Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Zheli Liu,Jingwei Li,Jin Li,Chunfu Jia,Jun Yang,Ke Yuan

DOI: https://doi.org/10.4018/ijdwm.2014100104

2014-01-01

International Journal of Data Warehousing and Mining

Abstract:With the development of cloud computing and big data, data privacy protection has become an urgent problem to solve. Data encryption is the most effective way to protect privacy; however, it will change the data format and result in: 1. database structure and application software will be changed; 2. structured query language (SQL) operations cannot work properly, especially in SQL-based fuzzy query. As a result, it is necessary to provide an SQL-based fuzzy query mechanism over encrypted databases, including traditional databases and cloud outsourced databases. This paper establishes a secure database system using format-preserving encryption (FPE) as the underlying primitive to protect the data privacy while not change the database structure. It further proposes a new SQL-based fuzzy query mechanism supporting directly query over encrypted data, which is constructed by FPE and universal hash function (UHF). The security of the proposed mechanism is analyzed as well. In the end, it makes extensive experiments on the system to demonstrate its practical performance.

Zheli Liu,Haoyu Ma,Jin Li,Chunfu Jia,Jingwei Li,Ke Yuan

DOI: https://doi.org/10.1007/978-3-642-38631-2_32

2013-01-01

Abstract:Outsourcing database has attracted much attention recently due to the emergence of Cloud Computing. However, there are still two problems to solve, 1) how to encipher and protect the sensitive information before outsourcing while keeping the database structure, and 2) how to enable better utilization of the database like fuzzy queries over the encrypted information. In this paper we propose a new solution based on format-preserving encryption, which protects the privacy of the sensitive data and keeps the data structure as well in the encrypted database. We also show how to perform fuzzy queries over such enciphered data. Specially, our scheme supports fuzzy queries by simply exploiting the internal storing and query mechanism of the databases, thus the influence on both the inner relation of databases and the construction of applications are minimized. Evaluation indicates that our scheme is able to efficiently perform fuzzy query on encrypted database.

Hui Li,Jingwen Shi,Qi Tian,Zheng Li,Yan Fu,Bingqing Shen,Yaofeng Tu

2024-04-10

Abstract:As cloud computing gains traction, data owners are outsourcing their data to cloud service providers (CSPs) for Database Service (DBaaS), bringing in a deviation of data ownership and usage, and intensifying privacy concerns, especially with potential breaches by hackers or CSP insiders. To address that, encrypted database services propose encrypting every tuple and query statement before submitting to the CSP, ensuring data confidentiality when the CSP is honest-but-curious, or even compromised. Existing solutions either employ property preserving cryptography schemes, which can perform certain operations over ciphertext without decrypting the data over the CSP, or utilize trusted execution environment (TEE) to safeguard data and computations from the CSP. Based on these efforts, we introduce Enc2DB, a novel secure database system, following a hybrid strategy on PostgreSQL and openGauss. We present a micro-benchmarking test and self-adaptive mode switch strategy that can dynamically choose the best execution path (cryptography or TEE) to answer a given query. Besides, we also design and implement a ciphertext index compatible with native cost model and query optimizers to accelerate query processing. Empirical study over TPC-C test justifies that Enc2DB outperforms pure TEE and cryptography solutions, and our ciphertext index implementation also outperforms the state-of-the-art cryptographic-based system.

