Junjie Shi,Yuan Zhang,Sheng Zhong

DOI: https://doi.org/10.48550/arxiv.1502.00389

2015-01-01

Abstract:Since the advent of software defined networks (SDN), there have been many attempts to outsource the complex and costly local network functionality, i.e. the middlebox, to the cloud in the same way as outsourcing computation and storage. The privacy issues, however, may thwart the enterprises' willingness to adopt this innovation since the underlying configurations of these middleboxes may leak crucial and confidential information which can be utilized by attackers. To address this new problem, we use firewall as an sample functionality and propose the first privacy preserving outsourcing framework and schemes in SDN. The basic technique that we exploit is a ground-breaking tool in cryptography, the cryptographic multilinear map. In contrast to the infeasibility in efficiency if a naive approach is adopted, we devise practical schemes that can outsource the middlebox as a blackbox after obfuscating it such that the cloud provider can efficiently perform the same functionality without knowing its underlying private configurations. Both theoretical analysis and experiments on real-world firewall rules demonstrate that our schemes are secure, accurate, and practical.

Peipei Jiang,Qian Wang,Muqi Huang,Cong Wang,Qi Li,Chao Shen,Kui Ren

DOI: https://doi.org/10.1109/jproc.2021.3127277

IF: 20.6

2021-12-01

Proceedings of the IEEE

Abstract:Network function virtualization (NFV) has been promising to improve the availability, programmability, and flexibility of network function deployment and communication facilities. Meanwhile, with the advancements of cloud technologies, there has been a trend to outsource network functions through virtualization to a cloud service provider, so as to alleviate the local burdens on provisioning and managing such hardware resources. Promising as it is, redirecting the communication traffic to a third-party service provider has drawn various security and privacy concerns. Traditional end-to-end encryption can protect the traffic in transmit, but it also hinders data usability. This dilemma has raised wide interests from both industry and academia, and great efforts have been made to realize privacy-preserving network function outsourcing that can guarantee the confidentiality of network communications while preserving the ability to inspect the traffic. In this article, we conduct a comprehensive survey of the state-of-the-art literature on network function outsourcing, with a special focus on privacy and security issues. We first give a brief introduction to NFV and pinpoint its challenges and security risks in the cloud context. Then, we present detailed descriptions and comparisons of existing secure network function outsourcing schemes in terms of functionality, efficiency, and security. Finally, we conclude by discussing possible future research directions.

engineering, electrical & electronic

WEI Lingbo,FENG Xiaobing,ZHANG Chi,SHENG Hualong,YU Nenghai

DOI: https://doi.org/10.11959/j.issn.1000-436x.2018057

2018-01-01

Abstract:Due to the problem of high cost and limited scalability of dedicated hardware middleboxes, it is popular for enterprises to outsource middleboxes as software processes to the cloud service provider. In the current network function outsourcing schemes, the cloud service provider requires the enterprise's communication traffic and network strategy which poses a serious threat to the enterprise's piracy. Based on prefix-preserving encryption, a privacy preserving net-work function outsourcing system was proposed. Compared with other similar schemes, the system not only realizes the privacy protection of communication traffic, but also has higher throughput and lower delay.

Cong Wang,Kui Ren,Jia Wang

DOI: https://doi.org/10.1109/tc.2015.2417542

IF: 3.183

2016-01-01

IEEE Transactions on Computers

Abstract:Cloud computing enables an economically promising paradigm of computation outsourcing. However, how to protect customers confidential data processed and generated during the computation is becoming the major security concern. Focusing on engineering computing and optimization tasks, this paper investigates secure outsourcing of widely applicable linear programming (LP) computations. Our mechanism design explicitly decomposes LP computation outsourcing into public LP solvers running on the cloud and private LP parameters owned by the customer. The resulting flexibility allows us to explore appropriate security/efficiency tradeoff via higher-level abstraction of LP computation than the general circuit representation. Specifically, by formulating private LP problem as a set of matrices/vectors, we develop efficient privacy-preserving problem transformation techniques, which allow customers to transform the original LP into some random one while protecting sensitive input/output information. To validate the computation result, we further explore the fundamental duality theorem of LP and derive the necessary and sufficient conditions that correct results must satisfy. Such result verification mechanism is very efficient and incurs close-to-zero additional cost on both cloud server and customers. Extensive security analysis and experiment results show the immediate practicability of our mechanism design.

