval scheme, in which the images are encrypted but similar images to a query can be efficiently retrieved from the encrypted images. Specifically, the image content is protected by big-block permutation, 3 ×3 block permutation within big-blocks, pixel permutation within 3 ×3 blocks, and polyalphabetic cipher. The use of polyalphabetic cipher improves security and causes no degradation in terms of retrieval accuracy as the substitution tables are generated by the order-preserving encryption. In this way, secure Local Binary Pattern (LBP) features can be directly extracted as the local features from the encrypted big-blocks, which is efficient as there is no communication between the cloud server and image owners to do so. The secure local LBP features are used to generate the feature vector for each image by the bag-of-words model. Finally, the similarity among the encrypted images is measured by the Manhattan distance of such feature vectors. The security analysis and experimental results demonstrate that the proposed scheme outperforms the main existing schemes in terms of security and retrieval accuracy.
Abstract
Thanks to the popularity of mobile devices numerous location-based services (LBS) have emerged. While several privacy-preserving solutions for LBS have been proposed, most of these solutions do not consider the fact that LBS are typically cloud-based nowadays. Outsourcing data and computation to the cloud raises a number of significant challenges related to data confidentiality, user identity and query privacy, fine-grained access control, and query expressiveness. In this work, we propose a privacy-preserving framework for outsourcing LBS to the cloud. The framework supports multi-location queries with fine-grained access control, and search by location attributes, while providing semantic security. In particular, the framework implements a new model that allows the user to govern the trade-off between precision and privacy on a dynamic per-query basis. We also provide a security analysis to show that the proposed scheme preserves privacy in the presence of different threats. We also show the viability of our proposed solution and scalability with the number of locations through an experimental evaluation, using a real-life OpenStreetMap dataset.
Abstract
In cloud computing, resource provisioning is a key challenging task due to dynamic resource provisioning for the applications. As per the workload requirements of the application’s resources should be dynamically allocated for the application. Disparities in resource provisioning produce energy, cost wastages, and additionally, it affects Quality of Service (QoS) and increases Service Level Agreement (SLA) violations. So, applications allocated resources quantity should match with the applications required resources quantity. Load balancing in cloud computing can be addressed through optimal scheduling techniques, whereas this solution belongs to the NP-Complete optimization problem category. However, the cloud providers always face resource management issues for variable cloud workloads in the heterogeneous system environment. This issue has been solved by the proposed Predictive Priority-based Modified Heterogeneous Earliest Finish Time (PMHEFT) algorithm, which can estimate the application’s upcoming resource demands. This research contributes towards developing the prediction-based model for efficient and dynamic resource provisioning in a heterogamous system environment to fulfill the end user’s requirements. Existing algorithms fail to meet the user’s Quality of Service (QoS) requirements such as makespan minimization and budget constraints satisfaction, or to incorporate cloud computing principles, i.e., elasticity and heterogeneity of computing resources. In this paper, we proposed a PMHEFT algorithm to minimize the makespan of a given workflow application by improving the load balancing across all the virtual machines. Experimental results show that our proposed algorithm’s makespan, efficiency, and power consumption are better than other algorithms.
Abstract
In this paper, we try to design a service mechanism for profit optimizations of both a cloud provider and its multiple users. We consider the problem from a game theoretic perspective and characterize the relationship between the cloud provider and its multiple users as a Stackelberg game, in which the strategies of all users are subject to that of the cloud provider. The cloud provider tries to select and provision appropriate servers and configure a proper request allocation strategy to reduce energy cost while satisfying its cloud users at the same time. We approximate its servers selection space by adding a controlling parameter and configure an optimal request allocation strategy. For each user, we design a utility function which combines the net profit with time efficiency and try to maximize its value under the strategy of the cloud provider. We formulate the competitions among all users as a generalized Nash equilibrium problem (GNEP). We solve the problem by employing variational inequality (VI) theory and prove that there exists a generalized Nash equilibrium solution set for the formulated GNEP. Finally, we propose an iterative algorithm (IA), which characterizes the whole process of our proposed service mechanism. We conduct some numerical calculations to verify our theoretical analyses. The experimental results show that our IA algorithm can benefit both of a cloud provider and its multiple users by configuring proper strategies.
Abstract
Despite the many past research conducted in the Cloud Computing field, some challenges still exist related to workload balancing in cloud-based applications and specifically in the Infrastructure as service (IaaS) cloud model. Efficient allocation of tasks is a crucial process in cloud computing due to the restricted number of resources/virtual machines. IaaS is one of the models of this technology that handles the backend where servers, data centers, and virtual machines are managed. Cloud Service Providers should ensure high service delivery performance in such models, avoiding situations such as hosts being overloaded or underloaded as this will result in higher execution time or machine failure, etc. Task Scheduling highly contributes to load balancing, and scheduling tasks much adheres to the requirements of the Service Level Agreement (SLA), a document offered by cloud developers to users. Important SLA parameters such as Deadline are addressed in the LB algorithm. The proposed algorithm is aimed to optimize resources and improve Load Balancing in view of the Quality of Service (QoS) task parameters, the priority of VMs, and resource allocation. The proposed LB algorithm addresses the stated issues and the current research gap based on the literature’s findings. Results showed that the proposed LB algorithm results in an average of 78% resource utilization compared to the existing Dynamic LBA algorithm. It also achieves good performance in terms of less Execution time and Makespan.
Abstract
The major challenging task in the fog-enabled cloud computing paradigm is to ensure the security for accessing the data through cloud and fog nodes. To solve this challenge, a Flexible Access Control using Elliptic Curve Cryptography (FAC-ECC) protocol has been developed in which the user data are encrypted by multiple asymmetric keys. Such keys are handled by both users and fog nodes. Also, data access is controlled by encrypting the data through the user. However, the main problem is to guarantee the privacy and security of resources after processing of User Revocation (UR) by data owners. The issue of UR is needed to consider for satisfying the dynamic change of user access in different applications like healthcare systems, e-commerce, etc. Therefore in this article, a FAC-UR-ECC protocol is proposed to control the data access and realize the UR in fog-enabled cloud systems. In this protocol, a revocable key aggregate-based cryptosystem is applied in the fog-cloud paradigm. It is an extension of the key-aggregate cryptosystem such that a user is revoked if his/her credential is expired. First, the subset-cover model is combined into FAC-ECC protocol to design an efficient revocable key-aggregate encryption depending on multi-linear maps which realizes the user’s access control and revocation. It can simplify the user’s key management efficiently and delegate various clients with decryption permission. Also, it can accomplish revocation of user access privileges and the FAC efficiently. By using this protocol, both the user’s secret key and the ciphertext are preserved in a fixed size. The security of accessing the data is highly enhanced by updating the ciphertext through the data owners successfully. At last, the experimental results exhibit the efficiency of FAC-UR-ECC compared to the FAC-ECC protocol.
Abstract
With rapidly increasing adoption of cloud computing and the advancement of today mobile computing, it is inevitable that mobile devices are used to receive and send the data through the mobile cloud platform. This increases the convenience and flexibility of data access over the cloud computing since data users are able to access the shared data anytime, anywhere via mobile devices. However, using mobile devices in accessing shared data in a cloud where the sensitive data is encrypted is not practical because mobile devices have limited computing resources in dealing with heavy cryptographic operations. In this article, we propose a lightweight collaborative ciphertext policy attribute role-based encryption (LW-C-CP-ARBE) scheme to support a fine-grained and lightweight access control for mobile cloud environment. We apply CP-ABE approach as a core cryptographic access control and introduce a new proxy re-encryption (PRE) protocol to reduce data re-encryption and decryption cost for the mobile users. To this end, the overhead in running the cryptographic operation at the end-user device is small. In addition, we develop secure access policy sharing and re-encryption protocol to enable users having write privilege to update the data and request the proxy to perform data re-encryption. Finally, we present the evaluation and experiments to demonstrate the efficiency and practicality of our system.
Abstract
Medical imaging is crucial for medical diagnosis, and the sensitive nature of medical images necessitates rigorous security and privacy solutions to be in place. In a cloud-based medical system for Healthcare Industry 4.0, medical images should be encrypted prior to being outsourced. However, processing queries over encrypted data without first executing the decryption operation is challenging and impractical at present. In this paper, we propose a secure and efficient scheme to find the exact nearest neighbor over encrypted medical images. Instead of calculating the Euclidean distance, we reject candidates by computing the lower bound of the Euclidean distance that is related to the mean and standard deviation of data. Unlike most existing schemes, our scheme can obtain the exact nearest neighbor rather than an approximate result. We, then, evaluate our proposed approach to demonstrate its utility.
Abstract
The new paradigm of outsourcing data to the cloud is a double-edged sword. On the one hand, it frees data owners from the technical management, and is easier for data owners to share their data with intended users. On the other hand, it poses new challenges on privacy and security protection. To protect data confidentiality against the honest-but-curious cloud service provider, numerous works have been proposed to support fine-grained data access control. However, till now, no schemes can support both fine-grained access control and time-sensitive data publishing. In this paper, by embedding timed-release encryption into Ciphertext-Policy Attribute-based Encryption (CP-ABE), we propose a new time and attribute factors combined access control on time-sensitive data for public cloud storage (named TAFC). Based on the proposed scheme, we further propose an efficient approach to design access policies faced with diverse access requirements for time-sensitive data. Extensive security and performance analysis shows that our proposed scheme is highly efficient and satisfies the security requirements for time-sensitive data storage in public cloud.
Abstract
The advent of electronic health record (EHR) system has greatly promoted the development of medical services, and its security and privacy are emerging as major concerns. The verifiable database (VDB), where a user outsources his large database to a cloud server and makes queries once he needs certain data, is proposed as an efficient updatable cloud storage model for resource-constrained users. The security goals of VDB include both the data storage integrity and the query result correctness. To improve system efficiency, most existing VDB schemes utilize proof reuse and the technique of proof updating to prove correctness of the query results. However, it ignores the “real-time” of proof generation, which results in an overhead that the user has to perform extra process (e.g. auditing schemes) to check storage integrity. In this paper, we propose a publicly verifiable updatable EHR database scheme that supports privacy-preserving and batch integrity auditing. We modify the existing functional commitment (FC) scheme for the VDB design and construct a concrete FC under the computational l-BDHE assumption. In addition, the use of an efficient verifier-local revocation group signature scheme makes our scheme support dynamic group member operations, and gives nice features, such as traceability and non-frameability.
