Security Of Outsourced Data Research Articles

Authorized Keyword Search over Outsourced Encrypted Data in Cloud Environment

This project focuses on developing a secure and efficient mechanism for authorized keyword search over encrypted data outsourced to a cloud environment. With the increasing popularity of cloud computing, data owners are often required to outsource their data to cloud servers for storage and processing. However, the security of outsourced data is a major concern due to the possibility of unauthorized access by cloud providers or malicious attackers. To address this problem, the proposed system introduced a novel expressive authorized keyword search scheme relying on the concept of ciphertext-policy attribute-based encryption. The mechanism also incorporates access control policies to ensure that only authorized users can perform the search operation. Experimental results demonstrate that the proposed mechanism can achieve high search efficiency while maintaining strong security guarantees

Authorized Keyword Search on Mobile Devices in Secure Data Outsourcing

Authorized Keyword Search on Mobile Devices in Secure Data Outsourcing

Trusted Certified Auditor Using Cryptography for Secure Data Outsourcing and Privacy Preservation in Fog-Enabled VANETs

Trusted Certified Auditor Using Cryptography for Secure Data Outsourcing and Privacy Preservation in Fog-Enabled VANETs

A portable blind cloud storage scheme against compromised servers

Applications (Apps) generate large amounts of data on users’ storage-limited local devices. To alleviate the burden of local storage, users can outsource their App-generated data to a remote cloud server. Secure data outsourcing needs data portability and blindness. The former enables users to access data from multiple devices using a single password, and the latter ensures data privacy against unauthorized individuals. Portable blind cloud storage (PBCS) can satisfy both requirements. However, existing PBCS schemes are vulnerable to offline password guessing attacks (OPGA) if both the App server and the cloud server are compromised: an adversary can learn users’ passwords from compromised registered information of users. In this paper, we propose a PBCS scheme called IPBCS that is secure against OPGA. In IPBCS, a user hardens her/his password with a secret key, which is stored in trusted execution environments (TEE). With the hardened password and a user-specific randomness, a token can be derived for user authentication. By adopting TEE to protect secret keys, IPBCS guarantees security against OPGA even if both servers are compromised. Moreover, IPBCS adopts a password-based authentication mechanism to support authentication over public channels. Security analysis and performance evaluation demonstrate that IPBCS is secure and efficient.

EStore: A User-Friendly Encrypted Storage Scheme for Distributed File Systems.

In this paper, we propose a user-friendly encrypted storage scheme named EStore, which is based on the Hadoop distributed file system. Users can make use of cloud-based distributed file systems to collaborate with each other. However, most data are processed and stored in plaintext, which is out of the owner's control after it has been uploaded and shared. Meanwhile, simple encryption guarantees the confidentiality of uploaded data but reduces availability. Furthermore, it is difficult to deal with complex key management as there is the problem whereby a single key encrypts different files, thus increasing the risk of leakage. In order to solve the issues above, we put forward an encrypted storage model and a threat model, designed with corresponding system architecture to cope with these requirements. Further, we designed and implemented six sets of protocols to meet users' requirements for security and use. EStore manages users and their keys through registration and authentication, and we developed a searchable encryption module and encryption/decryption module to support ciphertext retrieval and secure data outsourcing, which will only minimally increase the calculation overhead of the client and storage redundancy. Users are invulnerable compared to the original file system. Finally, we conducted a security analysis of the protocols to demonstrate that EStore is feasible and secure.