Cryptography and Security,Databases

Zongda Wu,Guandong Xu,Chenglang Lu,Enhong Chen,Fang Jiang,Guiling Li

DOI: https://doi.org/10.1007/s11280-017-0491-8

2017-01-01

World Wide Web

Abstract:Due to the advantages of pay-on-demand, expand-on-demand and high availability, cloud databases (CloudDB) have been widely used in information systems. However, since a CloudDB is distributed on an untrusted cloud side, it is an important problem how to effectively protect massive private information in the CloudDB. Although traditional security strategies (such as identity authentication and access control) can prevent illegal users from accessing unauthorized data, they cannot prevent internal users at the cloud side from accessing and exposing personal privacy information. In this paper, we propose a client-based approach to protect personal privacy in a CloudDB. In the approach, privacy data before being stored into the cloud side, would be encrypted using a traditional encryption algorithm, so as to ensure the security of privacy data. To execute various kinds of query operations over the encrypted data efficiently, the encrypted data would be also augmented with additional feature index, so that as much of each query operation as possible can be processed on the cloud side without the need to decrypt the data. To this end, we explore how the feature index of privacy data is constructed, and how a query operation over privacy data is transformed into a new query operation over the index data so that it can be executed on the cloud side correctly. The effectiveness of the approach is demonstrated by theoretical analysis and experimental evaluation. The results show that the approach has good performance in terms of security, usability and efficiency, thus effective to protect personal privacy in the CloudDB.

Xiaofei Wang,Qianhong Wu,Yuqing Zhang

DOI: https://doi.org/10.48550/arXiv.1708.08191

2017-08-28

Databases

Abstract:Individuals and organizations tend to migrate their data to clouds, especially in a DataBase as a Service (DBaaS) pattern. The major obstacle is the conflict between secrecy and utilization of the relational database to be outsourced. We address this obstacle with a Transparent DataBase (T-DB) system strictly following the unmodified DBaaS framework. A database owner outsources an encrypted database to a cloud platform, needing only to store the secret keys for encryption and an empty table header for the database; the database users can make almost all types of queries on the encrypted database as usual; and the cloud can process ciphertext queries as if the database were not encrypted. Experimentations in realistic cloud environments demonstrate that T-DB has perfect query answer precision and outstanding performance.

Guoxiu Liu,Geng Yang,Haiwei Wang,Hua Dai,Qiang Zhou

DOI: https://doi.org/10.3837/tiis.2018.07.021

2018-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the advent of database-as-a-service (DAAS) and cloud computing, more and more data owners are motivated to outsource their data to cloud database in consideration of convenience and cost. However, it has become a challenging work to provide security to database as service model in cloud computing, because adversaries may try to gain access to sensitive data, and curious or malicious administrators may capture and leak data. In order to realize privacy preservation, sensitive data should be encrypted before outsourcing. In this paper, we present a secure and practical system over encrypted cloud data, called QSDB (queryable and secure database), which simultaneously supports SQL query operations. The proposed system can store and process the floating point numbers without compromising the security of data. To balance tradeoff between data privacy protection and query processing efficiency, QSDB utilizes three different encryption models to encrypt data. Our strategy is to process as much queries as possible at the cloud server. Encryption of queries and decryption of encrypted queries results are performed at client. Experiments on the real-world data sets were conducted to demonstrate the efficiency and practicality of the proposed system.

Wei Wu,Ming Xian,Udaya Parampalli,Bin Lu

DOI: https://doi.org/10.1007/s11280-021-00863-w

2021-02-02

World Wide Web

Abstract:In recent years, more users tend to use data mining as a service (DMaaS) provided by cloud service providers. However, while enjoying the convenient pay-per-use mode and powerful capacity of cloud computing, users are also threatened by the potential risk of privacy leakage. In this paper, we aim to efficiently perform privacy-preserving DMaaS, and focus on frequent itemset mining over encrypted database in outsourced cloud environment. Existing work apply different encryption methods to design various privacy-preserving mining solutions. Nevertheless, these approaches either cannot provide sufficient security requirements, or introduce heavy computation costs. Some of them also need users staying on-line to execute computations, which are not practical in real-world applications. In this paper, we propose a novel efficient privacy-preserving frequent itemset query (PPFIQ) scheme using two homomorphic encryptions and ciphertext packing technique. The proposed scheme protects transaction database with semantic security, preserves mining privacy and resists frequency analysis attacks. Meanwhile, efficiency is guaranteed by inherent parallel computations for packed plaintexts and users could stay off-line during the mining process. We provide formal security analysis and evaluate the performance of our scheme with extensive experiments. The experiment results demonstrate that the proposed scheme can be efficiently implemented on large databases.

