Outsourced Data Research Articles

The Application of Big Data in Human Resource Outsourcing of Government Departments

The Application of Big Data in Human Resource Outsourcing of Government Departments

DSDOS Cloud: A Decentralized Secure Data Outsourcing System With Hybrid Encryption, Blockchain Smart Contract‐Based Access Control, and Hash Authentication Codes for Cloud Security

ABSTRACTWith the increasing trend of outsourcing data to cloud services, ensuring data security and privacy has become crucial. Typically, data are stored on cloud servers in encrypted form to mitigate risks. However, accessing the encrypted data requires an access key distributed by a third party. If this third party is untrustworthy, it poses a significant security threat to the system. To address this challenge, we propose a Decentralized Secure Data Outsourcing System (DSDOS) that uses blockchain technology to ensure data security and privacy. The DSDOS system comprises three modules: data security and privacy, access control and authorization, and data integrity and availability. The data security and privacy module uses a hybrid encryption scheme that combines Advanced Encryption Standard (AES), partially homomorphic encryption (PHE), and Diffie–Hellman (DH) to ensure secure data storage and access. The access control and authorization module uses a blockchain‐based smart contract system to manage access to the encrypted data. The data integrity and availability module uses hash‐based message authentication code (HMAC) to ensure that the data are not tampered with and is always available. We conducted a security and performance analysis of the DSDOS system and found that it outperforms previous schemes in terms of security and performance. The DSDOS system is a secure and privacy‐preserving data outsourcing system that can be used to mitigate the security risks associated with traditional cloud storage systems.

Verifiable privacy-preserving semantic retrieval scheme in the edge computing

Edge computing, with its characteristics of low latency and low transmission costs, addresses the storage and computation challenges arising from the surge in network edge traffic. It enables users to leverage nearby edge servers for data outsourcing and retrieval. However, data outsourcing poses risks to data privacy. Although searchable encryption is proposed to secure search of outsourced data, existing schemes generally cannot meet the requirements of semantic search, and they also exhibit security risks and incur high search costs. In addition, edge servers may engage in malicious activities such as data tampering or forgery. Therefore, we propose a verifiable privacy-preserving semantic retrieval scheme named VPSR suitable for edge computing environments. We utilize the Doc2Vec method to extract text feature vectors and then convert them into matrix form to reduce storage space requirements for indexes, queries, and keys. We encrypt matrices using an improved secure k-nearest neighbor (kNN) algorithm based on learning with errors (LWE) and calculate text similarity by solving the Hadamard product between matrices. Additionally, we design an aggregable signature scheme and offload part of the result verification tasks to edge servers. Security and performance analysis results demonstrate that the VPSR scheme is suitable for edge computing environments with high encryption and search efficiency and low storage cost while ensuring security.

Privacy-preserving and verifiable convolution neural network inference and training in cloud computing

With the rapid development of cloud computing, outsourcing massive data and complex deep learning model to cloud servers (CSs) has become a popular trend, which also brings some security problems. One is that the model stored in the CSs may be corrupted, leading to incorrect inference and training results. The other is that the privacy of outsourced data and model may be compromised. However, existing privacy-preserving and verifiable inference schemes suffer from low detection probability, high communication overhead and substantial computational time. To solve the above problems, we propose a privacy-preserving and verifiable scheme for convolutional neural network inference and training in cloud computing. In our scheme, the model owner generates the authenticators for model parameters before uploading the model to CSs. In the phase of model integrity verification, model owner and user can utilize these authenticators to check model integrity with high detection probability. Furthermore, we design a set of privacy-preserving protocols based on replicated secret sharing for both the inference and training phases, significantly reducing communication overhead and computational time. Through security analysis, we demonstrate that our scheme is secure. Experimental evaluations show that the proposed scheme outperforms existing schemes in privacy-preserving inference and model integrity verification.

Real-time privacy-preserved auditing for shared outsourced data

Health providers need to share patient information across healthcare networks efficiently and securely to improve medical and health services. Timely data synchronization among relevant parties is crucial for effectively containing and preventing the worsening of the condition. However, ensuring rapid information sharing while maintaining the security of sensitive patient data remains a pressing concern. In this paper, we introduce a cloud storage integrity auditing scheme that can protect auditors from procrastinating and preserve the privacy of sensitive information. Our proposed system requires healthcare institutions to encrypt sensitive patient data before uploading it to the cloud. It mandates the use of a data sanitizer for the secure processing of encrypted data blocks. Auditors must verify data integrity and promptly submit their audit results to the blockchain within a predefined time frame. Leveraging the time-sensitive nature of blockchain technology, healthcare institutions can monitor auditor compliance within the allotted validation timeframe. We conducted comprehensive security analysis and performance evaluations to demonstrate the feasibility and effectiveness of our solution in addressing the challenges of secure and timely cloud storage in healthcare settings.

