Outsourced Data Research Articles

Identity-Based Provable Data Possession with Designated Verifier from Lattices for Cloud Computing

Provable data possession (PDP) is a technique that enables the verification of data integrity in cloud storage without the need to download the data. PDP schemes are generally categorized into public and private verification. Public verification allows third parties to assess the integrity of outsourced data, offering good openness and flexibility, but it may lead to privacy leakage and security risks. In contrast, private verification restricts the auditing capability to the data owner, providing better privacy protection but often resulting in higher verification costs and operational complexity due to limited local resources. Moreover, most existing PDP schemes are based on classical number-theoretic assumptions, making them vulnerable to quantum attacks. To address these challenges, this paper proposes an identity-based PDP with a designated verifier over lattices, utilizing a specially leveled identity-based fully homomorphic signature (IB-FHS) scheme. We provide a formal security proof of the proposed scheme under the small-integer solution (SIS) and learning with errors (LWE) within the random oracle model. Theoretical analysis confirms that the scheme achieves security guarantees while maintaining practical feasibility. Furthermore, simulation-based experiments show that for a 1 MB file and lattice dimension of n = 128, the computation times for core algorithms such as TagGen, GenProof, and CheckProof are approximately 20.76 s, 13.75 s, and 3.33 s, respectively. Compared to existing lattice-based PDP schemes, the proposed scheme introduces additional overhead due to the designated verifier mechanism; however, it achieves a well-balanced optimization among functionality, security, and efficiency.

Lightweight batch tamper proof detection for anonymous outsourced data in cloud-assisted industrial internet of things

Lightweight batch tamper proof detection for anonymous outsourced data in cloud-assisted industrial internet of things

Mining privacy-preserving association rules using transaction hewer allocator and facile hash algorithm in multi-cloud environments.

In this era of data-driven decision-making, it is important to securely and efficiently extract knowledge from distributed datasets. However, in outsourced data for tasks like frequent itemset mining, privacy is an important issue. The difficulty is to secure sensitive data while delivering the insights of the data. First, this paper proposes a new multi-cloud approach to preserve privacy, which includes two main components, named the Transaction Hewer and Allocator module and the Facile Hash Algorithm (FHA), in extracting the frequent itemset. All these components work together to protect the privacy of the data, wherever it is, during the transmission phase or the computation phase, even if it is raw data or processed data, on the different distributed cloud platforms. The complexities involved in the mining of frequent itemsets led us to introduce the Apriori with Tid Reduction (ATid) algorithm considering scalability and computational operational improvements to the mining process due to the Tid Reduction concept. We conduct performance evaluation on several datasets and show that our proposed framework achieves higher performance than existing methods, and encryption and decryption processes reduce the computational time by up to 25 % compared to the best alternative. It also exhibits approximately 15 % reduction in communication costs and displays scalability with the growing number of transactions, compared to the state-of-the-art evaluation metrics that indicate improved communication overhead.•Introduces a multi-cloud privacy framework with Facile Hash Algorithm and Transaction Hewer and Allocator.•Enhances scalability using ATid algorithm with Tid Reduction.

Threshold Fully Homomorphic Encryption Scheme Based on NGS of Symmetric Encryption

Homomorphic encryption is an important means for cloud computing to ensure information security when outsourcing data. Among them, threshold fully homomorphic encryption (ThFHE) is a key enabler for homomorphic encryption and, from a wider perspective, secure distributed computing. However, current ThFHE schemes are unsatisfactory in terms of security and efficiency. In this paper, a novel ThFHE is proposed for the first time based on an NTRU-based GSW-like scheme of symmetric encryption—Th-S-NGS scheme. Additionally, the threshold structure is realized by combining an extended version of the linear integer secret sharing scheme such that the scheme requires a predetermined number of parties to be online, rather than all the parties being online. The Th-S-NGS scheme is not only more attractive in terms of ciphertext size and computation time for homomorphic multiplication, but also does not need re-linearization after homomorphic multiplication, and thus does not require the computing key, which can effectively reduce the communication burden in the scheme and thus simplify the complexity of the scheme.