Lifeng Zhou,Chunguang Li

DOI: https://doi.org/10.1109/access.2016.2535103

IF: 3.9

2016-01-01

IEEE Access

Abstract:Cloud computing enables customers with limited computational resources to outsource their huge computation workloads to the cloud with massive computational power. However, in order to utilize this computing paradigm, it presents various challenges that need to be addressed, especially security. As eigen-decomposition (ED) and singular value decomposition (SVD) of a matrix are widely applied in engineering tasks, we are motivated to design secure, correct, and efficient protocols for outsourcing the ED and SVD of a matrix to a malicious cloud in this paper. In order to achieve security, we employ efficient privacy-preserving transformations to protect both the input and output privacy. In order to check the correctness of the result returned from the cloud, an efficient verification algorithm is employed. A computational complexity analysis shows that our protocols are highly efficient. We also introduce an outsourcing principle component analysis as an application of our two proposed protocols.

G. Vidhisha,C. Surekha,S. Sanjeeva Rayudu,U. Seshadri

DOI: https://doi.org/10.48550/arXiv.1211.1457

2012-11-07

Abstract:Cloud computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. we utilize the public key based homomorphism authenticator and uniquely integrate it with random mask technique to achieve a privacy-preserving public auditing system for cloud data storage security while keeping all above requirements in mind. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously along with investigates secure outsourcing of widely applicable linear programming (LP) computations. In order to achieve practical efficiency, our mechanism design explicitly decomposes the LP computation outsourcing into public LP solvers running on the cloud and private LP parameters owned by the customer Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Cong Wang,Kui Ren,Jia Wang

DOI: https://doi.org/10.1109/infcom.2011.5935305

2011-01-01

Abstract:Cloud computing enables customers with limited computational resources to outsource large-scale computational tasks to the cloud, where massive computational power can be easily utilized in a pay-per-use manner. However, security is the major concern that prevents the wide adoption of computation outsourcing in the cloud, especially when end-user's confidential data are processed and produced during the computation. Thus, secure outsourcing mechanisms are in great need to not only protect sensitive information by enabling computations with encrypted data, but also protect customers from malicious behaviors by validating the computation result. Such a mechanism of general secure computation outsourcing was recently shown to be feasible in theory, but to design mechanisms that are practically efficient remains a very challenging problem. Focusing on engineering computing and optimization tasks, this paper investigates secure outsourcing of widely applicable linear programming (LP) computations. In order to achieve practical efficiency, our mechanism design explicitly decomposes the LP computation outsourcing into public LP solvers running on the cloud and private LP parameters owned by the customer. The resulting flexibility allows us to explore appropriate security/efficiency tradeoff via higher-level abstraction of LP computations than the general circuit representation. In particular, by formulating private data owned by the customer for LP problem as a set of matrices and vectors, we are able to develop a set of efficient privacy-preserving problem transformation techniques, which allow customers to transform original LP problem into some random one while protecting sensitive input/output information. To validate the computation result, we further explore the fundamental duality theorem of LP computation and derive the necessary and sufficient conditions that correct result must satisfy. Such result verification mechanism is extremely efficient and incurs close-to-zero additional cost on both cloud server and customers. Extensive security analysis and experiment results show the immediate practicability of our mechanism design.

Xirong Ma,Chuan Li,Yuchang Hu,Yunting Tao,Yali Jiang,Yanbin Li,Fanyu Kong,Chunpeng Ge

2024-07-09

Abstract:The demand for processing vast volumes of data has surged dramatically due to the advancement of machine learning technology. Large-scale data processing necessitates substantial computational resources, prompting individuals and enterprises to turn to cloud services. Accompanying this trend is a growing concern regarding data leakage and misuse. Homomorphic encryption (HE) is one solution for safeguarding data privacy, enabling encrypted data to be processed securely in the cloud. However, the encryption and decryption routines of some HE schemes require considerable computational resources, presenting non-trivial work for clients. In this paper, we propose an outsourced decryption protocol for the prevailing RLWE-based fully homomorphic encryption schemes. The protocol splits the original decryption into two routines, with the computationally intensive part executed remotely by the cloud. Its security relies on an invariant of the NTRU-search problem with a newly designed blinding key distribution. Cryptographic analyses are conducted to configure protocol parameters across varying security levels. Our experiments demonstrate that the proposed protocol achieves up to a $67\%$ acceleration in the client's local decryption, accompanied by a $50\%$ reduction in space usage.

