Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Qianqian Jia,Run-hua Shi,Huijie Li

DOI: https://doi.org/10.1088/1402-4896/ad69e0

2024-08-02

Physica Scripta

Abstract:Cloud computing, as a popular technology in recent years, has greatly facilitated the development of data outsourcing services. However, when users access sensitive data stored in the cloud, ensuring the security of data remains a pressing challenge. In this paper, we present a privacy-preserving keyword query scheme for outsourced data in cloud environment. Furthermore, to implement this scheme, we propose a series of quantum basic protocols with single qubits. The proposed basic protocols do not require the execution of quantum gate operations, and the necessary measurements are only Bell measurements based on measurement-device-independence. Therefore, it is practical and feasible under current technology. Moreover, compared with classical schemes, our scheme has higher security (i.e., quantum security). Finally, we conduct simulation experiments in IBM Qiskit to verify the correctness and feasibility of the critical parts of the scheme.

physics, multidisciplinary

Guoxiu Liu,Geng Yang,Haiwei Wang,Hua Dai,Qiang Zhou

DOI: https://doi.org/10.3837/tiis.2018.07.021

2018-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the advent of database-as-a-service (DAAS) and cloud computing, more and more data owners are motivated to outsource their data to cloud database in consideration of convenience and cost. However, it has become a challenging work to provide security to database as service model in cloud computing, because adversaries may try to gain access to sensitive data, and curious or malicious administrators may capture and leak data. In order to realize privacy preservation, sensitive data should be encrypted before outsourcing. In this paper, we present a secure and practical system over encrypted cloud data, called QSDB (queryable and secure database), which simultaneously supports SQL query operations. The proposed system can store and process the floating point numbers without compromising the security of data. To balance tradeoff between data privacy protection and query processing efficiency, QSDB utilizes three different encryption models to encrypt data. Our strategy is to process as much queries as possible at the cloud server. Encryption of queries and decryption of encrypted queries results are performed at client. Experiments on the real-world data sets were conducted to demonstrate the efficiency and practicality of the proposed system.

Zongda Wu,Guandong Xu,Chenglang Lu,Enhong Chen,Fang Jiang,Guiling Li

DOI: https://doi.org/10.1007/s11280-017-0491-8

2017-01-01

World Wide Web

Abstract:Due to the advantages of pay-on-demand, expand-on-demand and high availability, cloud databases (CloudDB) have been widely used in information systems. However, since a CloudDB is distributed on an untrusted cloud side, it is an important problem how to effectively protect massive private information in the CloudDB. Although traditional security strategies (such as identity authentication and access control) can prevent illegal users from accessing unauthorized data, they cannot prevent internal users at the cloud side from accessing and exposing personal privacy information. In this paper, we propose a client-based approach to protect personal privacy in a CloudDB. In the approach, privacy data before being stored into the cloud side, would be encrypted using a traditional encryption algorithm, so as to ensure the security of privacy data. To execute various kinds of query operations over the encrypted data efficiently, the encrypted data would be also augmented with additional feature index, so that as much of each query operation as possible can be processed on the cloud side without the need to decrypt the data. To this end, we explore how the feature index of privacy data is constructed, and how a query operation over privacy data is transformed into a new query operation over the index data so that it can be executed on the cloud side correctly. The effectiveness of the approach is demonstrated by theoretical analysis and experimental evaluation. The results show that the approach has good performance in terms of security, usability and efficiency, thus effective to protect personal privacy in the CloudDB.

Geng Chen,Yuqi Wang,Liya Jian,Yi Zhou,Shiming Liu

DOI: https://doi.org/10.1007/s11128-023-04000-6

IF: 1.965

2023-06-06

Quantum Information Processing

Abstract:In the current era of big data, the privacy of user behavior is as important as the privacy of their data. In this paper, we propose a single ternary quantum homomorphic encryption (QHE) protocol based on qubit rotation, which has high security and flexibility. The user utilizes the classical angle as the key for QHE, and encryption and decryption do not need to be implemented in a specific order. Based on this flexible QHE protocol, we further propose a quantum privacy query (QPQ) protocol. Our protocol uses homologous encryption to send query requests and obtain results after processing with an oracle machine—which exists independently of the database—in one round of communication. Our protocol has advantages in terms of its feasibility and efficiency. In addition to this, our protocol offers new ideas for implementing QPQ.

