Gabriel Ghinita,Kien Nguyen,Mihai Maruseac,Cyrus Shahabi

DOI: https://doi.org/10.1007/s10707-020-00410-1

IF: 2.7729

GeoInformatica

Abstract:Monitoring location updates from mobile users has important applications in many areas, ranging from public health (e.g., COVID-19 contact tracing) and national security to social networks and advertising. However, sensitive information can be derived from movement patterns, thus protecting the privacy of mobile users is a major concern. Users may only be willing to disclose their locations when some condition is met, for instance in proximity of a disaster area or an event of interest. Currently, such functionality can be achieved using searchable encryption. Such cryptographic primitives provide provable guarantees for privacy, and allow decryption only when the location satisfies some predicate. Nevertheless, they rely on expensive pairing-based cryptography (PBC), of which direct application to the domain of location updates leads to impractical solutions. We propose secure and efficient techniques for private processing of location updates that complement the use of PBC and lead to significant gains in performance by reducing the amount of required pairing operations. We implement two optimizations that further improve performance: materialization of results to expensive mathematical operations, and parallelization. We also propose an heuristic that brings down the computational overhead through enlarging an alert zone by a small factor (given as system parameter), therefore trading off a small and controlled amount of privacy for significant performance gains. Extensive experimental results show that the proposed techniques significantly improve performance compared to the baseline, and reduce the searchable encryption overhead to a level that is practical in a computing environment with reasonable resources, such as the cloud.

Yanzhe Che,Kevin Chiew,Xiaoyan Hong,Qinming He

DOI: https://doi.org/10.1145/2442810.2442820

2012-01-01

Abstract:ABSTRACTThere is a potential privacy breach when users access various location-based social applications on a mobile social network (MSN), e.g., sharing locations with friends. To preserve location privacy, one of the most common methods is to use a coarse or fake location instead of a user's exact location. However, most of these previous approaches only provide geometric strategies without considering the semantic context of the geographical locations. For example, if a cloaked region contains a part of a lake, where no boats are allowed, an adversary can easily prune the cloaked region to a smaller range covering a user's actual location. In this paper, we propose SALS, a semantics-aware location sharing framework based on cloaking zone for an MSN environment. By considering a user's social relations and activities which are available in an MSN environment, SALS does not assume any trustworthy entities, including strangers, friends or any third parties. As a solution, SALS enables users to cooperate with each other, in a Peer-to-Peer (P2P) way, to generate the cloaking zones, which will be used instead of the actual locations. Different from the previous cloaking techniques, SALS considers the semantic location which can influence the distribution probability of a user's locations. We also propose metrics for measuring the quality of the cloaking zone. The evaluation shows that our method can well defend the semantic-location attack.

Ruoyang Guo,Jiarui Li,Shucheng Yu

2024-08-15

Abstract:The proliferation of location-based services and applications has brought significant attention to data and location privacy. While general secure computation and privacy-enhancing techniques can partially address this problem, one outstanding challenge is to provide near latency-free search and compatibility with mainstream geographic search techniques, especially the Discrete Global Grid Systems (DGGS). This paper proposes a new construction, namely GridSE, for efficient and DGGS-compatible Secure Geographic Search (SGS) with both backward and forward privacy. We first formulate the notion of a semantic-secure primitive called \textit{symmetric prefix predicate encryption} (SP$^2$E), for predicting whether or not a keyword contains a given prefix, and provide a construction. Then we extend SP$^2$E for dynamic \textit{prefix symmetric searchable encryption} (pSSE), namely GridSE, which supports both backward and forward privacy. GridSE only uses lightweight primitives including cryptographic hash and XOR operations and is extremely efficient. Furthermore, we provide a generic pSSE framework that enables prefix search for traditional dynamic SSE that supports only full keyword search. Experimental results over real-world geographic databases of sizes (by the number of entries) from $10^3$ to $10^7$ and mainstream DGGS techniques show that GridSE achieves a speedup of $150\times$ - $5000\times$ on search latency and a saving of $99\%$ on communication overhead as compared to the state-of-the-art. Interestingly, even compared to plaintext search, GridSE introduces only $1.4\times$ extra computational cost and $0.9\times$ additional communication cost. Source code of our scheme is available at <a class="link-external link-https" href="https://github.com/rykieguo1771/GridSE-RAM" rel="external noopener nofollow">this https URL</a>.