Certificateless integrity auditing scheme for sensitive information protection in cloud storage

Data integrity auditing provides a method for checking the integrity of outsourced data in cloud storage. However, outsourced data often contain sensitive information (such as names), posing risks of exposure during data sharing. To address this issue, Ming et al. proposed a certificateless integrity auditing scheme for sensitive information protection, claiming its security. However, by demonstrating two specific attack scenarios, we pointed out its security vulnerabilities. Subsequently, we proposed a new certificateless integrity auditing scheme for sensitive information protection in cloud storage (CIAS-SIP), which supports sensitive information protection and does not specify the data blocks that need sanitization by the data owner (DO). In addition, it supports dynamic operations by the DO on outsourced data (insertion, deletion, and modification) and provides security proofs based on the discrete logarithm problem. Finally, we compared CIAS-SIP’s performance with three other integrity auditing schemes for sensitive information protection. The results show that CIAS-SIP exhibits superior efficiency.

Towards forward secure verifiable data streaming with support for keyword query

Verifiable data streaming (VDS) allows users to continuously upload their encrypted data items to untrusted cloud servers to reduce the burden of local storage. Meanwhile, it enables users to update outsourced data and initiate queries to verify data integrity. However, most previous works focus on queries for a certain index and are not compatible with general keyword queries. To this end, we propose a VDS protocol that supports keyword queries. Specifically, we first present an efficient dynamic symmetric searchable encryption (DSSE) with range query, which can represent multiple queried keywords within a range as the concise query token, thereby achieving communication-optimized keyword queries while achieving unbounded data appending. Furthermore, we construct a new VDS protocol supporting keyword queries by integrating the proposed range DSSE. Specifically, suppose the user searches for multiple keywords within a certain range. In that case, cloud servers can match the corresponding data items based on the user's query token, and users can verify the integrity of these data items. Security analysis demonstrates that our VDS protocol achieves forward security. Experimental results show that it sacrifices acceptable costs in exchange for keyword retrieval capability.

An Efficient Cross-Modal Privacy-Preserving Image–Text Retrieval Scheme

Preserving the privacy of the ever-increasing multimedia data on the cloud while providing accurate and fast retrieval services has become a hot topic in information security. However, existing relevant schemes still have significant room for improvement in accuracy and speed. Therefore, this paper proposes a privacy-preserving image–text retrieval scheme called PITR. To enhance model performance with minimal parameter training, we freeze all parameters of a multimodal pre-trained model and incorporate trainable modules along with either a general adapter or a specialized adapter, which are used to enhance the model’s ability to perform zero-shot image classification and cross-modal retrieval in general or specialized datasets, respectively. To preserve the privacy of outsourced data on the cloud and the privacy of the user’s retrieval process, we employ asymmetric scalar-product-preserving encryption technology suitable for inner product calculation, and we employ distributed index storage technology and construct a two-level security model. We construct a hierarchical index structure to speed up query matching among massive high-dimensional index vectors. Experimental results demonstrate that our scheme can provide users with secure, accurate, fast cross-modal retrieval service while preserving data privacy.

SSF-CDW: achieving scalable, secure, and fast OLAP query for encrypted cloud data warehouse