physics, multidisciplinary,quantum science & technology, mathematical

Hui Xu,Xiaofeng Ding,Hai Jin,Qing Yu

DOI: https://doi.org/10.1002/cpe.5458

2021-01-01

Abstract:Although cloud computing saves the cost of enterprises and individuals to manage data in various applications on public cloud servers, it also causes the problem of the leakage of critical personal information and sensitive data. Therefore, the issues about data privacy of the published personal information have become a challenging problem. Most of the existing methods focus on cryptography-based techniques by encrypting the sensitive data before publishing. However, these techniques are either too computation expensive or only some authorized users can get access to the encrypted cloud data. The consequence is that the search response time is not satisfactory and the sharing extent of the cloud data is becoming limited. Motivated by this, we propose a perturbation-based method to preserve the privacy of data in cloud. To accelerate the query processing without privacy breaches, a high-efficiency multi-dimensional index is built for answering range counting queries under differential privacy, which embeds privacy-preserving R-tree index in Content Addressable Network. Experimental results demonstrate that our methods not only protect data privacy in different degree, but also accelerate the query speed efficiently. Compared with the existing method Quad-opt, our method provides about 20% better data utility under the same differential privacy principles.

D. Dhinakaran,D. Selvaraj,N. Dharini,S. Edwin Raja,C. Sakthi Lakshmi Priya

2024-07-09

Abstract:The intersection of cloud computing, blockchain technology, and the impending era of quantum computing presents a critical juncture for data security. This research addresses the escalating vulnerabilities by proposing a comprehensive framework that integrates Quantum Key Distribution (QKD), CRYSTALS Kyber, and Zero-Knowledge Proofs (ZKPs) for securing data in cloud-based blockchain systems. The primary objective is to fortify data against quantum threats through the implementation of QKD, a quantum-safe cryptographic protocol. We leverage the lattice-based cryptographic mechanism, CRYSTALS Kyber, known for its resilience against quantum attacks. Additionally, ZKPs are introduced to enhance data privacy and verification processes within the cloud and blockchain environment. A significant focus of this research is the performance evaluation of the proposed framework. Rigorous analyses encompass encryption and decryption processes, quantum key generation rates, and overall system efficiency. Practical implications are scrutinized, considering factors such as file size, response time, and computational overhead. The evaluation sheds light on the framework's viability in real-world cloud environments, emphasizing its efficiency in mitigating quantum threats. The findings contribute a robust quantum-safe and ZKP-integrated security framework tailored for cloud-based blockchain storage. By addressing critical gaps in theoretical advancements, this research offers practical insights for organizations seeking to secure their data against quantum threats. The framework's efficiency and scalability underscore its practical feasibility, serving as a guide for implementing enhanced data security in the evolving landscape of quantum computing and blockchain integration within cloud environments.

Cryptography and Security

Ning Cao,Zhenyu Yang,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/ICDCS.2011.84

2011-01-01

Abstract:In the emerging cloud computing paradigm, data owners become increasingly motivated to outsource their complex data management systems from local sites to the commercial public cloud for great flexibility and economic savings. For the consideration of users' privacy, sensitive data have to be encrypted before outsourcing, which makes effective data utilization a very challenging task. In this paper, for the first time, we define and solve the problem of privacy-preserving query over encrypted graph-structured data in cloud computing (PPGQ), and establish a set of strict privacy requirements for such a secure cloud data utilization system to become a reality. Our work utilizes the principle of "filtering-and-verification". We prebuild a feature-based index to provide feature-related information about each encrypted data graph, and then choose the efficient inner product as the pruning tool to carry out the filtering procedure. To meet the challenge of supporting graph query without privacy breaches, we propose a secure inner product computation technique, and then improve it to achieve various privacy requirements under the known-background threat model.

