Xunwu Gong,Bin Hu,Yunqiang Xiong,Xiaofang Zhao

DOI: https://doi.org/10.1109/bigdatasecurityhpscids54978.2022.00022

2022-01-01

Abstract:We focus on the problem of how to boost greater confidence in computations outsourced to an untrusted cloud server. Naturally, we aim for solutions that cater for the following two security requirements: data confidentiality/privacy and verifiability of computations. This problem is addressed by the research community through an intriguing paradigm combining a verifiable computation (VC) and a fully homomorphic encryption (FHE). Despite continuing advances in achieving efficient VC and FHE, existing approaches that meet both requirements simultaneously are expensive and impractical for servers and clients. In this work, we first introduce an interesting primitive, called versatile message authenticators, to achieve a verifiable outsourced computation on encrypted data and then give a concrete construction. Without the involvement of FHE, our scheme mainly depends on a pseudo-random function and a adapted Homomorphic MAC scheme. Our solution is proven secure in a strong security model where the adversary is allowed to issue any verification queries. Furthermore, it allows for arbitrary composition and generates constant-size tags. However, our construction just supports linear functions. Finally, our security proof shows its semantic security and unforgeability.

Zhen Xu,Cong Wang,Kui Ren,Lingyu Wang,Bingsheng Zhang

DOI: https://doi.org/10.1109/tifs.2014.2352457

2013-01-01

Abstract:Cloud computing provides a “pay-per-use” utility service which offers the customer the economical access to large amount of computing resources with minimal management overhead. Despite the tremendous benefits, computation outsourcing also eliminates the customer's ultimate control over the data computation process, which makes securing cloud computation an imperative and challenging task, especially in the aspect of integrity verification. To address these challenges, in this paper we propose to research on integrity verification mechanisms for secure outsourced computations in cloud computing. In particular, we focus on outsourcing the widely applicable engineering optimization problem, i.e., convex optimization, and aim to investigate efficient integrity verification mechanisms using application-specific techniques. Our security design does not require the use of heavy cryptographic tools. Instead, we leverage the inherent structure of the optimization problems and the proof-carrying characteristics of the solving algorithms to achieve efficient integrity verification. The proposed design provides substantial computational savings on the customer side and introduce marginal overhead on the cloud side. We further prove its correctness and soundness. The extensive experiments under real cloud environment show our mechanisms ensure strong integrity assurance with high efficiency on both the customer and cloud sides and are readily applicable in practice.

Jian Shen,Dengzhi Liu,Xiaofeng Chen,Xinyi Huang,Jiageng Chen,Mingwu Zhang

DOI: https://doi.org/10.1007/978-3-319-93638-3_24

2018-01-01

Abstract:Computation outsourcing is a vital cloud service that can be provided for users. Using the cloud to address complex computations is crucial to users with lightweight devices. However, computations may not be correctly executed by the cloud due to monetary reasons. In this paper, we propose a secure publicly verifiable computation scheme in cloud computing, which is designed based on the polynomial commitment. Owing to the public key de-commitment of the polynomial commitment, our scheme can provide public verifiability for computation results. Security analysis shows that the proposed scheme is correct and can support public verifiability. Comparison and simulation results reveal that our scheme can be performed with low computational cost compared to previous schemes.

Kai Fan,Junxiong Wang,Xin Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.3390/s17071695

IF: 3.9

2017-01-01

Sensors

Abstract:With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

Lifeng Zhou,Chunguang Li

DOI: https://doi.org/10.1109/access.2016.2535103

IF: 3.9

2016-01-01

IEEE Access

Abstract:Cloud computing enables customers with limited computational resources to outsource their huge computation workloads to the cloud with massive computational power. However, in order to utilize this computing paradigm, it presents various challenges that need to be addressed, especially security. As eigen-decomposition (ED) and singular value decomposition (SVD) of a matrix are widely applied in engineering tasks, we are motivated to design secure, correct, and efficient protocols for outsourcing the ED and SVD of a matrix to a malicious cloud in this paper. In order to achieve security, we employ efficient privacy-preserving transformations to protect both the input and output privacy. In order to check the correctness of the result returned from the cloud, an efficient verification algorithm is employed. A computational complexity analysis shows that our protocols are highly efficient. We also introduce an outsourcing principle component analysis as an application of our two proposed protocols.

