YU Yong-hong,BAI Wen-yang

DOI: https://doi.org/10.3724/sp.j.1087.2011.00110

2011-01-01

Journal of Computer Applications

Abstract:Currently in outsourced database service,to consider a unilateral protection technology outsourcing is difficult to meet the security requirements of the lack of a database.In this paper,the authors proposed a solution to enforce data confidentiality,data privacy,user privacy and access control over outsourced database services.The approach started from a flexible definition of privacy constraints on a relational schema,applied encryption on information in a parsimonious way and mostly relied on attribute partition to protect sensitive information.Based on the approximation algorithm for the minimal encryption attribute partition with quasi-identifier detection,the approach allowed storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format.Meanwhile,by applying cryptographic technology on the auxiliary random server protocol,the approach can solve the problem of private information retrieval to protect user privacy and access control.The theoretical analysis shows that the new model can provide efficient data privacy protection and query processing,efficient in computational complexity and does not increase the cost of communication complexity of user privacy protection and access control.

YongHong Yu,Wenyang Bai

DOI: https://doi.org/10.1109/MEC.2011.6025814

2011-01-01

Abstract:Technical considerations and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external partied. In this paper, we propose a solution to enforce data confidentiality, data privacy and accountable user privacy in outsourced database services. The approach starts from a flexible definition of privacy constraints, applies encryption on information in a parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition, the approach allows storing the outsourced data on un-trusted database server and minimizing the amount of encrypted data. By combining cryptographic with auxiliary random server, the approach can reduce the computational and communication complexity of private information retrieval to provide user privacy protection. By introducing verifiable encryption and revocation of decryption based on event capsule, the approach obtains accountability when the user misbehaves. The theoretical analysis shows that our new approach can provide efficient data privacy, efficient accountable user privacy protection with lower computational complexity and not increase the cost of communication complexity simultaneously. © 2011 IEEE.

Yonghong Yu,Wenyang Bai

DOI: https://doi.org/10.4028/www.scientific.net/amr.255-260.2224

2011-01-01

Advanced Materials Research

Abstract:Advances in networking technologies and the continued growth of the internet have triggered a new trend towards outsourcing data management and information technology needs to external service providers, and privacy requirements have an increasing impact on such real-world applications. In this paper, we propose a solution to enforce data privacy over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption of attribute partition and the decomposition of SQL queries, the approach allows storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format, and allows executing queries over encrypted outsourced database efficiently.

YongHong Yu,Wenyang Bai

2010-01-01

Journal of Computational Information Systems

Abstract:Advances in networking technologies and the continued growth of the internet have triggered a new trend towards outsourcing data management and information technology needs to external service providers. Technical considerations and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external parties. It is therefore crucial to design solutions able to respond to this demand with a clear integration strategy for existing applications and a consideration of the performance impact of the protection measures. In this paper, we propose a solution to enforce data privacy over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in parsimonious way and mostly relies on attribute fragmentation to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute fragmentation, assisting by detecting quasi-identifier automatically, the approach allow storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format. Based on the decomposition of SQL queries, the approach allows executing queries over encrypted outsourced database efficiently. The theoretical analysis and experimental results show that our new model can provide efficient data privacy protection and query processing. © 2010 Binary Information Press.

Yonghong Yu,Wenyang Bai

DOI: https://doi.org/10.1109/MEC.2011.6025814

2011-01-01

Abstract:Notice of Violation of IEEE Publication Principles "Privacy Protection in Outsourced Database Services" by Yonghong Yu and Wenyang Bai in the Proceedings of the International Conference on Mechatronic Science, Electric Engineering and Computer, August 2011, pp. 1726-1731 After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, this paper has been found to be in violation of IEEE's Publication Principles. This paper contains substantial duplication of original text from the paper cited below. The original text was copied without attribution (including appropriate references to the original author(s) and/or paper title) and without permission. Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following article: "Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati in the Proceedings of the 23rd Annula IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec), July 2009 "Fragmentation and Encryption to Enforce Privacy in Data Storage" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati in the Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS), September 2007 "Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati in the Proceedings of the 29th International Conference on Distributed Computing Systems (ICDCS), June 2009 Technical consideratio- s and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external partied. In this paper, we propose a solution to enforce data confidentiality, data privacy and accountable user privacy in outsourced database services. The approach starts from a flexible definition of privacy constraints, applies encryption on information in a parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition, the approach allows storing the outsourced data on un-trusted database server and minimizing the amount of encrypted data. By combining cryptographic with auxiliary random server, the approach can reduce the computational and communication complexity of private information retrieval to provide user privacy protection. By introducing verifiable encryption and revocation of decryption based on event capsule, the approach obtains accountability when the user misbehaves. The theoretical analysis shows that our new approach can provide efficient data privacy, efficient accountable user privacy protection with lower computational complexity and not increase the cost of communication complexity simultaneously.

Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Jinfei Liu,Juncheng Yang,Li Xiong,Jian Pei

DOI: https://doi.org/10.1109/icde.2017.117

2017-01-01

Abstract:Outsourcing data and computation to cloud server provides a cost-e ective way to support large scale data storage and query processing. However, due to security and privacy concerns, sensitive data (e.g., medical records) need to be protected from the cloud server and other unauthorized users. One approach is to outsource encrypted data to the cloud server and have the cloud server perform query processing on the encrypted data only. It remains a challenging task to support various queries over encrypted data in a secure and e cient way such that the cloud server does not gain any knowledge about the data, query, and query result. In this paper, we study the problem of secure skyline queries over encrypted data. The skyline query is particularly important for multicriteria decision making but also presents significant challenges due to its complex computations. We propose a fully secure skyline query protocol on data encrypted using semanticallysecure encryption. As a key subroutine, we present a new secure dominance protocol, which can be also used as a building block for other queries. Finally, we provide both serial and parallelized implementations and empirically study the protocols in terms of e ciency and scalability under di erent parameter settings, verifying the feasibility of our proposed solutions.

YU Yong-hong,BAI Wen-yang

DOI: https://doi.org/10.3724/sp.j.1087.2010.02672

2010-01-01

Journal of Computer Applications

Abstract:In privacy protection based on database encryption technology for outsourcing database services,it is difficult to achieve balance between performance of data processing and privacy protection effectively.A new privacy protection method based on distributed outsourcing database service was proposed to provide both efficient privacy protection and query processing.Automatic quasi-identifiers detection and probabilistic anonymity were introduced.The data could be partitioned across many logically independent database servers horizontally or vertically,while only few sensitive data were encrypted or anonymous.According to the type of data fragmentation,the trusted client executed queries by transmitting appropriate sub-queries to different databases,and then pieced the results together at the client side.The theoretical analysis and experimental results show that the proposed method is well-balanced in dealing with the contradiction between data privacy preserving and efficient query processing.

Bai Wen-yang

2011-01-01

Abstract:Previous outsourced database server based on all data encryption can not effectively balance the relationship between data processing properties and the data privacy protection.Aiming at the shortages,this paper presents a privacy protection method based on a single outsourced database server.It combines fragmentation and encryption that can provide both efficient privacy protection and query processing.Based on the approximation algorithm for the minimal encryption attribute fragmentation,the method allows storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format.Theory analysis shows that this method has efficient privacy protection and query processing.

YongHong Yu,Wenyang Bai

2010-01-01

Abstract:The advent of database services has resulted in privacy concerns on the part of the client storing data with third party database service providers. Previous approaches to enabling such a service have been based on data encryption, causing a large overhead in query processing. In this paper we propose a distributed architecture for secure database service which can provide both efficient privacy protection and query processing. Based on the algorithms of automatic quasi-identifiers detection and probabilistic anonymity, the client data can be partitioned across many independent servers horizontally or vertically without being encrypted. The theoretical analysis and experimental results show that our method is well-balanced on dealing with the contradiction between data privacy preserving and efficient query processing.

Bai Wen-yang

2010-01-01

Abstract:This paper proposed a distributed architecture for secure database service which could provide both efficient privacy protection and query processing. Based on the algorithms of automatic quasi-identifiers detection,partitioned the client data across many logically independent database servers vertically,while only encrypted few sensitive data. The client executed queries by transmitting appropriate sub-queries to different databases based on metadata. The experimental results show that this method is well-balanced on dealing with the contradiction between data privacy protection and efficient query processing.

Zhiqiang Yang,Sheng Zhong,Rebecca N. Wright

DOI: https://doi.org/10.1007/11863908_29

2006-01-01

Abstract:Data confidentiality is a major concern in database systems. Encryption is a useful tool for protecting the confidentiality of sensitive data. However, when data is encrypted, performing queries becomes more challenging. In this paper, we study efficient and provably secure methods for queries on encrypted data stored in an outsourced database that may be susceptible to compromise. Specifically, we show that, in our system, even if an intruder breaks into the database and observes some interactions between the database and its users, he only learns very little about the data stored in the database and the queries performed on the data.Our work consists of several components. First, we consider databases in which each attribute has a finite domain and give a basic solution for certain kinds of queries on such databases. Then, we present two enhanced solutions, one with a stronger security guarantee and the other with accelerated queries. In addition to providing proofs of our security guarantees, we provide empirical performance evaluations. Our experiments demonstrate that our solutions are fast on large-sized real data.

YU Yong-hong,BAI Wen-yang

DOI: https://doi.org/10.4304/jsw.6.3.404-412

2011-01-01

Abstract:“ Data Privacy and User Privacy over Outsourced Database Service ” by Yonghong Yu, Wenyang Bai Journal of Software Volume 6, Number 3, March 2011, Page(s): 404-412 After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, the above paper has been found to be in violation of Academy Publisher’s Publication Principles. The first author ( Yonghong Yu ) has taken full responsibility and this violation was done without the knowledge of the second author ( Wenyang Bai ). This paper contains significant portions of original text from the papers cited below. The original text was copied without attribution (including appropriate references to the original authors and/or paper title) and without permission: Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following articles: [1] V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, Fragmentation and Encryption to Enforce Privacy in Data Storage, in Proc. of the 12th European Symposium On Research In Computer Security (ESORICS 2007), Dresden, Germany, September 24-26, 2007 [2] V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients, in Proc. of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2009), Montreal, Quebec, Canada, July 12-15, 2009 [3] V. Ciriani, S. De Capita ti, S. Jajodia, S. Paraboschi, and P. Samarati, Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases, in Proc. of the 29th International Conference on Distributed Computing Systems (ICDCS 2009), Montreal, Quebec, Canada, June 22-26, 2009

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/INFCOM.2010.5462174

2010-01-01

Abstract:Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.

