Jinfei Liu,Juncheng Yang,Li Xiong,Jian Pei

DOI: https://doi.org/10.1109/icde.2017.117

2017-01-01

Abstract:Outsourcing data and computation to cloud server provides a cost-e ective way to support large scale data storage and query processing. However, due to security and privacy concerns, sensitive data (e.g., medical records) need to be protected from the cloud server and other unauthorized users. One approach is to outsource encrypted data to the cloud server and have the cloud server perform query processing on the encrypted data only. It remains a challenging task to support various queries over encrypted data in a secure and e cient way such that the cloud server does not gain any knowledge about the data, query, and query result. In this paper, we study the problem of secure skyline queries over encrypted data. The skyline query is particularly important for multicriteria decision making but also presents significant challenges due to its complex computations. We propose a fully secure skyline query protocol on data encrypted using semanticallysecure encryption. As a key subroutine, we present a new secure dominance protocol, which can be also used as a building block for other queries. Finally, we provide both serial and parallelized implementations and empirically study the protocols in terms of e ciency and scalability under di erent parameter settings, verifying the feasibility of our proposed solutions.

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Songrui Wu,Qi Li,Guoliang Li,Dong Yuan,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/icde.2019.00062

2019-01-01

Abstract:Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.

Lifeng Zhou,Chunguang Li

DOI: https://doi.org/10.1109/access.2016.2535103

IF: 3.9

2016-01-01

IEEE Access

Abstract:Cloud computing enables customers with limited computational resources to outsource their huge computation workloads to the cloud with massive computational power. However, in order to utilize this computing paradigm, it presents various challenges that need to be addressed, especially security. As eigen-decomposition (ED) and singular value decomposition (SVD) of a matrix are widely applied in engineering tasks, we are motivated to design secure, correct, and efficient protocols for outsourcing the ED and SVD of a matrix to a malicious cloud in this paper. In order to achieve security, we employ efficient privacy-preserving transformations to protect both the input and output privacy. In order to check the correctness of the result returned from the cloud, an efficient verification algorithm is employed. A computational complexity analysis shows that our protocols are highly efficient. We also introduce an outsourcing principle component analysis as an application of our two proposed protocols.

YU Yong-hong,BAI Wen-yang

DOI: https://doi.org/10.3724/sp.j.1087.2010.02672

2010-01-01

Journal of Computer Applications

Abstract:In privacy protection based on database encryption technology for outsourcing database services,it is difficult to achieve balance between performance of data processing and privacy protection effectively.A new privacy protection method based on distributed outsourcing database service was proposed to provide both efficient privacy protection and query processing.Automatic quasi-identifiers detection and probabilistic anonymity were introduced.The data could be partitioned across many logically independent database servers horizontally or vertically,while only few sensitive data were encrypted or anonymous.According to the type of data fragmentation,the trusted client executed queries by transmitting appropriate sub-queries to different databases,and then pieced the results together at the client side.The theoretical analysis and experimental results show that the proposed method is well-balanced in dealing with the contradiction between data privacy preserving and efficient query processing.

Lifeng Zhou,Chunguang Li

DOI: https://doi.org/10.1109/access.2015.2505720

IF: 3.9

2015-01-01

IEEE Access

Abstract:Cloud computing provides service for resource-constrained customers to perform large-scale scientific computation. However, it also brings some new challenges, which have to be considered in designing outsourcing protocols. In recent years, a few outsourcing protocols have been proposed for different kinds of problems. Quadratic programming (QP) is a class of mathematical optimization problem, and solving a large-scale QP problem requires a large amount of computation. Thus, there is a great need for customer to outsource large-scale QP problem to cloud. In this paper, we design a secure, verifiable, and efficient outsourcing protocol for QP problem. For security consideration, we encrypt the matrices and vectors contained in the QP problem in an efficient way. After cloud computing, we decrypt the result to get the ultimate solution. To ensure correctness, we verify the result returned by the cloud through Karush Kuhn Tucker conditions that are the necessary and sufficient conditions for the optimal solution. We also present complexity analysis and numerical simulations to illustrate the efficiency of our outsourcing protocol.

Guoxiu Liu,Geng Yang,Haiwei Wang,Hua Dai,Qiang Zhou

DOI: https://doi.org/10.3837/tiis.2018.07.021

2018-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the advent of database-as-a-service (DAAS) and cloud computing, more and more data owners are motivated to outsource their data to cloud database in consideration of convenience and cost. However, it has become a challenging work to provide security to database as service model in cloud computing, because adversaries may try to gain access to sensitive data, and curious or malicious administrators may capture and leak data. In order to realize privacy preservation, sensitive data should be encrypted before outsourcing. In this paper, we present a secure and practical system over encrypted cloud data, called QSDB (queryable and secure database), which simultaneously supports SQL query operations. The proposed system can store and process the floating point numbers without compromising the security of data. To balance tradeoff between data privacy protection and query processing efficiency, QSDB utilizes three different encryption models to encrypt data. Our strategy is to process as much queries as possible at the cloud server. Encryption of queries and decryption of encrypted queries results are performed at client. Experiments on the real-world data sets were conducted to demonstrate the efficiency and practicality of the proposed system.