Zhiqiang Yang,Sheng Zhong,Rebecca N. Wright

DOI: https://doi.org/10.1007/11863908_29

2006-01-01

Abstract:Data confidentiality is a major concern in database systems. Encryption is a useful tool for protecting the confidentiality of sensitive data. However, when data is encrypted, performing queries becomes more challenging. In this paper, we study efficient and provably secure methods for queries on encrypted data stored in an outsourced database that may be susceptible to compromise. Specifically, we show that, in our system, even if an intruder breaks into the database and observes some interactions between the database and its users, he only learns very little about the data stored in the database and the queries performed on the data.Our work consists of several components. First, we consider databases in which each attribute has a finite domain and give a basic solution for certain kinds of queries on such databases. Then, we present two enhanced solutions, one with a stronger security guarantee and the other with accelerated queries. In addition to providing proofs of our security guarantees, we provide empirical performance evaluations. Our experiments demonstrate that our solutions are fast on large-sized real data.

Zoe L. Jiang,Jiajun Huang,Zechao Liu,Xuan Wang

DOI: https://doi.org/10.1109/spac.2017.8304269

2017-01-01

Abstract:With the rapid popularization of cloud computing, people began to store data in the cloud server, to avoid the cumbersome local data management and to get more convenient services. However, on one hand the cloud server cannot guarantee absolute security, as Hackers will use a variety of unexpected method to intrude the cloud server. On the other hand, the cloud server administrator may leak data in database, which may lead to serious consequence. The data can be stored in the form of ciphertext for the sake of protecting the privacy of user data. One efficient method to prevent data leakage is data encryption. However, this brings a range of problems. For example, in what ways the encrypted data which stored in the cloud server can be searched by authorized data users? Motivated by this question, we proposed Attribute-based Queries over Outsourced Encrypted Database. This method enables a data user, whose attributes satisfy one specific data owners access control policy, search over the data owners outsourced encrypted database.

Jianfei Sun,Guowen Xu,Tianwei Zhang,Hu Xiong,Hongwei Li,Robert H. Deng

DOI: https://doi.org/10.1109/tcc.2021.3117998

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:Benefiting from the powerful computing and storage capabilities of cloud services, data sharing in the cloud has been permeated across various applications including social networks, e-health and crowdsourcing transportation system. Intuitively, outsourcing data to untrusted cloud commonly raises concerns about data privacy breaches. To combat this, one approach is exploiting Broadcast Based Searchable Encryption (BBSE) for secure data sharing. Nevertheless, the latest proposed BBSE is still defective in either security or efficiency. In this article, we propose ESPD, an Efficient, Scalable and Privacy-preserving Data sharing framework over encrypted cloud dataset. Different from previous works, ESPD supports sharing target data to multiple users with distinct secret keys, and keeps a constant ciphertext length with the changes of the amount of system users. This feature significantly improves search efficiency and makes ESPD scalable in real-world scenarios. We show a formal analysis to prove the security of ESPD in terms of file privacy, keyword privacy and trapdoor privacy. Also, extensive experiments on real-world dataset are conducted to indicate the desirable performance of ESPD compared to other similar schemes.

Wenjie Liu,Peipei Gao,Zhihao Liu,Hanwu Chen,Maojun Zhang

DOI: https://doi.org/10.1155/2019/4923590

2020-02-01

Abstract:Cloud computing is a powerful and popular information technology paradigm that enables data service outsourcing and provides higher-level services with minimal management effort. However, it is still a key challenge to protect data privacy when a user accesses the sensitive cloud data. Privacy-preserving database query allows the user to retrieve a data item from the cloud database without revealing the information of the queried data item, meanwhile limiting user's ability to access other ones. In this study, in order to achieve the privacy preservation and reduce the communication complexity, a quantum-based database query scheme for privacy preservation in cloud environment is developed. Specifically, all the data items of the database are firstly encrypted by different keys for protecting server's privacy, and in order to guarantee the clients' privacy, the server is required to transmit all these encrypted data items to the client with the oblivious transfer strategy. Besides, two oracle operations, a modified Grover iteration, and a special offset encryption mechanism are combined together to ensure that the client can correctly query the desirable data item. Finally, performance evaluation is conducted to validate the correctness, privacy, and efficiency of our proposed scheme.