A Secure Data Dynamics and Public Auditing Scheme for Cloud Storage

Abstract— This paper introduced a robust and efficient framework designed to ensure secure dynamic data handling and public auditing in cloud storage systems. The primary goal was to strengthen data integrity and user confidentiality using advanced cryptographic methods and privacy-aware third-party auditing (TPA). An in- depth analysis of existing cloud security models was conducted to uncover persistent challenges such as secure management of data updates, protection of user privacy, and reliable auditing within potentially untrusted cloud environments. To address these issues, a modular system architecture was developed that supports dynamic data operations—including insertion, deletion, and modification—while enabling secure data outsourcing. The auditing mechanism allows a trusted third party to verify data integrity without exposing sensitive information, ensuring both transparency and privacy. Additionally, the framework incorporates lightweight cryptographic algorithms aimed at reducing computational and communication costs.A comprehensive feasibility study was performed, and the necessary hardware and software requirements were identified to support real-world implementation. The proposed solution demonstrated high potential for scalability, efficiency, and user trust. Overall, the framework offers a practical pathway toward secure, transparent, and user-centric cloud data management, making it a valuable contribution to advancing cloud storage security. Keywords: Cloud Storage Systems, Secure Dynamic Data Handling, Public Auditing, Data Integrity, User Confidentiality, Cryptographic Methods, Privacy-Aware, Third-Party Auditing (TPA), Cloud Security Models, Data Updates, User Privacy, Untrusted Cloud Environments, Modular System Architecture, Dynamic Data Operations, Secure Data Outsourcing, Auditing Mechanism, Trusted Third Party, Lightweight Cryptographic Algorithms, Computational Costs, Communication Costs, Feasibility Study, Hardware Requirements, Software Requirements, Scalability, Efficiency, User Trust, Transparent Data Management, Cloud Data Security.

ENHANCING HEALTHCARE DATA-SHARING SECURITY WITH BLOCKCHAIN AND POST-QUANTUM CRYPTOGRAPHY

With the rapid advancement of healthcare technologies, Electronic Medical Records (EMRs), have become invaluable resources for enhancing public health. However, these data are typically managed by the healthcare service systems of individual medical institutions. Due to privacy concerns and the complexity of system integration, many institutions are hesitant to share their data, leading to the formation of data silos. The emergence of blockchain technology offers a promising solution for facilitating cross-institutional health data sharing within the Internet of Medical Things (IoMT). Nevertheless, blockchain technology, while promising, has limitations in fully safeguarding privacy. In this paper, we propose a secure and efficient user-centric data-sharing system based on consortium blockchain technology. To ensure robust privacy protection in cross-institutional transactions, our scheme employs lattice-based cryptography, a quantum-resistant cryptographic technique. Additionally, we propose an enhanced proxy re-encryption mechanism that enables granular access control over outsourced data and mitigates the risk of collusion between semi-trusted cloud servers and unauthorized data requesters. Furthermore, our system grants data owners complete control over their medical data, empowering them to selectively share information while maintaining the privacy of sensitive details across different institutions. Through rigorous security and experimental analyses, our scheme is shown to be more efficient and practical than existing alternatives. Moreover, when evaluating performances across various medical data sizes, our scheme significantly reduces computational overhead compared to other systems.

A Selective Data Sharing and Retrieval Scheme in Edge‐Enabled IoV

ABSTRACTThe swift advancement of the Internet of Vehicles (IoV) has generated a vast amount of valuable data, leading to an increasing demand for IoV data sharing. Given the substantial volume of data that often contains sensitive information about vehicle owners, storing such data in an encrypted format is common practice to ensure its confidentiality. However, this storage method presents a significant data‐sharing challenge: retrieving encrypted data. In this paper, we address the issue of private data sharing and retrieval by proposing a selective data sharing and retrieval scheme for edge‐enabled IoV. Our approach introduces a novel IoV architecture based on blockchain and edge computing, which delegates most computational tasks to edge nodes, thus conserving the computational resources of vehicles and users. Additionally, we design an attribute‐based searchable encryption scheme that supports users in performing fine‐grained data retrieval and outsourced data decryption. Our scheme accommodates a large attribute universe, offers a flexible access policy, and conserves computational resources during user decryption. Finally, an in‐depth evaluation of the proposed scheme's performance is conducted, showcasing its feasibility and practicality through experimental results. The results confirm our scheme's effectiveness and reinforce its viability for real‐world applications.

