YongHong Yu,Wenyang Bai

2010-01-01

Journal of Computational Information Systems

Abstract:Privacy requirements have an increasing impact on the real-world applications. Technical considerations and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external partied. In this paper, we propose a solution to enforce data confidentiality, data privacy, user privacy and access control over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in a parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition with quasi-identifier detection, the approach allow storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format. Meanwhile, by applying cryptographic technology on the auxiliary random server protocol, the approach can solve the problem of private information retrieval to protect data privacy, user privacy and access control on outsourced database services. The theoretical analysis shows that our new model can provide efficient data privacy protection and query processing, efficient in computational complexity and does not increase the cost of communication complexity of user privacy protection and access control. Copyright © 2010 Binary Information Press.

Yonghong Yu,Wenyang Bai

DOI: https://doi.org/10.4028/www.scientific.net/amr.255-260.2224

2011-01-01

Advanced Materials Research

Abstract:Advances in networking technologies and the continued growth of the internet have triggered a new trend towards outsourcing data management and information technology needs to external service providers, and privacy requirements have an increasing impact on such real-world applications. In this paper, we propose a solution to enforce data privacy over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption of attribute partition and the decomposition of SQL queries, the approach allows storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format, and allows executing queries over encrypted outsourced database efficiently.

YongHong Yu,Wenyang Bai

2010-01-01

Journal of Computational Information Systems

Abstract:Advances in networking technologies and the continued growth of the internet have triggered a new trend towards outsourcing data management and information technology needs to external service providers. Technical considerations and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external parties. It is therefore crucial to design solutions able to respond to this demand with a clear integration strategy for existing applications and a consideration of the performance impact of the protection measures. In this paper, we propose a solution to enforce data privacy over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in parsimonious way and mostly relies on attribute fragmentation to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute fragmentation, assisting by detecting quasi-identifier automatically, the approach allow storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format. Based on the decomposition of SQL queries, the approach allows executing queries over encrypted outsourced database efficiently. The theoretical analysis and experimental results show that our new model can provide efficient data privacy protection and query processing. © 2010 Binary Information Press.

YU Yong-hong,BAI Wen-yang

DOI: https://doi.org/10.3724/sp.j.1087.2011.00110

2011-01-01

Journal of Computer Applications

Abstract:Currently in outsourced database service,to consider a unilateral protection technology outsourcing is difficult to meet the security requirements of the lack of a database.In this paper,the authors proposed a solution to enforce data confidentiality,data privacy,user privacy and access control over outsourced database services.The approach started from a flexible definition of privacy constraints on a relational schema,applied encryption on information in a parsimonious way and mostly relied on attribute partition to protect sensitive information.Based on the approximation algorithm for the minimal encryption attribute partition with quasi-identifier detection,the approach allowed storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format.Meanwhile,by applying cryptographic technology on the auxiliary random server protocol,the approach can solve the problem of private information retrieval to protect user privacy and access control.The theoretical analysis shows that the new model can provide efficient data privacy protection and query processing,efficient in computational complexity and does not increase the cost of communication complexity of user privacy protection and access control.

Yonghong Yu,Wenyang Bai

DOI: https://doi.org/10.1109/MEC.2011.6025814

2011-01-01

Abstract:Notice of Violation of IEEE Publication Principles "Privacy Protection in Outsourced Database Services" by Yonghong Yu and Wenyang Bai in the Proceedings of the International Conference on Mechatronic Science, Electric Engineering and Computer, August 2011, pp. 1726-1731 After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, this paper has been found to be in violation of IEEE's Publication Principles. This paper contains substantial duplication of original text from the paper cited below. The original text was copied without attribution (including appropriate references to the original author(s) and/or paper title) and without permission. Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following article: "Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati in the Proceedings of the 23rd Annula IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec), July 2009 "Fragmentation and Encryption to Enforce Privacy in Data Storage" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati in the Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS), September 2007 "Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati in the Proceedings of the 29th International Conference on Distributed Computing Systems (ICDCS), June 2009 Technical consideratio- s and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external partied. In this paper, we propose a solution to enforce data confidentiality, data privacy and accountable user privacy in outsourced database services. The approach starts from a flexible definition of privacy constraints, applies encryption on information in a parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition, the approach allows storing the outsourced data on un-trusted database server and minimizing the amount of encrypted data. By combining cryptographic with auxiliary random server, the approach can reduce the computational and communication complexity of private information retrieval to provide user privacy protection. By introducing verifiable encryption and revocation of decryption based on event capsule, the approach obtains accountability when the user misbehaves. The theoretical analysis shows that our new approach can provide efficient data privacy, efficient accountable user privacy protection with lower computational complexity and not increase the cost of communication complexity simultaneously.