Cryptography and Security

Cong Wang,Xingliang Yuan,Yong Cui,Kui Ren

DOI: https://doi.org/10.1109/mnet.2017.1700060

IF: 10.294

2017-01-01

IEEE Network

Abstract:Modern enterprise networks heavily rely on ubiquitous network middleboxes for advanced traffic processing such as deep packet inspection, traffic classification, and load balancing. Recent advances in NFV have pushed forward the paradigm of migrating in-house middleboxes to third-party providers as software-based services for reduced cost yet increased scalability. Despite its potential, this new service model also raises new security and privacy concerns, as traffic is now redirected and processed in an untrusted environment. In this article, we survey recent efforts in the direction of enabling secure outsourced middlebox functions, and identify open challenges for researchers and practitioners to further investigate solutions toward secure middlebox services.

Kai Fan,Tingting Liu,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.jpdc.2019.09.008

IF: 4.542

2020-01-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the development of computer technology, it makes malicious users more easily get data stored in cloud. However, these data are always related to users' privacy, and it is harmful when the data are acquired by attackers. Ciphertext-policy attribute-based encryption (CP-ABE) is suitable to achieve privacy and security in cloud. In this paper, we put forward a secure and efficient outsourced computation algorithm on data sharing scheme for privacy computing. Existing schemes only outsource decryption computation to the cloud, users still have heavy burden in encryption. In order to reduce the computing burden of users, most encryption and decryption computations are outsourced to the cloud service provider in our construction. At the same time, to apply in practice, we propose efficient user and attribute revocation. Finally, the security analysis and simulation results show that our scheme is secure and efficient compared with existing schemes.</p>

computer science, theory & methods

Minghao Zhao,Chengyu Hu,Xiangfu Song,Chuan Zhao

DOI: https://doi.org/10.1016/j.jnca.2019.01.021

IF: 7.574

2019-01-01

Journal of Network and Computer Applications

Abstract:Cloud computing provides the clients with diversified services in a flexible manner. Recently, the cloud platforms have been the basic underling-support for The IoT and mobile computing. The client outsources data storage or computation overhead to the cloud, which accordingly yields a new computing paradigm – the outsourced computing. In such a scenario, the clients hope to acquire the service quality, and wish to not leak their sensitive data to the cloud service provider. Thus, the trustworthy (verifiability) and privacy has been a hot issue for outsourced computing. In this survey, we systematically present the cryptographic methods for ensuring verifiability and privacy. We first describe the research advancement in verifiable computing and the cryptographic primitives for privacy-preserving techniques; and then, taking outsourcing cryptographic operations as an example, to show how them primitives can be integrated to achieve a dependable and privacy-preserving outsourced computing scheme. This paper bridges the gap between the theoretical cryptographic research and engineering secure cloud computing systems.

Huazhe Wang,Xin Li,Yu Zhao,Ye Yu,Hongkun Yang,Chen Qian

DOI: https://doi.org/10.48550/arXiv.1606.07079

2016-06-22

Networking and Internet Architecture

Abstract:There is an increasing trend that enterprises outsource their network functions to the cloud for lower cost and ease of management. However, network function outsourcing brings threats to the privacy of enterprises since the cloud is able to access the traffic and rules of in-cloud network functions. Current tools for secure network function outsourcing either incur large performance overhead or do not support real-time updates. In this paper, we present SICS, a secure service function chain outsourcing framework. SICS encrypts each packet header and use a label for in-cloud rule matching, which enables the cloud to perform its functionalities correctly with minimum header information leakage. Evaluation results show that SICS achieves higher throughput, faster construction and update speed, and lower resource overhead at both enterprise and cloud sides, compared to existing solutions.