Abstract
With the popularity of wearable devices, along with the development of clouds and cloudlet technology, there has been increasing need to provide better medical care. The processing chain of medical data mainly includes data collection, data storage and data sharing, etc. Traditional healthcare system often requires the delivery of medical data to the cloud, which involves users’ sensitive information and causes communication energy consumption. Practically, medical data sharing is a critical and challenging issue. Thus in this paper, we build up a novel healthcare system by utilizing the flexibility of cloudlet. The functions of cloudlet include privacy protection, data sharing and intrusion detection. In the stage of data collection, we first utilize Number Theory Research Unit (NTRU) method to encrypt user’s body data collected by wearable devices. Those data will be transmitted to nearby cloudlet in an energy efficient fashion. Second, we present a new trust model to help users to select trustable partners who want to share stored data in the cloudlet. The trust model also helps similar patients to communicate with each other about their diseases. Third, we divide users’ medical data stored in remote cloud of hospital into three parts, and give them proper protection. Finally, in order to protect the healthcare system from malicious attacks, we develop a novel collaborative intrusion detection system (IDS) method based on cloudlet mesh, which can effectively prevent the remote healthcare big data cloud from attacks. Our experiments demonstrate the effectiveness of the proposed scheme.
Abstract
With the explosive growth of data volume in the cloud computing environment, data owners are increasingly inclined to store their data on the cloud. Although data outsourcing reduces computation and storage costs for them, it inevitably brings new security and privacy concerns, as the data owners lose direct control of sensitive data. Meanwhile, most of the existing ranked keyword search schemes mainly focus on enriching search efficiency or functionality, but lack of providing efficient access control and formal security analysis simultaneously. To address these limitations, in this paper we propose an efficient and privacy-preserving Multi-keyword Ranked Search scheme with Fine-grained access control (MRSF). MRSF can realize highly accurate ciphertext retrieval by combining coordinate matching with Term Frequency-Inverse Document Frequency (TF-IDF) and improving the secure kNN method. Besides, it can effectively refine users’ search privileges by utilizing the polynomial-based access strategy. Formal security analysis shows that MRSF is secure in terms of confidentiality of outsourced data and the privacy of index and tokens. Extensive experiments further show that, compared with existing schemes, MRSF achieves higher search accuracy and more functionalities efficiently.
Abstract
Mobile health (mHealth) has emerged as a new patient centric model which allows real-time collection of patient data via wearable sensors, aggregation and encryption of these data at mobile devices, and then uploading the encrypted data to the cloud for storage and access by healthcare staff and researchers. However, efficient and scalable sharing of encrypted data has been a very challenging problem. In this paper, we propose a Lightweight Sharable and Traceable (LiST) secure mobile health system in which patient data are encrypted end-to-end from a patient’s mobile device to data users. LiST enables efficient keyword search and fine-grained access control of encrypted data, supports tracing of traitors who sell their search and access privileges for monetary gain, and allows on-demand user revocation. LiST is lightweight in the sense that it offloads most of the heavy cryptographic computations to the cloud while only lightweight operations are performed at the end user devices. We formally define the security of LiST and prove that it is secure without random oracle. We also conduct extensive experiments to access the system’s performance.
Abstract
Data sharing is a convenient and economic service supplied by cloud computing. Data contents privacy also emerges from it since the data is outsourced to some cloud servers. To protect the valuable and sensitive information, various techniques are used to enhance access control on the shared data. In these techniques, Ciphertext-policy attribute-based encryption (CP-ABE) can make it more convenient and secure. Traditional CP-ABE focuses on data confidentiality merely, while the user’s personal privacy protection is an important issue at present. CP-ABE with hidden access policy ensures data confidentiality and guarantees that user’s privacy is not revealed as well. However, most of the existing schemes are inefficient in communication overhead and computation cost. Moreover, most of those works take no consideration about authority verification or the problem of privacy leakage in authority verification phase. To tackle the problems mentioned above, a privacy preserving CP-ABE scheme with efficient authority verification is introduced in this paper. Additionally, the secret keys of it achieve constant size. Meanwhile, the proposed scheme achieves the selective security under the decisional n-BDHE problem and decisional linear assumption. The computational results confirm the merits of the presented scheme.
IEEE Enabling Efficient User Revocation in Identity-Based Cloud Storage Auditing for Shared Big Data
Abstract
Cloud storage auditing schemes for shared data refer to checking the integrity of cloud data shared by a group of users. User revocation is commonly supported in such schemes, as users may be subject to group membership changes for various reasons. Previously, the computational overhead for user revocation in such schemes is linear with the total number of file blocks possessed by a revoked user. The overhead, however, may become a heavy burden because of the sheer amount of the shared cloud data. Thus, how to reduce the computational overhead caused by user revocations becomes a key research challenge for achieving practical cloud data auditing. In this paper, we propose a novel storage auditing scheme that achieves highly-efficient user revocation independent of the total number of file blocks possessed by the revoked user in the cloud. This is achieved by exploring a novel strategy for key generation and a new private key update technique. Using this strategy and the technique, we realize user revocation by just updating the non-revoked group users’ private keys rather than authenticators of the revoked user. The integrity auditing of the revoked user’s data can still be correctly performed when the authenticators are not updated. Meanwhile, the proposed scheme is based on identity-base cryptography, which eliminates the complicated certificate management in traditional Public Key Infrastructure (PKI) systems. The security and efficiency of the proposed scheme are validated via both analysis and experimental results.
Abstract
Secure search over encrypted remote data is crucial in cloud computing to guarantee the data privacy and usability. To prevent unauthorized data usage, fine-grained access control is necessary in multi-user system. However, authorized user may intentionally leak the secret key for financial benefit. Thus, tracing and revoking the malicious user who abuses secret key needs to be solved imminently. In this paper, we propose an escrow free traceable attribute based multiple keywords subset search system with verifiable outsourced decryption (EF-TAMKS-VOD). The key escrow free mechanism could effectively prevent the key generation centre (KGC) from unscrupulously searching and decrypting all encrypted files of users. Also, the decryption process only requires ultra lightweight computation, which is a desirable feature for energy-limited devices. In addition, efficient user revocation is enabled after the malicious user is figured out. Moreover, the proposed system is able to support flexible number of attributes rather than polynomial bounded. Flexible multiple keyword subset search pattern is realized, and the change of the query keywords order does not affect the search result. Security analysis indicates that EF-TAMKS-VOD is provably secure. Efficiency analysis and experimental results show that EF-TAMKS-VOD improves the efficiency and greatly reduces the computation overhead of users’ terminals.
Abstract
MapReduce plays a critical role as a leading framework for big data analytics. In this paper, we consider a geo-distributed cloud architecture that provides MapReduce services based on the big data collected from end users all over the world. Existing work handles MapReduce jobs by a traditional computation-centric approach that all input data distributed in multiple clouds are aggregated to a virtual cluster that resides in a single cloud. Its poor efficiency and high cost for big data support motivate us to propose a novel data-centric architecture with three key techniques, namely, cross-cloud virtual cluster, data-centric job placement, and network coding based traffic routing. Our design leads to an optimization framework with the objective of minimizing both computation and transmission cost for running a set of MapReduce jobs in geo-distributed clouds. We further design a parallel algorithm by decomposing the original large-scale problem into several distributively solvable subproblems that are coordinated by a high-level master problem. Finally, we conduct real-world experiments and extensive simulations to show that our proposal significantly outperforms the existing works.
Abstract
To reduce a user’s decryption cost and protect the private information from being leaked, Green et al. proposed an approach outsourcing the decryption of the attribute based encryption (ABE) scheme to the cloud server. Later, almost all ABE schemes with outsourced decryption (ABE-OD) used their model or approach. However, the cloud server needs to repeat the outsourced decryption service of the same ciphertext for distinct users satisfying the same access policy in these schemes. Green computing is the atmosphere conscientious and recyclable utilization of resources. The green cloud networks can reduce their cost or energy requirements by adapting its performance, optimizing resources management and services. The method is not efficient for the cloud server in the green cloud networks. In this article, to take into account recyclable utilization of resources for the cloud server, we put forward a new and secure approach to reduce total overhead of the cloud server when many users satisfying an access policy require the outsourced decryptions for the same ciphertext besides decreasing the decryption computation cost for users. Compared with the existing ABE-OD schemes, our total overhead of the cloud server is independent of the number of the users who satisfy an access policy and request the outsourcing decryption service. Finally, we extend our approach to a RCCA-secure ABE-OD scheme.
Abstract
Cloud is a computing model that provides sharing and supports ubiquitous on-demand access computing, providing new data processing and services for many industries, significantly reducing user computing and storage costs, and improving ease of use. With the development of cloud-scale and intensification, cloud security has become an essential issue in the field of cloud computing. Access control is one of the critical security technologies for protecting sensitive data stored in the cloud by enterprises and individuals. Since the centralized access control mechanism is adopted in the cloud, the sensitive data in the cloud are easy to be tampered with or leaked by hackers or cloud internal managers. To address this issue, we propose a blockchain-based access control framework with privacy protection called AuthPrivacyChain. Firstly, we use the account address of the node in blockchain as the identity, and at the same time, redefine the access control permission of data for the cloud, which is encrypted and stored in blockchain. After that, we design processes of access control, authorization, and authorization revocation in AuthPrivacyChain. Finally, we implement AuthPrivacyChain based on enterprise operation system (EOS), and the results show that AuthPrivacyChain can not only prevent hackers and administrators from illegally accessing resources, but also protect authorized privacy.