Privacy-Preserving Multi-Range Queries for Secure Data Outsourcing Services

Encrypted range query schemes that enable range-based searches over encrypted data have become an effective solution for secure data outsourcing services. However, existing schemes are still inadequate on desired functionality and security. Specifically, supporting efficient multi-range queries while hiding the data ordering leakage remains a challenging research problem. Existing works on order-hiding query schemes only work for encrypted single-range search and incur significant computational overhead due to the protection of the ordering information. In this paper, we present a privacy-preserving multi-range query scheme that can address the above problems simultaneously. It not only enables efficient multi-range queries over encrypted data but also guarantees the privacy of ordering information. To protect the ordering leakage, our design adopts an Order-hiding Encoding (OHE) scheme to support multi-range obfuscation. In addition, a novel order-hiding KD-tree index structure is designed as the core technique underlying our scheme, which accelerates efficient multi-range queries and obfuscates ordering information of encrypted values. Finally, the formal security analysis confirms that our proposed multi-range query scheme is secure in the random oracle model. The extensive experimental results conducted on real-world datasets demonstrate the practicality of our design.

A novel smart multilevel security approach for secure data outsourcing in crisis.

The Interconnected Network or the Internet has revolutionized digital communications. It has expanded worldwide over the past four decades due to numerous features such as connectivity, transparency, hierarchy, and openness. Several drawbacks, including mobility, scalability, controllability, security, etc., have been presented due to continuous developments. Although several network paradigms exist to address such drawbacks, many issues still persist. This research proposed a future network paradigm that addresses multilevel security shortcomings. It suggested the following: (i) a two-router network-based cyber security architecture for multilevel data sharing; (ii) using a scheduler to deal with the multilevel transmitted packets scheduling problem; (iii) five algorithms for the studied difficult problem; and (iv) providing an experimental result to show the optimal results obtained by the developed algorithms and comparing it with algorithms in the literature. The experimental result shows that the random-grouped classification with shortest scheduling algorithm (RGS) performed the best at 37.7% with a gap of 0.03. This result proves the practicality of our approach in terms of two-machine scheduling problems.

Secure data outsourcing based on seed-residual shares and order-shuffling encryption

Secure data outsourcing based on seed-residual shares and order-shuffling encryption

Dynamic Data Integrity Auditing Based on Hierarchical Merkle Hash Tree in Cloud Storage

In cloud storage mode, users lose physical control over their data. To enhance the security of outsourced data, it is vital to audit the data integrity of the data owners. However, most of the current audit protocols have a single application scenario and cannot accommodate the actual needs of individuals and enterprises. In this research, a safe and efficient auditing scheme is proposed that is based on a hierarchical Merkle tree. On the one hand, we use a hierarchical authentication data structure and local signature aggregation technique to reduce the scale of the Merkle tree. In addition, authoritative nodes are introduced to reduce the length of the authentication path and improve the update efficiency. On the other hand, we introduce a monitoring mechanism that is based on the original data integrity auditing model to analyze the cloud data, which improves the transparency and credibility of cloud service providers. In addition, we achieve incomplete data recovery through log analysis, which greatly reduces the number of replicas of files under the premise of multi-copy auditing, reduces the burden on cloud service providers, and improves the fairness of audit protocols. The theoretical analysis and experimental comparison prove that the method is secure and efficient. It can effectively reduce the computational overhead and storage overhead in integrity auditing.

Lightweight Fine-Grained Multiowner Search over Encrypted Data in Cloud-Edge Computing

Edge computing, as an extension of cloud computing, outsources encrypted sensitive data to edge nodes to decrease latency and improve broadband efficiency. Although attribute-based keyword search (ABKS) can ensure the security of outsourced data and promote fine-grained access control of data, deficiencies still exist under the general ABKS scheme in the cloud, as follows: shared files owned by a single data owner, inflexible access control, key escrow problem, and high computational overhead. We propose an attribute-based multidata owner searchable encryption scheme in cloud-edge computing with effective policy update to address these problems. The two-level access control is used to realize the common management and fine-grained sharing of data by the multidata owner. All user keys are jointly generated by the central authority and attribute authority, and a key escrow is no longer required. Moreover, partial encryption and decryption calculations are shifted from resource-constrained data owners and users to edge nodes. Furthermore, our scheme not only supports policy update but also realizes the dynamic updating of the index. The security proof and performance analysis show that the scheme has strong security and practicality in the edge computing environment.