Cryptography and Security

Jianting Ning,Jia Xu,Kaitai Liang,Fan Zhang,Ee-Chien Chang

DOI: https://doi.org/10.1109/tifs.2018.2866321

IF: 7.231

2019-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable encryption (SE) provides a privacy-preserving mechanism for data users to search over encrypted data stored on a remote server. Researchers have designed a number of SE schemes with high efficiency yet allowing some degree of leakage profile to the remote server. The leakage, however, should be further measured to allow us to understand what types of attacks an SE scheme would encounter. This paper considers passive attacks that make inferences based on prior knowledge and observations on queries issued by users. This is in contrast to previously studied active attacks that adaptively inject files and queries. We consider several assumptions on the types or prior knowledge the attacker possessed and propose a few passive attacks. In particular, under the "full-fledged" assumption, the keyword recovery rate of our attack is optimal in the sense that it is equal to the theoretical upper bound. We further present several enhanced attacks under other weaker assumptions on various levels of the prior knowledge that the attacker can obtain, in which the keyword recovery rates are optimal or nearly optimal (i.e., approaching the theoretical upper bound). In addition, we provide extensive experiments to show the "power" of our passive attacks. This paper highlights the importance of minimizing the prior knowledge of a server and the leakage of search queries. It also shows that simply distorting the frequency of the keyword to hold against our passive attacks may not scale well.

Wang Qian,Ren Kui,Du Minxin,Li Qi,Mohaisen Aziz

DOI: https://doi.org/10.1007/978-3-319-70972-7_5

2017-01-01

Abstract:In the era of big data, graph databases have become increasingly important for NoSQL technologies, and many systems can be modeled as graphs for semantic queries. Meanwhile, with the advent of cloud computing, data owners are highly motivated to outsource and store their massive potentially-sensitive graph data on remote untrusted servers in an encrypted form, expecting to retain the ability to query over the encrypted graphs. To allow effective and private queries over encrypted data, the most well-studied class of structured encryption schemes are searchable symmetric encryption (SSE) designs, which encrypt search structures (e.g., inverted indexes) for retrieving data files. In this paper, we tackle the challenge of designing a Secure Graph DataBase encryption scheme (SecGDB) to encrypt graph structures and enforce private graph queries over the encrypted graph database. Specifically, our construction strategically makes use of efficient additively homomorphic encryption and garbled circuits to support the shortest distance queries with optimal time and storage complexities. To achieve better amortized time complexity over multiple queries, we further propose an auxiliary data structure called query history and store it on the remote server to act as a "caching" resource. We prove that our construction is adaptively semantically-secure in the random oracle model and finally implement and evaluate it on various representative real-world datasets, showing that our approach is practically efficient in terms of both storage and computation.

Viet Vo,Shangqi Lai,Xingliang Yuan,Shi-Feng Sun,Surya Nepal,Joseph K. Liu

DOI: https://doi.org/10.48550/arXiv.2001.03743

2020-01-11

Cryptography and Security

Abstract:Searchable encryption (SE) is one of the key enablers for building encrypted databases. It allows a cloud server to search over encrypted data without decryption. Dynamic SE additionally includes data addition and deletion operations to enrich the functions of encrypted databases. Recent attacks exploiting the leakage in dynamic operations drive rapid development of new SE schemes revealing less information while performing updates; they are also known as forward and backward private SE. Newly added data is no longer linkable to queries issued before, and deleted data is no longer searchable in queries issued later. However, those advanced SE schemes reduce the efficiency of SE, especially in the communication cost between the client and server. In this paper, we resort to the hardware-assisted solution, aka Intel SGX, to ease the above bottleneck. Our key idea is to leverage SGX to take over the most tasks of the client, i.e., tracking keyword states along with data addition and caching deleted data. However, handling large datasets is non-trivial due to the I/O and memory constraints of the SGX enclave. We further develop batch data processing and state compression technique to reduce the communication overhead between the SGX and untrusted server, and minimise the memory footprint in the enclave. We conduct a comprehensive set of evaluations on both synthetic and real-world datasets, which confirm that our designs outperform the prior art.