Xiaofeng Xu,Li Xiong,Jinfei Liu

DOI: https://doi.org/10.1145/2699026.2699121

2015-01-01

Abstract:Database fragmentation is a promising approach that can be used in combination with encryption to achieve secure data outsourcing which allows clients to securely outsource their data to remote untrusted server(s) while enabling query support using the outsourced data. Given a set of confidentiality constraints, it vertically partitions the database into fragments such that the set of attributes in each constraint do not appear together in any one fragment. The optimal fragmentation problem is to find a fragmentation with minimum cost for query support. In this paper, we propose an efficient graph search based approach which obtains near optimal fragmentation. We model the fragmentation search space as a graph and propose efficient search algorithms on the graph. We present static and dynamic search strategies as well as a novel level-wise graph expansion technique which dramatically reduces the search time. Extensive experiments showed that our method significantly outperforms other state-of-the-art methods.

YU Yong-hong,BAI Wen-yang

DOI: https://doi.org/10.3724/sp.j.1087.2010.02672

2010-01-01

Journal of Computer Applications

Abstract:In privacy protection based on database encryption technology for outsourcing database services,it is difficult to achieve balance between performance of data processing and privacy protection effectively.A new privacy protection method based on distributed outsourcing database service was proposed to provide both efficient privacy protection and query processing.Automatic quasi-identifiers detection and probabilistic anonymity were introduced.The data could be partitioned across many logically independent database servers horizontally or vertically,while only few sensitive data were encrypted or anonymous.According to the type of data fragmentation,the trusted client executed queries by transmitting appropriate sub-queries to different databases,and then pieced the results together at the client side.The theoretical analysis and experimental results show that the proposed method is well-balanced in dealing with the contradiction between data privacy preserving and efficient query processing.

Bai Wen-yang

2011-01-01

Abstract:Previous outsourced database server based on all data encryption can not effectively balance the relationship between data processing properties and the data privacy protection.Aiming at the shortages,this paper presents a privacy protection method based on a single outsourced database server.It combines fragmentation and encryption that can provide both efficient privacy protection and query processing.Based on the approximation algorithm for the minimal encryption attribute fragmentation,the method allows storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format.Theory analysis shows that this method has efficient privacy protection and query processing.

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

YongHong Yu,Wenyang Bai

2010-01-01

Abstract:The advent of database services has resulted in privacy concerns on the part of the client storing data with third party database service providers. Previous approaches to enabling such a service have been based on data encryption, causing a large overhead in query processing. In this paper we propose a distributed architecture for secure database service which can provide both efficient privacy protection and query processing. Based on the algorithms of automatic quasi-identifiers detection and probabilistic anonymity, the client data can be partitioned across many independent servers horizontally or vertically without being encrypted. The theoretical analysis and experimental results show that our method is well-balanced on dealing with the contradiction between data privacy preserving and efficient query processing.

YU Yong-hong,BAI Wen-yang

DOI: https://doi.org/10.4304/jsw.6.3.404-412

2011-01-01

Abstract:“ Data Privacy and User Privacy over Outsourced Database Service ” by Yonghong Yu, Wenyang Bai Journal of Software Volume 6, Number 3, March 2011, Page(s): 404-412 After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, the above paper has been found to be in violation of Academy Publisher’s Publication Principles. The first author ( Yonghong Yu ) has taken full responsibility and this violation was done without the knowledge of the second author ( Wenyang Bai ). This paper contains significant portions of original text from the papers cited below. The original text was copied without attribution (including appropriate references to the original authors and/or paper title) and without permission: Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following articles: [1] V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, Fragmentation and Encryption to Enforce Privacy in Data Storage, in Proc. of the 12th European Symposium On Research In Computer Security (ESORICS 2007), Dresden, Germany, September 24-26, 2007 [2] V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients, in Proc. of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2009), Montreal, Quebec, Canada, July 12-15, 2009 [3] V. Ciriani, S. De Capita ti, S. Jajodia, S. Paraboschi, and P. Samarati, Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases, in Proc. of the 29th International Conference on Distributed Computing Systems (ICDCS 2009), Montreal, Quebec, Canada, June 22-26, 2009