Study and Analysis of Various Cloud Security, Authentication, and Data Storage Models

In recent days, widespread acceptance of cloud data storage applications increases various privacy problems and security problems. Outsourced data security is considered the main confrontation for cloud clients because of data control loss. This review presents a detailed survey of 50 research papers presenting privacy preservation approaches, namely authentication-based, cloud security-based, data storage-based, data security-based, and encryption-based techniques. The analysis is considered based on the categorization of approaches, dataset employed, utilized software tools, published year, and the performance metrics are discussed. Furthermore, problems raised in existing privacy preservation techniques are elucidated in the research gaps and problems section. The future work of this study is based on the research gaps and problems recognized from present research schemes. Additionally, JAVA software language is widely utilized for implementing privacy preservation models, and the Amazon access sample database is a commonly employed dataset for the privacy preservation approach.

Secure search scheme for encrypted data in the VANET cloud with random query trapdoor

ABSTRACT Integration of the Vehicular Adhoc Network (VANET) with cloud computing has played an important role in aiding the safety of vehicle drivers and passengers. Due to the dynamic nature of the vehicles and wireless communication, achieving security of outsourced data is still a major challenge in the vehicular cloud. The encryption of sensitive data prior to outsourcing is an elementary approach to achieve data confidentiality. However, it is difficult for users to search over encrypted data using customary search techniques. In this paper, we propose a secure search scheme by empowering the data users to create a random query trapdoor. We make use of the bloom filter and bilinear pairing operation to construct a secure index for keywords of each data file, which enables the vehicular cloud to carry out a search without deriving any helpful information about the query. We use the SIMITS2 simulator to implement the proposed scheme and test the performance in terms of key generation time, secure index construction time, trapdoor generation time and search time. The proposed scheme performs better than existing searchable encryption technologies based on hashing and attribute-based encryption.

Verifiable Fuzzy Multi-keyword Search over Encrypted Data with Adaptive Security

To ensure the security of outsourced data without affecting data availability, one can use Symmetric Searchable Encryption (SSE) to achieve search over encrypted data. Considering that query users may search with misspelled words, the fuzzy search should be supported. However, conventional privacy-preserving fuzzy multi-keyword search schemes are incapable of achieving the result verification and adaptive security. To solve the above challenging issues, in this paper we propose a Verifiable Fuzzy multi-keyword Search scheme with Adaptive security (VFSA). VFSA first employs the locality sensitive hashing to hash the misspelled and correct keywords to the same positions, then designs a twin Bloom filter for each document to store and mask all keywords contained in the document, next constructs an index tree based on the graph-based keyword partition algorithm to achieve adaptive sublinear retrieval, finally combines the Merkle hash tree structure with the adapted multiset accumulator to check the correctness and completeness of search results. Our formal security analysis shows that VFSA is secure under the IND-CKA2 model and achieves query authentication. Our empirical experiments using the real-world dataset demonstrate the practicality of VFSA.

Secure data outsourcing in presence of the inference problem: A graph-based approach

In light of the emergence of Database-as-a-Service paradigm, secure data outsourcing has become one of the crucial challenges which strongly imposes itself. In such a scenario, access control is considered as a major challenge. In fact, access control policies of the data owner must be preserved when data is moved to the cloud. Here, we address this problem by considering inference leakage that could be produced by exploiting functional dependencies. The proposed approach is based on vertical partitioning to produce a set of secure sub-schemas stored in separated partitions in the distributed system. Then, we extend this approach by presenting a secure query processing model to preserve access control policies when querying data from distributed partitions. The effectiveness of our algorithms is confirmed through observations from a variety of conducted experiments.