Quantum Physics,Cryptography and Security

Yonghong Yu,Wenyang Bai

DOI: https://doi.org/10.4028/www.scientific.net/amr.255-260.2224

2011-01-01

Advanced Materials Research

Abstract:Advances in networking technologies and the continued growth of the internet have triggered a new trend towards outsourcing data management and information technology needs to external service providers, and privacy requirements have an increasing impact on such real-world applications. In this paper, we propose a solution to enforce data privacy over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption of attribute partition and the decomposition of SQL queries, the approach allows storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format, and allows executing queries over encrypted outsourced database efficiently.

Jin Li,Qian Wang,Cong Wang,Ning Cao,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/infcom.2010.5462196

2010-01-01

Abstract:As Cloud Computing becomes prevalent, more and more sensitive information are being centralized into the cloud. For the protection of data privacy, sensitive data usually have to be encrypted before outsourcing, which makes effective data utilization a very challenging task. Although traditional searchable encryption schemes allow a user to securely search over encrypted data through keywords and selectively retrieve files of interest, these techniques support only exact keyword search. That is, there is no tolerance of minor typos and format inconsistencies which, on the other hand, are typical user searching behavior and happen very frequently. This significant drawback makes existing techniques unsuitable in Cloud Computing as it greatly affects system usability, rendering user searching experiences very frustrating and system efficacy very low. In this paper, for the first time we formalize and solve the problem of effective fuzzy keyword search over encrypted cloud data while maintaining keyword privacy. Fuzzy keyword search greatly enhances system usability by returning the matching files when users' searching inputs exactly match the predefined keywords or the closest possible matching files based on keyword similarity semantics, when exact match fails. In our solution, we exploit edit distance to quantify keywords similarity and develop an advanced technique on constructing fuzzy keyword sets, which greatly reduces the storage and representation overheads. Through rigorous security analysis, we show that our proposed solution is secure and privacy-preserving, while correctly realizing the goal of fuzzy keyword search.

Xin Dong,Jiadi Yu,Yuan Luo,Yingying Chen,Guangtao Xue,Minglu Li

DOI: https://doi.org/10.1109/glocom.2013.6831152

2013-01-01

Abstract:Data sharing in the cloud, fueled by favorable cloud technology trends, has emerging as a promising pattern in regard to enabling data more accessible to users in a convenient manner. To achieve data sharing, enterprises and customers in increasing numbers keep their data stored into cloud server. In this paper, we focus on seeking a solution that allows secure and effective access to the cloud data. We propose an effective and flexible privacy-preserving data policy, P2E, utilizing ciphertext policy attribute-based encryption (CP-ABE) and combining it with technique of identity-based encryption (IBE). In addition to ensuring strong data sharing security, the policy succeeds in preserving the privacy of cloud users. Security analysis indicates that the proposed policy is security and enforces fine-grained access control and full collusion resistance simultaneously. Furthermore, our performance analysis and experimental results show that P2E is as light as possible.

Peiyi Tu,Xingjun Wang

DOI: https://doi.org/10.1007/978-981-97-0945-8_22

2024-01-01

Abstract:In recent years, the Database-as-a-Service (DAS) model has become increasingly popular for cost-effective data outsourcing to cloud service providers. To ensure data security and functionality, Searchable Encryption (SE) has been introduced. However, many existing SE schemes unintentionally leak access patterns, posing significant privacy risks. While solutions like Oblivious RAM (ORAM) and Fully Homomorphic Encryption (FHE) can mitigate this, they are computationally intensive, limiting their practicality for large-scale databases. In this paper, we design a dynamic and efficient SE scheme called DPDSE that exploits differential privacy obfuscation of access patterns. Specifically, we obfuscate the ciphertext by deploying Laplace and Randomized Response mechanism. DPDSE strikes a balance between privacy and storage costs, while maintaining compatibility with any SE scheme. We give a formal mathematical proof of the security of DPDSE and conduct experiments on real datasets. The results show that DPDSE is significantly more secure than traditional SE schemes at a storage cost of up to 2.5%.