Abstract
Outsourced storage such as cloud storage can significantly reduce the burden of data management of data owners. Despite of a long list of merits of cloud storage, it triggers many security risks at the same time. Data integrity, one of the most burning challenges in secure cloud storage, is a fundamental and pivotal element in outsourcing services. Outsourced data auditing protocols enable a verifier to efficiently check the integrity of the outsourced files without downloading the entire file from the cloud, which can dramatically reduce the communication overhead between the cloud server and the verifier. Existing protocols are mostly based on public key infrastructure or an exact identity, which lacks flexibility of key management. In this paper, we seek to address the complex key management challenge in cloud data integrity checking by introducing attribute-based cloud data auditing, where users can upload files to cloud through some customized attribute set and specify some designated auditor set to check the integrity of the outsourced data. We formalize the system model and the security model for this new primitive, and describe a concrete construction of attribute-based cloud data integrity auditing protocol. The new protocol offers desirable properties namely attribute privacy-preserving and collusion-resistance. We prove soundness of our protocol based on the computational Diffie-Hellman assumption and the discrete logarithm assumption. Finally, we develop a prototype of the protocol which demonstrates the practicality of the protocol.
Abstract
High availability is one of the core properties of Infrastructure as a Service (IaaS) and ensures that users have anytime access to on-demand cloud services. However, significant variations of workflow and the presence of super-tasks, mean that heterogeneous workload can severely impact the availability of IaaS clouds. Although previous work has investigated global queues, VM deployment, and failure of PMs, two aspects are yet to be fully explored: one is the impact of task size and the other is the differing features across PMs such as the variable execution rate and capacity. To address these challenges we propose an attribute-based availability model of large scale IaaS developed in the formal modeling language CARMA. The size of tasks in our model can be a fixed integer value or follow the normal, uniform or log-normal distribution. Additionally, our model also provides an easy approach to investigating how to arrange the slack and normal resources in order to achieve availability levels. The two goals of our work are providing an analysis of the availability of IaaS and showing that the use of CARMA allows us to easily model complex phenomena that were not readily captured by other existing approaches
Abstract
Smart cities’ vision will encompass connected industrial vehicles, which will offer data-driven and intelligent services to the user. Such interaction within dispersed connected objects are sometimes referred as the industrial Internet-of-Vehicles (IIoV). The prime motivation of an intelligent transportation system (ITS) is ensuring the safety of the drivers and offering a comfortable experience to the user. However, such complex infrastructures opens broad attack surfaces to the adversaries, which can remotely exploit and control the critical mechanics in the smart vehicles, including engine and brake systems. Security and privacy concerns are significant barriers to the wide adoption of this revolutionary technology that has to be addressed before a comprehensive implementation of the real vision of ITS. This article is a stepping stone to address access control issues in the IIoV ecosystem and propose a formal attribute-based access control system (referred to ITS-ABAC G ). The proposed model introduces the notion of groups, which are assigned to various smart entities based on the different attributes. It also offers the implementation of fine-grained security policies and considers individualized privacy preferences along with system-wide policies to accept or reject notification, alerts, and advertisements from different participating smart entities. We present the prototype implementation of our proposed model in the Amazon Web Services IoT platform together with extensive performance to reflect the practicality and wide-scale adoption of the proposed system.
Abstract
Semantic searching over encrypted data is a crucial task for secure information retrieval in public cloud. It aims to provide retrieval service to arbitrary words so that queries and search results are flexible. In existing semantic searching schemes, the verifiable searching does not be supported since it is dependent on the forecasted results from predefined keywords to verify the search results from cloud, and the queries are expanded on plaintext and the exact matching is performed by the extended semantically words with predefined keywords, which limits their accuracy. In this paper, we propose a secure verifiable semantic searching scheme. For semantic optimal matching on ciphertext, we formulate word transportation (WT) problem to calculate the minimum word transportation cost (MWTC) as the similarity between queries and documents, and propose a secure transformation to transform WT problems into random linear programming (LP) problems to obtain the encrypted MWTC. For verifiability, we explore the duality theorem of LP to design a verification mechanism using the intermediate data produced in matching process to verify the correctness of search results. Security analysis demonstrates that our scheme can guarantee verifiability and confidentiality. Experimental results on two datasets show our scheme has higher accuracy than other schemes.
Abstract
Attribute-based keyword search (ABKS), as an important type of searchable encryption, has been widely utilized for secure cloud storage. In a key-policy attribute-based temporary keyword search (KP-ABTKS) scheme, a private key is associated with an access policy that controls the search ability of the user, while a search token is associated with a time interval that controls the search time of the cloud server. However, after a careful study, we uncover that the only existing KP-ABTKS construction [1] is not secure. Through two carefully designed attacks, we first show that the cloud server can search the ciphertext in any time. As a result, their scheme cannot support temporary keyword search. To address this problem, we present an enhanced KP-ABTKS scheme and prove that it is selectively secure against chosen-keyword attack in the random oracle model. The proposed scheme achieves both fine-grained search control and temporary keyword search simultaneously. In addition, the performance evaluation indicates that our scheme is practical.
Abstract
Nowadays cloud servers have become the primary choice to store and share data with multiple users across the globe. The major challenge in sharing data using cloud servers is to protect data against untrusted cloud service provider and illegitimate users. Attribute-Based Encryption (ABE) has emerged as a useful cryptographic technique to securely share data with legitimate recipients in fine-grained manner. Several solutions employing ABE have been proposed to securely share data using cloud servers. However, most of the solutions are data owner-centric and focus on providing data owner complete control on his outsourced data. The existing solutions in cloud computing fail to provide shared access privileges among users and to enable cloud users to delegate their access privileges in a flexible manner. In order to simultaneously achieve the notion of fine-grained access control, scalability and to provide cloud users shared access privileges and flexibility on delegation of their access privileges, we propose a scalable attribute-based access control scheme for cloud storage. The scheme extends the ciphertext policy attribute-based encryption to achieve flexible delegation of access privileges and shared access privileges along with scalability and fine-grained access control. The scheme achieves scalability by employing hierarchical structure of users. Furthermore, we formally prove the security of our proposed scheme based on security of the ciphertext-policy attribute-based encryption. We also implement the algorithm to show its scalability and efficiency.
Abstract
With the rapid development of cloud computing services, more and more individuals and enterprises prefer to outsource their data or computing to clouds. In order to preserve data privacy, the data should be encrypted before outsourcing and it is a challenge to perform searches over encrypted data. In this paper, we propose a privacy-preserving multi-keyword ranked search scheme over encrypted data in hybrid clouds, which is denoted as MRSE-HC. The keyword dictionary of documents is clustered into balanced partitions by a bisecting k -means clustering based keyword partition algorithm. According to the partitions, the keyword partition based bit vectors are adopted for documents and queries which are utilized as the index of searches. The private cloud filters out the candidate documents by the keyword partition based bit vectors, and then the public cloud uses the trapdoor to determine the result in the candidates. On the basis of the MRSE-HC scheme, an enhancement scheme EMRSE-HC is proposed, which adds complete binary pruning tree to further improve search efficiency. The security analysis and performance evaluation show that MRSE-HC and EMRSE-HC are privacy-preserving multi-keyword ranked search schemes for hybrid clouds and outperforms the existing scheme FMRS in terms of search efficiency.
Abstract
Data sharing through the cloud is flourishing with the development of cloud computing technology. The new wave of technology will also give rise to new security challenges, particularly the data confidentiality in cloud-based sharing applications. Searchable encryption is considered as one of the most promising solutions for balancing data confidentiality and usability. However, most existing searchable encryption schemes cannot simultaneously satisfy requirements for both high search efficiency and strong security due to lack of some must-have properties, such as parallel search and forward security. To address this problem, we propose a variant searchable encryption with parallelism and forward privacy, namely the parallel and forward private searchable public-key encryption (PFP-SPE). PFP-SPE scheme achieves both the parallelism and forward privacy at the expense of slightly higher storage costs. PFP-SPE has similar search efficiency with that of some searchable symmetric encryption schemes but no key distribution problem. The security analysis and the performance evaluation on a real-world dataset demonstrate that the proposed scheme is suitable for practical application.
Abstract
Encrypted search technology has been studied extensively in recent years. With more and more information being stored in cloud, creating indexes with independent keywords has resulted in enormous storage cost and low search accuracy, which has become an urgent problem to be solved. Thus, in this paper, we propose a new feature matching ranked search mechanism (FMRSM) for encrypted cloud data. This mechanism uses feature score algorithm (FSA) to create indexes, which allows multi-keywords which are extracted from a document as a feature to be mapped to one dimension of the index. Thus, the storage cost of indexes can be reduced and the efficiency of encryption can be improved. Moreover, FMRSM uses a matching score algorithm (MSA) in generating trapdoor process. With the help of FSA, the matching score algorithm can rank the search results according to the type of match and the number of matching keywords, and therefore it is able to return results with higher ranking accuracy. Comprehensive analysis prove that our mechanism is more feasible and effective.
Abstract
In this paper, we provide an efficient and easy-to-implement symmetric searchable encryption scheme (SSE) for string search, which takes one round of communication, O(n) times of computations over n documents. Unlike previous schemes, we use hash-chaining instead of chain of encryption operations for index generation, which makes it suitable for lightweight applications. Unlike the previous SSE schemes for string search, with our scheme, server learns nothing about the frequency and the relative positions of the words being searched except what it can learn from the history. We are the first to propose probabilistic trapdoors in SSE for string search. We provide concrete proof of non-adaptive security of our scheme against honest-but-curious server based on the definitions of [12]. We also introduce a new notion of search pattern privacy, which gives a measure of security against the leakage from trapdoor. We have shown that our scheme is secure under search pattern indistinguishability definition. We show why SSE scheme for string search cannot attain adaptive indistinguishability criteria as mentioned in [12]. We also propose modifications of our scheme so that the scheme can be used against active adversaries at the cost of more rounds of communications and memory space. We validate our scheme against two different commercial datasets (see [1], [2]).
Abstract
Temporary keyword search on confidential data in a cloud environment is the main focus of this research. The cloud providers are not fully trusted. So, it is necessary to outsource data in the encrypted form. In the attribute-based keyword search (ABKS) schemes, the authorized users can generate some search tokens and send them to the cloud for running the search operation. These search tokens can be used to extract all the ciphertexts which are produced at any time and contain the corresponding keyword. Since this may lead to some information leakage, it is more secure to propose a scheme in which the search tokens can only extract the ciphertexts generated in a specified time interval. To this end, in this paper, we introduce a new cryptographic primitive called key-policy attribute-based temporary keyword search (KP-ABTKS) which provide this property. To evaluate the security of our scheme, we formally prove that our proposed scheme achieves the keyword secrecy property and is secure against selectively chosen keyword attack (SCKA) both in the random oracle model and under the hardness of Decisional Bilinear Diffie-Hellman (DBDH) assumption. Furthermore, we show that the complexity of the encryption algorithm is linear with respect to the number of the involved attributes. Performance evaluation shows our scheme’s practicality.