Implementing a cloud-based data warehouse to store sensitive or critical strategic data presents challenges primarily related to the security of the stored information and the exchange of OLAP queries between the cloud server and users. Although encryption is a viable solution for safeguarding outsourced data, applying it to OLAP queries involving multidimensional data, measures, and Multidimensional Expressions (MDX) operations on encrypted data poses difficulties. Existing searchable encryption solutions are inadequate for handling such complex queries, which complicates the use of business intelligence tools that rely on efficient and secure data processing and analysis.This paper proposes a new privacy-preserving cloud data warehouse scheme called SSF-CDW which facilitates a secure and scalable solution for an encrypted cloud data warehouse. Our SSF-CDW improves the OLAP queries accessible only to authorized users who can decrypt the query results with improved query performance compared to traditional OLAP tools. The approach involves utilizing symmetric encryption and Ciphertext Policy Attribute-Based Encryption (CP-ABE) to protect the privacy of the dimension and fact data modeled in Multidimensional OLAP (MOLAP). To support efficient OLAP query execution, we proposed a new data cube retrieval mechanism using a Redis schema which is an in-memory database. This technique dynamically compiles queries by disassembling them down into multiple levels and consolidates the results mapped to the corresponding encrypted data cube. The caching of dimensional and fact data associated with the encrypted cube is also implemented to improve the speed of frequently queried data. Experimental comparisons between our proposed indexed search strategy and other indexing schemes demonstrate that our approach surpasses alternative techniques in terms of search speed for both ad-hoc and repeated OLAP queries, all while preserving the privacy of the query results.

A revocable multi-authority attribute-based encryption scheme for fog-enabled IoT

As more applications move data storage to the cloud, protecting sensitive data becomes increasingly important, especially for the Internet of Things (IoT) environments. Ciphertext-policy attribute-based encryption (CP-ABE) is a practical approach for confidentiality and secure access control for data outsourced to the cloud. However, the underlying CP-ABE operations based on bilinear pairings are too demanding for resource-constrained IoT devices. Furthermore, applications such as Industrial IoT (IIoT) have requirements (efficiency, operative, and security) that existing CP-ABE proposals cannot fulfill, and advanced IoT architectures (e.g., fog computing) have not been well-exploited. This paper proposes a novel CP-ABE scheme suitable for IoT scenarios, using an IIoT generic model as a reference. It targets multiple attribute authorities, outsourced encryption and decryption to fog nodes, user revocation, and asymmetric pairings constructions to achieve recommended security levels. As the main distinctive, revocation is defined using a broadcast encryption-based approach, allowing data owners to enforce user revocation over their outsourced data. According to the performance analysis, the proposed scheme achieves high efficiency for IoT nodes. It is also competitive in terms of storage, bandwidth, and computation efficiency compared to previous proposals. Moreover, the security of the suggested construction is demonstrated against chosen-plaintext attacks.

Efficient and Verifiable Range Query Scheme for Encrypted Geographical Information in Untrusted Cloud Environments

With the rapid development of geo-positioning technologies, location-based services have become increasingly widespread. In the field of location-based services, range queries on geographical data have emerged as an important research topic, attracting significant attention from academia and industry. In many applications, data owners choose to outsource their geographical data and range query tasks to cloud servers to alleviate the burden of local data storage and computation. However, this outsourcing presents many security challenges. These challenges include adversaries analyzing outsourced geographical data and query requests to obtain privacy information, untrusted cloud servers selectively querying a portion of the outsourced data to conserve computational resources, returning incorrect search results to data users, and even illegally modifying the outsourced geographical data, etc. To address these security concerns and provide reliable services to data owners and data users, this paper proposes an efficient and verifiable range query scheme (EVRQ) for encrypted geographical information in untrusted cloud environments. EVRQ is constructed based on a map region tree, 0–1 encoding, hash function, Bloom filter, and cryptographic multiset accumulator. Extensive experimental evaluations demonstrate the efficiency of EVRQ, and a comprehensive analysis confirms the security of EVRQ.

Privacy-preserving keyword query quantum scheme for outsourced data in cloud environments

Cloud computing, as a popular technology in recent years, has greatly facilitated the development of data outsourcing services. However, when users access sensitive data stored in the cloud, ensuring the security of data remains a pressing challenge. In this paper, we present a privacy-preserving keyword query scheme for outsourced data in cloud environment. Furthermore, to implement this scheme, we propose a series of quantum basic protocols with single qubits. The proposed basic protocols do not require the execution of quantum gate operations, and the necessary measurements are only Bell measurements based on measurement-device-independence. Therefore, it is practical and feasible under current technology. Moreover, compared with classical schemes, our scheme has higher security (i.e., quantum security). Finally, we conduct simulation experiments in IBM Qiskit to verify the correctness and feasibility of the critical parts of the scheme.