Kaiping Xue,Shaohua Li,Jianan Hong,Yingjie Xue,Nenghai Yu,Peilin Hong

DOI: https://doi.org/10.1109/TIFS.2017.2675864

2017-01-01

Abstract:Industries and individuals outsource database to realize convenient and low-cost applications and services. In order to provide sufficient functionality for SQL queries, many secure database schemes have been proposed. However, such schemes are vulnerable to privacy leakage to cloud server. The main reason is that database is hosted and processed in cloud server, which is beyond the control of data owners. For the numerical range query (“>,” “<,” and so on), those schemes cannot provide sufficient privacy protection against practical challenges, e.g., privacy leakage of statistical properties, access pattern. Furthermore, increased number of queries will inevitably leak more information to the cloud server. In this paper, we propose a two-cloud architecture for secure database, with a series of intersection protocols that provide privacy preservation to various numeric-related range queries. Security analysis shows that privacy of numerical information is strongly protected against cloud providers in our proposed scheme.

Yubin Guo,Liankuan Zhang,Fengren Lin,Ximing Li

DOI: https://doi.org/10.4304/jcp.8.6.1427-1432

2013-01-01

Journal of Computers

Abstract:Privacy of data owners and query users is vital in modern clouding data management. Many researches have been done on cloud security, but most of them are focused on the privacy of data owners or of query users separately. How to protect the privacy of the data owners and users simultaneously is a great challenge. In this paper, a solution of data storage and query protocol based on classical homomorphic encryption scheme is given to preserve privacy of both data owners and query users. Our main efforts are put on NoSQL database which is less structural than relational database. Storage and indexing structure on NoSQL database, query protocol are proposed, and algorithms for updating and querying are also given. To implement our solution, Berkley DB, an excellent storage solution for NoSQL database is chosen and data are encrypted/decrypted using Elgamal and Paillier encryption system, using basic Java package. Experiments are done under different parameters in order to achieve better efficiency.

Hao Xiao,Wen-Hua Huang,Mi Zhou

DOI: https://doi.org/10.1007/s10773-019-04182-9

2019-01-01

International Journal of Theoretical Physics

Abstract:Private query allows a client, Alice, to retrieve an item of a database hold by the server, Bob, without revealing which item he or she retrieved, while limiting his ability to access other items. In this paper, an efficient quantum private query (QPQ) protocol is proposed, where two oracle operations Ok, Od are utilized to encode the encryption keys and the encrypted data items into their corresponding quantum superposition states $\left | {\phi ^{\prime }} \right \rangle $ , $\left | {\psi ^{\prime }} \right \rangle $ , and the Grover iteration is also introduced to extract the target state $\left | {{d_{i}}^{\prime }} \right \rangle $ (i.e., the state of the encrypted data item Alice retrieved) from the superposition state. In order to guarantee the client’s privacy, the server Bob transmits all the encrypted data items of the database to the client Alice with oblivious transfer strategy. Compared with the previous qRAM-based or QKD-based QPQ protocols, our communication complexity (i.e., the number of transmitted qubits) is reduced from O(NlogN) or O(N) to O(logN), and the exchanged classical message is reduced from O(N) bits to O(logN) bits too. The security analysis shows our protocol can not only guarantee the server’s privacy but also the client’s privacy.

Hongfeng Zhu,Liwei Wang,Chaonan Wang

DOI: https://doi.org/10.1007/s10773-021-04827-8

2021-05-24

International Journal of Theoretical Physics

Abstract:Recently, people are paying more and more attention to privacy-enhanced computing, mostly because of the threat of network information leakage. In order to ensure the security of data in network communication, we have designed privacy-enhanced multi-user quantum private data query using partial quantum homomorphic encryption to facilitate the protection of the personal privacy of the database and users. Many QPQ protocols are based on QKD theory and lack the identity authentication of users. The protocols are vulnerable to external eavesdropping attacks. The identity authentication process of this scheme confirms the real identity of the user and avoids external eavesdropping attacks to a certain extent. The scheme allows the use of universal quantum circuits to perform quantum transformation on the user's arbitrarily encrypted input data, which improves the accuracy of the data query process. In addition, the scheme applies partial quantum homomorphic encryption theory to multi-user quantum private data query, which can realize the function of <i>n</i> users querying data at the same time. We have implemented a security analysis on the scheme and compared with other QPQ protocols, we found that this scheme is safe and effective.