Abstract
Recently, attribute-based keyword search (ABKS) schemes have been used to provide fine-grained search over encrypted data on eHealth cloud in the Internet of Things (IoT) platforms. As compared to conventional public key encryption with keyword search (PEKS) schemes, ABKS schemes provide more powerful and flexible search operations which allow encrypted data to be retrieved by multiple users that satisfy set of attributes. However, there are still some limitations and security issues on the existing ABKS schemes. Many of the existing ABKS schemes only support for the encryption of keyword and require a separate cryptographic primitive to encrypt the message. Also, most of the schemes cannot resist offline keyword guessing attacks by inside attackers (i.e., the honest-but-curious servers). A secure-channel is needed for most of the ABKS schemes to transmit the trapdoors between the server and receivers. To solve these problems, we propose a secure-channel free ciphertext-policy decryptable attribute-based keyword search (CP-DABKS) scheme. The proposed scheme allows the authorised user who satisfy the access structure to decrypt the ciphertext. Our scheme not only resists the insider keyword guessing attack, but also eliminates the secure channel for trapdoor transmission. We formally define and prove the security of the proposed CP-DABKS scheme. We also demonstrate its application on an eHealth cloud platform.
Abstract
Along with the development of cloud computing, more and more applications are migrated into the cloud. An important feature of cloud computing is pay-as-you-go. However, most users always should pay more than their actual usage due to the one-hour billing cycle. In addition, most cloud service providers provide a certain discount for long-term users, but short-term users with small computing demands cannot enjoy this discount. To reduce the cost of cloud users, we introduce a new role, which is cloud broker. A cloud broker is an intermediary agent between cloud providers and cloud users. It rents a number of reserved VMs from cloud providers with a good price and offers them to users on an on-demand basis at a cheaper price than that provided by cloud providers. Besides, the cloud broker adopts a shorter billing cycle compared with cloud providers. By doing this, the cloud broker can reduce a great amount of cost for user. In addition to reduce the user cost, the cloud broker also could earn the difference in prices between on-demand and reserved VMs. In this paper, we focus on how to configure a cloud broker and how to price its VMs such that its profit can be maximized on the premise of saving costs for users. Profit of a cloud broker is affected by many factors such as the user demands, the purchase price and the sales price of VMs, the scale of the cloud broker, etc. Moreover, these factors are affected mutually, which makes the analysis on profit more complicated.
Abstract
Technology development has led to rapid increase in demands for multimedia applications. Due to this demand, digital archives are increasingly used to store these multimedia contents. Cloud is the commonly used archive to store, transmit, receive and share multimedia contents. Cloud makes use of internet to perform these tasks due to which data becomes more prone to attacks. Data security and privacy are compromised. This can be avoided by limiting data access to authenticated users and by hiding the data from cloud services that cannot be trusted. Hiding data from the cloud services involves encrypting the data before storing it into the cloud. Data to be shared with other users can be encrypted by utilizing Cipher Text-Policy Attribute Based Encryption (CP-ABE). CP-ABE is used which is a cryptographic technique that controls access to the encrypted data. The pairing-based computation based on bilinearity is used in ABE due to which the requirements for resources like memory and power supply increases rapidly. Most of the devices that we use today have limited memory. Therefore, an efficient pairing free CP- ABE access control scheme using elliptic curve cryptography has been used. Pairing based computation is replaced with scalar product on elliptic curves that reduces the necessary memory and resource requirements for the users. Even though pairing free CP-ABE is used, it is easier to retrieve the plaintext of a secret message if cryptanalysis is used. Therefore, this paper proposes to combine cryptography with steganography in such a way by embedding crypto text into an image to provide increased level of data security and data ownership for sub-optimal multimedia applications. It makes it harder for a cryptanalyst to retrieve the plaintext of a secret message from a stego-object if steganalysis were not used. This scheme significantly improved the data security as well as data privacy.
Abstract
Vehicular cloud computing (VCC) is composed of multiple distributed vehicular clouds (VCs), which are formed on-the-fly by dynamically integrating underutilized vehicular resources including computing power, storage, and so on. Existing proposals for identity-as-a-service (IDaaS) are not suitable for use in VCC due to limited computing resources and storage capacity of onboard vehicle devices. In this paper, we first propose an improved ciphertext-policy attribute-based encryption (CP-ABE) scheme. Utilizing the improved CP-ABE scheme and the permissioned blockchain technology, we propose a lightweight and privacy-preserving IDaaS architecture for VCC named IDaaSoVCC. It realizes lightweight and privacy-preserving access control of vehicles’ personally identifiable information (PII) in a large distributed vehicular cloud system. Security analysis demonstrates the security features of IDaaSoVCC, most notably forward secrecy, confidentiality and identity information privacy. Meanwhile, we verify that IDaaSoVCC is feasible and practical in a large distributed VC system through extensive simulations.
Abstract
With cloud storage services, users can remotely store their data to the cloud and realize the data sharing with others. Remote data integrity auditing is proposed to guarantee the integrity of the data stored in the cloud. In some common cloud storage systems such as the electronic health records system, the cloud file might contain some sensitive information. The sensitive information should not be exposed to others when the cloud file is shared. Encrypting the whole shared file can realize the sensitive information hiding, but will make this shared file unable to be used by others. How to realize data sharing with sensitive information hiding in remote data integrity auditing still has not been explored up to now. In order to address this problem, we propose a remote data integrity auditing scheme that realizes data sharing with sensitive information hiding in this paper. In this scheme, a sanitizer is used to sanitize the data blocks corresponding to the sensitive information of the file and transforms these data blocks’ signatures into valid ones for the sanitized file. These signatures are used to verify the integrity of the sanitized file in the phase of integrity auditing. As a result, our scheme makes the file stored in the cloud able to be shared and used by others on the condition that the sensitive information is hidden, while the remote data integrity auditing is still able to be efficiently executed. Meanwhile, the proposed scheme is based on identity-based cryptography, which simplifies the complicated certificate management. The security analysis and the performance evaluation show that the proposed scheme is secure and efficient.
Abstract
Cloud computing is a burgeoning paradigm that offers reliable and adaptive infrastructure to the data owner who shares his data with the data user through the cloud server. In the data sharing process, the integrity of the data stored in the cloud faces serious threats. The provable data possession schemes ensure that a cloud server provider proves to a third party auditor that it is truthfully storing data from the data owner. However, the PKI-based provable data possession scheme suffers the management issue of the certificates and the identity-based provable data possession scheme causes an inherent key escrow problem. In this paper, we put forward an efficient privacy-preserving certificateless provable data possession scheme based on certificateless cryptography and elliptic curve cryptography, which has been proved to be unforgeable against adaptive chosen message attacks in the random oracle model. At the same time, the data integrity can be audited by the third party auditor without downloading the whole data. The proposed scheme gives away no information of the stored data to the third party auditor during the audit phase and the data owner’s identity privacy is protected. The experiment results show that the proposed scheme is of efficiency and feasibility as far as computation and communication costs are concerned.
Abstract
With the maturity of cloud computing technology in terms of reliability and efficiency, a large number of services have migrated to the cloud platform. To convenient access to the services and protect the privacy of communication in the public network, three-factor Mutual Authentication and Key Agreement (MAKA) protocols for multi-server architectures gain wide attention. However, most of the existing three-factor MAKA protocols don’t provide a formal security proof resulting in various attacks on the related protocols, or they have high computation and communication costs. And most of the three-factor MAKA protocols haven’t a dynamic revocation mechanism, which leads to malicious users can not be promptly revoked. To address these drawbacks, we propose a provable dynamic revocable three-factor MAKA protocol that achieves the user dynamic management using Schnorr signatures and provides a formal security proof in the random oracle. Security analysis shows that our protocol can meet various demands in the multi-server environments. Performance analysis demonstrates that the proposed scheme is well suited for computing resource constrained smart devices. The full version of the simulation implementation proves the feasibility of the protocol.
Abstract
Enabling cryptographically enforced access controls for data hosted in untrusted cloud is attractive for many users and organizations. However, designing efficient cryptographically enforced dynamic access control system in the cloud is still challenging. In this paper, we propose Crypt-DAC, a system that provides practical cryptographic enforcement of dynamic access control. Crypt-DAC revokes access permissions by delegating the cloud to update encrypted data. In Crypt-DAC, a file is encrypted by a symmetric key list which records a file key and a sequence of revocation keys. In each revocation, a dedicated administrator uploads a new revocation key to the cloud and requests it to encrypt the file with a new layer of encryption and update the encrypted key list accordingly. Crypt-DAC proposes three key techniques to constrain the size of key list and encryption layers. As a result, Crypt-DAC enforces dynamic access control that provides efficiency, as it does not require expensive decryption/re-encryption and uploading/re-uploading of large data at the administrator side, and security, as it immediately revokes access permissions. We use formalization framework and system implementation to demonstrate the security and efficiency of our construction.
Abstract
Attribute-based encryption (ABE) has been widely used in cloud computing where a data provider outsources his/her encrypted data to a cloud service provider, and can share the data with users possessing specific credentials (or attributes). However, the standard ABE system does not support secure deduplication, which is crucial for eliminating duplicate copies of identical data in order to save storage space and network bandwidth. In this paper, we present an attribute-based storage system with secure deduplication in a hybrid cloud setting, where a private cloud is responsible for duplicate detection and a public cloud manages the storage. Compared with the prior data deduplication systems, our system has two advantages. First, it can be used to confidentially share data with users by specifying access policies rather than sharing decryption keys. Second, it achieves the standard notion of semantic security for data confidentiality while existing systems only achieve it by defining a weaker security notion. In addition, we put forth a methodology to modify a ciphertext over one access policy into ciphertexts of the same plaintext but under other access policies without revealing the underlying plaintext.
