Jianchao Tang,Shaojing Fu,Ming Xu

DOI: https://doi.org/10.1109/access.2019.2917227

IF: 3.9

2019-01-01

IEEE Access

Abstract:With the proliferation of cloud platforms, users are inclined to outsource their encrypted data to cloud platforms. However, the existing encryption schemes only provide users with limited query types over encrypted data. Meanwhile, if users encrypt their data by deterministic encryption, their encrypted data will be easily subject to the frequency attack. Besides, users' data privacy is likely to be disclosed to the cloud server when their encrypted data is updated on cloud platforms. To address these problems, in this paper, we propose an effective encrypted query scheme over outsourcing data on cloud platforms. In our scheme, users' data is encrypted based on all possible queries to meet users' diverse query demands. Furthermore, a double AES encryption method is adopted to cope with the frequency attack existing in deterministic encryption. To protect users' privacy when their data is updated, a neighbor rows exchange method is designed in our scheme. The theoretical analysis and comparative experiments demonstrate the effectiveness of our scheme.

Cong Wang,Kui Ren,Jia Wang

DOI: https://doi.org/10.1109/infcom.2011.5935305

2011-01-01

Abstract:Cloud computing enables customers with limited computational resources to outsource large-scale computational tasks to the cloud, where massive computational power can be easily utilized in a pay-per-use manner. However, security is the major concern that prevents the wide adoption of computation outsourcing in the cloud, especially when end-user's confidential data are processed and produced during the computation. Thus, secure outsourcing mechanisms are in great need to not only protect sensitive information by enabling computations with encrypted data, but also protect customers from malicious behaviors by validating the computation result. Such a mechanism of general secure computation outsourcing was recently shown to be feasible in theory, but to design mechanisms that are practically efficient remains a very challenging problem. Focusing on engineering computing and optimization tasks, this paper investigates secure outsourcing of widely applicable linear programming (LP) computations. In order to achieve practical efficiency, our mechanism design explicitly decomposes the LP computation outsourcing into public LP solvers running on the cloud and private LP parameters owned by the customer. The resulting flexibility allows us to explore appropriate security/efficiency tradeoff via higher-level abstraction of LP computations than the general circuit representation. In particular, by formulating private data owned by the customer for LP problem as a set of matrices and vectors, we are able to develop a set of efficient privacy-preserving problem transformation techniques, which allow customers to transform original LP problem into some random one while protecting sensitive input/output information. To validate the computation result, we further explore the fundamental duality theorem of LP computation and derive the necessary and sufficient conditions that correct result must satisfy. Such result verification mechanism is extremely efficient and incurs close-to-zero additional cost on both cloud server and customers. Extensive security analysis and experiment results show the immediate practicability of our mechanism design.

Cong Wang,Kui Ren,Jia Wang

DOI: https://doi.org/10.1109/tc.2015.2417542

IF: 3.183

2016-01-01

IEEE Transactions on Computers

Abstract:Cloud computing enables an economically promising paradigm of computation outsourcing. However, how to protect customers confidential data processed and generated during the computation is becoming the major security concern. Focusing on engineering computing and optimization tasks, this paper investigates secure outsourcing of widely applicable linear programming (LP) computations. Our mechanism design explicitly decomposes LP computation outsourcing into public LP solvers running on the cloud and private LP parameters owned by the customer. The resulting flexibility allows us to explore appropriate security/efficiency tradeoff via higher-level abstraction of LP computation than the general circuit representation. Specifically, by formulating private LP problem as a set of matrices/vectors, we develop efficient privacy-preserving problem transformation techniques, which allow customers to transform the original LP into some random one while protecting sensitive input/output information. To validate the computation result, we further explore the fundamental duality theorem of LP and derive the necessary and sufficient conditions that correct results must satisfy. Such result verification mechanism is very efficient and incurs close-to-zero additional cost on both cloud server and customers. Extensive security analysis and experiment results show the immediate practicability of our mechanism design.