physics, multidisciplinary

Wentao Wang,Yuxuan Jin,Bin Cao

DOI: https://doi.org/10.1109/pst55820.2022.9851989

2022-01-01

Abstract:The growing power of cloud computing prompts data owners to outsource their databases to the cloud. In order to meet the demand of multi-dimensional data processing in big data era, multi-dimensional range queries, especially over cloud platform, have received extensive attention in recent years. However, since the third-party clouds are not fully trusted, it is popular for the data owners to encrypt sensitive data before outsourcing. It promotes the research of encrypted data retrieval. Nevertheless, most existing works suffer from single-dimensional privacy leakage which would severely put the data at risk. Up to now, although a few existing solutions have been proposed to handle the problem of single-dimensional privacy, they are unsuitable in some practical scenarios due to inefficiency, inaccuracy, and lack of support for diverse data. Aiming at these issues, this paper mainly focuses on the secure range query over encrypted data. We first propose an efficient and private range query scheme for encrypted data based on homomorphic encryption, which can effectively protect data privacy. By using the dual-server model as the framework of the system, we not only achieve multi-dimensional privacy-preserving range query but also innovatively realize similarity search based on MinHash over ciphertext domains. Then we perform formal security analysis and evaluate our scheme on real datasets. The result shows that our proposed scheme is efficient and privacy-preserving. Moreover, we apply our scheme to a shopping website. The low latency demonstrates that our proposed scheme is practical.

Ruwei Huang,Si Yu,Wei Zhuang,Xiaolin Gui

DOI: https://doi.org/10.1109/gcc.2010.36

2010-01-01

Abstract:Privacy security is a key issue for cloud storage. To solve this problem, the paper proposes a privacy-preserving cloud storage framework, which includes the design of data organization structure, the generation and management of keys, the treatment of change of users' access right and dynamic operations of data, and the interaction between participants. We design an interactive protocol and an extirpation-based key derivation algorithm, which are combined with lazy revocation, multi-tree structure and symmetric encryption to form a privacy-preserving, efficient framework for cloud storage. A system is realized which is based on the framework. The paper analyzes the effectiveness of extirpation-based key derivation algorithm, the overhead of the system and the privacy security of the framework. Finally, we summarize our work and introduce our future research directions.

Haifeng Li,Liangliang Liu,Caihui Lan,Caifen Wang,He Guo

DOI: https://doi.org/10.1109/access.2020.2991579

IF: 3.9

2020-01-01

IEEE Access

Abstract:Aiming at reducing the local storage burden and computational costs, numerous individuals and enterprises are willing to outsource their data to the cloud server. Meanwhile, due to the loss of the actual physical control over their data files once outsourced to the cloud server, how to guarantee the cloud server keep user's data integrity is an important security issue to be addressed urgently. Accordingly, multiple data integrity checking schemes based on the traditional cryptosystem have been proposed. However, with the advent and development of quantum computer, these existing data integrity checking schemes are no longer secure. Thus, it is necessary to study the new scheme which can resist quantum attack to adapt to the quantum era. In this work, we put forward a novel scheme named lattice-based privacy-preserving and forward-secure cloud storage public auditing scheme (LB-PPFS). Our proposed scheme is not only quantum-attack-against, but also enjoy the privacy-preserving and forward-secure property. In the proposed scheme, a curious auditor cannot learn any knowledge of user's data because the original data is encapsulated with a random number. In addition, the lattice basis delegation technique is adopted to achieve forward security for resisting key exposure attack. Based on the hardness assumptions of SIS problem from lattice, we prove that the proposed scheme can achieve formally provable security. Besides, the theoretical analysis and performance evaluation demonstrate that the proposed scheme is effective and feasible to guarantee the quantum security for the data integrity in cloud storage.