PRUDA: A Novel Measurement Attribute Set towards Robust Steganography in Social Networks

Cloud services have become an increasingly popular solution to provide different services to clients. More and more data are outsourced to the cloud for storage and computing. With this comes concern about the security of outsourced data. In recent years, homomorphic encryption, blockchain, steganography, and other technologies have been applied to the security and forensics of outsourced data. While encryption technologies such as homomorphic encryption and blockchain scramble data so that they cannot be understood, steganography hides the data so that they cannot be observed. Traditional steganography assumes that the environment is lossless. Robust steganography is grounded in traditional steganography and is proposed based on a real lossy social network environment. Thus, researchers, who study robust steganography, believe that the measurement should follow traditional steganography. However, the application scenario of robust steganography breaks through the traditional default lossless environment premise. It brings about changes in the focus of steganography algorithms. Simultaneously, the existing steganography methods miss the evaluation of applicability and ease of use. In this paper, “default parameters” are observed by comparing the process of robust image steganography with traditional image steganography. The idea of “perfecting default parameters” is proposed. Based on this, the attribute set of measuring robust image steganography is presented. We call it PRUDA (Payload, Robustness, ease of Use, antiDetection, and Applicability). PRUDA perfects default parameters observed in the process of traditional steganography algorithms. Statistics on image processing attacks in mobile social apps and analyses on existing algorithms have verified that PRUDA is reasonable and can better measure a robust steganography method in practical application scenarios.

Secure and verifiable outsourced data dimension reduction on dynamic data

Dimensionality reduction aims at reducing redundant information in big data and hence making data analysis more efficient. Resource-constrained enterprises or individuals often outsource this time-consuming job to the cloud for saving storage and computing resources. However, due to inadequate supervision, the privacy and security of outsourced data have been a serious concern to data owners. In this paper, we propose a privacy-preserving and verifiable outsourcing scheme for data dimension reduction, based on incremental Non-negative Matrix Factorization (NMF) method. We emphasize the importance of incremental data processing, exploiting the properties of NMF to enable data dynamics in consideration of data updating in reality. Besides, our scheme can also maintain data confidentiality and provide verifiability of the computation result. Experiment evaluation has shown that the proposed scheme achieves high efficiency, saving about more than 80% computation time for clients.

A novel audio steganography technique integrated with a symmetric cryptography: a protection mechanism for secure data outsourcing

Data transfer over the internet is a very common process and security of this data is everyone's responsibility. Many techniques are available to secure such confidential data. Among them, cryptogr...

A novel audio steganography technique integrated with a symmetric cryptography: a protection mechanism for secure data outsourcing

A novel audio steganography technique integrated with a symmetric cryptography: a protection mechanism for secure data outsourcing

Analysis and Enhancement of a Lattice-Based Data Outsourcing Scheme With Public Integrity Verification

Recently, Zhang <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> proposed a lattice-based data outsourcing scheme with public integrity verification (DOPIV), which enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. They employed a third party auditor (TPA) to check the integrity of the outsourced data and any TPA can verify the data integrity efficiently. DOPIV is claimed to achieve proxy-oriented secure data outsourcing as well as storage correctness guarantee. Unfortunately, we find that there exist vulnerabilities in DOPIV which allow the cloud server to simply delete the received data without being noticed by the TPA. Fortunately, we come up with a simple and efficient solution to thwart the proposed attack. Our improved scheme maintains all the features claimed in DOPIV.

Secure data outsourcing in presence of the inference problem: issues and directions

ABSTRACT With the emergence of cloud computing paradigms, secure data outsourcing has become one of the crucial challenges which strongly imposes itself. Data owners place their data among cloud service providers in order to increase flexibility, optimize storage, enhance data manipulation and decrease processing time. Nevertheless, from a security point of view, access control is a major challenge in this situation seeing that the security policy of the data owner must be preserved when data is moved to the cloud. Nonetheless, the lack of a comprehensive and systematic review motivated us to construct this reviewing paper on this research problem. Here, we discuss current and emerging research on privacy and confidentiality concerns in data outsourcing and pinpoint potential issues that are still unresolved.