An improved identity-based public audit protocol for cloud storage

With the rapid development of informatization, a vast amount of data is continuously generated and accumulated, leading to the emergence of cloud storage services. However, data stored in the cloud is beyond the control of users, posing various security risks. Cloud data auditing technology enables the inspection of data integrity in the cloud without the necessity of data downloading. Among these, public auditing schemes have experienced rapid development due to their ability to avoid additional user auditing expenses. However, malicious third-party auditors can compromise data privacy. This paper proposes an improved identity-based cloud auditing scheme that can resist malicious auditors. This scheme is also constructed on an identity-based public auditing scheme using blockchain to prevent malicious auditing. We found the scheme is not secure because a malicious cloud server can forge authentication tags for outsourced data blocks, while our scheme has not these security flaws. Through security proofs and performance analysis, we further demonstrate that our scheme is secure and efficient. Additionally, our scheme has typical application scenarios.

A proposed secure framework for protecting cloud-based educational systems from hacking

Educational institutions and users involved in the whole learning process frequently have concerns about the storage and processing of sensitive data and essential apps in the cloud. Security and privacy issues have emerged as a major challenge, limiting cloud computing’s implementation in educational environments. Several users have yet to meet this security challenge, which is linked to the system’s multi-tenancy nature and the outsourcing of resources and data. This study proposes a secure framework for protecting cloud-based educational systems from hacking using a unique encryption technique, as well as a deep learning-based classification for cloud attack detection. Initially, we preprocess the data and extract features using a gray-level covariance matrix (GLCM). Next, we propose a classification based on multiple convolutional neural networks (M−CNN) to detect attacks in the cloud environment. Finally, we propose a modified digital signature algorithm (MDSA) for data encryption and decryption. The proposed technique achieved high security rates, with an accuracy of 97.7%, sensitivity of 96%, specificity of 94.3%, precision of 99.6%, and recall of 97%. Comparative evaluations showed that the proposed mechanism outperformed other encryption techniques. This novel model enhances the security of cloud-based educational systems and promotes users’ confidence in such platforms.

Proof of Inaction for outsourced data with exhaustive audit

In the existing environment of cloud storage and distributed hosting solutions, it is imperative to ensure the long-term preservation of inactive data like keyring backups and essential system logs, as these cannot afford the smallest error or data loss during storage. The current methods of subset sampling for data integrity verification fall short of these critical demands. To solve this problem, we introduce Proof of Inaction (PoI), an innovative framework for verifying the integrity of inactive data through verifiable computation principles. First, during the data owner’s exhaustive audit, the storage provider must maintain complete possession of all data to validate storage integrity, which means failing any integrity challenge if even a single bit is missing. Second, PoI enables the verification of storage integrity for both single and multiple copies of data, supporting an unlimited number of challenges in each scenario. Utilizing the co-CDH assumption, we validate the correctness and soundness of our approach with the random oracle model. Both theoretical analysis and empirical evidence suggest that PoI’s challenge and verification process do not escalate in overhead as the size of the challenged files increases, offering an enhancement over traditional data integrity verification methods.

SEDCPT: A secure and efficient Dynamic Searchable Encryption scheme with cluster padding assisted by TEE

Dynamic Searchable Symmetric Encryption (DSSE), which enables users to search and update encrypted data on an untrusted server without decryption, is a proven method when dealing with availability issues for outsourced data. However, the existing DSSE schemes suffer from forward and backward privacy problems. Although forward and backward privacy DSSE schemes can prevent these attacks, they still suffer from other challenges, such as count attacks, high communication overhead, and low computing efficiency. To solve the above problems simultaneously, we propose a secure and efficient dynamic searchable encryption scheme, which integrates a clustering algorithm, padding strategy, and trusted execution environments (TEE). The purpose of the scheme is to prevent count attacks while ensuring forward and backward privacy security. Our scheme also reduces the computing overhead and storage cost of the client by using TEE (e.g. Intel Software Guard Extension, Intel SGX) while maximizing the protection of client privacy. Furthermore, the scheme provides a secure hardware isolation environment for the cluster padding and search/update process to prevent malicious attacks from external software or super administrators. Finally, we provide corresponding security proofs and experimental evaluation which demonstrate both the security and efficiency of our scheme, respectively.

