Jinfei Liu,Juncheng Yang,Li Xiong,Jian Pei

DOI: https://doi.org/10.1109/icde.2017.117

2017-01-01

Abstract:Outsourcing data and computation to cloud server provides a cost-e ective way to support large scale data storage and query processing. However, due to security and privacy concerns, sensitive data (e.g., medical records) need to be protected from the cloud server and other unauthorized users. One approach is to outsource encrypted data to the cloud server and have the cloud server perform query processing on the encrypted data only. It remains a challenging task to support various queries over encrypted data in a secure and e cient way such that the cloud server does not gain any knowledge about the data, query, and query result. In this paper, we study the problem of secure skyline queries over encrypted data. The skyline query is particularly important for multicriteria decision making but also presents significant challenges due to its complex computations. We propose a fully secure skyline query protocol on data encrypted using semanticallysecure encryption. As a key subroutine, we present a new secure dominance protocol, which can be also used as a building block for other queries. Finally, we provide both serial and parallelized implementations and empirically study the protocols in terms of e ciency and scalability under di erent parameter settings, verifying the feasibility of our proposed solutions.

Wentao Wang,Yuxuan Jin,Bin Cao

DOI: https://doi.org/10.1109/pst55820.2022.9851989

2022-01-01

Abstract:The growing power of cloud computing prompts data owners to outsource their databases to the cloud. In order to meet the demand of multi-dimensional data processing in big data era, multi-dimensional range queries, especially over cloud platform, have received extensive attention in recent years. However, since the third-party clouds are not fully trusted, it is popular for the data owners to encrypt sensitive data before outsourcing. It promotes the research of encrypted data retrieval. Nevertheless, most existing works suffer from single-dimensional privacy leakage which would severely put the data at risk. Up to now, although a few existing solutions have been proposed to handle the problem of single-dimensional privacy, they are unsuitable in some practical scenarios due to inefficiency, inaccuracy, and lack of support for diverse data. Aiming at these issues, this paper mainly focuses on the secure range query over encrypted data. We first propose an efficient and private range query scheme for encrypted data based on homomorphic encryption, which can effectively protect data privacy. By using the dual-server model as the framework of the system, we not only achieve multi-dimensional privacy-preserving range query but also innovatively realize similarity search based on MinHash over ciphertext domains. Then we perform formal security analysis and evaluate our scheme on real datasets. The result shows that our proposed scheme is efficient and privacy-preserving. Moreover, we apply our scheme to a shopping website. The low latency demonstrates that our proposed scheme is practical.

Yao Shen,Wei Yang,Lu Li,Liusheng Fitiang

DOI: https://doi.org/10.1016/j.pmcj.2017.04.008

IF: 3.848

2017-01-01

Pervasive and Mobile Computing

Abstract:With the prevalence of cloud computing, data owners are motivated to outsource their databases to the cloud server. However, to preserve data privacy, sensitive private data have to be encrypted before outsourcing, which makes data utilization a very challenging task. Existing work either focus on keyword searches and single-dimensional range query, or suffer from inadequate security guarantees and inefficiency. In this paper, we consider the problem of multidimensional private range queries over encrypted cloud data. To solve the problem, we systematically establish a set of privacy requirements for multidimensional private range queries, and propose a multidimensional private range query (MPRQ) framework based on private block retrieval (PBR), in which data owners keep the query private from the cloud server. To achieve both efficiency and privacy goals, we present an efficient and fully privacy-preserving private range query (PPRQ) protocol by using batch codes and multiplication avoiding technique. To our best knowledge, PPRQ is the first to protect the query, access pattern and single-dimensional privacy simultaneously while achieving efficient range queries. Moreover, PPRQ is secure in the sense of cryptography against semi-honest adversaries. Experiments on real-world datasets show that the computation and communication overhead of PPRQ is modest.

Guoxiu Liu,Geng Yang,Haiwei Wang,Hua Dai,Qiang Zhou

DOI: https://doi.org/10.3837/tiis.2018.07.021

2018-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the advent of database-as-a-service (DAAS) and cloud computing, more and more data owners are motivated to outsource their data to cloud database in consideration of convenience and cost. However, it has become a challenging work to provide security to database as service model in cloud computing, because adversaries may try to gain access to sensitive data, and curious or malicious administrators may capture and leak data. In order to realize privacy preservation, sensitive data should be encrypted before outsourcing. In this paper, we present a secure and practical system over encrypted cloud data, called QSDB (queryable and secure database), which simultaneously supports SQL query operations. The proposed system can store and process the floating point numbers without compromising the security of data. To balance tradeoff between data privacy protection and query processing efficiency, QSDB utilizes three different encryption models to encrypt data. Our strategy is to process as much queries as possible at the cloud server. Encryption of queries and decryption of encrypted queries results are performed at client. Experiments on the real-world data sets were conducted to demonstrate the efficiency and practicality of the proposed system.