Abstract
Attribute-based encryption (ABE) is a promising cryptographic tool for data owner (DO) to realize fine-grained date sharing in the cloud computing. In the encryption of most existing ABE schemes, a substantial number of modular exponentiations are often required; the computational cost of it is growing linearly with the complexity of the access policy. Besides, in the most existing ABE with outsourced decryption, the computation cost of generating transformation key is growing linearly with the number of attributes associated with user private key; these computations are prohibitively high for mobile device users, which becomes a bottleneck limiting its application. To address the above issues, we propose a secure outsourcing algorithm for modular exponentiation in one single untrusted server model and a new method to generate the transformation key. Based on these techniques and Brent Waters’s ciphertext-policy ABE scheme, we propose an ABE scheme with verifiable outsourced both encryption and decryption, which can securely outsource encryption and decryption to untrusted encryption service provider (ESP) and decryption service provider (DSP), respectively, leaving only a constant number of simple operations for the DO and eligible users to perform locally. In addition, both DO and the eligible users can check the correctness of results returned from the ESP and the DSP with a probability, respectively. Finally, we provide the experimental evaluation and security analysis of our scheme, which indicates that our construction is suitable for the mobile environment.
Abstract
In public cloud storage services, data are outsourced to semi-trusted cloud servers which are outside of data owners’ trusted domain. To prevent untrustworthy service providers from accessing data owners’ sensitive data, outsourced data are often encrypted. In this scenario, conducting access control over these data becomes a challenging issue. Attribute-based encryption (ABE) has been proved to be a powerful cryptographic tool to express access policies over attributes, which can provide a fine-grained, flexible, and secure access control over outsourced data. However, the existing ABE-based access control schemes do not support users to gain access permission by collaboration. In this paper, we explore a special attribute-based access control scenario where multiple users having different attribute sets can collaborate to gain access permission if the data owner allows their collaboration in the access policy. Meanwhile, the collaboration that is not designated in the access policy should be regarded as a collusion and the access request will be denied. We propose an attribute-based controlled collaborative access control scheme through designating translation nodes in the access structure. Security analysis shows that our proposed scheme can guarantee data confidentiality and has many other critical security properties. Extensive performance analysis shows that our proposed scheme is efficient in terms of storage and computation overhead.
IEEE TKSE: Trustworthy Keyword Search Over Encrypted Data With Two-Side Verifiability via Blockchain
Abstract
As a very attractive computing paradigm, cloud computing makes it possible for resource-constrained users to enjoy cost-effective and flexible resources of diversity. Considering the untrustworthiness of cloud servers and the data privacy of users, it is necessary to encrypt the data before outsourcing it to the cloud. However, the form of encrypted storage also poses a series of problems, such as: How can users search over the outsourced data? How to realize user-side verifiability of search results to resist malicious cloud servers? How to enable server-side verifiability of outsourced data to check malicious data owners? How to achieve payment fairness between the user and the cloud without introducing any third party? Towards addressing these challenging issues, in this paper, we introduce TKSE, a trustworthy keyword search scheme over encrypted data without any third party, trusted or not. In TKSE, the encrypted data index based on digital signature allows a user to search over the outsourced encrypted data and check whether the search result returned by the cloud fulfills the pre-specified search requirements. In particular, for the first time, TKSE realizes server-side verifiability which protects honest cloud servers from being framed by malicious data owners in the data storage phase. Furthermore, blockchain technologies and hash functions are used to enable payment fairness of search fees without introducing any third party even if the user or the cloud is malicious. Our security analysis and performance evaluation indicate that TKSE is secure and efficient and it is suitable for cloud computing.
Abstract
Evolving fuzzy systems (EFSs) are now well developed and widely used, thanks to their ability to self-adapt both their structures and parameters online. Since the concept was first introduced two decades ago, many different types of EFSs have been successfully implemented. However, there are only very few works considering the stability of the EFSs, and these studies were limited to certain types of membership functions with specifically predefined parameters, which largely increases the complexity of the learning process. At the same time, stability analysis is of paramount importance for control applications and provides the theoretical guarantees for the convergence of the learning algorithms. In this paper, we introduce the stability proof of a class of EFSs based on data clouds, which are grounded at the AnYa type fuzzy systems and the recently introduced empirical data analytics (EDA) methodological framework. By employing data clouds, the class of EFSs of AnYa type considered in this paper avoids the traditional way of defining membership functions for each input variable in an explicit manner and its learning process is entirely data driven. The stability of the considered EFS of AnYa type is proven through the Lyapunov theory, and the proof of stability shows that the average identification error converges to a small neighborhood of zero. Although, the stability proof presented in this paper is specially elaborated for the considered EFS, it is also applicable to general EFSs. The proposed method is illustrated with Box-Jenkins gas furnace problem, one nonlinear system identification problem, Mackey-Glass time series prediction problem, eight real-world benchmark regression problems as well as a high-frequency trading prediction problem. Compared with other EFSs, the numerical examples show that the considered EFS in this paper provides guaranteed stability as well as a better approximation accuracy.
Abstract
Electronic Health Records (EHRs) are entirely controlled by hospitals instead of patients, which complicates seeking medical advices from different hospitals. Patients face a critical need to focus on the details of their own healthcare and restore management of their own medical data. The rapid development of blockchain technology promotes population healthcare, including medical records as well as patient-related data. This technology provides patients with comprehensive, immutable records, and access to EHRs free from service providers and treatment websites. In this paper, to guarantee the validity of EHRs encapsulated in blockchain, we present an attribute-based signature scheme with multiple authorities, in which a patient endorses a message according to the attribute while disclosing no information other than the evidence that he has attested to it. Furthermore, there are multiple authorities without a trusted single or central one to generate and distribute public/private keys of the patient, which avoids the escrow problem and conforms to the mode of distributed data storage in the blockchain. By sharing the secret pseudorandom function seeds among authorities, this protocol resists collusion attack out of N from N -1 corrupted authorities. Under the assumption of the computational bilinear Diffie-Hellman, we also formally demonstrate that, in terms of the unforgeability and perfect privacy of the attribute-signer, this attribute-based signature scheme is secure in the random oracle model. The comparison shows the efficiency and properties between the proposed method and methods proposed in other studies.
Abstract
Cloud-based Personal Health Record systems (CB-PHR) have great potential in facilitating the management of individual health records. Security and privacy concerns are among the main obstacles for the wide adoption of CB-PHR systems. In this paper, we consider a multi-source CB-PHR system in which multiple data providers, such as hospitals and physicians are authorized by individual data owners to upload their personal health data to an untrusted public cloud. The health data are submitted in an encrypted form to ensure data security, and each data provider also submits encrypted data indexes to enable queries over the encrypted data. We propose a novel Multi-Source Order-Preserving Symmetric Encryption (MOPSE) scheme whereby the cloud can merge the encrypted data indexes from multiple data providers without knowing the index content. MOPSE enables efficient and privacy-preserving query processing in that a data user can submit a single data query, the cloud can process over the encrypted data from all related data providers without knowing the query content. We also propose an enhanced scheme, MOPSE + , to more efficiently support the data queries by hierarchical data providers. Extensive analysis and experiments over real data sets demonstrate the efficacy and efficiency of MOPSE and MOPSE + .
Abstract
Considering the growing use of cloud computing and the need for optimal use of resources in the cloud, and attention to users that pay for services they use based on their pay-as-you-go basis, There should be a quicker way for users to decrease the user’s waiting time and task’s waiting time. The main purpose of this paper is to provide an optimal algorithm using the advantages of the two traditional Min-Min and Max-Min algorithms. The other point that follow in this algorithm (TOMMP) is the priority of the tasks. There are a lot of scheduling algorithms in the world today, but the priority given to the tasks has been neglected and overlooked in most algorithms. In this algorithm, priority is firstly selected for tasks based on a prioritization algorithm, and then using the median number to decide which one of the Min-Min or Max-Min algorithms is to be used. It should be noted that according to the TOMMP algorithms, its waiting time is lower than comparisons of the compared algorithms and is shown to be better than the comparable algorithms.
Abstract
At present, there is a considerable increase in the amount of data stored in storage services, along with dramatic evolution of networking techniques. In storage services with huge data, the storage servers may want to reduce the volume of stored data, and the clients may want to monitor the integrity of their data with a low cost, since the cost of the functions related to data storage increase in proportion to the size of the data. To achieve these goals, secure deduplication and integrity auditing delegation techniques have been studied, which can reduce the volume of data stored in storage by eliminating duplicated copies and permit clients to efficiently verify the integrity of stored files by delegating costly operations to a trusted party, respectively. So far many studies have been conducted on each topic, separately, whereas relatively few combined schemes, which support the two functions simultaneously, have been researched. In this paper, we design a combined technique, which performs both secure deduplication of encrypted data and public integrity auditing of data. To support the two functions, the proposed scheme performs challenge-response protocols using the BLS signature-based homomorphic linear authenticator. We utilize a third party auditor for performing public audit, in order to help low-powered clients. The proposed scheme satisfies all the fundamental security requirements. We also propose two variances that provide higher security and better performance.
Abstract
Outsourcing data to a third-party administrative control, as is done in cloud computing, gives rise to security concerns. The data compromise may occur due to attacks by other users and nodes within the cloud. Therefore, high security measures are required to protect data within the cloud. However, the employed security strategy must also take into account the optimization of the data retrieval time. In this paper, we propose division and replication of data in the cloud for optimal performance and security (DROPS) that collectively approaches the security and performance issues. In the DROPS methodology, we divide a file into fragments, and replicate the fragmented data over the cloud nodes. Each of the nodes stores only a single fragment of a particular data file that ensures that even in case of a successful attack, no meaningful information is revealed to the attacker. Moreover, the nodes storing the fragments, are separated with certain distance by means of graph T-coloring to prohibit an attacker of guessing the locations of the fragments. Furthermore, the DROPS methodology does not rely on the traditional cryptographic techniques for the data security; thereby relieving the system of computationally expensive methodologies. We show that the probability to locate and compromise all of the nodes storing the fragments of a single file is extremely low. We also compare the performance of the DROPS methodology with 10 other schemes. The higher level of security with slight performance overhead was observed.