Shangqi Lai,Xingliang Yuan,Shi-Feng Sun,Joseph K. Liu,Yuhong Liu,Dongxi Liu

DOI: https://doi.org/10.1145/3321705.3329803

2019-05-16

Abstract:In this paper, we propose GraphSE$^2$, an encrypted graph database for online social network services to address massive data breaches. GraphSE$^2$ preserves the functionality of social search, a key enabler for quality social network services, where social search queries are conducted on a large-scale social graph and meanwhile perform set and computational operations on user-generated contents. To enable efficient privacy-preserving social search, GraphSE$^2$ provides an encrypted structural data model to facilitate parallel and encrypted graph data access. It is also designed to decompose complex social search queries into atomic operations and realise them via interchangeable protocols in a fast and scalable manner. We build GraphSE$^2$ with various queries supported in the Facebook graph search engine and implement a full-fledged prototype. Extensive evaluations on Azure Cloud demonstrate that GraphSE$^2$ is practical for querying a social graph with a million of users.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Bozhong Liu,Ling Chen,Xingquan Zhu,Ying Zhang,Chengqi Zhang,Weidong Qiu

DOI: https://doi.org/10.5441/002/edbt.2017.49

2017-01-01

Abstract:In spatial crowdsourcing, spatial tasks are outsourced to a set of workers in proximity of the task locations for efficient assignment. It usually requires workers to disclose their locations, which inevitably raises security concerns about the privacy of the workers’ locations. In this paper, we propose a secure SC framework based on encryption, which ensures that workers’ location information is never released to any party, yet the system can still assign tasks to workers situated in proximity of each task’s location. We solve the challenge of assigning tasks based on encrypted data using homomorphic encryption. Moreover, to overcome the efficiency issue, we propose a novel secure indexing technique with a newly devised SKD-tree to index encrypted worker locations. Experiments on real-world data evaluate various aspects of the performance of the proposed SC platform.

Xiaoling Sun,Shanshan Li

DOI: https://doi.org/10.7717/peerj-cs.1433

2023-06-20

Abstract:Presently, the focus of target detection is shifting towards the integration of information acquired from multiple sensors. When faced with a vast amount of data from various sensors, ensuring data security during transmission and storage in the cloud becomes a primary concern. Data files can be encrypted and stored in the cloud. When using data, the required data files can be returned through ciphertext retrieval, and then searchable encryption technology can be developed. However, the existing searchable encryption algorithms mainly ignore the data explosion problem in a cloud computing environment. The issue of authorised access under cloud computing has yet to be solved uniformly, resulting in a waste of computing power by data users when processing more and more data. Furthermore, to save computing resources, ECS (encrypted cloud storage) may only return a fragment of results in response to a search query, lacking a practical and universal verification mechanism. Therefore, this article proposes a lightweight, fine-grained searchable encryption scheme tailored to the cloud edge computing environment. We generate ciphertext and search trap gates for terminal devices based on bilinear pairs and introduce access policies to restrict ciphertext search permissions, which improves the efficiency of ciphertext generation and retrieval. This scheme allows for encryption and trapdoor calculation generation on auxiliary terminal devices, with complex calculations carried out on edge devices. The resulting method ensures secure data access, fast search in multi-sensor network tracking, and accelerates computing speed while maintaining data security. Ultimately, experimental comparisons and analyses demonstrate that the proposed method improves data retrieval efficiency by approximately 62%, reduces the storage overhead of the public key, ciphertext index, and verifiable searchable ciphertext by half, and effectively mitigates delays in data transmission and computation processes.

