Security Of Outsourced Data Research Articles

An enhanced searchable encryption scheme for secure data outsourcing

In the cloud environment, where the cloud server cannot always be fully trusted, both data and query privacy should be well protected for secure data outsourcing. Searchable encryption provides a more practical solution to secure data storage while enabling efficient search queries. In this paper, four important problems of public key encryption with keyword search (PEKS), namely, a scheme without secure channels, conjunctive keyword search, (offline) outside and inside keyword guessing attack (full KGA) resistance and proof in the standard model, are considered. We provide an in-depth analysis of the reasons behind (offline) full KGA by considering two types of PEKS schemes as examples. In particular, we introduce the concept of server-aided secure channel free public key encryption with conjunctive keyword search (SA-SCF-PECKS) which can resist (offline) full KGA. Furthermore, we provide a concrete and efficient construction of SA-SCF-PECKS, and prove its security in the standard model. To the best of our knowledge, our proposal is the first PECKS scheme to address these four problems simultaneously. We compare the security and efficiency of our scheme with those of other related PECKS schemes in theoretical and practical ways. In general, compared with other schemes, our SA-SCF-PECKS scheme shows better performance in terms of security and efficiency.

Toward Highly Secure Yet Efficient KNN Classification Scheme on Outsourced Cloud Data

Nowadays, outsourcing data and machine learning tasks, e.g., $k$ -nearest neighbor (KNN) classification, to clouds has become a scalable and cost-effective way for large scale data storage, management, and processing. However, data security and privacy issue have been a serious concern in outsourcing data to clouds. In this article, we propose a privacy-preserving KNN classification scheme on cloud data in a twin-cloud model based on an additively homomorphic cryptosystem and secret sharing. Compared with existing works, we redesign a set of lightweight building blocks, such as secure square Euclidean distance, secure comparison, secure sorting, secure minimum, and maximum number finding, and secure frequency calculating, which achieve the same security level but with higher efficiency. In our scheme, data owners stay offline, which is different from secure-multiparty computation-based solutions which require data owners’ stay online during computation. In addition, query users do not interact with the cloud except sending query data and receiving the query results. Our security analysis shows that the scheme protects outsourced data security and query privacy, and hides access patterns. The experiments on real-world dataset indicate that our scheme is significantly more efficient than existing schemes.

Mobile access and flexible search over encrypted cloud data in heterogeneous systems

Never before has data sharing been more convenient with the rapid popularity and wide adoption of cloud computing. However, mobile access and flexible search with security for outsourced data in heterogeneous systems are two major obstacles prior to practical deployment of cloud computing. To meet the requirements in secure mobile access and flexible search to sensitive data, this paper, for the first time, proposes a versatile primitive referred to as an identity based proxy re-encryption system with outsourced equality test (IBPRE-ET). This primitive allows a data owner in an identity based broadcast encryption system (IBBE) seamlessly to share his/her data with a data sharer in an identity based encryption system (IBE). Moreover, it supports a data sharer in an IBBE system to perform search functionality on ciphertexts related to a data sharer in an IBE system. We also formally prove that the proposed IBPRE-ET system is selective secure using a random oracle model. Meanwhile, the theoretic evaluation and experimental result demonstrate our scheme is practical in the heterogeneous system. Finally, we show an application of our IBPRE-ET to the collaborative office automation system.

Sed‐Dedup: An efficient secure deduplication system with data modifications

SummaryThe amount of outsourced data grows rapidly. In recent years, cloud service providers integrate data deduplication systems with convergent encryption (CE) methods, in which a file encryption key is determined by its own content instead of the secret of a specific user, to save the storage cost and ensure the security of outsourced data. However, present secure deduplication systems failed to deal with data modifications efficiently. We observe that when a client makes small changes on an existing file, the current chunking algorithms cannot effectively detect the similarities and always create chunks with largely overlapped contents. It reduces data deduplication ratios and results in unnecessary overhead. In this paper, we propose Sed‐Dedup, an efficient secure delta encoding deduplication system to address this problem. In Sed‐Dedup, we introduce a novel delta encoding approach to store modified contents in delta files and leave the original files intact. Two schemes with different encoding policies are designed. Both of them can solve the issue and improve the secure deduplication performance. To evaluate the performance, we implement a prototype and conduct extensive experiments based on synthetic and real‐world datasets. Our experimental results show that Sed‐Dedup is superior to the state‐of‐the‐art secure deduplication systems.

