Yao Shen,Wei Yang,Lu Li,Liusheng Fitiang

DOI: https://doi.org/10.1016/j.pmcj.2017.04.008

IF: 3.848

2017-01-01

Pervasive and Mobile Computing

Abstract:With the prevalence of cloud computing, data owners are motivated to outsource their databases to the cloud server. However, to preserve data privacy, sensitive private data have to be encrypted before outsourcing, which makes data utilization a very challenging task. Existing work either focus on keyword searches and single-dimensional range query, or suffer from inadequate security guarantees and inefficiency. In this paper, we consider the problem of multidimensional private range queries over encrypted cloud data. To solve the problem, we systematically establish a set of privacy requirements for multidimensional private range queries, and propose a multidimensional private range query (MPRQ) framework based on private block retrieval (PBR), in which data owners keep the query private from the cloud server. To achieve both efficiency and privacy goals, we present an efficient and fully privacy-preserving private range query (PPRQ) protocol by using batch codes and multiplication avoiding technique. To our best knowledge, PPRQ is the first to protect the query, access pattern and single-dimensional privacy simultaneously while achieving efficient range queries. Moreover, PPRQ is secure in the sense of cryptography against semi-honest adversaries. Experiments on real-world datasets show that the computation and communication overhead of PPRQ is modest.

Lu Li,Liusheng Huang,An Liu,Yao Shen,Wei Yang,Shengnan Shao

DOI: https://doi.org/10.1007/978-3-319-21042-1_41

2015-01-01

Abstract:With the advent of cloud computing, data owners could upload their databases to the cloud service provider to relief the burden of data storage and management. To protect sensitive data from the cloud, the data owner could publish an encrypted version of the original data. However, this will make data utilization much harder. In this paper, we consider the problem of private range query. Specifically, the data owner wants to obtain all the data within a query region, while keeping the query private to the service provider. Previous works only provide partial security guarantee, and are inefficient to deal with large scale datasets. To solve this problem, we present a fully secure scheme based on private information retrieval (PIR) and batch codes (BC).

Wentao Wang,Yuxuan Jin,Bin Cao

DOI: https://doi.org/10.1109/pst55820.2022.9851989

2022-01-01

Abstract:The growing power of cloud computing prompts data owners to outsource their databases to the cloud. In order to meet the demand of multi-dimensional data processing in big data era, multi-dimensional range queries, especially over cloud platform, have received extensive attention in recent years. However, since the third-party clouds are not fully trusted, it is popular for the data owners to encrypt sensitive data before outsourcing. It promotes the research of encrypted data retrieval. Nevertheless, most existing works suffer from single-dimensional privacy leakage which would severely put the data at risk. Up to now, although a few existing solutions have been proposed to handle the problem of single-dimensional privacy, they are unsuitable in some practical scenarios due to inefficiency, inaccuracy, and lack of support for diverse data. Aiming at these issues, this paper mainly focuses on the secure range query over encrypted data. We first propose an efficient and private range query scheme for encrypted data based on homomorphic encryption, which can effectively protect data privacy. By using the dual-server model as the framework of the system, we not only achieve multi-dimensional privacy-preserving range query but also innovatively realize similarity search based on MinHash over ciphertext domains. Then we perform formal security analysis and evaluate our scheme on real datasets. The result shows that our proposed scheme is efficient and privacy-preserving. Moreover, we apply our scheme to a shopping website. The low latency demonstrates that our proposed scheme is practical.

Lili Sun,Yonggang Zhang,Yandong Zheng,Weiyu Song,Rongxing Lu

DOI: https://doi.org/10.1109/tsc.2023.3259642

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:The Internet of Things (IoT) boom has enabled Internet Service Providers (ISPs) to collect an enormous amount of high-dimensional data. Performing range queries on such data can effectively reuse them to help ISPs offer better services. Owing to the low cost and high resource utilization of cloud computing, an increasing number of ISPs are inclined to outsource data and services to it. However, as the cloud is not fully trusted, data need to be encrypted before being outsourced, which inevitably hinders many query services, e.g., range queries. Various schemes were proposed for privacy-preserving range queries, yet they struggled to extend to high-dimensional scenarios and did not support dimension selection. Aiming at this challenge, in this paper, we propose an efficient and privacy-preserving high-dimensional range query scheme (PHRQ) based on an iMinMax tree while supporting dimension selection. Specifically, we first build an iMinMax tree for high-dimensional data and utilize a symmetric homomorphic encryption technique to design a suite of privacy-preserving protocols to achieve secure high-dimensional range queries. Then, we design a sub-dimensional range determination protocol to support dimension selection. Further, based on the iMinMax tree and our privacy-preserving protocols, we propose our PHRQ scheme. Finally, security analysis shows that our scheme is privacy-preserving, and performance evaluation demonstrates that our scheme is efficient in high-dimensional range query processing.

computer science, information systems, software engineering

Cheng Guo,Shenghao Su,Kim-Kwang Raymond Choo,Pengxu Tian,Xinyu Tang

DOI: https://doi.org/10.1109/jiot.2021.3088296

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:The outsourcing of data is becoming increasingly commonplace as data is constantly been synchronized between user systems (e.g., personal computers and sensor devices) and cloud computing servers. However, to ensure data privacy, it is necessary to encrypt sensitive data prior to outsourcing. Limitations such as measurement, network delays, and data obfuscation may, however, result in uncertain data. Compared with searching over encrypted certain data, processing queries for encrypted uncertain data is more challenging. In this article, we propose a secure and efficient range query scheme over outsourced encrypted uncertain data, for example, from Internet of Things (IoT) systems. Specifically, we use pivot mapping to map data to a low-dimensional space to facilitate calculation and processing while preserving some of the original relevance among the data. Additionally, we encode data and then map codes into multiple Bloom filters which are organized by a binary tree-based index. Our scheme achieves data privacy, hides the relevance among data, and also supports efficient queries. We analyze the security and evaluate the performance of our approach using experiments on Microsoft Azure. The analysis and experimental results demonstrate that our proposed approach is secure and efficient.