Kai Fan,Tingting Liu,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.jpdc.2019.09.008

IF: 4.542

2020-01-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the development of computer technology, it makes malicious users more easily get data stored in cloud. However, these data are always related to users' privacy, and it is harmful when the data are acquired by attackers. Ciphertext-policy attribute-based encryption (CP-ABE) is suitable to achieve privacy and security in cloud. In this paper, we put forward a secure and efficient outsourced computation algorithm on data sharing scheme for privacy computing. Existing schemes only outsource decryption computation to the cloud, users still have heavy burden in encryption. In order to reduce the computing burden of users, most encryption and decryption computations are outsourced to the cloud service provider in our construction. At the same time, to apply in practice, we propose efficient user and attribute revocation. Finally, the security analysis and simulation results show that our scheme is secure and efficient compared with existing schemes.</p>

computer science, theory & methods

Lifeng Zhou,Chunguang Li

DOI: https://doi.org/10.1109/access.2016.2535103

IF: 3.9

2016-01-01

IEEE Access

Abstract:Cloud computing enables customers with limited computational resources to outsource their huge computation workloads to the cloud with massive computational power. However, in order to utilize this computing paradigm, it presents various challenges that need to be addressed, especially security. As eigen-decomposition (ED) and singular value decomposition (SVD) of a matrix are widely applied in engineering tasks, we are motivated to design secure, correct, and efficient protocols for outsourcing the ED and SVD of a matrix to a malicious cloud in this paper. In order to achieve security, we employ efficient privacy-preserving transformations to protect both the input and output privacy. In order to check the correctness of the result returned from the cloud, an efficient verification algorithm is employed. A computational complexity analysis shows that our protocols are highly efficient. We also introduce an outsourcing principle component analysis as an application of our two proposed protocols.

Ning Zhang,Jianming Zhu

DOI: https://doi.org/10.1007/978-3-319-69644-7_22

2016-01-01

Abstract:Considering of economy, efficiency and security, more and more small and medium economic and social organizations are trying to outsource their growing business data to one or multiple professional storage service providers. But the separation between actual data owners and operator leads the demands for the technology of secure distributed storage. In this condition, we don’t assume that the entity enforcing access control policies is also the owner of data and resources like in traditional access control models. In this paper, we discuss the current state of information security outsourcing and analyze outsourced data security in cloud, access control and secret sharing. And then a new privacy enhanced access control scheme for outsourced data in cloud based on secret share is presented. In this scheme, a sensitive outsourced data can be divided to many shares which are stored in multiple cloud servers separately. Furthermore, the proposed scheme uses several service providers to guarantee the availability of the services. The evaluations demonstrate that our data outsourcing framework is scalable and practical.

Jiayun Yan,Jie Chen,Chen Qian,Anmin Fu,Haifeng Qian

DOI: https://doi.org/10.1016/j.sysarc.2024.103190

IF: 5.836

2024-01-01

Journal of Systems Architecture

Abstract:In cloud computing, the current challenge lies in managing massive data, which is a computationally overburdened environment for data users. Outsourced computation can effectively ease the memory and computation pressure on overburdened data storage. We propose an outsourced unbounded decryption scheme in the standard assumption and standard model for large data settings based on inner product computation. Security analysis shows that it can achieve adaptive security. The scheme involves the data owner transmitting encrypted data to a third-party cloud server, which is responsible for computing a significant amount of data. Then the ripe data is handed over to the data user for decryption computation. In addition, there is no need to give the prior bounds of the length of the plaintext vector in advance. This allows for the encryption algorithm to run without determining the length of the input data before the setup phase, that is, our scheme is on the unbounded setting. Through theoretical analysis, the storage overhead and communication cost of the data users remain independent of the ciphertext size. The experimental results indicate that the efficiency and performance are greatly enhanced, about 0.03S for data users at the expense of increased computing time on the cloud server.

Zihao Shan,Kui Ren,Marina Blanton,Cong Wang

DOI: https://doi.org/10.1145/3158363

IF: 16.6

2019-03-31

ACM Computing Surveys

Abstract:The rapid development of cloud computing promotes a wide deployment of data and computation outsourcing to cloud service providers by resource-limited entities. Based on a pay-per-use model, a client without enough computational power can easily outsource large-scale computational tasks to a cloud. Nonetheless, the issue of security and privacy becomes a major concern when the customer’s sensitive or confidential data is not processed in a fully trusted cloud environment. Recently, a number of publications have been proposed to investigate and design specific secure outsourcing schemes for different computational tasks. The aim of this survey is to systemize and present the cutting-edge technologies in this area. It starts by presenting security threats and requirements, followed with other factors that should be considered when constructing secure computation outsourcing schemes. In an organized way, we then dwell on the existing secure outsourcing solutions to different computational tasks such as matrix computations, mathematical optimization, and so on, treating data confidentiality as well as computation integrity. Finally, we provide a discussion of the literature and a list of open challenges in the area.