Francesca Stabile,Walter Lucia,Amr Youssef,Giuseppe Franze

2024-05-29

Abstract:The proliferation of cloud computing technologies has paved the way for deploying networked encrypted control systems, offering high performance, remote accessibility and privacy. However, in scenarios where the control algorithms run on third-party cloud service providers, the control logic might be changed by a malicious agent on the cloud. Consequently, it is imperative to verify the correctness of the control signals received from the cloud. Traditional verification methods, like zero-knowledge proof techniques, are computationally demanding in both proof generation and verification, may require several rounds of interactions between the prover and verifier and, consequently, are inapplicable in realtime control system applications. In this paper, we present a novel computationally inexpensive verifiable computing solution inspired by the probabilistic cut-and-choose approach. The proposed scheme allows the plant's actuator to validate the computations accomplished by the encrypted cloud-based networked controller without compromising the control scheme's performance. We showcase the effectiveness and real-time applicability of the proposed verifiable computation scheme using a remotely controlled Khepera IV differential-drive robot.

Systems and Control,Cryptography and Security

Changyu Dong,Yilei Wang,Amjad Aldweesh,Patrick McCorry,Aad van Moorsel

DOI: https://doi.org/10.1145/3133956.3134032

2017-01-01

Abstract:Cloud computing has become an irreversible trend. Together comes the pressing need for verifiability, to assure the client the correctness of computation outsourced to the cloud. Existing verifiable computation techniques all have a high overhead, thus if being deployed in the clouds, would render cloud computing more expensive than the on-premises counterpart. To achieve verifiability at a reasonable cost, we leverage game theory and propose a smart contract based solution. In a nutshell, a client lets two clouds compute the same task, and uses smart contracts to stimulate tension, betrayal and distrust between the clouds, so that rational clouds will not collude and cheat. In the absence of collusion, verification of correctness can be done easily by crosschecking the results from the two clouds. We provide a formal analysis of the games induced by the contracts, and prove that the contracts will be effective under certain reasonable assumptions. By resorting to game theory and smart contracts, we are able to avoid heavy cryptographic protocols. The client only needs to pay two clouds to compute in the clear, and a small transaction fee to use the smart contracts. We also conducted a feasibility study that involves implementing the contracts in Solidity and running them on the official Ethereum network.

Yuan Zhang,Chunxiang Xu,Xiaohui Liang,Hongwei Li,Yi Mu,Xiaojun Zhang

DOI: https://doi.org/10.1109/mcc.2016.94

2016-01-01

IEEE Cloud Computing

Abstract:Cloud storage services allow users to outsource their data to cloud servers to save local data storage costs. However, unlike using local storage devices, users do not physically manage the data stored on cloud servers; therefore, the data integrity of the outsourced data has become an issue. Many public verification schemes have been proposed to enable a third-party auditor to verify the data integrity for users. These schemes make an impractical assumption—the auditors have enough computation capability to bear expensive verification costs. In this paper, we propose a novel public verification scheme for the cloud storage using indistinguishability obfuscation, which requires a lightweight computation on the auditor and the delegate most computation to the cloud. We further extend our scheme to support batch verification and data dynamic operations, where multiple verification tasks from different users can be performed efficiently by the auditor and the cloud-stored data can be updated dynamically. Compared with other existing works, our scheme significantly reduces the auditor’s computation overhead. Moreover, the batch verification overhead on the auditor side in our scheme is independent of the number of verification tasks. Our scheme could be practical in a scenario, where the data integrity verifications are executed frequently, and the number of verification tasks (i.e., the number of users) is numerous; even if the auditor is equipped with a low-power device, it can verify the data integrity efficiently. We prove the security of our scheme under the strongest security model proposed by Shi et al. (ACM CCS 2013). Finally, we conduct a performance analysis to demonstrate that our scheme is more efficient than other existing works in terms of the auditor’s communication and computation efficiency.