Yao Shen,Wei Yang,Lu Li,Liusheng Fitiang

DOI: https://doi.org/10.1016/j.pmcj.2017.04.008

IF: 3.848

2017-01-01

Pervasive and Mobile Computing

Abstract:With the prevalence of cloud computing, data owners are motivated to outsource their databases to the cloud server. However, to preserve data privacy, sensitive private data have to be encrypted before outsourcing, which makes data utilization a very challenging task. Existing work either focus on keyword searches and single-dimensional range query, or suffer from inadequate security guarantees and inefficiency. In this paper, we consider the problem of multidimensional private range queries over encrypted cloud data. To solve the problem, we systematically establish a set of privacy requirements for multidimensional private range queries, and propose a multidimensional private range query (MPRQ) framework based on private block retrieval (PBR), in which data owners keep the query private from the cloud server. To achieve both efficiency and privacy goals, we present an efficient and fully privacy-preserving private range query (PPRQ) protocol by using batch codes and multiplication avoiding technique. To our best knowledge, PPRQ is the first to protect the query, access pattern and single-dimensional privacy simultaneously while achieving efficient range queries. Moreover, PPRQ is secure in the sense of cryptography against semi-honest adversaries. Experiments on real-world datasets show that the computation and communication overhead of PPRQ is modest.

Zheli Liu,Jingwei Li,Jin Li,Chunfu Jia,Jun Yang,Ke Yuan

DOI: https://doi.org/10.4018/ijdwm.2014100104

2014-01-01

International Journal of Data Warehousing and Mining

Abstract:With the development of cloud computing and big data, data privacy protection has become an urgent problem to solve. Data encryption is the most effective way to protect privacy; however, it will change the data format and result in: 1. database structure and application software will be changed; 2. structured query language (SQL) operations cannot work properly, especially in SQL-based fuzzy query. As a result, it is necessary to provide an SQL-based fuzzy query mechanism over encrypted databases, including traditional databases and cloud outsourced databases. This paper establishes a secure database system using format-preserving encryption (FPE) as the underlying primitive to protect the data privacy while not change the database structure. It further proposes a new SQL-based fuzzy query mechanism supporting directly query over encrypted data, which is constructed by FPE and universal hash function (UHF). The security of the proposed mechanism is analyzed as well. In the end, it makes extensive experiments on the system to demonstrate its practical performance.

Kun Yang,Chengliang Tian,Hequn Xian,Weizhong Tian,Yan Zhang

DOI: https://doi.org/10.1007/s11280-022-01093-4

2022-10-21

World Wide Web

Abstract:In the current cloud computing and big data era, outsourcing the storage and associated query operations of large-scale databases to cloud service providers has become an increasingly popular computing paradigm. However, due to the potential mutual distrust among the data owner (DO), cloud server (CS) and query user (QU), the risk of privacy disclosure constrains the wide deployment of this attractive computing paradigm. To handle this dilemma, various encryption approaches are designed to assure privacy during query processing over outsourced databases. Recently, Wu et al. (World Wide Web 22 (1), 101–123 2019) presented a 'secure' k -nearest neighbor ( k NN) classification scheme over encrypted cloud database which aimed to concurrently keep the privacy of the database, the DO's key, the QU's query, and the data access patterns. In this paper, we first revisit their scheme and present an efficient known-plaintext attack on the privacy of database with linearization technique. Then, we propose an improved scheme that outperforms the prior scheme in both security and efficiency. Precisely, on the security side, we realize the above four security intentions with rigorous theoretical arguments. On the efficiency side, our new design greatly reduces the computational overhead of the DO and the QU, and makes full use of the resources of two cloud servers by better balancing their computational loads. Finally, we measure the practical performance of our scheme from an experimental perspective, and the result corroborates our theoretical analysis.

Jia-Shun Zhang,Gang Xu,Xiu-Bo Chen,Haseeb Ahmad,Xin Liu,Wen Liu

DOI: https://doi.org/10.32604/cmc.2021.017227

2021-01-01

Abstract:With the rapid development of cloud computing technology, cloud services have now become a new business model for information services. The cloud server provides the IT resources required by customers in a selfservice manner through the network, realizing business expansion and rapid innovation. However, due to the insufficient protection of data privacy, the problem of data privacy leakage in cloud storage is threatening cloud computing. To address the problem, we propose BC-PECK, a data protection scheme based on blockchain and public key searchable encryption. Firstly, all the data is protected by the encryption algorithm. The privacy data is encrypted and stored in a cloud server, while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain. Secondly, based on the characteristics of trusted execution of smart contract technology, a control mechanism for data accessing and sharing is given. Data transaction is automatically recorded on the blockchain, which is fairer under the premise of ensuring the privacy and security of the data sharing process. Finally, we analyzed the security and fairness of the current scheme. Through the comparison with similar schemes, we have shown the advantages of the proposed scheme.