Shangqi Lai,Xingliang Yuan,Shi-Feng Sun,Joseph K. Liu,Yuhong Liu,Dongxi Liu

DOI: https://doi.org/10.1145/3321705.3329803

2019-01-01

Abstract:In this paper, we propose GraphSE(2), an encrypted graph database for online social network services to address massive data breaches. GraphSE(2) preserves the functionality of social search, a key enabler for quality social network services, where social search queries are conducted on a large-scale social graph and meanwhile perform set and computational operations on user-generated contents. To enable efficient privacy-preserving social search, GraphSE(2) provides an encrypted structural data model to facilitate parallel and encrypted graph data access. It is also designed to decompose complex social search queries into atomic operations and realise them via interchangeable protocols in a fast and scalable manner. We build GraphSE(2) with various queries supported in the Facebook graph search engine and implement a full-fledged prototype. Extensive evaluations on Azure Cloud demonstrate that GraphSE(2) is practical for querying a social graph with a million of users.

Huijuan Lian,Weidong Qiu,Di Yan,Zheng Huang,Peng Tang

DOI: https://doi.org/10.1109/dsc.2019.00021

2019-01-01

Abstract:The location-based services in the outsourced environment has become a research hotspot with the rise of cloud computing. Meanwhile, various privacy issues have been increasingly prominent. We propose an efficient spatial query protocol and another novel secure spatial query protocol using fully homomorphic encryption to accomplish privacy-preserving query processing on outsourced data. We adopt the Moore curve to transform the spatial data into one-dimensional sequence and utilize the random permutation to protect the location privacy. Furthermore, the proposed efficient scheme provides the considerable performance with data privacy preservation. Meanwhile, the secure spatial query protocol is robust against various attacks. Experiments show that the proposed schemes achieve high accuracy while improving the security when compared with the existing related approaches.

Ningning Cui,Xiaochun Yang,Yunliang Chen,Jianxin Li,Bin Wang,Geyong Min,Yun Liang Chen

DOI: https://doi.org/10.1109/jiot.2021.3122991

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Spatial keyword query has attracted wide-spread academic and industrial concerns due to the popularity of location-based services and Internet of Things. To efficiently support the online query processing, the data owners need to outsource their data to cloud platforms. However, the outsourcing services may raise privacy leaking issues. Moreover, access control, another important security concern, is largely ignored. Therefore, we first propose and formalize the problem of secure boolean spatial keyword query under lightweight access control while guaranteeing the widely accepted adaptive indistinguishability against chosen keyword attack model. Then, we devise a novel hybrid Bloom filter encoding strategy, including a linear embedding and exponent-based transformation schemes and a secure index structure, called SAGTree. They can maintain both geo-text and access policy information together in a secure way while answering the encrypted queries under access control without decryption. Finally, we present the in-depth security analysis and demonstrate the performance of our proposed algorithms.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kai Chen,Zhongrui Lin,Jian Wan,Chungen Xu

DOI: https://doi.org/10.48550/arXiv.1908.04998

2019-08-14

Cryptography and Security

Abstract:In cloud security, traditional searchable encryption (SE) requires high computation and communication overhead for dynamic search and update. The clever combination of machine learning (ML) and SE may be a new way to solve this problem. This paper proposes interpretable encrypted searchable neural networks (IESNN) to explore probabilistic query, balanced index tree construction and automatic weight update in an encrypted cloud environment. In IESNN, probabilistic learning is used to obtain search ranking for searchable index, and probabilistic query is performed based on ciphertext index, which reduces the computational complexity of query significantly. Compared to traditional SE, it is proposed that adversarial learning and automatic weight update in response to user's timely query of the latest data set without expensive communication overhead. The proposed IESNN performs better than the previous works, bringing the query complexity closer to $O(\log N)$ and introducing low overhead on computation and communication.

D. Selvaraj,S. M. Udhaya Sankar,D. Dhinakaran,T. P. Anish

DOI: https://doi.org/10.14445/23488379/IJEEE-V10I1P105

2023-04-21

Abstract:Huge diagrams have unique properties for organizations and research, such as client linkages in informal organizations and customer evaluation lattices in social channels. They necessitate a lot of financial assets to maintain because they are large and frequently continue to expand. Owners of large diagrams may need to use cloud resources due to the extensive arrangement of open cloud resources to increase capacity and computation flexibility. However, the cloud's accountability and protection of schematics have become a significant issue. In this study, we consider calculations for security savings for essential graph examination practices: schematic extraterrestrial examination for outsourcing graphs in the cloud server. We create the security-protecting variants of the two proposed Eigen decay computations. They are using two cryptographic algorithms: additional substance homomorphic encryption (ASHE) strategies and some degree homomorphic encryption (SDHE) methods. Inadequate networks also feature a distinctively confidential info adaptation convention to allow the trade-off between secrecy and data sparseness. Both dense and sparse structures are investigated. According to test results, calculations with sparse encoding can drastically reduce information. SDHE-based strategies have reduced computing time, while ASHE-based methods have reduced stockpiling expenses.