computer science, theory & methods

Kui Ren,Cong Wang

2012-01-01

Abstract:Cloud computing economically enables a fundamental paradigm of data service outsourcing, which provides lower up-front capital costs and less hands-on management. However, outsourcing data services to the commercial public cloud deprives customers' control over the systems that manage their data, raising security and privacy as the primary obstacles to the adoption of the cloud. To address these challenges, in this dissertation we explore the problem of secure and privacy-assured data service outsourcing in cloud computing. We aim at deploying the most fundamental data services including data storage, search, and sharing on the commercial public cloud, with built-in security and privacy assurance as well as high level service performance, usability, and scalability. Our contributions are as follows: Firstly, we focus on privacy-preserving secure cloud storage auditing to maintain strong storage correctness guarantee, given the difficulty that data files are no longer locally possessed by data owners. We first develop a random-masking sampling approach to allow a third party auditor to perform on-demand privacy-preserving storage correctness auditing on behalf of data owners, without violating owners' data privacy. For storage correctness assurance with data dynamics, we further investigate a novel sequence-enforced Merkle Hash Tree and manipulate it with the random sampling approach to support fully dynamic data operations. Secondly, we focus on privacy-assured and effective cloud data search services with strong privacy-assurance, while enjoying high service-level performance inherently demanded by the large number of data users and huge amount data files. We first investigate a widely applicable fuzzy/similarity keyword search problem, and develop a brand new symbol-based trie-traverse searching approach, where transformed fuzzy keywords extracted from data files are stored using a multi-way tree structure, while protecting keyword privacy. To enable search result relevance ranking, we further investigate secure ranked search, which facilitates efficient server-side result ranking without leaking any keyword related information. Thirdly, we study how to enable scalable and owner-controlled cloud data sharing services, given the challenge that data no longer resides on owners' trusted domain. We first associate data with a set of meaningful attributes, use logical composition of attributes to reflect fine-grained data access, and enforce owner's control via attribute-based encryption. For the inherent scalability requirement of cloud system, we further leverage the cloud as a mediated proxy, to which data owners can delegate most cumbersome data/user management workload, without affecting the underlying data confidentiality.

Kai Zhou,Jian Ren

DOI: https://doi.org/10.48550/arXiv.1511.02375

2015-11-08

Abstract:Computation outsourcing is an integral part of cloud computing. It enables end-users to outsource their computational tasks to the cloud and utilize the shared cloud resources in a pay-per-use manner. However, once the tasks are outsourced, the end-users will lose control of their data, which may result in severe security issues especially when the data is sensitive. To address this problem, secure outsourcing mechanisms have been proposed to ensure security of the end-users' outsourced data. In this paper, we investigate outsourcing of general computational problems which constitute the mathematical basics for problems emerged from various fields such as engineering and finance. To be specific, we propose affine mapping based schemes for the problem transformation and outsourcing so that the cloud is unable to learn any key information from the transformed problem. Meanwhile, the overhead for the transformation is limited to an acceptable level compared to the computational savings introduced by the outsourcing itself. Furthermore, we develop cost-aware schemes to balance the trade-offs between end-users' various security demands and computational overhead. We also propose a verification scheme to ensure that the end-users will always receive a valid solution from the cloud. Our extensive complexity and security analysis show that our proposed Cost-Aware Secure Outsourcing (CASO) scheme is both practical and effective.

Cryptography and Security

Ximeng Liu,Baodong Qin,Robert H. Deng,Yingjiu Li

DOI: https://doi.org/10.1109/TSC.2015.2511008

IF: 11.019

2017-01-01

IEEE Transactions on Services Computing

Abstract:In this paper, we propose a new efficient privacy-preserving outsourced computation framework over public data, called EPOC. EPOC allows a user to outsource the computation of a function over multi-dimensional public data to the cloud while protecting the privacy of the function and its output. Specifically, we introduce three types of EPOC in order to tradeoff different levels of privacy protecti...

Wei Wang,Lei Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2015.06.014

IF: 5.493

2015-01-01

Computer Networks

Abstract:According to the recent rule released by Health and Human Services (HHS), healthcare data can be outsourced to cloud computing services for medical studies. A major concern about outsourcing healthcare data is its associated privacy issues. However, previous solutions have focused on cryptographic techniques which introduce significant cost when applied to healthcare data with high-dimensional sensitive attributes. To address these challenges, we propose a privacy-preserving framework to transit insensitive data to commercial public cloud and the rest to trusted private cloud. Under the framework, we design two protocols to provide personalized privacy protections and defend against potential collusion between the public cloud service provider and the data users. We derive provable privacy guarantees and bounded data distortion to validate the proposed protocols. Extensive experiments over real-world datasets are conducted to demonstrate that the proposed protocols maintain high usability and scale well to large datasets.