Songrui Wu,Qi Li,Guoliang Li,Dong Yuan,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/icde.2019.00062

2019-01-01

Abstract:Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.

Lu Li,Liusheng Huang,An Liu,Yao Shen,Wei Yang,Shengnan Shao

DOI: https://doi.org/10.1007/978-3-319-21042-1_41

2015-01-01

Abstract:With the advent of cloud computing, data owners could upload their databases to the cloud service provider to relief the burden of data storage and management. To protect sensitive data from the cloud, the data owner could publish an encrypted version of the original data. However, this will make data utilization much harder. In this paper, we consider the problem of private range query. Specifically, the data owner wants to obtain all the data within a query region, while keeping the query private to the service provider. Previous works only provide partial security guarantee, and are inefficient to deal with large scale datasets. To solve this problem, we present a fully secure scheme based on private information retrieval (PIR) and batch codes (BC).

Wenjie Liu,Peipei Gao,Zhihao Liu,Hanwu Chen,Maojun Zhang

DOI: https://doi.org/10.1155/2019/4923590

2020-02-01

Abstract:Cloud computing is a powerful and popular information technology paradigm that enables data service outsourcing and provides higher-level services with minimal management effort. However, it is still a key challenge to protect data privacy when a user accesses the sensitive cloud data. Privacy-preserving database query allows the user to retrieve a data item from the cloud database without revealing the information of the queried data item, meanwhile limiting user's ability to access other ones. In this study, in order to achieve the privacy preservation and reduce the communication complexity, a quantum-based database query scheme for privacy preservation in cloud environment is developed. Specifically, all the data items of the database are firstly encrypted by different keys for protecting server's privacy, and in order to guarantee the clients' privacy, the server is required to transmit all these encrypted data items to the client with the oblivious transfer strategy. Besides, two oracle operations, a modified Grover iteration, and a special offset encryption mechanism are combined together to ensure that the client can correctly query the desirable data item. Finally, performance evaluation is conducted to validate the correctness, privacy, and efficiency of our proposed scheme.

Quantum Physics,Cryptography and Security

Zongda Wu,Guandong Xu,Chenglang Lu,Enhong Chen,Fang Jiang,Guiling Li

DOI: https://doi.org/10.1007/s11280-017-0491-8

2017-01-01

World Wide Web

Abstract:Due to the advantages of pay-on-demand, expand-on-demand and high availability, cloud databases (CloudDB) have been widely used in information systems. However, since a CloudDB is distributed on an untrusted cloud side, it is an important problem how to effectively protect massive private information in the CloudDB. Although traditional security strategies (such as identity authentication and access control) can prevent illegal users from accessing unauthorized data, they cannot prevent internal users at the cloud side from accessing and exposing personal privacy information. In this paper, we propose a client-based approach to protect personal privacy in a CloudDB. In the approach, privacy data before being stored into the cloud side, would be encrypted using a traditional encryption algorithm, so as to ensure the security of privacy data. To execute various kinds of query operations over the encrypted data efficiently, the encrypted data would be also augmented with additional feature index, so that as much of each query operation as possible can be processed on the cloud side without the need to decrypt the data. To this end, we explore how the feature index of privacy data is constructed, and how a query operation over privacy data is transformed into a new query operation over the index data so that it can be executed on the cloud side correctly. The effectiveness of the approach is demonstrated by theoretical analysis and experimental evaluation. The results show that the approach has good performance in terms of security, usability and efficiency, thus effective to protect personal privacy in the CloudDB.

Ke Cheng,Liangmin Wang,Yulong Shen,Hua Wang,Yongzhi Wang,Xiaohong Jiang,Hong Zhong