Cryptography and Security

Kamenyi Domenic M.,Yong Wang,Fengli Zhang,Yankson Gustav,Daniel Adu-Gyamfi,Nkatha Dorothy

DOI: https://doi.org/10.1007/978-3-642-53917-6_29

2013-01-01

Abstract:Location Based Services LBS are becoming very popular with today's users. Some of these LBS require users to continuously send requests for services. This lead to leakages of both location and query contents to malicious adversaries. Further, if users are constrained by the nature of the road networks, an adversary can follow their path trajectory with ease. Most of the current privacy preserving solutions focus on temporal and spatial cloaking based methods to protect users' location privacy. However, these solutions are vulnerable when subjected to continuous query environments. In this paper, we propose an optimized solution that preserves privacy for users' trajectory for continuous LBS queries in road networks. First, we deploy a trusted third party architecture to provide anonymity for users as they use LBS services. Second, we utilize mix zone techniques and design two algorithms. The first algorithm, Abstraction Graph AG, selects a sample of mix zones that satisfy the user desired privacy level under the acceptable service availability condition. The second algorithm, Optimized Decision Graph ODG, utilizes the generated graph to find an optimal solution for the placement of mix zones through decomposition, chunking and replacement strategies. Finally, we analyze the capability of our algorithms to withstand attacks prone to mix zones and carry out experiments to verify this. The experiments results show that our Algorithms preserve privacy for users based on their privacy and service availability conditions.

Peeyush Gupta,Sharad Mehrotra,Shantanu Sharma,Nalini Venkatasubramanian,Guoxi Wang

DOI: https://doi.org/10.48550/arXiv.2102.05238

2021-02-10

Cryptography and Security

Abstract:This paper proposes a system, entitled Concealer that allows sharing time-varying spatial data (e.g., as produced by sensors) in encrypted form to an untrusted third-party service provider to provide location-based applications (involving aggregation queries over selected regions over time windows) to users. Concealer exploits carefully selected encryption techniques to use indexes supported by database systems and combines ways to add fake tuples in order to realize an efficient system that protects against leakage based on output-size. Thus, the design of Concealer overcomes two limitations of existing symmetric searchable encryption (SSE) techniques: (i) it avoids the need of specialized data structures that limit usability/practicality of SSE in large scale deployments, and (ii) it avoids information leakages based on the output-size, which may leak data distributions. Experimental results validate the efficiency of the proposed algorithms over a spatial time-series dataset (collected from a smart space) and TPC-H datasets, each of 136 Million rows, the size of which prior approaches have not scaled to.

Yu Zheng,Wenchao Zhang,Wei Song,Xiuhua Wang,Chong Fu

DOI: https://doi.org/10.1145/3643887

2024-02-05

Abstract:Video-based services have become popular. Clients often outsource their videos to the cloud to relieve local maintenance. However, privacy has become a major concern since many videos contain sensitive information. Although retrieving (unencrypted) videos has been extensively investigated, retrieving encrypted multimedia has received relatively rare attention, at best in a limitation of image-based similarity searches. We initiate the study of scalable encrypted video search, enabling clients to query videos similar to an image search. Our modular framework leverages intrinsic attributes of videos, such as semantics and visuals, to effectively capture their contents. We propose a two-step approach whereby lightweight searchable encryption techniques are used for pre-screening, followed by an interactive approach for fine-grained search. Furthermore, we present three instantiations, including one centralized-writer instantiation and two distributed-writer instantiations, to effectively cater to varying needs and scenarios– 1) The centralized one employs forward and backward private searchable encryption [CCS 2017] over deep hashing [CVPR 2020]. 2) Motivated by distributed computing, the multi-writer instantiations building atop HSE [Usenix Security 2022] allows searching the relevant videos contributed by multiple intuitions collaboratively. Our experimental results illustrate their practical performance over multiple real-world datasets, whether in a centralized setting or distributed setting.