Abstract
Secure cloud storage, which is an emerging cloud service, is designed to protect the confidentiality of outsourced data but also to provide flexible data access for cloud users whose data is out of physical control. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is regarded as one of the most promising techniques that may be leveraged to secure the guarantee of the service. However, the use of CP-ABE may yield an inevitable security breach which is known as the misuse of access credential (i.e., decryption rights), due to the intrinsic “all-or-nothing” decryption feature of CP-ABE. In this paper, we investigate the two main cases of access credential misuse: one is on the semi-trusted authority side, and the other is on the side of cloud user. To mitigate the misuse, we propose the first accountable authority and revocable CP-ABE based cloud storage system with white-box traceability and auditing, referred to as CryptCloud±. We also present the security analysis and further demonstrate the utility of our system via experiments.
Abstract
In the past few years, cloud computing develops very quickly. A large amount of data are uploaded and stored in remote public cloud servers which cannot fully be trusted by users. Especially, more and more enterprises would like to manage their data by the aid of the cloud servers. However, when the data outsourced in the cloud are sensitive, the challenges of security and privacy becomes urgent for wide deployment of the cloud systems. This paper proposes a secure data sharing scheme to ensure the privacy of data owner and the security of the outsourced cloud data. The proposed scheme provides flexible utility of data while solving the privacy and security challenges for data sharing. The security and efficiency analysis demonstrate that the designed scheme is feasible and efficient. At last, we discuss its application in electronic health record.
Abstract
Smartphone devices are widely used in our daily lives. However, these devices exhibit limitations, such as short battery lifetime, limited computation power, small memory size and unpredictable network connectivity. Therefore, numerous solutions have been proposed to mitigate these limitations and extend the battery lifetime with the use of the offloading technique. In this paper, a novel framework is proposed to offload intensive computation tasks from the mobile device to the cloud. This framework uses an optimization model to determine the offloading decision dynamically based on four main parameters, namely, energy consumption, CPU utilization, execution time, and memory usage. In addition, a new security layer is provided to protect the transferred data in the cloud from any attack. The experimental results showed that the framework can select a suitable offloading decision for different types of mobile application tasks while achieving significant performance improvement. Moreover, different from previous techniques, the framework can protect application data from any threat.
Abstract
Biometric identification has become increasingly popular in recent years. With the development of cloud computing, database owners are motivated to outsource the large size of biometric data and identification tasks to the cloud to get rid of the expensive storage and computation costs, which, however, brings potential threats to users’ privacy. In this paper, we propose an efficient and privacy-preserving biometric identification outsourcing scheme. Specifically, the biometric To execute a biometric identification, the database owner encrypts the query data and submits it to the cloud. The cloud performs identification operations over the encrypted database and returns the result to the database owner. A thorough security analysis indicates that the proposed scheme is secure even if attackers can forge identification requests and collude with the cloud. Compared with previous protocols, experimental results show that the proposed scheme achieves a better performance in both preparation and identification procedures.
Abstract
Cloud storage service makes it very convenient for people to access and share data. At the same time, the confidentiality and privacy of user data is also facing great challenges. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme is widely considered to be the most suitable security access control technology for cloud storage environment. Aiming at the problem of privacy leakage caused by single-cloud CP-ABE which is commonly adopted in the current schemes, this paper proposes a privacy-preserving CP-ABE access control scheme using multi-cloud architecture. By improving the traditional CP-ABE algorithm and introducing a proxy to cut the user’s private key, it can ensure that only a part of the user attribute set can be obtained by a single cloud, which effectively protects the privacy of user attributes. Meanwhile, the intermediate logical structure of the access policy tree is stored in proxy, and only the leaf node information is stored in the ciphertext, which effectively protects the privacy of the access policy. Security analysis shows that our scheme is effective against replay and man-in-the-middle attacks, as well as user collusion attack. Experimental results also demonstrates that the multi-cloud CP-ABE does not significantly increase the overhead of storage and encryption compared to the single cloud scheme, but the access control overhead decreases as the number of clouds increases. When the access policy is expressed with a AND gate structure, the decryption overhead is obviously less than that of a single cloud environment.
Abstract
In the past decade, Cloud-Computing emerged as a new computing concept with a distributed nature using virtual network and systems. Many businesses rely on this technology to keep their systems running but concerns are rising about security breaches in cloud computing. Cloud providers (CPs) are taking significant measures to maintain the security and privacy of the data stored on their premises, in order to preserve the customers’ trust. Nevertheless, in certain applications, such as medical health records for example, the medical facility is responsible for preserving the privacy of the patients’ data. Although the facility can offload the overhead of storing large amounts of data by using cloud storage, relying solely on the security measures taken by the CP might not be sufficient. Any security breach at the CP’s premises does not protect the medical facility from being held accountable. This work aims to solve this problem by presenting a secure approach for storing data on the cloud while keeping the customer in control of the security and privacy of their data.
Abstract
With the popularity of cloud computing, mobile devices can store/retrieve personal data from anywhere at any time. Consequently, the data security problem in mobile cloud becomes more and more severe and prevents further development of mobile cloud. There are substantial studies that have been conducted to improve the cloud security. However, most of them are not applicable for mobile cloud since mobile devices only have limited computing resources and power. Solutions with low computational overhead are in great need for mobile cloud applications. In this paper, we propose a lightweight data sharing scheme (LDSS) for mobile cloud computing. It adopts CP-ABE, an access control technology used in normal cloud environment, but changes the structure of access control tree to make it suitable for mobile cloud environments. LDSS moves a large portion of the computational intensive access control tree transformation in CP-ABE from mobile devices to external proxy servers. Furthermore, to reduce the user revocation cost, it introduces attribute description fields to implement lazy-revocation, which is a thorny issue in program based CP-ABE systems. The experimental results show that LDSS can effectively reduce the overhead on the mobile device side when users are sharing data in mobile cloud environments.
Abstract
Attribute-based encryption, especially for ciphertext-policy attribute-based encryption, can fulfill the functionality of fine-grained access control in cloud storage systems. Since users’ attributes may be issued by multiple attribute authorities, multi-authority ciphertext-policy attribute-based encryption is an emerging cryptographic primitive for enforcing attribute-based access control on outsourced data. However, most of the existing multi-authority attribute-based systems are either insecure in attribute-level revocation or lack of efficiency in communication overhead and computation cost. In this paper, we propose an attribute-based access control scheme with two-factor protection for multi-authority cloud storage systems. In our proposed scheme, any user can recover the outsourced data if and only if this user holds sufficient attribute secret keys with respect to the access policy and authorization key in regard to the outsourced data. In addition, the proposed scheme enjoys the properties of constant-size ciphertext and small computation cost. Besides supporting the attribute-level revocation, our proposed scheme allows data owner to carry out the user-level revocation. The security analysis, performance comparisons, and experimental results indicate that our proposed scheme is not only secure but also practical.
Abstract
Frequent itemset mining, which is the essential operation in association rule mining, is one of the most widely used data mining techniques on massive datasets nowadays. With the dramatic increase on the scale of datasets collected and stored with cloud services in recent years, it is promising to carry this computation-intensive mining process in the cloud. Amount of work also transferred the approximate mining computation into the exact computation, where such methods not only improve the accuracy also aim to enhance the efficiency. However, while mining data stored on public clouds, it inevitably introduces privacy concerns on sensitive datasets. In this paper, we propose a new framework for enforcing privacy in frequent itemset mining, where data are both collected and mined in an encrypted form in a public cloud service. We specifically design three secure frequent itemset mining protocols on top of this framework. Our first protocol achieves more efficient mining performance while our second protocol provides a stronger privacy guarantee. In order to further optimize the performance of the second protocol, we leverage a minor trade-off of privacy to get our third protocol. Finally, we evaluate the performance of our protocols with extensive experiments, and the results demonstrate that our protocols obviously outperform previous solutions in performance with the same security level.
Abstract
Data access control is a challenging issue in public cloud storage systems. Ciphertext-policy attribute-based encryption (CP-ABE) has been adopted as a promising technique to provide flexible, fine-grained, and secure data access control for cloud storage with honest-but-curious cloud servers. However, in the existing CP-ABE schemes, the single attribute authority must execute the time-consuming user legitimacy verification and secret key distribution, and hence, it results in a single-point performance bottleneck when a CP-ABE scheme is adopted in a large-scale cloud storage system. Users may be stuck in the waiting queue for a long period to obtain their secret keys, thereby resulting in low efficiency of the system. Although multi-authority access control schemes have been proposed, these schemes still cannot overcome the drawbacks of single-point bottleneck and low efficiency, due to the fact that each of the authorities still independently manages a disjoint attribute set. In this paper, we propose a novel heterogeneous framework to remove the problem of single-point performance bottleneck and provide a more efficient access control scheme with an auditing mechanism. Our framework employs multiple attribute authorities to share the load of user legitimacy verification. Meanwhile, in our scheme, a central authority is introduced to generate secret keys for legitimacy verified users. Unlike other multi-authority access control schemes, each of the authorities in our scheme manages the whole attribute set individually. To enhance security, we also propose an auditing mechanism to detect which attribute authority has incorrectly or maliciously performed the legitimacy verification procedure. Analysis shows that our system not only guarantees the security requirements but also makes great performance improvement on key generation.
Abstract
Mobile health (mHealth) has emerged as a new patient centric model which allows real-time collection of patient data via wearable sensors, aggregation and encryption of these data at mobile devices, and then uploading the encrypted data to the cloud for storage and access by healthcare staff and researchers. However, efficient and scalable sharing of encrypted data has been a very challenging problem. In this paper, we propose a Lightweight Sharable and Traceable (LiST) secure mobile health system in which patient data are encrypted end-to-end from a patient’s mobile device to data users. LiST enables efficient keyword search and fine-grained access control of encrypted data, supports tracing of traitors who sell their search and access privileges for monetary gain, and allows on-demand user revocation. LiST is lightweight in the sense that it offloads most of the heavy cryptographic computations to the cloud while only lightweight operations are performed at the end user devices. We formally define the security of LiST and prove that it is secure without random oracle. We also conduct extensive experiments to access the system’s performance.