Lifeng Zhou,Chunguang Li

DOI: https://doi.org/10.1109/access.2015.2505720

IF: 3.9

2015-01-01

IEEE Access

Abstract:Cloud computing provides service for resource-constrained customers to perform large-scale scientific computation. However, it also brings some new challenges, which have to be considered in designing outsourcing protocols. In recent years, a few outsourcing protocols have been proposed for different kinds of problems. Quadratic programming (QP) is a class of mathematical optimization problem, and solving a large-scale QP problem requires a large amount of computation. Thus, there is a great need for customer to outsource large-scale QP problem to cloud. In this paper, we design a secure, verifiable, and efficient outsourcing protocol for QP problem. For security consideration, we encrypt the matrices and vectors contained in the QP problem in an efficient way. After cloud computing, we decrypt the result to get the ultimate solution. To ensure correctness, we verify the result returned by the cloud through Karush Kuhn Tucker conditions that are the necessary and sufficient conditions for the optimal solution. We also present complexity analysis and numerical simulations to illustrate the efficiency of our outsourcing protocol.

Fangguo Zhang,Xu Ma,Shengli Liu

DOI: https://doi.org/10.1016/j.ins.2014.07.017

IF: 8.1

2014-01-01

Information Sciences

Abstract:The rise of cloud computing and the proliferation of mobile devices make computation outsourcing popular. However, the servers are not fully trusted, and a critical problem is the verifiability and privacy of such computations. Although some computation outsourcing schemes provided a general method, the complicated cryptographic tools involved result in great inefficiency. The existing efficient computation outsourcing schemes however aim only at a specific computation task, lacking in generality. In this paper, we show how to construct a generic outsourcing computation scheme for inverting a class of homomorphic functions with computation disequilibrium. Extensive analysis shows that many cryptographic computations fall into this category. The formal security analysis proves that our scheme satisfies verifiability, input and output privacy in information-theoretic sense. Since the construction of our scheme tactfully takes advantage of the intrinsic property of the computation task being outsourced, no public key operations are used in the scheme, thus our solution clearly outperforms the existing schemes in terms of efficiency. In addition, we instantiate our generic construction with concrete examples, and the experimental result testifies the efficiency of our construction.

Hisham Abdallai,Xiong Hu,Abubaker Wahaballa,Nabeil Eltayieb,Mohammed Ramadan,Qin Zhiguang

DOI: https://doi.org/10.1109/ICOACS.2016.7563117

2016-01-01

Abstract:With the rapid development in cloud computing, public cloud data sharing concept has been extending and expanding by many scholars. In 2014, Liang et al. proposed a general notion for proxy re-encryption (PRE), which is called deterministic finite automata-based functional PRE (DFA-based FPRE). Motivated by the issues of efficiency and flexibility associated with this new primitive, we propose outsourcing decryption scheme to increase the flexibility of users by delegating their decryption rights to the semi trusted proxy. Through analysis we showed that our scheme is provably secure and efficient.

David Sánchez,Montserrat Batet

DOI: https://doi.org/10.1016/j.comcom.2017.06.012

2017-07-03

Abstract:Even though cloud computing provides many intrinsic benefits, privacy concerns related to the lack of control over the storage and management of the outsourced data still prevent many customers from migrating to the cloud. Several privacy-protection mechanisms based on a prior encryption of the data to be outsourced have been proposed. Data encryption offers robust security, but at the cost of hampering the efficiency of the service and limiting the functionalities that can be applied over the (encrypted) data stored on cloud premises. Because both efficiency and functionality are crucial advantages of cloud computing, in this paper we aim at retaining them by proposing a privacy-protection mechanism that relies on splitting (clear) data, and on the distributed storage offered by the increasingly popular notion of multi-clouds. We propose a semantically-grounded data splitting mechanism that is able to automatically detect pieces of data that may cause privacy risks and split them on local premises, so that each chunk does not incur in those risks; then, chunks of clear data are independently stored into the separate locations of a multi-cloud, so that external entities cannot have access to the whole confidential data. Because partial data are stored in clear on cloud premises, outsourced functionalities are seamlessly and efficiently supported by just broadcasting queries to the different cloud locations. To enforce a robust privacy notion, our proposal relies on a privacy model that offers a priori privacy guarantees; to ensure its feasibility, we have designed heuristic algorithms that minimize the number of cloud storage locations we need; to show its potential and generality, we have applied it to the least structured and most challenging data type: plain textual documents.