Lamya Abdullah,Felix Freiling,Juan Quintero,Zinaida Benenson

DOI: https://doi.org/10.48550/arXiv.1906.07841

2019-06-18

Cryptography and Security

Abstract:In cloud computing, data processing is delegated to a remote party for efficiency and flexibility reasons. A practical user requirement usually is that the confidentiality and integrity of data processing needs to be protected. In the common scenarios of cloud computing today, this can only be achieved by assuming that the remote party does not in any form act maliciously. In this paper, we propose an approach that avoids having to trust a single entity. Our approach is based on two concepts: (1) the technical abstraction of sealed computation, i.e., a technical mechanism to confine the processing of data within a tamper-proof hardware container, and (2) the additional role of an auditing party that itself cannot add functionality to the system but is able to check whether the system (including the mechanism for sealed computation) works as expected. We discuss the abstract technical and procedural requirements of these concepts and explain how they can be applied in practice.

Zi Jiao,Fucai Zhou,Qiang Wang,Jintong Sun

DOI: https://doi.org/10.3390/s22114012

IF: 3.9

2022-05-25

Sensors

Abstract:With publicly verifiable computation (PVC) development, users with limited resources prefer to outsource computing tasks to cloud servers. However, existing PVC schemes are mainly proposed for cloud computing scenarios, which brings bandwidth consumption or network delay of IoT devices in edge computing. In addition, dishonest edge servers may reduce resource utilization by returning unreliable results. Therefore, we propose a revocable publicly verifiable computation(RPVC) scheme for edge computing. On the one hand, RPVC ensures that users can verify the correct results at a small cost. On the other hand, it can revoke the computing abilities of dishonest edge servers. First, polynomial commitments are employed to reduce proofs' length and generation speed. Then, we improve revocable group signature by knowledge signatures and subset covering theory. This makes it possible to revoke dishonest edge servers. Finally, theoretical analysis proves that RPVC has correctness and security, and experiments evaluate the efficiency of RPVC.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Hao Wang,Debiao He,Jian Shen,Zhihua Zheng,Chuan Zhao,Minghao Zhao

DOI: https://doi.org/10.1007/s00500-016-2271-2

IF: 3.732

2016-01-01

Soft Computing

Abstract:In the attribute-based encryption (ABE) systems, users can encrypt and decrypt messages based on their attributes. Because of the flexibility of ABE, it is more and more widely used in various network environments. However, complex functionality of ABE may cause an enormous computational cost. This reason greatly restricts the application of ABE in practice. In order to minimize the local computation of ABE, we introduce the concept of verifiable outsourced ABE system, in which key generation center, encryptor and decryptor, are able to outsource their computing tasks to the corresponding service providers, respectively, to reduce the local load. In addition, they are also able to verify the correctness of outsourcing calculation efficiently by using the outsourcing verification services. This is useful to save local computational resources, especially for mobile devices. Then, we propose a specific verifiable outsourced ABE scheme and prove its adaptive security in the standard model using the dual-system encryption method. Finally, we introduce how to deploy our outsourced CP-ABE scheme in cloud computing environment.

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/INFCOM.2010.5462174

2010-01-01

Abstract:Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.

Weizhong Qiang,Deqing Zou,Shenglan Wang,Laurence Tianruo Yang,Hai Jin,Lei Shi

DOI: https://doi.org/10.1049/iet-ifs.2012.0094

2013-01-01

IET Information Security

Abstract:The security issue has been a challenging concern for cloud computing because of the multitenant usage model. In cloud, each application normally runs on a dynamic coalition that is composed by multiple virtual machines (VMs) running on different virtualised service nodes, which the authors called logic virtual domain (LVD). Moreover, the owners of cloud applications, who are also the tenants of cloud, would specify some security policies to control the access to those resources that they have paid for. Therefore the owners of cloud infrastructures have to provide the tenants with the mechanism to correctly configure and enforce the access control policies on resources that are from multiple service nodes, to meet the security requirements from cloud applications. To address the above challenge, this study presents the design and implementation about a multilayer access control architecture for LVD, named CloudAC, aiming to provide isolation control, information flow control and resource-sharing control among multiple VMs on Xen virtualisation platforms in cloud computing environment. The theory and technology this research formed will provide reliable security guarantee for resource configuration and application deployment on LVDs.