Abstract
Remote data integrity checking (RDIC) enables a data storage server, say a cloud server, to prove to a verifier that it is actually storing a data owner’s data honestly. To date, a number of RDIC protocols have been proposed in the literature, but most of the constructions suffer from the issue of a complex key management, that is, they rely on the expensive public key infrastructure (PKI), which might hinder the deployment of RDIC in practice. In this paper, we propose a new construction of identity-based (ID-based) RDIC protocol by making use of key-homomorphic cryptographic primitive to reduce the system complexity and the cost for establishing and managing the public key authentication framework in PKI-based RDIC schemes. We formalize ID-based RDIC and its security model, including security against a malicious cloud server and zero knowledge privacy against a third party verifier. The proposed ID-based RDIC protocol leaks no information of the stored data to the verifier during the RDIC process. The new construction is proven secure against the malicious server in the generic group model and achieves zero knowledge privacy against a verifier. Extensive security analysis and implementation results demonstrate that the proposed protocol is provably secure and practical in the real-world applications.
Abstract
In order to realize data sharing in mobile cloud computing, decentralized attribute-based encryption (ABE) has been widely concerned. However, the existing ABE schemes are full of flaws. First, the main drawback of ABE is that the computation cost of encryption and decryption are expensive. Second, the existing ABE schemes are inapplicable due to the inefficiency of user revocation. Besides, in a decentralized ABE scheme, a user’s private keys must be tied to the global identifier (GID) to resist collusion attack, however, it will compromise the user’s privacy. To deal with these problems, we proposed an efficient decentralized ABE scheme via using the offline/online encryption and the verifiable outsource decryption concepts. Meanwhile, we proposed an anonymous key issuing protocol to achieve privacy preserving. Security analysis and experimental result shows that our scheme is secure and significantly reduce the computation cost for both encryption and decryption.
Abstract
With the increasing number of mobile applications and the popularity of cloud computing, the combination of these two techniques that named mobile cloud computing (MCC) attracts great attention in recent years. A promising public key encryption scheme, Attribute-Based Encryption (ABE), especially the Ciphertext Policy Attribute-Based Encryption (CP-ABE), has been used for realizing fine-grained access control on encrypted data stored in MCC. However, the computational overhead of encryption and decryption grow with the complexity of the access policy. Thus, maintaining data security as well as efficiency of data processing in MCC are important and challenging issues. In this paper, we propose an efficient encryption method based on CP-ABE, which can lower the overhead on data owners. To further reduce the decryption overhead on data receivers, we additionally propose a verifiable outsourced decryption scheme. By security analysis and performance evaluation, the proposed scheme is proved to be secure as well as efficient.
Abstract
Secure search techniques over encrypted cloud data allow an authorized user to query data files of interest by submitting encrypted query keywords to the cloud server in a privacy-preserving manner. However, in practice, the returned query results may be incorrect or incomplete in the dishonest cloud environment. For example, the cloud server may intentionally omit some qualified results to save computational resources and communication overhead. Thus, a well-functioning secure query system should provide a query results verification mechanism that allows the data user to verify results. In this paper, we design a secure, easily integrated, and fine-grained query results verification mechanism, by which, given an encrypted query results set, the query user not only can verify the correctness of each data file in the set but also can further check how many or which qualified data files are not returned if the set is incomplete before decryption. The verification scheme is loose-coupling to concrete secure search techniques and can be very easily integrated into any secure query scheme. We achieve the goal by constructing secure verification object for encrypted cloud data. Furthermore, a short signature technique with extremely small storage cost is proposed to guarantee the authenticity of verification object and a verification object request technique is presented to allow the query user to securely obtain the desired verification object. Performance evaluation shows that the proposed schemes are practical and efficient.
Abstract
In medical cloud computing, a patient can remotely outsource her medical data to the cloud server. In this case, only authorized doctors are allowed to access the data since the medical data is highly sensitive. Before outsourcing, the data is commonly encrypted, where the corresponding secret key is sent to authorized doctors. However, performing searches on encrypted medical data is difficult without decryption. In this paper, we propose two Secure and Efficient Dynamic Searchable Symmetric Encryption (SEDSSE) schemes over medical cloud data. First, we utilize the secure k-Nearest Neighbor (kNN) and Attribute-Based Encryption (ABE) techniques to construct a dynamic searchable symmetric encryption scheme, which can achieve forward privacy and backward privacy simultaneously. These tow security properties are vital and very challenging in the area of dynamic searchable symmetric encryption. Then, we propose an enhanced scheme to solve the key sharing problem which widely exists in the kNN based searchable encryption scheme. Compared with existing proposals, our schemes are better in terms of storage, search and updating complexity. Extensive experiments demonstrate the efficiency of our schemes on storage overhead, index building, trapdoor generating and query.
Abstract
With the rapid growth of the amount of information, cloud computing servers need to process and analyze large amounts of high-dimensional and unstructured data timely and accurately. This usually requires many query operations. Due to simplicity and ease of use, cuckoo hashing schemes have been widely used in real-world cloud-related applications. However, due to the potential hash collisions, the cuckoo hashing suffers from endless loops and high insertion latency, even high risks of re-construction of entire hash table. In order to address these problems, we propose a cost-efficient cuckoo hashing scheme, called MinCounter. The idea behind MinCounter is to alleviate the occurrence of endless loops in the data insertion by selecting unbusy kicking-out routes. MinCounter selects the “cold” (infrequently accessed), rather than random, buckets to handle hash collisions. We further improve the concurrency of the MinCounter scheme to pursue higher performance and adapt to concurrent applications. MinCounter has the salient features of offering efficient insertion and query services and delivering high performance of cloud servers, as well as enhancing the experiences for cloud users. We have implemented MinCounter in a large-scale cloud testbed and examined the performance by using three realworld traces. Extensive experimental results demonstrate the efficacy and efficiency of MinCounter.
Abstract
The Internet of Things (IoT) envisions to connect billions of sensors to the Internet, in order to provide new applications and services for smart cities. IoT will allow the evolution of the Internet of Vehicles (IoV) from existing Vehicular Ad hoc Networks (VANETs), in which the delivery of various services will be offered to drivers by integrating vehicles, sensors, and mobile devices into a global network. To serve VANET with computational resources, Vehicular Cloud Computing (VCC) is recently envisioned with the objective of providing traffic solutions to improve our daily driving. These solutions involve applications and services for the benefit of Intelligent Transportation Systems (ITS), which represent an important part of IoV. Data collection is an important aspect in ITS, which can effectively serve online travel systems with the aid of Vehicular Cloud (VC). In this paper, we involve the new paradigm of VCC to propose a data collection model for the benefit of ITS. We show via simulation results that the participation of low percentage of vehicles in a dynamic VC is sufficient to provide meaningful data collection.
Abstract
Cloud computing is the latest technology in the field of distributed computing. It provides various online and on-demand services for data storage, network services, platform services and etc. Many organizations are unenthusiastic to use cloud services due to data security issues as the data resides on the cloud services provider’s servers. To address this issue, there have been several approaches applied by various researchers worldwide to strengthen security of the stored data on cloud computing. The Bi-directional DNA Encryption Algorithm (BDEA) is one such data security techniques. However, the existing technique focuses only on the ASCII character set, ignoring the non-English user of the cloud computing. Thus, this proposed work focuses on enhancing the BDEA to use with the Unicode characters
Abstract
Remote data integrity checking (RDIC) enables a data storage server, say a cloud server, to prove to a verifier that it is actually storing a data owner’s data honestly. To date, a number of RDIC protocols have been proposed in the literature, but most of the constructions suffer from the issue of a complex key management, that is, they rely on the expensive public key infrastructure (PKI), which might hinder the deployment of RDIC in practice. In this paper, we propose a new construction of identity-based (ID-based) RDIC protocol by making use of key-homomorphic cryptographic primitive to reduce the system complexity and the cost for establishing and managing the public key authentication framework in PKI-based RDIC schemes. We formalize ID-based RDIC and its security model, including security against a malicious cloud server and zero knowledge privacy against a third party verifier. The proposed ID-based RDIC protocol leaks no information of the stored data to the verifier during the RDIC process. The new construction is proven secure against the malicious server in the generic group model and achieves zero knowledge privacy against a verifier. Extensive security analysis and implementation results demonstrate that the proposed protocol is provably secure and practical in the real-world applications.