Advancing Data Security in Cloud Computing: Introducing Secured Layered Technique for Data Security Approach (SLT-DSA), A Multi-Layered Security Framework

Objective: The aim of this study is to introduce the Secured Layered Technique for Data Security Approach (SLT-DSA), a multi-layered framework designed to enrich data protection in cloud computing environments. This research aims to evaluate the effectiveness of SLT-DSA in addressing security challenges, improving data privacy, and ensuring scalability and performance in cloud-based systems. Methods: This paper has introduced the Secured Layered Technique for Data Security Approach (SLT-DSA), aimed at ensuring data security and integrity when outsourcing data in cloud environments. The enhancement of cloud data security has been demonstrated by employing a composite encryption algorithm and hash functions. The proposed SLT-DSA contains three layered techniques and secure hash algorithms, including scrambling with binary operation, dynamic key and secret key generation with encryption, and signature generation. Keys and encrypted data are kept in the AWS cloud. Findings: Three layered techniques are introduced in this work to provide secure data storage in the cloud environment. The scrambling and binary operation-based encryption technique is suggested to improve data confidence. The secure hash-based signature is used to check the integrity of data. This work presents the security analysis and experimental findings of SLT-DSA to demonstrate its superiority over existing methods. The suggested algorithm's experimental findings confirm its effectiveness with state-of-the-art encryption methods. Novelty: The results of the experiment has been improved through SLT-DSA framework. Compared to alternative encryption methods, the experimental outcomes of the suggested algorithm displayed a high degree of security, reducing cipher text size and decreasing encryption and decryption time. Keywords: Hybrid Encryption, Secure Hash, Dynamic Key, Secret Key, Layered Technique, Matrix Scrambling

Secure and efficient ownership verification for deduplicated cloud computing systems

Cloud storage services offer a scalable platform to store a large amount of data at a low cost. It attracts a large number of customers to outsource their data to the cloud. To manage the massive growth in the size of outsourced data, cloud service providers employ deduplication, i.e., a technique to reduce space and bandwidth requirements by eliminating the upload and storage of redundant data. However, it poses the following severe security threat: “A malicious user who learns deduplication tag of the file, i.e., a small piece of information, can convince the server to allow access to the entire file”. A proof of ownership (POW) concept was introduced that allows the server to challenge the user to prove that s/he owns the entire file. The existing state-of-the-art POW solutions are either not considering the complete file for determining the proof or not efficient in terms of I/O, communication, and computational overheads on the user. In this paper, we propose a secure and efficient POW scheme. The proposed scheme ensures that the user must possess the complete file to generate ownership proof. In addition, our scheme causes minimal I/O, communication, and computational overhead on the user side. We implement the proposed scheme in a real cloud scenario using Google Firebase cloud services. The performance analysis indicates that our scheme is efficient in terms of I/O, computational, and communication overheads than the existing state-of-the-art solutions.

Practical Multi-Keyword Ranked Search With Access Control Over Encrypted Cloud Data

With the explosive growth of data volume in the cloud computing environment, data owners are increasingly inclined to store their data on the cloud. Although data outsourcing reduces computation and storage costs for them, it inevitably brings new security and privacy concerns, as the data owners lose direct control of sensitive data. Meanwhile, most of the existing ranked keyword search schemes mainly focus on enriching search efficiency or functionality, but lack of providing efficient access control and formal security analysis simultaneously. To address these limitations, In this Project propose an efficient and privacy-preserving Multi-keyword Ranked Search scheme with Fine-grained access control (MRSF). MRSF can realize highly accurate ciphertext retrieval by combining coordinate matching with Term Frequency-Inverse Document Frequency (TF-IDF) and improving the secure k NN method. Besides, it can effectively refine users’ search privileges by utilizing the polynomial-based access strategy

PPEC: A Privacy-Preserving, Cost-Effective Incremental Density Peak Clustering Analysis on Encrypted Outsourced Data

PPEC: A Privacy-Preserving, Cost-Effective Incremental Density Peak Clustering Analysis on Encrypted Outsourced Data