Jing Li,Xiong Li,Licheng Wang,Debiao He,Haseeb Ahmad,Xinxin Niu

DOI: https://doi.org/10.1007/s00500-017-2482-1

IF: 3.732

2018-01-01

Soft Computing

Abstract:Attributed-based encryption (ABE) is a promising cryptographic access control mechanism with a rich expressiveness of ABE policies. Due to the high complexities of encryption and decryption, users are burdened with large computation cost. Fortunately, outsourcing technologies can be used to reduce the computation overhead for the ABE schemes. In the recent decade, the achievements of the outsourced ciphertext-policy ABE (CP-ABE) schemes are inspiring. But, the outsourcing encryption algorithms for CP-ABE schemes are not addressed properly since the encryption exponents are dynamic. In this paper, we present an efficient outsourced CP-ABE scheme with checkability, where the number of the exponential operations in the encryption can be reduced to a constant by introducing a blinding algorithm. Meanwhile, the ciphertext size is not increased. Furthermore, to guarantee the correctness of our scheme, we provide the verification mechanism based on a collision-resistance hash function, which allows the users to efficiently check the validity of messages and outsourced computation results. Besides, the proposed scheme is secure against replayable chosen ciphertext attacks based on Green’s outsourcing security model. Intensive experiments are carried out to illustrate the efficiency of the proposed scheme.

Lifei Wei,Haojin Zhu,Zhenfu Cao,Xiaolei Dong,Weiwei Jia,Yunlu Chen,Athanasios V. Vasilakos

DOI: https://doi.org/10.1016/j.ins.2013.04.028

IF: 8.1

2013-01-01

Information Sciences

Abstract:Cloud computing emerges as a new computing paradigm that aims to provide reliable, customized and quality of service guaranteed computation environments for cloud users. Applications and databases are moved to the large centralized data centers, called cloud. Due to resource virtualization, global replication and migration, the physical absence of data and machine in the cloud, the stored data in the cloud and the computation results may not be well managed and fully trusted by the cloud users. Most of the previous work on the cloud security focuses on the storage security rather than taking the computation security into consideration together. In this paper, we propose a privacy cheating discouragement and secure computation auditing protocol, or SecCloud, which is a first protocol bridging secure storage and secure computation auditing in cloud and achieving privacy cheating discouragement by designated verifier signature, batch verification and probabilistic sampling techniques. The detailed analysis is given to obtain an optimal sampling size to minimize the cost. Another major contribution of this paper is that we build a practical secure-aware cloud computing experimental environment, or SecHDFS, as a test bed to implement SecCloud. Further experimental results have demonstrated the effectiveness and efficiency of the proposed SecCloud.

Jing Li,Zhitao Guan,Xiaojiang Du,Zijian Zhang,Jun Wu

DOI: https://doi.org/10.1109/icc.2017.7996492

2017-01-01

Abstract:With the increasing number of mobile applications and the popularity of cloud computing, the combination of these two techniques that named mobile cloud computing (MCC) attracts great attention in recent years. A promising public key encryption scheme, Attribute-Based Encryption (ABE), especially the Ciphertext Policy Attribute-Based Encryption (CP-ABE), has been used for realizing fine-grained access control on encrypted data stored in MCC. However, the computational overhead of encryption and decryption grow with the complexity of the access policy. Thus, maintaining data security as well as efficiency of data processing in MCC are important and challenging issues. In this paper, we propose an efficient encryption method based on CP-ABE, which can lower the overhead on data owners. To further reduce the decryption overhead on data receivers, we additionally propose a verifiable outsourced decryption scheme. By security analysis and performance evaluation, the proposed scheme is proved to be secure as well as efficient.