WANG Zheng-fei,WANG Wei,SHI Bo-le

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.28.040

2010-01-01

Computer Engineering and Applications Journal

Abstract:Encryption technology has become an important mechanism of securing data stored in the outsourced database.However,it is a difficulty to query efficiently the encrypted data and many researchers take it into consideration.To solve the problem,an encrypted schema,based on the inner DBMS,is proposed.Through the security dictionary and the extended SQL,the approach implements the encrypted storage and efficient query over the data in the outsourced databases.Results of experiments validate the efficiency and feasibility of the approach.

Songrui Wu,Qi Li,Guoliang Li,Dong Yuan,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/icde.2019.00062

2019-01-01

Abstract:Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.

Guoxiu Liu,Geng Yang,Haiwei Wang,Hua Dai,Qiang Zhou

DOI: https://doi.org/10.3837/tiis.2018.07.021

2018-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the advent of database-as-a-service (DAAS) and cloud computing, more and more data owners are motivated to outsource their data to cloud database in consideration of convenience and cost. However, it has become a challenging work to provide security to database as service model in cloud computing, because adversaries may try to gain access to sensitive data, and curious or malicious administrators may capture and leak data. In order to realize privacy preservation, sensitive data should be encrypted before outsourcing. In this paper, we present a secure and practical system over encrypted cloud data, called QSDB (queryable and secure database), which simultaneously supports SQL query operations. The proposed system can store and process the floating point numbers without compromising the security of data. To balance tradeoff between data privacy protection and query processing efficiency, QSDB utilizes three different encryption models to encrypt data. Our strategy is to process as much queries as possible at the cloud server. Encryption of queries and decryption of encrypted queries results are performed at client. Experiments on the real-world data sets were conducted to demonstrate the efficiency and practicality of the proposed system.

Xiao Jiang,Jun Gao,Tengjiao Wang,Dongqing Yang

DOI: https://doi.org/10.1007/978-3-642-12098-5_10

2010-01-01

Abstract:With the popularity of the outsourced database, protecting sensitive associations in this environment is greatly desired and receives high attention. Table decomposition based method, which is suited for the current query evaluation of the database engine, provides an alternative to the conventional encryption method. Although some work on table decomposition has been done to handle single sensitive association in data publishing scenario or multiple associations in multiple servers, fewer attempts have been made to deal with multiple associations in single outsourced database. In this paper, we first illustrate that the simple extension of existing work will lead to new kinds of information leakages, and then we propose a novel table decomposition method, which achieves l-diversity, defeats the new information leakages, while at the same time, considers the query efficiency over the decomposed sub-tables. The final experimental results validate the effectiveness and efficiency of our method.

Bai Wen-yang

2010-01-01

Abstract:The development of modern information technology and digitalization of the daily lives brings security database new challenges. It is necessary for a security database to provide access control and privacy protection mechanism to ensure the legal use of data and to prevent privacy breach. This paper introduced an integrated security model which could provide the functions of privacy protection and access control simultaneously by building the connection between the validity of query in parameterized authorization view model and the suspiciousness of a conjunctive select-project-join query in online query audit model, it also designed a polynomial time detecting algorithm and two incorporating frameworks for the integrated model to provide higher performance and fine-grained access control in modern database systems.

Xin Liu,Hao Wang,Bo Zhang,Bin Zhang

DOI: https://doi.org/10.1016/j.ins.2021.10.038

IF: 8.1

2022-01-01

Information Sciences

Abstract:In a data access control system oriented toward the cloud storage environment, a data owner defines attribute-based access control policies for data files to realize fine-grained data sharing. However, the existing schemes have defects in user execution efficiency and user privacy protection, and they do not consider the problems of user revocation and attribute updates. To this end, we propose a ciphertext policy attribute-based encryption method with verifiable outsourced decryption; this requires a user to complete decryption with the help of a server, but the results of the outsourced decryption can be verified independently. With this new encryption scheme and the technique of k-times anonymous authentication, a new fine-grained data access control system was constructed; this system allows a server to provide users with outsourced decryption services, and users’ computation cost is independent of the size of the underlying access control policy. Moreover, the number of outsourced decryption requests is limited. In addition, the new system supports user revocation and attribute updates and it is provably secure under formal proofs. An efficiency analysis shows that it can be compared with other similar systems in terms of performance, despite the addition of several practical properties.

computer science, information systems