IPOD2: an irrecoverable and verifiable deletion scheme for outsourced data

Abstract To alleviate the burden of data storage and management, there is a growing trend of outsourcing data to the cloud that enables users to remotely manage their data flexibly. However, this shift also raises concerns regarding outsourced data deletion, as users lose physical control over their outsourced data and are unable to verify its proper eradication. To address this issue, cloud service providers are required to provide a scheme that guarantees the effective deletion of outsourced data. Existing schemes, including key management-based and overwriting-based schemes, fail to ensure both the irrecoverability of deleted data and the verifiability of the deletion process. In this paper, we propose IPOD2, an irrecoverable and verifiable deletion scheme for outsourced data. Specifically, IPOD2 utilizes the overwriting-based deletion method to implement outsourced data deletion and extends the Integrity Measurement Architecture to measure the operations in the deletion process. The measurement results are protected by the Trusted Platform Module and verifiable for users. To demonstrate the viability of IPOD2, we implement a prototype of IPOD2 on the Linux kernel 5.4.120. Experimental results show that, compared with the three existing schemes, IPOD2 has the minimum overhead in both deletion and verification processes.

QSKCG: Quantum‐based secure key communication and key generation scheme for outsourced data in cloud

AbstractIn the era of digital proliferation, individuals opt for cloud servers to store their data due to the diverse advantages they offer. However, entrusting data to cloud servers relinquishes users' control, potentially compromising data confidentiality and integrity. Traditional auditing methods designed to ensure data integrity in cloud servers typically depend on Trusted Third Party Auditors. Yet, many of these existing auditing approaches grapple with intricate certificate management and key escrow issues. Furthermore, the imminent threat of powerful quantum computers poses a risk of swiftly compromising these methods in polynomial time. To overcome these challenges, this paper introduces a Quantum‐based Secure Key Communication and Key Generation Scheme QSKCG for Outsourced Data in the Cloud. Leveraging Elliptic Curve Cryptography, the BB84 secure communication protocol, certificateless signature, and blockchain network, the proposed scheme is demonstrated through security analysis, affirming its robustness and high efficiency. Additionally, performance analysis underscores the practicality of the proposed scheme in achieving post‐quantum security in cloud storage.

Secureimagesec: A privacy-preserving framework for outsourced picture representation with content-based image retrieval

Content-Based Image Retrieval (CBIR) uses complicated algorithms to analyze visual attributes and retrieve relevant photos from large databases. CBIR is essential to a privacy-preserving feature extraction and protection method for outsourced picture representation. SecureImageSec combines essential methods with the system’s key entities to ensure secure, private and protected image feature processing during outsourcing. For a system to be implemented effectively, these techniques must be seamlessly integrated across critical entities, such as the client, the cloud server that is being outsourced, the component that protects secure features, the component that maintains privacy in communication, access control, and authorization, and the integration and system evaluation. The client entity initiates outsourcing using advanced encryption techniques to protect privacy. SecureImageSec protects outsourced data by using cutting-edge technologies like Fully Homomorphic Encryption (FHE) and Secure Multi-Party Computation (SMPC). Cloud servers hold secure feature protection entities and protect outsourced features’ privacy and security. SecureImageSec uses AES and FPE to protect data format. SecureImageSec’s cloud-outsourced privacy-preserving communication uses SSL/TLS and QKD to protect data transmission. Attribute-Based Encryption (ABE) and Functional Encryption (FE) in SecureImageSec limit access to outsourced features based on user attributes and allow fine-grained access control over decrypted data. SecureImageSec’s Information Leakage Rate (ILR) of 0.02 for a 1000-feature dataset shows its efficacy. SecureImageSec also achieves 4.5 bits of entropy, ensuring the encrypted feature set’s muscular cryptographic strength and randomness. Finally, SecureImageSec provides secure and private feature extraction and protection, including CBIR capabilities, for picture representation outsourcing.

Authorized Keyword Search over Outsourced Encrypted Data in Cloud Environment

This project focuses on developing a secure and efficient mechanism for authorized keyword search over encrypted data outsourced to a cloud environment. With the increasing popularity of cloud computing, data owners are often required to outsource their data to cloud servers for storage and processing. However, the security of outsourced data is a major concern due to the possibility of unauthorized access by cloud providers or malicious attackers. To address this problem, the proposed system introduced a novel expressive authorized keyword search scheme relying on the concept of ciphertext-policy attribute-based encryption. The mechanism also incorporates access control policies to ensure that only authorized users can perform the search operation. Experimental results demonstrate that the proposed mechanism can achieve high search efficiency while maintaining strong security guarantees