Building a dynamic searchable encrypted medical database for multi-client

E-medical record is an emerging health information exchange model based on cloud computing. As cloud computing allows companies and individuals to outsource their data and computation, the medical data is always stored at a third party such as cloud, which brings a variety of risks, such as data leakage to the untrusted cloud server, unauthorized access or modification operations. To assure the confidentiality of the data, the data owner needs to encrypt the sensitive data before uploading to the third party. Yet, issues like encrypted data search, flexible access and control on sensitive data have also remained the most significant challenges. In this paper, we investigate a novel searchable encrypted e-medical framework for multi-client which provides both confidentiality and searchability. Different from previous privacy protecting works in secure data outsourcing, we focus on providing a fine-grained access control encrypted data search scheme including clients and data. Our scheme also enables secure data update of the encrypted database by leveraging a secure dynamic searchable encryption. Furthermore, we implement the proposed scheme based on some existed cryptography library, and conduct several experiments on a selected dataset to evaluate its performance. The results demonstrate that our scheme provides a balance between security and efficiency.

Enhanced Data Security for Public Cloud Environment with Secured Hybrid Encryption Authentication Mechanisms

Cloud computing is an evolving computing technology that provides many services such as software and storage. With the introduction of cloud storage, the security of outsourced data has become a major issue in cloud computing. Data storage in cloud computing environment needs to be secured in order to provide a safe and foolproof security for data outsourcing of the cloud service users. This paper presents a model for security of data in public cloud storage environment which successfully detects the unauthenticated access or any anomaly in the data. The proposed authentication model along with the data security model presented in this paper shows that this model is the best model suitable for securing the data in cloud computing environment

Secure Logistic Regression Based on Homomorphic Encryption: Design and Evaluation.

BackgroundLearning a model without accessing raw data has been an intriguing idea to security and machine learning researchers for years. In an ideal setting, we want to encrypt sensitive data to store them on a commercial cloud and run certain analyses without ever decrypting the data to preserve privacy. Homomorphic encryption technique is a promising candidate for secure data outsourcing, but it is a very challenging task to support real-world machine learning tasks. Existing frameworks can only handle simplified cases with low-degree polynomials such as linear means classifier and linear discriminative analysis.ObjectiveThe goal of this study is to provide a practical support to the mainstream learning models (eg, logistic regression).MethodsWe adapted a novel homomorphic encryption scheme optimized for real numbers computation. We devised (1) the least squares approximation of the logistic function for accuracy and efficiency (ie, reduce computation cost) and (2) new packing and parallelization techniques.ResultsUsing real-world datasets, we evaluated the performance of our model and demonstrated its feasibility in speed and memory consumption. For example, it took approximately 116 minutes to obtain the training model from the homomorphically encrypted Edinburgh dataset. In addition, it gives fairly accurate predictions on the testing dataset.ConclusionsWe present the first homomorphically encrypted logistic regression outsourcing model based on the critical observation that the precision loss of classification models is sufficiently small so that the decision plan stays still.

Dynamic Outsourced Proofs of Retrievability Enabling Auditing Migration for Remote Storage Security

Remote data auditing service is important for mobile clients to guarantee the intactness of their outsourced data stored at cloud side. To relieve mobile client from the nonnegligible burden incurred by performing the frequent data auditing, more and more literatures propose that the execution of such data auditing should be migrated from mobile client to third‐party auditor (TPA). However, existing public auditing schemes always assume that TPA is reliable, which is the potential risk for outsourced data security. Although Outsourced Proofs of Retrievability (OPOR) have been proposed to further protect against the malicious TPA and collusion among any two entities, the original OPOR scheme applies only to the static data, which is the limitation that should be solved for enabling data dynamics. In this paper, we design a novel authenticated data structure called bv23Tree, which enables client to batch‐verify the indices and values of any number of appointed leaves all at once for efficiency. By utilizing bv23Tree and a hierarchical storage structure, we present the first solution for Dynamic OPOR (DOPOR), which extends the OPOR model to support dynamic updates of the outsourced data. Extensive security and performance analyses show the reliability and effectiveness of our proposed scheme.