YongHong Yu,Wenyang Bai

2010-01-01

Journal of Computational Information Systems

Abstract:Privacy requirements have an increasing impact on the real-world applications. Technical considerations and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external partied. In this paper, we propose a solution to enforce data confidentiality, data privacy, user privacy and access control over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in a parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition with quasi-identifier detection, the approach allow storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format. Meanwhile, by applying cryptographic technology on the auxiliary random server protocol, the approach can solve the problem of private information retrieval to protect data privacy, user privacy and access control on outsourced database services. The theoretical analysis shows that our new model can provide efficient data privacy protection and query processing, efficient in computational complexity and does not increase the cost of communication complexity of user privacy protection and access control. Copyright © 2010 Binary Information Press.

Songrui Wu,Qi Li,Guoliang Li,Dong Yuan,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/icde.2019.00062

2019-01-01

Abstract:Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.

Jingwei Li,Jin Li,Xiaofeng Chen,Zheli Liu,Chunfu Jia

DOI: https://doi.org/10.1016/j.future.2013.06.011

IF: 7.307

2014-01-01

Future Generation Computer Systems

Abstract:As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud, which raises a new challenge on how to utilize the outsourced data in a privacy-preserving manner. Although searchable encryption allows for privacy-preserving keyword search over encrypted data, it could not work effectively for restricting unauthorized access to the outsourced private data. In this paper, aiming at tackling the challenge of privacy-preserving utilization of data in cloud computing, we propose a practical hybrid architecture in which a private cloud is introduced as an access interface between the data owner/user and the public cloud. Under this architecture, a data utilization system is provided to achieve both exact keyword search and fine-grained access control over encrypted data. Security and efficiency analysis for the proposed system are presented in detail. Then, further enhancements for this system are considered in two steps. (1) We show how to extend our system to support efficient fuzzy keyword search while overcoming the disadvantage of insignificant decryption in the existing privacy-preserving fuzzy keyword search scheme. (2) We demonstrate approaches to realize an outsourcing cryptographic access control mechanism and further reduce the computational cost at the data user side.

Jin Sun,Xiaojing Wang,Shangping Wang,Lili Ren

DOI: https://doi.org/10.1371/journal.pone.0207543

IF: 3.7

2018-11-29

PLoS ONE

Abstract:Fog computing can extend cloud computing to the edge of the network so as to reduce latency and network congestion. However, existing encryption schemes were rarely used in fog environment, resulting in high computational and storage overhead. Aiming at the demands of local information for terminal device and the shortcomings of cloud computing framework in supporting mobile applications, by taking the hospital scene as an example, a searchable personal health records framework with fine-grained access control in cloud-fog computing is proposed. The proposed framework combines the attribute-based encryption (ABE) technology and search encryption (SE) technology to implement keyword search function and fine-grained access control ability. When keyword index and trapdoor match are successful, the cloud server provider only returns relevant search results to the user, thus achieving a more accurate search. At the same time, the scheme is multi-authority, and the key leakage problem is solved by dividing the user secret key distribution task. Moreover, in the proposed scheme, we securely outsource part of the encryption and decryption operations to the fog node. It is effective both in local resources and in resource-constrained mobile devices. Based on the decisional q-parallel bilinear Diffie-Hellman exponent (q-DBDHE) assumption and decisional bilinear Diffie-Hellman (DBDH) assumption, our scheme is proven to be secure. Simulation experiments show that our scheme is efficient in the cloud-fog environment.