Bo Zhang,Boxiang Dong,Hui Wang

DOI: https://doi.org/10.48550/arXiv.1808.08297

2019-01-08

Abstract:Spurred by developments such as cloud computing, there are increasing efforts for outsourcing of data management. A company (data owner) who lacks expertise and comptational resources can outsource his data to a third-party service provider (server), who provides storage and query evaluation on the outsourced data as the services. One of the security concerns of the outsourcing paradigm is the integrity of the returned query results on the outsourced data. In this paper, we consider the outsourcing of probabilistic databases, on which query evaluation is of high complexity. A dishonest server may return cheap (and incorrect) query answers, hoping that the client who has weak computational power cannot catch the incorrect results. To address this issue, we design efficient integrity verification methods for both all-answer and top-k query evaluation on outsourced probabilistic databases. Our empirical results demonstrate the effectiveness and efficiency of our verification methods.

Cryptography and Security

YU Yong-hong,BAI Wen-yang

DOI: https://doi.org/10.3724/sp.j.1087.2011.00110

2011-01-01

Journal of Computer Applications

Abstract:Currently in outsourced database service,to consider a unilateral protection technology outsourcing is difficult to meet the security requirements of the lack of a database.In this paper,the authors proposed a solution to enforce data confidentiality,data privacy,user privacy and access control over outsourced database services.The approach started from a flexible definition of privacy constraints on a relational schema,applied encryption on information in a parsimonious way and mostly relied on attribute partition to protect sensitive information.Based on the approximation algorithm for the minimal encryption attribute partition with quasi-identifier detection,the approach allowed storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format.Meanwhile,by applying cryptographic technology on the auxiliary random server protocol,the approach can solve the problem of private information retrieval to protect user privacy and access control.The theoretical analysis shows that the new model can provide efficient data privacy protection and query processing,efficient in computational complexity and does not increase the cost of communication complexity of user privacy protection and access control.

Bo Zhang,Boxiang Dong,Hui Wang

DOI: https://doi.org/10.48550/arXiv.1808.08313

2018-08-25

Abstract:Spurred by the development of cloud computing, there has been considerable recent interest in the Database-as-a-Service (DaaS) paradigm. Users lacking in expertise or computational resources can outsource their data and database management needs to a third-party service provider. Outsourcing, however, raises an important issue of result integrity: how can the client verify with lightweight overhead that the query results returned by the service provider are correct (i.e., the same as the results of query execution locally)? This survey focuses on categorizing and reviewing the progress on the current approaches for result integrity of SQL query evaluation in the DaaS model. The survey also includes some potential future research directions for result integrity verification of the outsourced computations.

Cryptography and Security

Xiuxia Tian,Chaofeng Sha,Xiaoling Wang,Aoying Zhou

DOI: https://doi.org/10.1007/978-3-642-20149-3_10

2011-01-01

Abstract:Database as a Service(DaaS) is a paradigm for data management in which the Database Service Provider(DSP), usually a professional third party for data management, can host the database as a service. Many security and query problems are brought about because of the possible untrusted or malicious DSP in this context. Most of the proposed papers are concentrated on using symmetric encryption to guarantee the confidentiality of the delegated data, and using partition based index to help execute the privacy preserving range query. However. encryption and decryption operations on large volume of data are time consuming, and query results always consist of many irrelevant data tuples. Different from encryption based scheme, in this paper, we present a secret share based scheme to guarantee the confidentiality of delegated data. And what is more important. we construct a privacy preserving index to accelerate query and to help return the exactly required data tuples. Finally we analyze the security properties and demonstrate the efficiency and query response time of our approach through empirical data.

Bo Sun,Sen Zhao,Guohua Tian

DOI: https://doi.org/10.1080/09540091.2024.2323059

2024-03-07

Connection Science

Abstract:Limited by the local storage resource, data users have to encrypt their data and outsource the encrypted databases to cloud servers to enjoy low-cost, professional data management services, which promotes the rapid development of outsourcing database technology. Despite this, the complex underlying setting and loosely coupled database architecture lead to various security risks and performance bottlenecks, while there is currently no work to achieve a comprehensive evaluation of existing encrypted database solutions from the aspects of underlying settings, security levels, functions, etc. In this work, we first propose an evaluation model to assess SQL functionalities and security from multiple dimensions. Secondly, we categorise the existing SQL query schemes into three categories: software-based construction, hardware-based construction, and hybrid-based construction, that is, a combination of software and hardware components. On this basis, we analyse the framework, advantages, and limitations of classic and state-of-the-art schemes. Finally, we summarise the software-based and hardware-based approaches from dimensions of SQL functionality, security, and efficiency, thus clarifying their ideal application scenarios. Notably, SQL query schemes that exhibit minimal equality of pair leakage and support strong obliviousness can achieve higher levels of security. In addition, hardware-based solutions can achieve more complex SQL queries and superior performance without designing complex and functionally-limited cryptographic tools.