Zhiqiang Yang,Sheng Zhong,Rebecca N. Wright

DOI: https://doi.org/10.1007/11863908_29

2006-01-01

Abstract:Data confidentiality is a major concern in database systems. Encryption is a useful tool for protecting the confidentiality of sensitive data. However, when data is encrypted, performing queries becomes more challenging. In this paper, we study efficient and provably secure methods for queries on encrypted data stored in an outsourced database that may be susceptible to compromise. Specifically, we show that, in our system, even if an intruder breaks into the database and observes some interactions between the database and its users, he only learns very little about the data stored in the database and the queries performed on the data.Our work consists of several components. First, we consider databases in which each attribute has a finite domain and give a basic solution for certain kinds of queries on such databases. Then, we present two enhanced solutions, one with a stronger security guarantee and the other with accelerated queries. In addition to providing proofs of our security guarantees, we provide empirical performance evaluations. Our experiments demonstrate that our solutions are fast on large-sized real data.

Kai Fan,Tingting Liu,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.jpdc.2019.09.008

IF: 4.542

2020-01-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the development of computer technology, it makes malicious users more easily get data stored in cloud. However, these data are always related to users' privacy, and it is harmful when the data are acquired by attackers. Ciphertext-policy attribute-based encryption (CP-ABE) is suitable to achieve privacy and security in cloud. In this paper, we put forward a secure and efficient outsourced computation algorithm on data sharing scheme for privacy computing. Existing schemes only outsource decryption computation to the cloud, users still have heavy burden in encryption. In order to reduce the computing burden of users, most encryption and decryption computations are outsourced to the cloud service provider in our construction. At the same time, to apply in practice, we propose efficient user and attribute revocation. Finally, the security analysis and simulation results show that our scheme is secure and efficient compared with existing schemes.</p>

computer science, theory & methods

Kui Ren,Cong Wang

2012-01-01

Abstract:Cloud computing economically enables a fundamental paradigm of data service outsourcing, which provides lower up-front capital costs and less hands-on management. However, outsourcing data services to the commercial public cloud deprives customers' control over the systems that manage their data, raising security and privacy as the primary obstacles to the adoption of the cloud. To address these challenges, in this dissertation we explore the problem of secure and privacy-assured data service outsourcing in cloud computing. We aim at deploying the most fundamental data services including data storage, search, and sharing on the commercial public cloud, with built-in security and privacy assurance as well as high level service performance, usability, and scalability. Our contributions are as follows: Firstly, we focus on privacy-preserving secure cloud storage auditing to maintain strong storage correctness guarantee, given the difficulty that data files are no longer locally possessed by data owners. We first develop a random-masking sampling approach to allow a third party auditor to perform on-demand privacy-preserving storage correctness auditing on behalf of data owners, without violating owners' data privacy. For storage correctness assurance with data dynamics, we further investigate a novel sequence-enforced Merkle Hash Tree and manipulate it with the random sampling approach to support fully dynamic data operations. Secondly, we focus on privacy-assured and effective cloud data search services with strong privacy-assurance, while enjoying high service-level performance inherently demanded by the large number of data users and huge amount data files. We first investigate a widely applicable fuzzy/similarity keyword search problem, and develop a brand new symbol-based trie-traverse searching approach, where transformed fuzzy keywords extracted from data files are stored using a multi-way tree structure, while protecting keyword privacy. To enable search result relevance ranking, we further investigate secure ranked search, which facilitates efficient server-side result ranking without leaking any keyword related information. Thirdly, we study how to enable scalable and owner-controlled cloud data sharing services, given the challenge that data no longer resides on owners' trusted domain. We first associate data with a set of meaningful attributes, use logical composition of attributes to reflect fine-grained data access, and enforce owner's control via attribute-based encryption. For the inherent scalability requirement of cloud system, we further leverage the cloud as a mediated proxy, to which data owners can delegate most cumbersome data/user management workload, without affecting the underlying data confidentiality.

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/INFCOM.2010.5462174

2010-01-01

Abstract:Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.

Yuzhao Wu,Yongqiang Lyu,Qian Fang,Hao Yin,Geng Zheng,Yuanchun Shi

DOI: https://doi.org/10.1109/icdcsw.2017.19

2017-01-01

Abstract:Data outsourcing in cloud is emerging as a successful paradigm that benefits organizations and enterprises with high-performance, low-cost, scalable data storage and sharing services. However, this paradigm also brings forth new challenges for data confidentiality because the outsourced are not under the physic control of the data owners. The existing schemes to achieve the security and usability goal usually apply encryption to the data before outsourcing them to the storage service providers (SSP), and disclose the decryption keys only to authorized user. They cannot ensure the security of data while operating data in cloud where the third-party servicers are usually semi-trustworthy, and need lots of time to deal with the data. We construct a privacy data management system appending hierarchical access control called HAC-DMS, which can not only assure security but also save plenty of time when updating data in cloud.