DaSCE: Data Security for Cloud Environment with Semi-Trusted Third Party

Off-site data storage is an application of cloud that relieves the customers from focusing on data storage system. However, outsourcing data to a third-party administrative control entails serious security concerns. Data leakage may occur due to attacks by other users and machines in the cloud. Wholesale of data by cloud service provider is yet another problem that is faced in the cloud environment. Consequently, high-level of security measures is required. In this paper, we propose data security for cloud environment with semi-trusted third party (DaSCE), a data security system that provides (a) key management (b) access control, and (c) file assured deletion. The DaSCE utilizes Shamir's ( k, n ) threshold scheme to manage the keys, where k out of n shares are required to generate the key. We use multiple key managers, each hosting one share of key. Multiple key managers avoid single point of failure for the cryptographic keys. We (a) implement a working prototype of DaSCE and evaluate its performance based on the time consumed during various operations, (b) formally model and analyze the working of DaSCE using high level petri nets (HLPN), and (c) verify the working of DaSCE using satisfiability modulo theories library (SMT-Lib) and Z3 solver. The results reveal that DaSCE can be effectively used for security of outsourced data by employing key management, access control, and file assured deletion.

A general framework to design secure cloud storage protocol using homomorphic encryption scheme

With the growing popularity of cloud storage, to guarantee the security of outsourced data becomes more and more important. In this paper, we make the first attempt to explore the intrinsic relationship between secure cloud storage and homomorphic encryption scheme, based on which we present a Generic way to design a Secure Cloud Storage protocol, denoted as G-SCS, using any homomorphic encryption scheme (HES). The proposed G-SCS is secure under a definition that satisfy the security requirement of cloud storage. To address various issues in real application scenarios, we further extend the protocol to support deterministic and randomized auditing, data dynamics (i.e., data insertion, deletion and modification), as well as third-party public auditing, while preserving the efficiency and security of the protocol. By instantiating all abstract semantics in G-SCS, we construct three concrete secure cloud storage protocols using RSA-based, Paillier-based and DGHV-based HESs, which are multiplicatively, additively and fully HESs, respectively. We conduct extensive theoretical analysis and experimental evaluations to validate the practicability of the proposed protocol.

PRESAGE: PRivacy-preserving gEnetic testing via SoftwAre Guard Extension

BackgroundAdvances in DNA sequencing technologies have prompted a wide range of genomic applications to improve healthcare and facilitate biomedical research. However, privacy and security concerns have emerged as a challenge for utilizing cloud computing to handle sensitive genomic data.MethodsWe present one of the first implementations of Software Guard Extension (SGX) based securely outsourced genetic testing framework, which leverages multiple cryptographic protocols and minimal perfect hash scheme to enable efficient and secure data storage and computation outsourcing.ResultsWe compared the performance of the proposed PRESAGE framework with the state-of-the-art homomorphic encryption scheme, as well as the plaintext implementation. The experimental results demonstrated significant performance over the homomorphic encryption methods and a small computational overhead in comparison to plaintext implementation.ConclusionsThe proposed PRESAGE provides an alternative solution for secure and efficient genomic data outsourcing in an untrusted cloud by using a hybrid framework that combines secure hardware and multiple crypto protocols.

An Efficient Multi-keyword Symmetric Searchable Encryption Scheme for Secure Data Outsourcing

Symmetric searchable encryption (SSE) schemes allow a data owner to encrypt its data in such a way that it could be searched in encrypted form. When searching over encrypted data the retrieved data, search query, and search query outcome everything must be protected. A series of SSE schemes have been proposed in the past decade. In this paper, we are going to propose our an efficient multi-keyword symmetric searchable encryption scheme for secure data outsourcing and evaluate the performance of our proposed scheme on a real data set.