computer science, artificial intelligence, theory & methods

Zihao Shan,Kui Ren,Marina Blanton,Cong Wang

DOI: https://doi.org/10.1145/3158363

IF: 16.6

2019-03-31

ACM Computing Surveys

Abstract:The rapid development of cloud computing promotes a wide deployment of data and computation outsourcing to cloud service providers by resource-limited entities. Based on a pay-per-use model, a client without enough computational power can easily outsource large-scale computational tasks to a cloud. Nonetheless, the issue of security and privacy becomes a major concern when the customer’s sensitive or confidential data is not processed in a fully trusted cloud environment. Recently, a number of publications have been proposed to investigate and design specific secure outsourcing schemes for different computational tasks. The aim of this survey is to systemize and present the cutting-edge technologies in this area. It starts by presenting security threats and requirements, followed with other factors that should be considered when constructing secure computation outsourcing schemes. In an organized way, we then dwell on the existing secure outsourcing solutions to different computational tasks such as matrix computations, mathematical optimization, and so on, treating data confidentiality as well as computation integrity. Finally, we provide a discussion of the literature and a list of open challenges in the area.

computer science, theory & methods

Yonghong Yu,Wenyang Bai

DOI: https://doi.org/10.4028/www.scientific.net/amr.255-260.2224

2011-01-01

Advanced Materials Research

Abstract:Advances in networking technologies and the continued growth of the internet have triggered a new trend towards outsourcing data management and information technology needs to external service providers, and privacy requirements have an increasing impact on such real-world applications. In this paper, we propose a solution to enforce data privacy over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption of attribute partition and the decomposition of SQL queries, the approach allows storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format, and allows executing queries over encrypted outsourced database efficiently.

Kui Ren,Cong Wang

2012-01-01

Abstract:Cloud computing economically enables a fundamental paradigm of data service outsourcing, which provides lower up-front capital costs and less hands-on management. However, outsourcing data services to the commercial public cloud deprives customers' control over the systems that manage their data, raising security and privacy as the primary obstacles to the adoption of the cloud. To address these challenges, in this dissertation we explore the problem of secure and privacy-assured data service outsourcing in cloud computing. We aim at deploying the most fundamental data services including data storage, search, and sharing on the commercial public cloud, with built-in security and privacy assurance as well as high level service performance, usability, and scalability. Our contributions are as follows: Firstly, we focus on privacy-preserving secure cloud storage auditing to maintain strong storage correctness guarantee, given the difficulty that data files are no longer locally possessed by data owners. We first develop a random-masking sampling approach to allow a third party auditor to perform on-demand privacy-preserving storage correctness auditing on behalf of data owners, without violating owners' data privacy. For storage correctness assurance with data dynamics, we further investigate a novel sequence-enforced Merkle Hash Tree and manipulate it with the random sampling approach to support fully dynamic data operations. Secondly, we focus on privacy-assured and effective cloud data search services with strong privacy-assurance, while enjoying high service-level performance inherently demanded by the large number of data users and huge amount data files. We first investigate a widely applicable fuzzy/similarity keyword search problem, and develop a brand new symbol-based trie-traverse searching approach, where transformed fuzzy keywords extracted from data files are stored using a multi-way tree structure, while protecting keyword privacy. To enable search result relevance ranking, we further investigate secure ranked search, which facilitates efficient server-side result ranking without leaking any keyword related information. Thirdly, we study how to enable scalable and owner-controlled cloud data sharing services, given the challenge that data no longer resides on owners' trusted domain. We first associate data with a set of meaningful attributes, use logical composition of attributes to reflect fine-grained data access, and enforce owner's control via attribute-based encryption. For the inherent scalability requirement of cloud system, we further leverage the cloud as a mediated proxy, to which data owners can delegate most cumbersome data/user management workload, without affecting the underlying data confidentiality.