Wenyi Tang,Bo Qin,Yanan Li,Qianhong Wu

DOI: https://doi.org/10.3837/tiis.2020.01.016

2020-01-01

Abstract:Fog computing has become a popular concept in the application of internet of things (IoT). With the superiority in better service providing, the edge cloud has become an attractive solution to IoT networks. The data outsourcing scheme of IoT devices demands privacy protection as well as computation verification since the lightweight devices not only outsource their data but also their computation. Existing solutions mainly deal with the operations over encrypted data, but cannot support the computation verification in the same time. In this paper, we propose a data outsourcing scheme based on an encrypted database system with linear computation as well as efficient query ability, and enhance the interlayer program in the original system with homomorphic message authenticators so that the system could perform computational verifying. The tools we use to construct our scheme have been proven secure and valid. With our scheme, the system could check if the cloud provides the correct service as the system asks. The experiment also shows that our scheme could be as effective as the original version, and the extra load in time is neglectable.

Junhong Yang,Banghai Wang,Junyu Quan,Qin Li

2024-09-03

Abstract:Variational quantum algorithms (VQAs) have shown potential for quantum advantage with noisy intermediate-scale quantum (NISQ) devices for quantum machine learning (QML). However, given the high cost and limited availability of quantum resources, delegating VQAs via cloud networks is a more practical solution for clients with limited quantum capabilities. Recently, Shingu et al.[Physical Review A, 105, 022603 (2022)] proposed a variational secure cloud quantum computing protocol, utilizing ancilla-driven quantum computation (ADQC) for cloud-based VQAs with minimal quantum resource consumption. However, their protocol lacks verifiability, which exposes it to potential malicious behaviors by the server. Additionally, channel loss requires frequent re-delegation as the size of the delegated variational circuit grows, complicating verification due to increased circuit complexity. This paper introduces a new protocol to address these challenges and enhance both verifiability and tolerance to channel loss in cloud-based VQAs.

Quantum Physics,Machine Learning

Xingkai Wang,Zhenfu Cao,Zhen Liu,Kaitai Liang

DOI: https://doi.org/10.1109/tdsc.2024.3449770

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Gordon et al. systematically studied the Universally Composable (UC) security of Multi-client Verifiable Computation (MVC), in which a set of computationally-weak clients delegate the computation of a general function to an untrusted server based on their private inputs, and proposed a UC-secure scheme ensuring that the protocol remains secure even when arbitrarily composed with other UC-secure instances. However, this scheme imposed a significant computational overhead on clients due to the utilization of fully homomorphic encryption, and the plaintext size scaled linearly with function input size. In this work, we present MVOC, a more efficient UC-secure MVC protocol, that significantly reduces the amortized overhead for clients in both semi-honest and malicious settings, by delegating a larger portion of the computation to the server. We enable clients to verify the garbled circuit before entering the online phase, ensuring security against malicious clients without incurring heavy overhead of compiling a semi-honest protocol into a malicious one. We present the detailed proof and analyze the theoretical complexity of MVOC. Furthermore, we implement our protocol and evaluate the performance, and the results demonstrate that the computation and communication overheads during the input phase can be decreased by at least 95.55% and 87.17%, respectively.

Lirong Qiu,Xin Sun,Juan Xu

DOI: https://doi.org/10.1007/s00500-017-2688-2

IF: 3.732

2017-01-01

Soft Computing

Abstract:Access control is a mechanism that is used to decide which agent has access to which resource with some specific operations. This paper is devoted to the investigation of quantum cryptography in access control. We develop three quantum protocols and use them for key distribution, identity authentication and digital certification, respectively. We analyze our protocols by the graphical language of categorical quantum mechanics. These protocols are unconditionally secure and implementable by the current technology.