Minghao Zhao,Chengyu Hu,Xiangfu Song,Chuan Zhao

DOI: https://doi.org/10.1016/j.jnca.2019.01.021

IF: 7.574

2019-01-01

Journal of Network and Computer Applications

Abstract:Cloud computing provides the clients with diversified services in a flexible manner. Recently, the cloud platforms have been the basic underling-support for The IoT and mobile computing. The client outsources data storage or computation overhead to the cloud, which accordingly yields a new computing paradigm – the outsourced computing. In such a scenario, the clients hope to acquire the service quality, and wish to not leak their sensitive data to the cloud service provider. Thus, the trustworthy (verifiability) and privacy has been a hot issue for outsourced computing. In this survey, we systematically present the cryptographic methods for ensuring verifiability and privacy. We first describe the research advancement in verifiable computing and the cryptographic primitives for privacy-preserving techniques; and then, taking outsourcing cryptographic operations as an example, to show how them primitives can be integrated to achieve a dependable and privacy-preserving outsourced computing scheme. This paper bridges the gap between the theoretical cryptographic research and engineering secure cloud computing systems.

Xixun Yu,Zheng Yan,Rui Zhang

DOI: https://doi.org/10.1016/j.ins.2018.12.022

IF: 8.1

2019-01-01

Information Sciences

Abstract:In recent years, cloud computing has become the most popular and promising service platform. A cloud user can outsource its heavy computation overhead to a cloud service provider (CSP) and let the CSP make the computation instead. In order to guarantee the correctness of the outsourced processing (e.g., machine learning and data mining), a proof should be provided by the CSP in order to make sure that the processing is carried out properly. On the other hand, from the security and privacy points of view, users will always encrypt their sensitive data first before they are outsourced to the CSP rather than sending the raw data directly. However, processing and verifying of encrypted data computation has always been a challenging problem. Homomorphic Encryption (HE) has been proposed to tackle this task on computations over encrypted data and ensure the confidentiality of the data. However, original HE cannot provide an efficient approach to verify the correctness of computation over encrypted data that is processed by CSP. In this paper, we propose a verifiable outsourced computation scheme over encrypted data with the help of fully homomorphic encryption and polynomial factorization algorithm. Our scheme protects user data security in outsourced processing and allows public verification on the computation result processed by CSP with zero knowledge. We then prove the security of our scheme and analyze its performance by comparing it with some latest related works. Performances analysis shows that our scheme reduces the overload of both the cloud users and the verifier. (C) 2018 Elsevier Inc. All rights reserved.

Zihao Shan,Kui Ren,Marina Blanton,Cong Wang

DOI: https://doi.org/10.1145/3158363

IF: 16.6

2018-01-01

ACM Computing Surveys

Abstract:The rapid development of cloud computing promotes a wide deployment of data and computation outsourcing to cloud service providers by resource-limited entities. Based on a pay-per-use model, a client without enough computational power can easily outsource large-scale computational tasks to a cloud. Nonetheless, the issue of security and privacy becomes a major concern when the customer’s sensitive or confidential data is not processed in a fully trusted cloud environment. Recently, a number of publications have been proposed to investigate and design specific secure outsourcing schemes for different computational tasks. The aim of this survey is to systemize and present the cutting-edge technologies in this area. It starts by presenting security threats and requirements, followed with other factors that should be considered when constructing secure computation outsourcing schemes. In an organized way, we then dwell on the existing secure outsourcing solutions to different computational tasks such as matrix computations, mathematical optimization, and so on, treating data confidentiality as well as computation integrity. Finally, we provide a discussion of the literature and a list of open challenges in the area.

Xu Dong Zhu,Hui Li,Feng Hua Li

DOI: https://doi.org/10.1504/ijguc.2013.056250

2013-01-01

International Journal of Grid and Utility Computing

Abstract:Cloud computing enables customers with limited computational resources an economically promising paradigm of computation outsourcing. However, how to protect customers' confidential data that is processed and generated during the computation is becoming a major security concern. To mitigate this problem, in this paper, we present a secure outsourcing mechanism for training and evaluating large-scale logistic regression classifier in cloud. Our mechanism enables a customer to securely harness the cloud, while keeping both the sensitive input and output of the computation private. Thorough security analysis and prototype experiments on Amazon EC2 demonstrate the validity and practicality of our proposed design.