DOI: https://doi.org/10.1109/tbdata.2017.2707552

2017-01-01

IEEE Transactions on Big Data

Abstract:The k-nearest neighbors (k-NN) query is a fundamental primitive in spatial and multimedia databases. It has extensive applications in location-based services, classification & clustering and so on. With the promise of confidentiality and privacy, massive data are increasingly outsourced to cloud in the encrypted form for enjoying the advantages of cloud computing (e.g., reduce storage and query processing costs). Recently, many schemes have been proposed to support k-NN query on encrypted cloud data. However, prior works have all assumed that the query users (QUs) are fully-trusted and know the key of the data owner (DO), which is used to encrypt and decrypt outsourced data. The assumptions are unrealistic in many situations, since many users are neither trusted nor knowing the key. In this paper, we propose a novel scheme for secure k-NN query on encrypted cloud data with multiple keys, in which the DO and each QU all hold their own different keys, and do not share them with each other; meanwhile, the DO encrypts and decrypts outsourced data using the key of his own. Our scheme is constructed by a distributed two trapdoors public-key cryptosystem (DT-PKC) and a set of protocols of secure two-party computation, which not only preserves the data confidentiality and query privacy but also supports the offline data owner. Our extensive theoretical and experimental evaluations demonstrate the effectiveness of our scheme in terms of security and performance.

Kun Yang,Chengliang Tian,Hequn Xian,Weizhong Tian,Yan Zhang

DOI: https://doi.org/10.1007/s11280-022-01093-4

2022-10-21

World Wide Web

Abstract:In the current cloud computing and big data era, outsourcing the storage and associated query operations of large-scale databases to cloud service providers has become an increasingly popular computing paradigm. However, due to the potential mutual distrust among the data owner (DO), cloud server (CS) and query user (QU), the risk of privacy disclosure constrains the wide deployment of this attractive computing paradigm. To handle this dilemma, various encryption approaches are designed to assure privacy during query processing over outsourced databases. Recently, Wu et al. (World Wide Web 22 (1), 101–123 2019) presented a 'secure' k -nearest neighbor ( k NN) classification scheme over encrypted cloud database which aimed to concurrently keep the privacy of the database, the DO's key, the QU's query, and the data access patterns. In this paper, we first revisit their scheme and present an efficient known-plaintext attack on the privacy of database with linearization technique. Then, we propose an improved scheme that outperforms the prior scheme in both security and efficiency. Precisely, on the security side, we realize the above four security intentions with rigorous theoretical arguments. On the efficiency side, our new design greatly reduces the computational overhead of the DO and the QU, and makes full use of the resources of two cloud servers by better balancing their computational loads. Finally, we measure the practical performance of our scheme from an experimental perspective, and the result corroborates our theoretical analysis.

Hui Xu,Xiaofeng Ding,Hai Jin,Qing Yu

DOI: https://doi.org/10.1002/cpe.5458

2021-01-01

Abstract:Although cloud computing saves the cost of enterprises and individuals to manage data in various applications on public cloud servers, it also causes the problem of the leakage of critical personal information and sensitive data. Therefore, the issues about data privacy of the published personal information have become a challenging problem. Most of the existing methods focus on cryptography-based techniques by encrypting the sensitive data before publishing. However, these techniques are either too computation expensive or only some authorized users can get access to the encrypted cloud data. The consequence is that the search response time is not satisfactory and the sharing extent of the cloud data is becoming limited. Motivated by this, we propose a perturbation-based method to preserve the privacy of data in cloud. To accelerate the query processing without privacy breaches, a high-efficiency multi-dimensional index is built for answering range counting queries under differential privacy, which embeds privacy-preserving R-tree index in Content Addressable Network. Experimental results demonstrate that our methods not only protect data privacy in different degree, but also accelerate the query speed efficiently. Compared with the existing method Quad-opt, our method provides about 20% better data utility under the same differential privacy principles.

Bharath K. Samanthula,Wei Jiang,Elisa Bertino

DOI: https://doi.org/10.48550/arXiv.1401.3768

2014-01-15

Cryptography and Security

Abstract:With the many benefits of cloud computing, an entity may want to outsource its data and their related analytics tasks to a cloud. When data are sensitive, it is in the interest of the entity to outsource encrypted data to the cloud; however, this limits the types of operations that can be performed on the cloud side. Especially, evaluating queries over the encrypted data stored on the cloud without the entity performing any computation and without ever decrypting the data become a very challenging problem. In this paper, we propose solutions to conduct range queries over outsourced encrypted data. The existing methods leak valuable information to the cloud which can violate the security guarantee of the underlying encryption schemes. In general, the main security primitive used to evaluate range queries is secure comparison (SC) of encrypted integers. However, we observe that the existing SC protocols are not very efficient. To this end, we first propose a novel SC scheme that takes encrypted integers and outputs encrypted comparison result. We empirically show its practical advantage over the current state-of-the-art. We then utilize the proposed SC scheme to construct two new secure range query protocols. Our protocols protect data confidentiality, privacy of user's query, and also preserve the semantic security of the encrypted data; therefore, they are more secure than the existing protocols. Furthermore, our second protocol is lightweight at the user end, and it can allow an authorized user to use any device with limited storage and computing capability to perform the range queries over outsourced encrypted data.