Ciphertext‐policy attribute‐based encryption with partially hidden access structure and its application to privacy‐preserving electronic medical record system in cloud environment

AbstractWith the development of cloud computing, more and more sensitive data are uploaded to cloud by companies or individuals, which brings forth new challenges for outsourced data security and privacy. Ciphertext‐policy attribute‐based encryption (CP‐ABE) provides fine‐grained access control of encrypted data in the cloud; in a CP‐ABE scheme, an access structure, also referred to as ciphertext‐policy, is sent along with a ciphertext explicitly, and anyone who obtains a ciphertext can know the access structure associated with the ciphertext. In certain applications, access structures contain very sensitive information and must be protected from everyone except the users whose private key attributes satisfy the access structures.In this paper, we propose a new model for CP‐ABE with partially hidden access structure (See Figure 2). In our model, each attribute consists of two parts: an attribute name and its value; if the private key attributes of a user do not satisfy the access structure associated with a ciphertext, the specific attribute values of the access structure are hidden, while other information about the access structure is public. Based on the CP‐ABE scheme proposed by Lewko and Waters recently, we then present a concrete construction of CP‐ABE with partially hidden access structure and prove that it is fully secure in the standard model. In addition, we discuss how our new model can be employed to construct a privacy‐preserving electronic medical record system in the cloud environment. Copyright © 2016 John Wiley & Sons, Ltd.

Efficient and Secure Storage for Outsourced Data: A Survey

With the growing popularity of cloud computing, more and more enterprises and individuals tend to store their sensitive data on the cloud in order to reduce the cost of data management. However, new security and privacy challenges arise when the data stored in the cloud due to the loss of data control by the data owner. This paper focuses on the techniques of verifiable data storage and secure data deduplication. We firstly summarize and classify the state-of-the-art research on cloud data storage mechanism. Then, we present some potential research directions for secure data outsourcing.

Privacy-Preserving and Regular Language Search Over Encrypted Cloud Data

Using cloud-based storage service, users can remotely store their data to clouds but also enjoy the high quality data retrieval services, without the tedious and cumbersome local data storage and maintenance. However, the sole storage service cannot satisfy all desirable requirements of users. Over the last decade, privacy-preserving search over encrypted cloud data has been a meaningful and practical research topic for outsourced data security. The fact of remote cloud storage service that users cannot have full physical possession of their data makes the privacy data search a formidable mission. A naive solution is to delegate a trusted party to access the stored data and fulfill a search task. This, nevertheless, does not scale well in practice as the fully data access may easily yield harm for user privacy. To securely introduce an effective solution, we should guarantee the privacy of search contents, i.e., what a user wants to search, and return results, i.e., what a server returns to the user. Furthermore, we also need to guarantee privacy for the outsourced data, and bring no additional local search burden to user. In this paper, we design a novel privacy-preserving functional encryption-based search mechanism over encrypted cloud data. A major advantage of our new primitive compared with the existing public key based search systems is that it supports an extreme expressive search mode, regular language search. Our security and performance analysis show that the proposed system is provably secure and more efficient than some searchable systems with high expressiveness.

Distributed Authentication for Federated Clouds in Secure Cloud Data Storage

Objective: The main objective of our approach is to define federative cloud environment set up and define security considerations of each user independently in a multi-cloud data storage. Methods/Statistical Analysis: For secure data outsourcing in cloud data storage, we propose to use (KASE) Key Aggregate Searchable Encryption for aggregate key based data sharing in the cloud. But KASE is the single key based policy for data sharing in single cloud. We extend KASE to multi cloud storage with Reliable Reasoning Power (RRP) for protection of the federative cloud environment. Findings: By applying above two methods in cloud setup, we find two basic parameters as advantages, i.e. 1. Aggregate Key based data sharing in the cloud with efficient and reliable data security. 2. Data storage and security for single user in federative cloud environment. Applications/Improvement: Our proposed methodology achieves following applications when compare to conventional methodology (i.e. KASE) i.e., 1. With respect to time RRP performs effective file uploading when compare to KASE. 2. Security and Data storage in RRP is efficient (whenever we consider server performance).

Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing

Although many users outsource their various data to clouds, data security and privacy concerns are still the biggest obstacles that hamper the widespread adoption of cloud computing. Anonymous attribute-based encryption (anonymous ABE) enables fine-grained access control over cloud storage and preserves receivers’ attribute privacy by hiding attribute information in ciphertexts. However, in existing anonymous ABE work, a user knows whether attributes and a hidden policy match or not only after repeating decryption attempts. And, each decryption usually requires many pairings and the computation overhead grows with the complexity of the access formula. Hence, existing schemes suffer a severe efficiency drawback and are not suitable for mobile cloud computing where users may be resource-constrained.In this paper, we propose a novel technique called match-then-decrypt, in which a matching phase is additionally introduced before the decryption phase. This technique works by computing special components in ciphertexts, which are used to perform the test that if the attribute private key matches the hidden access policy in ciphertexts without decryption. For the sake of fast decryption, special attribute secret key components are generated which allow aggregation of pairings during decryption. We propose a basic anonymous ABE construction, and then obtain a security-enhanced extension based on strongly existentially unforgeable one-time signatures. In the proposed constructions, the computation cost of an attribute matching test is less than one decryption operation, which only needs small and constant number of pairings. Formal security analysis and performance comparisons indicate that the proposed solutions simultaneously ensure attribute privacy and improve decryption efficiency for outsourced data storage in mobile cloud computing.

Towards the design of a secure data outsourcing using fragmentation and secret sharing scheme

ABSTRACTDatabase outsourcing is a new model that offers reliable storage and efficient query execution to clients. Maintaining the confidentiality of data from the service provider is the challenge presented by the growth of database outsourcing. The current approaches for secure database outsourcing are based on encryption. Such approaches impose high computational load on the server. In this paper, we propose a new model based on fragmentation and a secret sharing scheme which partition data among multiple cloud service providers. The privacy requirements are formulated as confidentiality constraints expressing the sensitivity of attributes and their associations. The fragmentation is used to break the sensitive associations among attributes and secret sharing scheme is used to split the values of sensitive attributes among fragments using interpolation. Experimental results show that our proposed model offers better privacy protection from service providers and executes queries efficiently by reducing the computation and communication overhead.

Efficient Multi-keyword Ranked Search over Outsourced Cloud Data based on Homomorphic Encryption

With the development of cloud computing, more and more data owners are motivated to outsource their data to the cloud server for great flexibility and less saving expenditure. Because the security of outsourced data must be guaranteed, some encryption methods should be used which obsoletes traditional data utilization based on plaintext, e.g. keyword search. To solve the search of encrypted data, some schemes were proposed to solve the search of encrypted data, e.g. top-k single or multiple keywords retrieval. However, the efficiency of these proposed schemes is not high enough to be impractical in the cloud computing. In this paper, we propose a new scheme based on homomorphic encryption to solve this challenging problem of privacy-preserving efficient multi-keyword ranked search over outsourced cloud data. In our scheme, the inner product is adopted to measure the relevance scores and the technique of relevance feedback is used to reflect the search preference of the data users. Security analysis shows that the proposed scheme can meet strict privacy requirements for such a secure cloud data utilization system. Performance evaluation demonstrates that the proposed scheme can achieve low overhead on both computation and communication.

New access control systems based on outsourced attribute-based encryption1

As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for outsourced data security and privacy. Attribute-based encryption (ABE) is a promising cryptographic primitive, which has been widely applied to design fine-grained access control system recently. However, ABE is criticized for its high scheme overhead as the computational cost grows with the complexity of the access formula. This disadvantage becomes more serious for mobile devices with constrained computing resources. Aiming at tackling the challenge above, we present a generic and efficient solution to implement attribute-based access control system by introducing secure outsourcing techniques into ABE. More precisely, two cloud service providers (CSPs), namely key generation-cloud service provider (KG-CSP) and decryption-cloud service provider (D-CSP) are introduced to perform the outsourced key-issuing and decryption on behalf of attribute authority and users respectively. In order to outsource heavy computation to both CSPs without private information leakage, we formalize an underlying primitive called outsourced ABE (OABE) and propose several constructions with outsourced decryption and key-issuing. Finally, extensive experiment demonstrates that with the help of KG-CSP and D-CSP, efficient key-issuing and decryption are achieved in our constructions.