Xiaofei Wang,Qianhong Wu,Yuqing Zhang

DOI: https://doi.org/10.48550/arXiv.1708.08191

2017-08-28

Databases

Abstract:Individuals and organizations tend to migrate their data to clouds, especially in a DataBase as a Service (DBaaS) pattern. The major obstacle is the conflict between secrecy and utilization of the relational database to be outsourced. We address this obstacle with a Transparent DataBase (T-DB) system strictly following the unmodified DBaaS framework. A database owner outsources an encrypted database to a cloud platform, needing only to store the secret keys for encryption and an empty table header for the database; the database users can make almost all types of queries on the encrypted database as usual; and the cloud can process ciphertext queries as if the database were not encrypted. Experimentations in realistic cloud environments demonstrate that T-DB has perfect query answer precision and outstanding performance.

YongHong Yu,Wenyang Bai

2010-01-01

Journal of Computational Information Systems

Abstract:Privacy requirements have an increasing impact on the real-world applications. Technical considerations and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external partied. In this paper, we propose a solution to enforce data confidentiality, data privacy, user privacy and access control over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in a parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition with quasi-identifier detection, the approach allow storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format. Meanwhile, by applying cryptographic technology on the auxiliary random server protocol, the approach can solve the problem of private information retrieval to protect data privacy, user privacy and access control on outsourced database services. The theoretical analysis shows that our new model can provide efficient data privacy protection and query processing, efficient in computational complexity and does not increase the cost of communication complexity of user privacy protection and access control. Copyright © 2010 Binary Information Press.

Zewei Liu,Chunqiang Hu,Ruinian Li,Tao Xiang,Xingwang Li,Jiguo Yu,Hui Xia

DOI: https://doi.org/10.1109/tcc.2022.3201401

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:As one of the key technologies to enable the internet of things (IoT), cloud computing plays a significant role in providing huge computing and storage facilities for large-scale data. Though cloud computing brings great advantages, new issues emerge, such as data security breach and privacy disclosure. In this article, we introduce a novel secure and privacy-preserving outsourcing computing scheme (hereafter referred to as SPOCS) to tackle this issue. In SPOCS, the effective use of Intel Software Guard Extensions (SGX), one of the trusted execution environment (TEE), ensures the confidence and integrity of sensitive data in cloud computing and prevents data loss from causing privacy disclosure. In order to keep malicious cloud service providers (CSPs) from illegally tampering with the outsourcing results, blockchain is employed to ensure the data immutability. Significantly, our proposed scheme achieves anonymity and traceability. In the outsourcing process, smart contracts are applied to make the whole process fully automated without any human involvement. Finally, the security of the proposed scheme is analyzed in terms of its resistance to different attacks. The experiments indicate that our scheme is effective and efficient.

computer science, information systems, theory & methods

Youssef Gahi,Imane El Alaoui

DOI: https://doi.org/10.1016/j.procs.2019.11.006

2019-01-01

Procedia Computer Science

Abstract:<p>Database-as-a-Service (DBaaS) is a new trend that allows industries and organizations outsource their databases and computations to external parties. However, despite the many advantages provided by this service in terms of cost reduction and efficiency, DBaaS raises many security issues regarding data privacy. The protection of privacy has been addressed by several research contributions proposing efficient solutions such as encrypted databases and blind queries over encrypted records. However, access control techniques still suffer from a lack of efficiency especially when dealing with encrypted databases. In this latter context, almost all proposed schemes consider an architecture of a single user (the data owner) that queries his encrypted database that he is the only one capable of decrypting. From a practical perspective, a database system is set up to support not only a single user but multiple users initiating multiple queries. However, managing multiple accesses to an encrypted database introduces several challenges like key sharing, key revocation, and data re-encryption. In this paper, we propose a simple and efficient proved protocol that allows multiple users to query the same database and decrypt the retrieved results without getting access to the secret key. In this protocol, the data owner is not risking the data privacy since he does not need to share the secret key to enable a multi-party collaboration.</p>

Shunrong Jiang,Xiaoyan Zhu,Linke Guo,Jianqing Liu

DOI: https://doi.org/10.1109/tcc.2017.2684811

IF: 5.697

2017-01-01

IEEE Transactions on Cloud Computing

Abstract:Outsourcing storage and computation to the cloud has become a common practice for businesses and individuals. As the cloud is semi-trusted or susceptible to attacks, many researches suggest that the outsourced data should be encrypted and then retrieved by using searchable symmetric encryption (SSE) schemes. Since the cloud is not fully trusted, we doubt whether it would always process queries correctly or not. Therefore, there is a need for users to verify their query results. Motivated by this, in this paper, we propose a publicly verifiable dynamic searchable symmetric encryption scheme based on the accumulation tree. We first construct an accumulation tree based on encrypted data and then outsource both of them to the cloud. Next, during the search operation, the cloud generates the corresponding proof according to the query result by mapping Boolean query operations to set operations while keeping privacy-preservation and achieving the verification requirements: authenticity, freshness, and completeness. The security analysis and performance evaluation show that the proposed scheme is privacy-preserving and practical.