Cryptography and Security

Zihao Shan,Kui Ren,Marina Blanton,Cong Wang

DOI: https://doi.org/10.1145/3158363

IF: 16.6

2019-03-31

ACM Computing Surveys

Abstract:The rapid development of cloud computing promotes a wide deployment of data and computation outsourcing to cloud service providers by resource-limited entities. Based on a pay-per-use model, a client without enough computational power can easily outsource large-scale computational tasks to a cloud. Nonetheless, the issue of security and privacy becomes a major concern when the customer’s sensitive or confidential data is not processed in a fully trusted cloud environment. Recently, a number of publications have been proposed to investigate and design specific secure outsourcing schemes for different computational tasks. The aim of this survey is to systemize and present the cutting-edge technologies in this area. It starts by presenting security threats and requirements, followed with other factors that should be considered when constructing secure computation outsourcing schemes. In an organized way, we then dwell on the existing secure outsourcing solutions to different computational tasks such as matrix computations, mathematical optimization, and so on, treating data confidentiality as well as computation integrity. Finally, we provide a discussion of the literature and a list of open challenges in the area.

computer science, theory & methods

Xian Guo,Ye Li,Yongbo Jiang,Jing Wang,Junli Fang

DOI: https://doi.org/10.3390/cryptography7040059

2023-11-17

Cryptography

Abstract:In recent years, many companies have chosen to outsource data and other data computation tasks to cloud service providers to reduce costs and increase efficiency. However, there are risks of security and privacy breaches when users outsource data to a cloud environment. Many researchers have proposed schemes based on cryptographic primitives to address these risks under the assumption that the cloud is a semi-honest participant and query users are honest participants. However, in a real-world environment, users’ data privacy and security may be threatened by the presence of malicious participants. Therefore, a novel scheme based on secure multi-party computation is proposed when attackers gain control over both the cloud and a query user in the paper. We prove that our solution can satisfy our goals of security and privacy protection. In addition, our experimental results based on simulated data show feasibility and reliability.

D. Selvaraj,S. M. Udhaya Sankar,D. Dhinakaran,T. P. Anish

DOI: https://doi.org/10.14445/23488379/IJEEE-V10I1P105

2023-04-21

Abstract:Huge diagrams have unique properties for organizations and research, such as client linkages in informal organizations and customer evaluation lattices in social channels. They necessitate a lot of financial assets to maintain because they are large and frequently continue to expand. Owners of large diagrams may need to use cloud resources due to the extensive arrangement of open cloud resources to increase capacity and computation flexibility. However, the cloud's accountability and protection of schematics have become a significant issue. In this study, we consider calculations for security savings for essential graph examination practices: schematic extraterrestrial examination for outsourcing graphs in the cloud server. We create the security-protecting variants of the two proposed Eigen decay computations. They are using two cryptographic algorithms: additional substance homomorphic encryption (ASHE) strategies and some degree homomorphic encryption (SDHE) methods. Inadequate networks also feature a distinctively confidential info adaptation convention to allow the trade-off between secrecy and data sparseness. Both dense and sparse structures are investigated. According to test results, calculations with sparse encoding can drastically reduce information. SDHE-based strategies have reduced computing time, while ASHE-based methods have reduced stockpiling expenses.

Cryptography and Security

Jun Gao,Jeffrey Xu Yu,Ruoming Jin,Jiashuai Zhou,Tengjiao Wang,Dongqing Yang

DOI: https://doi.org/10.1007/s00778-012-0304-8

2013-01-01

The VLDB Journal

Abstract:With the advent of cloud computing, it becomes desirable to outsource graphs into cloud servers to efficiently perform complex operations without compromising their sensitive information. In this paper, we take the shortest distance computation as a case to investigate the technique issues in outsourcing graph operations. We first propose a parameter-free, edge-based 2-HOP delegation security model (shorten as 2-HOP delegation model), which can greatly reduce the chances of the structural pattern attack and the graph reconstruction attack. We then transform the original graph into a link graph G_l kept locally and a set of outsourced graphs 𝒢 _o . Our objectives include (i) ensuring each outsourced graph meeting the requirement of 2-HOP delegation model, (ii) making shortest distance queries be answered using G_l and 𝒢 _o , (iii) minimizing the space cost of G_l . We devise a greedy method to produce G_l and 𝒢 _o , which can exactly answer shortest distance queries. We also develop an efficient transformation method to support approximate shortest distance answering under a given average additive error bound. The experimental results illustrate the effectiveness and efficiency of our method.