Wei Yang,Yang Xu,Yiwen Nie,Yao Shen,Liusheng Huang

DOI: https://doi.org/10.1007/978-3-319-91458-9_8

2018-01-01

Abstract:With the prevalence of cloud computing, data owners are motivated to outsource their databases to the cloud. However, sensitive information has to be encrypted to preserve the privacy, which inevitably makes effective data utilization a challenging task. Existing work either focuses on keyword searches, or suffers from inadequate security guarantees or inefficiency. In this paper, we focus on the problem of multi-dimensional range queries over dynamic encrypted cloud data. We propose a Tree-based private Range Query scheme over dynamic Encrypted cloud Data (TRQED), which enables faster-than-linear range queries and supports data dynamics while preserving the query privacy and single-dimensional privacy simultaneously. TRQED achieves provable security against semi-honest adversaries under known background model. Extensive experiments on real-world datasets show that the overhead of TRQED is desirable, and TRQED is more efficient compared with existing work.

Su Shenghao,Guo Cheng,Tian Pengxu,Tang Xinyu

DOI: https://doi.org/10.1109/dsc49826.2021.9346235

2021-01-01

Abstract:With the fast evolution of sensor technology, massive high-dimensional data are collected by various service providers. Other institutions also want to use the data for analysis and statistics. However, for the privacy and legal concerns, data owners should not directly share the data with others. In addition, some factors such as measurement limitations, noise, and network delays may result in uncertain data. Compared with processing certain data, managing and processing uncertain data is more challenging. In this paper, we propose a privacy-preserving range query scheme for high-dimensional uncertain data owned by the other party, in which range query problem can be solved by data owners without revealing their data and the query range is invisible except the query requestor. We utilize the Paillier encryption as the basic block of our scheme. The data owner utilizes a binary tree index to promote query, which combines pivot-mapping and Bloom filter. We analyze the security and evaluate the performance of the scheme with a synthetic dataset. The analysis and experimental results show that our scheme is secure and efficient.

Chuan Zhang,Chenfei Hu,Mingyang Zhao,Yulin Wu,Tong Wu

DOI: https://doi.org/10.1109/icdis55630.2022.00029

2022-01-01

Abstract:Geographic range query, as a basic query function, has been widely leveraged in location-based services. To adapt to the explosive growth of location data, more and more businesses and individuals choose to store their massive amounts of data on the powerful cloud, which however may raise severe threats to users' privacy. To resolve this problem, the location data is often encrypted before outsourcing, but this may sacrifice the availability and utility of the location data. In this paper, we design a geographic range query scheme to support efficient and privacy-preserving arbitrary geographic range queries over encrypted location data. Specifically, we first utilize the polynomial fitting technique to generate trapdoors for arbitrary geographic query ranges. Then, we design a randomizable matrix multiplication method based on matrix decomposition to achieve geographic range queries between data owners and data requesters. Through rigorous security analysis, we demonstrate the privacy of location data and queries is well protected in our scheme. Extensive experiments and performance evaluations show that our proposed scheme is highly efficient in terms of computational cost and communication overhead.

Anselme Tueno,Florian Kerschbaum

DOI: https://doi.org/10.48550/arXiv.1802.01138

2018-02-04

Cryptography and Security

Abstract:Order-preserving encryption allows encrypting data, while still enabling efficient range queries on the encrypted data. Moreover, it does not require any change to the database management system, because comparison operates on ciphertexts as on plaintexts. This makes order-preserving encryption schemes very suitable for data outsourcing in cloud computing scenarios. However, all order-preserving encryption schemes are necessarily symmetric limiting the use case to one client and one server. Imagine a scenario where a Data Owner encrypts its data before outsourcing it to the Cloud Service Provider and a Data Analyst wants to execute private range queries on this data. This scenario occurs in many cases of collaborative machine learning where data source and processor are different entities. Then either the Data Owner must reveal its encryption key or the Data Analyst must reveal the private queries. In this paper, we overcome this limitation by allowing the equivalent of a public-key order-preserving encryption. We present a secure multiparty protocol that enables secure range queries for multiple users. In this scheme, the Data Analyst cooperates with the Data Owner and the Cloud Service Provider in order to order-preserving encrypt the private range queries without revealing any other information to the parties. We implemented our scheme and observed that if the database size of the Data Owner has 1 million entries it takes only about 0.3 s on average via a loopback interface (1.3 s via a LAN) to encrypt an input of the Data Analyst.