David Sánchez,Montserrat Batet

DOI: https://doi.org/10.1016/j.comcom.2017.06.012

2017-07-03

Abstract:Even though cloud computing provides many intrinsic benefits, privacy concerns related to the lack of control over the storage and management of the outsourced data still prevent many customers from migrating to the cloud. Several privacy-protection mechanisms based on a prior encryption of the data to be outsourced have been proposed. Data encryption offers robust security, but at the cost of hampering the efficiency of the service and limiting the functionalities that can be applied over the (encrypted) data stored on cloud premises. Because both efficiency and functionality are crucial advantages of cloud computing, in this paper we aim at retaining them by proposing a privacy-protection mechanism that relies on splitting (clear) data, and on the distributed storage offered by the increasingly popular notion of multi-clouds. We propose a semantically-grounded data splitting mechanism that is able to automatically detect pieces of data that may cause privacy risks and split them on local premises, so that each chunk does not incur in those risks; then, chunks of clear data are independently stored into the separate locations of a multi-cloud, so that external entities cannot have access to the whole confidential data. Because partial data are stored in clear on cloud premises, outsourced functionalities are seamlessly and efficiently supported by just broadcasting queries to the different cloud locations. To enforce a robust privacy notion, our proposal relies on a privacy model that offers a priori privacy guarantees; to ensure its feasibility, we have designed heuristic algorithms that minimize the number of cloud storage locations we need; to show its potential and generality, we have applied it to the least structured and most challenging data type: plain textual documents.

Cryptography and Security

Haining Yang,Ye Su,Jing Qin,Huaxiong Wang,Yongcheng Song

DOI: https://doi.org/10.1016/j.ins.2020.05.118

IF: 8.1

2020-10-01

Information Sciences

Abstract:<p>With the rapid development of cloud computing, the practical applications such as the machine learning based on the outsourced data have been investigated in the data sharing setting. In machine learning, the inner product is a necessary primitive to analyze the description statistics. However, the inner product computation in selective data sharing setting has not been fully considered. For this fact, we propose a verifiable inner product computation scheme based on Inner Product Functional Encryption (IPFE). IPFE is employed to preserve the outsourced data privacy and restrict the computation on the outsourced data to be inner product. To achieve the key privacy and result privacy, we transform the secret key into blinded form, which in turn results in a blinded result. With the aim of implementing access control over the data user and outsourced data, we design to let cloud server perform the authentication procedures before computing inner product. This can also eliminate most computational overhead resulting from the unauthorized data user and undesired data. As a result, only the authorized data user can obtain the inner product computed on the designated outsourced data. The proposed scheme is proved to be secure under the authentication model and the result unforgeability model. The performance evaluation shows that the proposed scheme is feasible. To achieve a better security level, the proposed scheme is extended to be secure against the corrupted cloud server.</p>

computer science, information systems

Jun Tang,Yong Cui,Qi Li,Kui Ren,Jiangchuan Liu,Rajkumar Buyya

DOI: https://doi.org/10.1145/2906153

IF: 16.6

2016-01-01

ACM Computing Surveys

Abstract:With the rapid development of cloud computing, more and more enterprises/individuals are starting to outsource local data to the cloud servers. However, under open networks and not fully trusted cloud environments, they face enormous security and privacy risks (e.g., data leakage or disclosure, data corruption or loss, and user privacy breach) when outsourcing their data to a public cloud or using their outsourced data. Recently, several studies were conducted to address these risks, and a series of solutions were proposed to enable data and privacy protection in untrusted cloud environments. To fully understand the advances and discover the research trends of this area, this survey summarizes and analyzes the state-of-the-art protection technologies. We first present security threats and requirements of an outsourcing data service to a cloud, and follow that with a high-level overview of the corresponding security technologies. We then dwell on existing protection solutions to achieve secure, dependable, and privacy-assured cloud data services including data search, data computation, data sharing, data storage, and data access. Finally, we propose open challenges and potential research directions in each category of solutions.

Songrui Wu,Qi Li,Guoliang Li,Dong Yuan,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/icde.2019.00062

2019-01-01

Abstract:Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.