computer science, information systems, theory & methods, software engineering

Zhangjie Fu,Fengxiao Huang,Kui Ren,Jian Weng,Cong Wang

DOI: https://doi.org/10.1109/tifs.2017.2692728

IF: 7.231

2017-08-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable encryption is an important research area in cloud computing. However, most existing efficient and reliable ciphertext search schemes are based on keywords or shallow semantic parsing, which are not smart enough to meet with users’ search intention. Therefore, in this paper, we propose a content-aware search scheme, which can make semantic search more smart. First, we introduce conceptual graphs (CGs) as a knowledge representation tool. Then, we present our two schemes (PRSCG and PRSCG-TF) based on CGs according to different scenarios. In order to conduct numerical calculation, we transfer original CGs into their linear form with some modification and map them to numerical vectors. Second, we employ the technology of multi-keyword ranked search over encrypted cloud data as the basis against two threat models and raise PRSCG and PRSCG-TF to resolve the problem of privacy-preserving smart semantic search based on CGs. Finally, we choose a real-world data set: CNN data set to test our scheme. We also analyze the privacy and efficiency of proposed schemes in detail. The experiment results show that our proposed schemes are efficient.

computer science, theory & methods,engineering, electrical & electronic

Can Zhang,Liehuang Zhu,Chang Xu,Kashif Sharif,Chuan Zhang,Ximeng Liu

DOI: https://doi.org/10.1016/j.ins.2019.07.082

IF: 8.1

2020-01-01

Information Sciences

Abstract:The constrained shortest distance (CSD) query is used to determine the shortest distance between two vertices of a graph while ensuring that the total cost remains lower than a given threshold. The virtually unlimited storage and processing capabilities of cloud computing have enabled the graph owners to outsource their graph data to cloud servers. However, it may introduce privacy challenges that are difficult to address. In recent years, some relevant schemes that support the shortest distance query on the encrypted graph have been proposed. Unfortunately, some of them have unacceptable query accuracy, and some of them leak sensitive information that jeopardizes the graph privacy. In this work, we propose Privacy-preserving Graph encryption for Accurate constrained Shortest distance queries, called PGAS. This solution is capable of providing accurate CSD queries and ensures the privacy of the graph data. Besides, we also propose a secure integer comparison protocol and a secure minimum value protocol that realize two kinds of operations on encrypted integers. We provide theoretical security analysis to prove that PGAS achieves CQA-2 Security with less privacy leakage. In addition, the performance analysis and experimental evaluation based on real-world dataset show that PGAS achieves 100% accuracy with acceptable efficiency.

Shahzaib Tahir,Liutauras Steponkus,Sushmita Ruj,Muttukrishnan Rajarajan,Ali Sajjad

DOI: https://doi.org/10.1016/j.future.2018.05.048

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Searchable Encryption (SE) allows a client to search over large amounts of encrypted data outsourced to the Cloud. Although, this helps to maintain the confidentiality of the outsourced data but achieving privacy is a difficult and resource intensive task. With the increase in the query effectiveness, i.e., by shifting from single keyword SE to multi-keyword SE there is a notable drop in the efficiency. This motivates to make use of the advances in the multi-core architectures and multiple threads where the search can be delegated across different threads to perform search in a parallel fashion. The proposed scheme is based on probabilistic trapdoors that are formed by making use of the property of modular inverses. The use of probabilistic trapdoors helps resist distinguishability attacks. The rigorous security analysis helps us to appreciate the advantage of having a probabilistic trapdoor. Furthermore, to validate the performance of the proposed scheme, it is implemented and deployed onto the British Telecommunication’s Public Cloud offering and tested over a real speech corpus. The implementation is also extended to anticipate the performance gain by using the multi-core architecture that helps to maintain the lightweight property of the scheme.