Online Fingerprint Authentication Scheme over Outsourced Data

With the rifeness of mobile plans and the growth of biometric technology, biometric credentials, which can realize separate verification trusts on individual life or social physiognomies, has involved widely substantial interest. Though, confidentiality subjects of biometric data bring out increasing worries due to the extremely compassion of biometric data. Aiming at this test, in this project, we current a novel privacy-preserving online fingerprint verification arrangement, named e-Finga, over encoded subcontracted data. In the proposed e-Finga scheme, the user’s fingerprint registered in trust authority can be subcontracted to dissimilar servers with user’s approval, and safe, precise and well-organized verification service can be provided without the leakage of fingerprint information. Exactly, an better homomorphic encryption skill for secure Euclidean distance calculation to realize an efficient online fingerprint matching algorithm over encrypted Finger Code data in the subcontracting scenarios. Through detailed safety analysis, we show that e-Finga can fight various security intimidations. In addition, we implement e-Finga over a workstation with a real fingerprint database, and extensive imitation results prove that the proposed e-Finga scheme can serve well-organized and precise online fingerprint verification.

Privacy-preserving and verifiable convolution neural network inference and training in cloud computing

Privacy-preserving and verifiable convolution neural network inference and training in cloud computing

End-to-Same-End Encryption: Modularly Augmenting an App with an Efficient, Portable, and Blind Cloud Storage

The cloud has become pervasive, and we ask: how can we protect cloud data against the cloud itself? For secure user-to-user communication via a cloud server, End-to-End encryption has been formally studied, building on existing TLS channels without requiring new primitives. However, enabling user-to-same-user secure outsourced data storage–solving the analogous problem of “privacy from the server” while (1) relying on existing infrastructure and (2) supporting user mobility, remains open. Existing proposals, like password-protected secret sharing, target the same goal but are incompatible with existing cloud storage services. Specifically, they lack the simplicity needed to directly utilize existing cloud storage without requiring changes on the cloud side. Here, we propose a novel system for securely storing private data in existing cloud storage with the help of a key server (necessary, given the requirements). In our system, user data is secure against threats from the cloud server, the key server, and illegitimate users. Only the legitimate user can access the data on any device using a correct passphrase. Most importantly, our system does not require the storage server to support any newly programmable operations. Moreover, leveraging the existing App login, our system requires only one passphrase, which never leaves the user’s device and remains hidden from both servers. The security is proved under formal models, and its efficiency is demonstrated by experiments conducted on Amazon S3. Notably, a preliminary variant, based on our principles, was deployed by Snapchat in their My Eyes Only module, serving hundreds of millions of users!

Enhancing Cloud Security: A Hypervisor-Level Framework for Malware Prevention and Detection

The introduction outlines the significance of data storage and management in businesses andhighlights the cost-effectiveness of data outsourcing, particularly in the context of cloud computing. Itemphasizes the benefits and challenges of cloud computing, with a focus on security concerns related tomalware threats. The proposed malware prevention and detection (MP&D) framework aims to address thesechallenges by providing a comprehensive set of processes and tools to secure virtual machines in cloudcomputing environments. The framework's objectives include large-scale system management, identifyingvarious attacks, early detection, rapid and accurate detection, scalability, and resistance to compromise.

A New Approach to Natural Language Query Search using Frequency Analysis Techniques in Cloud Computing

Data outsourcing is the preferred act by owners of cloud data because of ease in maintenance. Data confidentiality of this outsourced sensitive data is a major task. Applying cryptographic techniques to outsourced data is the most secure way to achieve confidentiality. Searchable encryption techniques help in searching on encrypted data without actually decrypting it. These techniques limit the usefulness of data in the sense that searching encrypted data is difficult. With the increase in the volume of data, increases the size of indexing structure. This makes it more difficult to design cipher text based search scheme which facilitates reliable, memory efficient, fast retrieval on a huge volume of encrypted data. In this paper, keyword frequency based code method is presented to minimize the size of the index which makes fast retrieval of data inside a big data environment. The proposed system also supports secured, ranked retrieval using hash-based mapping structures. A hash-based technique efficiently retrieves the data using key-value pair data structure. The resulting system is able to handle queries which are written in natural language. Through extensive experiments using standard dataset, the performance of the system is validated. The system performance is evaluated and validated through extensive experimentation using standard dataset. The results show that very less space for index storage is utilized by the system proposed in the paper which enhances the performance on the ground of the retrieval time.