Lu Li,Xufeng Jiang,Fei Zhu,An Liu

DOI: https://doi.org/10.1007/978-981-15-3281-8_9

2020-01-01

Abstract:In the cloud computing paradigm, data owners could outsource their databases to the service provider, and thus reap huge benefits from releasing the heavy storage and management tasks to the cloud server. However, sensitive data, such as medical or financial records, should be encrypted before uploading to the cloud server. Unfortunately, this will introduce new challenges to data utilization. In this paper, we study the problem of skyline queries in a way that data privacy for both data owner and the client is preserved. We propose a hybrid protocol via additively homomorphic encryption system and Yao’s garbled circuits. By taking advantages of Yao’s protocol, we design a highly improved protocol which can be used to determine the skyline point and exclude the points dominated by others in an oblivious way. Based on this subroutine, we construct a fully secure protocol for skyline queries. We theoretically prove that the protocols are secure in the semi-honest model. Through analysis and extensive experiments, we demonstrate the efficiency and scalability of our proposed solutions.

Jun Tang,Yong Cui,Qi Li,Kui Ren,Jiangchuan Liu,Rajkumar Buyya

DOI: https://doi.org/10.1145/2906153

IF: 16.6

2016-01-01

ACM Computing Surveys

Abstract:With the rapid development of cloud computing, more and more enterprises/individuals are starting to outsource local data to the cloud servers. However, under open networks and not fully trusted cloud environments, they face enormous security and privacy risks (e.g., data leakage or disclosure, data corruption or loss, and user privacy breach) when outsourcing their data to a public cloud or using their outsourced data. Recently, several studies were conducted to address these risks, and a series of solutions were proposed to enable data and privacy protection in untrusted cloud environments. To fully understand the advances and discover the research trends of this area, this survey summarizes and analyzes the state-of-the-art protection technologies. We first present security threats and requirements of an outsourcing data service to a cloud, and follow that with a high-level overview of the corresponding security technologies. We then dwell on existing protection solutions to achieve secure, dependable, and privacy-assured cloud data services including data search, data computation, data sharing, data storage, and data access. Finally, we propose open challenges and potential research directions in each category of solutions.

Jian Shen,Dengzhi Liu,Jun Shen,Haowen Tan,Debiao He

DOI: https://doi.org/10.1109/CCITSA.2015.46

2015-01-01

Abstract:Due to the development of the network and the growth big data, data owner prefer to remotely outsource their data to cloud, which can avoid the local data management and decrease the local hardware cost. But some sensitive data, such as personal healthcare information and personal property information, must be encrypted firstly and then outsourced to the cloud. This can protect sensitive information. But the outsource encrypted data to cloud can increase the difficulty of the data retrieval, because data owner or unauthorized users can't search correctly the data they need, and also it is impractical to download all of the data to local side from the cloud, which will result in huge communication an computation overhead. Hence, some cloud data retrieval schemes has been proposed to solve this problem, these schemes not only can search the data they need correctly, but also can prevent sensitive data leaked out. In this paper, we survey the privacy preserving cloud data retrieval schemes and give a comparison of them with respect to the key principles of search and privacy assured.

Tong Li,Zhengan Huang,Ping Li,Zheli Liu,Chunfu Jia

DOI: https://doi.org/10.1016/j.jnca.2017.12.021

IF: 7.574

2018-01-01

Journal of Network and Computer Applications

Abstract:With the diversity of cloud services, remote data services based on the machine learning classification have been provided in many applications including risk assessment and image recognition. In a classification service, a classifier owner that acts a service provider establishes a protocol to allow a user to query for the evaluation of his/her data. However, such an owner has to keep on-line continuously and equip with enough bandwidth and computing resources. Although the owner can outsource the service to a powerful service, there remains a challenge that is protecting the privacy of the data and the classifier. In this paper, we propose a novel scheme for a classifier owner to delegate a remote server to provide the privacy-preserving classification service for users. In the proposed scheme, we design efficient classification protocols for two concrete classifiers respectively. We implement the prototype of the scheme and conduct experiments. The experimental results show that the scheme is practical.