Xiaochen Ma,Chenfei Hu,Zhuopeng Li,Haotian Liang,Tong Wu,Taiyuan Zhang

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics60724.2023.00052

2024-01-01

Abstract:Recently, the cloud server has been extensively applied to store large amounts of location data and provide geometric range query services. However, this may pose severe privacy concerns. Existing privacy-preserving geometric range query schemes either rely on high-cost encryption techniques or cannot support arbitrary geometric range query. Moreover, in these schemes, location data can be queried and accessed by some unauthorized data requesters, and the data requester may acquire location data from some unauthorized data owners. The former will compromise the privacy of location data, and the latter will bring non-compliant data to the data requester. In this paper, we design an arbitrary geometric range query scheme that enables efficient and privacy-preserving querying with bilateral access control. Specifically, we use polynomial curves to fit arbitrary geometric ranges and extract the polynomial coefficients as query trapdoors. We employ random matrices to protect the privacy of location data, query trapdoors, and access policies. Then, due to the properties of random matrix multiplication, the cloud server can securely query encrypted location data with bilateral access control. Extensive experiments indicate that our scheme outperforms state-of-the-art work with respect to computational and communication overheads.

Cheng Guo,Shenghao Su,Kim-Kwang Raymond Choo,Pengxu Tian,Xinyu Tang

DOI: https://doi.org/10.1109/jiot.2021.3088296

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:The outsourcing of data is becoming increasingly commonplace as data is constantly been synchronized between user systems (e.g., personal computers and sensor devices) and cloud computing servers. However, to ensure data privacy, it is necessary to encrypt sensitive data prior to outsourcing. Limitations such as measurement, network delays, and data obfuscation may, however, result in uncertain data. Compared with searching over encrypted certain data, processing queries for encrypted uncertain data is more challenging. In this article, we propose a secure and efficient range query scheme over outsourced encrypted uncertain data, for example, from Internet of Things (IoT) systems. Specifically, we use pivot mapping to map data to a low-dimensional space to facilitate calculation and processing while preserving some of the original relevance among the data. Additionally, we encode data and then map codes into multiple Bloom filters which are organized by a binary tree-based index. Our scheme achieves data privacy, hides the relevance among data, and also supports efficient queries. We analyze the security and evaluate the performance of our approach using experiments on Microsoft Azure. The analysis and experimental results demonstrate that our proposed approach is secure and efficient.

Yao Shen,Liusheng Huang,Wei Yang

DOI: https://doi.org/10.1109/icc.2017.7996939

2017-01-01

Abstract:With the increasing prevalence of cloud computing, data owners prefer to outsource their databases to the cloud. For the protection of data privacy, sensitive data have to be encrypted before outsourcing, which introduces much difficulty into effective data utilization. Most previous studies either suffer from privacy disclosure and low efficiency, or do not support personalized multidimensional range queries. In this paper, we focus on personalized private range queries over outsourced data. We propose a personalized and privacy-preserving private range query protocol (PPP), which uses bounding-box PIR (bbPIR) to trade access pattern privacy for flexible privacy and high efficiency, and satisfies various quality of service (QoS) requirements. To our best knowledge, PPP is the first to achieve personalized search according to owner-specified privacy-cost tradeoff. Furthermore, PPP is secure against semi-honest adversaries under known ciphertext model. Experimental results on real-world datasets show that PPP is efficient and able to achieve diverse QoS requirements.

Zhuolin Mei,Huilai Zou,Jinzhou Huang,Caicai Zhang,Bin Wu,Jiaoli Shi,Zhengxiang Cheng

DOI: https://doi.org/10.4018/ijwsr.340391

2024-03-12

International Journal of Web Services Research

Abstract:In recent years, more and more data has been stored on the cloud to provide various services. These data often contain users' private information, which inevitably raises concerns about data security. Encryption before outsourcing is a direct solution to mitigate these concerns. However, traditional encryption schemes such as block encryption make basic data services hard to support. Therefore, this paper proposes a secure and fast range query scheme for encrypted multi-dimensional data, called SFRQ. The scheme constructs a secure index over the ciphertexts of multi-dimensional data, utilizing the R-tree index, Bloom filter, and 0-1 encoding techniques. This secure index enables the cloud to provide fast range query services over the ciphertexts of multi-dimensional data. The authors have evaluated SFRQ through extensive experiments, which demonstrate its high efficiency. Additionally, the security analysis shows that no external entity, including the cloud, can obtain additional information during the entire query process.

computer science, information systems, software engineering