ROLQ-TEE: Revocable and Privacy-Preserving Optimal Location Query Based on Trusted Execution Environment

With the advent of cloud computing, outsourced computing has emerged as an increasingly popular strategy to reduce the burden of local computation. Optimal location query (OLQ) is a computationally intensive task in the domain of big data outsourcing, which is designed to determine the optimal placement of a new facility from a set of candidate locations. However, location data are sensitive and cannot be shared with other enterprises, so privacy-preserving optimal location query becomes particularly important. Although some privacy-preserving works have been proposed, they still suffer from other challenges, such as irrevocable query permissions and high communication overhead. To overcome these challenges, we propose a revocable and privacy-preserving optimal location query scheme based on TEE (Trusted Execution Environment). We employ a basic hash structure within the TEE to compute the intersection data of both parties. We use the concept of reverse nearest neighbor (RNN) to assess the impact of candidates, and then select the optimal facility location. In addition, to implement the revocation of query permissions, we introduce a key refresh strategy that adopts identity and timestamp. We evaluate the performance of the proposed scheme using real datasets, and the experimental results indicate strong practicality.

Coupling Secret Sharing with Decentralized Server-Aided Encryption in Encrypted Deduplication

Outsourcing storage to the cloud can save storage costs and is commonly used in businesses. It should fulfill two major goals: storage efficiency and data confidentiality. Encrypted deduplication can achieve both goals via performing deduplication to eliminate the duplicate data within encrypted data. Traditional encrypted deduplication generates the encryption key on the client side, which poses a risk of offline brute-force cracking of the outsourced data. Server-aided encryption schemes have been proposed to strengthen the confidentiality of encrypted deduplication by distributing the encryption process to dedicated servers. Existing schemes rely on expensive cryptographic primitives to provide a decentralized setting on the dedicated servers for scalability. However, this incurs substantial performance slowdown and can not be applied in practical encrypted deduplication storage systems. In this paper, we propose a new decentralized server-aided encrypted deduplication approach for outsourced storage, called ECDedup, which leverages secret sharing to achieve secure and efficient key management. We are the first to use the coding matrix as the encryption key to couple the encryption and encoding processes in encrypted deduplication. We also propose a acceleration scheme to speed up the encryption process of our ECDedup. We prototype ECDedup in cloud environments, and our experimental results based on the real-world backup datasets show that ECDedup can improve the client throughput by up to 51.9% compared to the state-of-the-art encrypted deduplication schemes.

Encrypted Search Method for Cloud Computing Data Under Attack Based on TF-IDF and Apriori Algorithm

ABSTRACT This paper designs the MKSE and SEMSS methods. Among them, MKSE uses an improved TF-IDF weight calculation method to extract keywords and applies virtual keywords to construct inverted indexes, making it difficult for malicious attackers to infer the index content easily. SEMSS uses the Apriori algorithm to mine the co-occurrence relationship between words and find the keyword set that meets the minimum support threshold to improve the recall rate of search results. Finally, the security of the scheme is verified from the aspects of semantic security, effici this paper designsency, data integrity, etc. The results showed that the data encryption time of MKSE and TRSE methods increased gradually with the increase in document collection storage. The index build time was increased as the document set grew. The accuracy of the improved TF-IDF method was 63.8%. The running time of Apriori decreased with the increase of minimum support. When the minimum support was 12.0%, the Apriori algorithm ran for 211 seconds. The MKSE method was more efficient than the TRSE method in searching documents by query keywords. When the document set size was 3000, the SEMSS method had a full search rate of 81.09%. This research realizes the semantic security of outsourced data, which can efficiently and comprehensively carry out cryptographic retrieval based on keyword sorting.

Towards ensuring reproducibility of outsourced data generation.

"Big data" generated from outsourced or centralized facilities often lacks methodological information. Here, we outline how and why researchers, service providers, and other parties should report on methodology and sample metadata to improve scientific reproducibility.