Abstract
2023 IEEE Cloud Computing Projects | 2023 IEEE Cloud Computing Projects for CSE | 2023 IEEE Cloud Computing Projects for ISE | 2023 IEEE Cloud Computing Projects for EEE | 2023 IEEE Cloud Computing Projects for ECE | final year 2023 IEEE Cloud Computing Projects | final year 2023 IEEE Cloud Computing Projects for CSE | final year 2023 IEEE Cloud Computing Projects for ISE | final year 2023 IEEE Cloud Computing Projects for EEE | final year 2023 IEEE Cloud Computing Projects for ECE | Top 2023 IEEE Cloud Computing Projects | Top 2023 IEEE Cloud Computing Projects for CSE | Top 2023 IEEE Cloud Computing Projects for ISE | Top 2023 IEEE Cloud Computing Projects for EEE | Top 2023 IEEE Cloud Computing Projects for ECE | Latest 2023 IEEE Cloud Computing Projects | Latest 2023 IEEE Cloud Computing Projects for CSE | Latest 2023 IEEE Cloud Computing Projects for ISE | Latest 2023 IEEE Cloud Computing Projects for EEE | Latest 2023 IEEE Cloud Computing Projects for ECE | 2023 IEEE Android Cloud Computing for M-Tech | 2023 IEEE Cloud Computing Projects for BE | 2023 IEEE Cloud Computing Projects for MCA | 2023 IEEE Cloud Computing Projects for Diploma | 2023 IEEE Cloud Computing Projects for BCA
2023 IEEE Cloud Computing Projects online | 2023 CSE IEEE Cloud Computing Projects online | 2023 ISE IEEE Cloud Computing Projects | EEE 2023 IEEE Cloud Computing Projects Online| 2023 ECE IEEE Cloud Computing Projects Online | final year 2023 IEEE Cloud Computing Projects online | final year 2023 IEEE Cloud Computing Projects online for CSE | final year 2023 IEEE Cloud Computing Projects online for ISE | final year 2023 IEEE Cloud Computing Projects online for EEE | final year 2023 IEEE Cloud Computing Projects online for ECE | Top 2023 IEEE Cloud Computing Projects online | Top 2023 IEEE Cloud Computing Projects online for CSE | Top 2023 IEEE Cloud Computing Projects online for ISE | Top 2023 IEEE Cloud Computing Projects online for EEE | Top 2023 IEEE Cloud Computing Projects online for ECE | Latest 2023 IEEE Cloud Computing Projects online | Latest 2023 IEEE Cloud Computing Projects online for CSE | Latest 2023 IEEE Cloud Computing Projects online for ISE | Latest 2023 IEEE Cloud Computing Projects online for EEE | Latest 2023 IEEE Cloud Computing Projects online for ECE | 2023 IEEE Cloud Computing Projects online for M-Tech | 2023 IEEE Cloud Computing Projects online for BE | 2023 IEEE Cloud Computing Projects online for MCA | 2023 IEEE Cloud Computing Projects online for Diploma | 2023 IEEE Cloud Computing Projects online for BCA |
2023 IEEE Cloud Computing Projects | 2023 IEEE Cloud Computing Projects for CSE | 2023 IEEE Cloud Computing Projects for ISE | 2023 IEEE Cloud Computing Projects for EEE | 2023 IEEE Cloud Computing Projects for ECE | final year 2023 IEEE Cloud Computing Projects | final year 2023 IEEE Cloud Computing Projects for CSE | final year 2023 IEEE Cloud Computing Projects for ISE | final year 2023 IEEE Cloud Computing Projects for EEE | final year 2023 IEEE Cloud Computing Projects for ECE | Top 2023 IEEE Cloud Computing Projects | Top 2023 IEEE Cloud Computing Projects for CSE | Top 2023 IEEE Cloud Computing Projects for ISE | Top 2023 IEEE Cloud Computing Projects for EEE | Top 2023 IEEE Cloud Computing Projects for ECE | Latest 2023 IEEE Cloud Computing Projects | Latest 2023 IEEE Cloud Computing Projects for CSE | Latest 2023 IEEE Cloud Computing Projects for ISE | Latest 2023 IEEE Cloud Computing Projects for EEE | Latest 2023 IEEE Cloud Computing Projects for ECE | 2023 IEEE Android Cloud Computing for M-Tech | 2023 IEEE Cloud Computing Projects for BE | 2023 IEEE Cloud Computing Projects for MCA | 2023 IEEE Cloud Computing Projects for Diploma | 2023 IEEE Cloud Computing Projects for BCA
2023 IEEE Cloud Computing Projects online | 2023 CSE IEEE Cloud Computing Projects online | 2023 ISE IEEE Cloud Computing Projects | EEE 2023 IEEE Cloud Computing Projects Online| 2023 ECE IEEE Cloud Computing Projects Online | final year 2023 IEEE Cloud Computing Projects online | final year 2023 IEEE Cloud Computing Projects online for CSE | final year 2023 IEEE Cloud Computing Projects online for ISE | final year 2023 IEEE Cloud Computing Projects online for EEE | final year 2023 IEEE Cloud Computing Projects online for ECE | Top 2023 IEEE Cloud Computing Projects online | Top 2023 IEEE Cloud Computing Projects online for CSE | Top 2023 IEEE Cloud Computing Projects online for ISE | Top 2023 IEEE Cloud Computing Projects online for EEE | Top 2023 IEEE Cloud Computing Projects online for ECE | Latest 2023 IEEE Cloud Computing Projects online | Latest 2023 IEEE Cloud Computing Projects online for CSE | Latest 2023 IEEE Cloud Computing Projects online for ISE | Latest 2023 IEEE Cloud Computing Projects online for EEE | Latest 2023 IEEE Cloud Computing Projects online for ECE | 2023 IEEE Cloud Computing Projects online for M-Tech | 2023 IEEE Cloud Computing Projects online for BE | 2023 IEEE Cloud Computing Projects online for MCA | 2023 IEEE Cloud Computing Projects online for Diploma | 2023 IEEE Cloud Computing Projects online for BCA |
2023 IEEE Cloud Computing Projects | 2023 IEEE Cloud Computing Projects for CSE | 2023 IEEE Cloud Computing Projects for ISE | 2023 IEEE Cloud Computing Projects for EEE | 2023 IEEE Cloud Computing Projects for ECE | final year 2023 IEEE Cloud Computing Projects | final year 2023 IEEE Cloud Computing Projects for CSE | final year 2023 IEEE Cloud Computing Projects for ISE | final year 2023 IEEE Cloud Computing Projects for EEE | final year 2023 IEEE Cloud Computing Projects for ECE | Top 2023 IEEE Cloud Computing Projects | Top 2023 IEEE Cloud Computing Projects for CSE | Top 2023 IEEE Cloud Computing Projects for ISE | Top 2023 IEEE Cloud Computing Projects for EEE | Top 2023 IEEE Cloud Computing Projects for ECE | Latest 2023 IEEE Cloud Computing Projects | Latest 2023 IEEE Cloud Computing Projects for CSE | Latest 2023 IEEE Cloud Computing Projects for ISE | Latest 2023 IEEE Cloud Computing Projects for EEE | Latest 2023 IEEE Cloud Computing Projects for ECE | 2023 IEEE Android Cloud Computing for M-Tech | 2023 IEEE Cloud Computing Projects for BE | 2023 IEEE Cloud Computing Projects for MCA | 2023 IEEE Cloud Computing Projects for Diploma | 2023 IEEE Cloud Computing Projects for BCA
2023 IEEE Cloud Computing Projects online | 2023 CSE IEEE Cloud Computing Projects online | 2023 ISE IEEE Cloud Computing Projects | EEE 2023 IEEE Cloud Computing Projects Online| 2023 ECE IEEE Cloud Computing Projects Online | final year 2023 IEEE Cloud Computing Projects online | final year 2023 IEEE Cloud Computing Projects online for CSE | final year 2023 IEEE Cloud Computing Projects online for ISE | final year 2023 IEEE Cloud Computing Projects online for EEE | final year 2023 IEEE Cloud Computing Projects online for ECE | Top 2023 IEEE Cloud Computing Projects online | Top 2023 IEEE Cloud Computing Projects online for CSE | Top 2023 IEEE Cloud Computing Projects online for ISE | Top 2023 IEEE Cloud Computing Projects online for EEE | Top 2023 IEEE Cloud Computing Projects online for ECE | Latest 2023 IEEE Cloud Computing Projects online | Latest 2023 IEEE Cloud Computing Projects online for CSE | Latest 2023 IEEE Cloud Computing Projects online for ISE | Latest 2023 IEEE Cloud Computing Projects online for EEE | Latest 2023 IEEE Cloud Computing Projects online for ECE | 2023 IEEE Cloud Computing Projects online for M-Tech | 2023 IEEE Cloud Computing Projects online for BE | 2023 IEEE Cloud Computing Projects online for MCA | 2023 IEEE Cloud Computing Projects online for Diploma | 2023 IEEE Cloud Computing Projects online for BCA |
2023 IEEE Cloud Computing Projects | 2023 IEEE Cloud Computing Projects for CSE | 2023 IEEE Cloud Computing Projects for ISE | 2023 IEEE Cloud Computing Projects for EEE | 2023 IEEE Cloud Computing Projects for ECE | final year 2023 IEEE Cloud Computing Projects | final year 2023 IEEE Cloud Computing Projects for CSE | final year 2023 IEEE Cloud Computing Projects for ISE | final year 2023 IEEE Cloud Computing Projects for EEE | final year 2023 IEEE Cloud Computing Projects for ECE | Top 2023 IEEE Cloud Computing Projects | Top 2023 IEEE Cloud Computing Projects for CSE | Top 2023 IEEE Cloud Computing Projects for ISE | Top 2023 IEEE Cloud Computing Projects for EEE | Top 2023 IEEE Cloud Computing Projects for ECE | Latest 2023 IEEE Cloud Computing Projects | Latest 2023 IEEE Cloud Computing Projects for CSE | Latest 2023 IEEE Cloud Computing Projects for ISE | Latest 2023 IEEE Cloud Computing Projects for EEE | Latest 2023 IEEE Cloud Computing Projects for ECE | 2023 IEEE Android Cloud Computing for M-Tech | 2023 IEEE Cloud Computing Projects for BE | 2023 IEEE Cloud Computing Projects for MCA | 2023 IEEE Cloud Computing Projects for Diploma | 2023 IEEE Cloud Computing Projects for BCA
2023 IEEE Cloud Computing Projects online | 2023 CSE IEEE Cloud Computing Projects online | 2023 ISE IEEE Cloud Computing Projects | EEE 2023 IEEE Cloud Computing Projects Online| 2023 ECE IEEE Cloud Computing Projects Online | final year 2023 IEEE Cloud Computing Projects online | final year 2023 IEEE Cloud Computing Projects online for CSE | final year 2023 IEEE Cloud Computing Projects online for ISE | final year 2023 IEEE Cloud Computing Projects online for EEE | final year 2023 IEEE Cloud Computing Projects online for ECE | Top 2023 IEEE Cloud Computing Projects online | Top 2023 IEEE Cloud Computing Projects online for CSE | Top 2023 IEEE Cloud Computing Projects online for ISE | Top 2023 IEEE Cloud Computing Projects online for EEE | Top 2023 IEEE Cloud Computing Projects online for ECE | Latest 2023 IEEE Cloud Computing Projects online | Latest 2023 IEEE Cloud Computing Projects online for CSE | Latest 2023 IEEE Cloud Computing Projects online for ISE | Latest 2023 IEEE Cloud Computing Projects online for EEE | Latest 2023 IEEE Cloud Computing Projects online for ECE | 2023 IEEE Cloud Computing Projects online for M-Tech | 2023 IEEE Cloud Computing Projects online for BE | 2023 IEEE Cloud Computing Projects online for MCA | 2023 IEEE Cloud Computing Projects online for Diploma | 2023 IEEE Cloud Computing Projects online for BCA |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |IEEE Cloud Project CSE | IEEE Cloud Project CSE |
Tn Tech world provides the latest IEEE cloud computing projects for CSE students to learn various ways throughout their academic careers. For final-year engineering students, the latest IEEE cloud computing projects for CSE and MTech students may be built utilizing cloud delivery, deployment methods, and other cloud computing technologies. These latest IEEE cloud projects for CSE ideas might be for inspiration and guidance regarding final-year projects. Programs based on cloud computing have applications in various industries and commercial areas, including entertainment, education, healthcare, retail, finance, and marketing, among others.