Chuan Zhang,Chenfei Hu,Mingyang Zhao,Yulin Wu,Tong Wu

DOI: https://doi.org/10.1109/icdis55630.2022.00029

2022-01-01

Abstract:Geographic range query, as a basic query function, has been widely leveraged in location-based services. To adapt to the explosive growth of location data, more and more businesses and individuals choose to store their massive amounts of data on the powerful cloud, which however may raise severe threats to users' privacy. To resolve this problem, the location data is often encrypted before outsourcing, but this may sacrifice the availability and utility of the location data. In this paper, we design a geographic range query scheme to support efficient and privacy-preserving arbitrary geographic range queries over encrypted location data. Specifically, we first utilize the polynomial fitting technique to generate trapdoors for arbitrary geographic query ranges. Then, we design a randomizable matrix multiplication method based on matrix decomposition to achieve geographic range queries between data owners and data requesters. Through rigorous security analysis, we demonstrate the privacy of location data and queries is well protected in our scheme. Extensive experiments and performance evaluations show that our proposed scheme is highly efficient in terms of computational cost and communication overhead.

Wei Wang,Lei Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2015.06.014

IF: 5.493

2015-01-01

Computer Networks

Abstract:According to the recent rule released by Health and Human Services (HHS), healthcare data can be outsourced to cloud computing services for medical studies. A major concern about outsourcing healthcare data is its associated privacy issues. However, previous solutions have focused on cryptographic techniques which introduce significant cost when applied to healthcare data with high-dimensional sensitive attributes. To address these challenges, we propose a privacy-preserving framework to transit insensitive data to commercial public cloud and the rest to trusted private cloud. Under the framework, we design two protocols to provide personalized privacy protections and defend against potential collusion between the public cloud service provider and the data users. We derive provable privacy guarantees and bounded data distortion to validate the proposed protocols. Extensive experiments over real-world datasets are conducted to demonstrate that the proposed protocols maintain high usability and scale well to large datasets.

Hongcheng Xie,Xiaohua Jia,Yu Guo,Mingyu Wang

DOI: https://doi.org/10.1109/TCC.2022.3208711

IF: 5.697

2023-07-01

IEEE Transactions on Cloud Computing

Abstract:Encrypted range query schemes that enable range-based searches over encrypted data have become an effective solution for secure data outsourcing services. However, existing schemes are still inadequate on desired functionality and security. Specifically, supporting efficient multi-range queries while hiding the data ordering leakage remains a challenging research problem. Existing works on order-hiding query schemes only work for encrypted single-range search and incur significant computational overhead due to the protection of the ordering information. In this article, we present a privacy-preserving multi-range query scheme that can address the above problems simultaneously. It not only enables efficient multi-range queries over encrypted data but also guarantees the privacy of ordering information. To protect the ordering leakage, our design adopts an Order-hiding Encoding (OHE) scheme to support multi-range obfuscation. In addition, a novel order-hiding K-Dimensional tree (KD-tree) index structure is designed as the core technique underlying our scheme, which accelerates efficient multi-range queries and obfuscates ordering information of encrypted values. Finally, the formal security analysis confirms that our proposed multi-range query scheme is secure in the random oracle model. The extensive experimental results conducted on real-world datasets demonstrate the practicality of our design.

Computer Science

Su Shenghao,Guo Cheng,Tian Pengxu,Tang Xinyu

DOI: https://doi.org/10.1109/dsc49826.2021.9346235

2021-01-01

Abstract:With the fast evolution of sensor technology, massive high-dimensional data are collected by various service providers. Other institutions also want to use the data for analysis and statistics. However, for the privacy and legal concerns, data owners should not directly share the data with others. In addition, some factors such as measurement limitations, noise, and network delays may result in uncertain data. Compared with processing certain data, managing and processing uncertain data is more challenging. In this paper, we propose a privacy-preserving range query scheme for high-dimensional uncertain data owned by the other party, in which range query problem can be solved by data owners without revealing their data and the query range is invisible except the query requestor. We utilize the Paillier encryption as the basic block of our scheme. The data owner utilizes a binary tree index to promote query, which combines pivot-mapping and Bloom filter. We analyze the security and evaluate the performance of the scheme with a synthetic dataset. The analysis and experimental results show that our scheme is secure and efficient.

Songrui Wu,Qi Li,Guoliang Li,Dong Yuan,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/icde.2019.00062

2019-01-01

Abstract:Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.

Ning Cao,Zhenyu Yang,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/ICDCS.2011.84

2011-01-01

Abstract:In the emerging cloud computing paradigm, data owners become increasingly motivated to outsource their complex data management systems from local sites to the commercial public cloud for great flexibility and economic savings. For the consideration of users' privacy, sensitive data have to be encrypted before outsourcing, which makes effective data utilization a very challenging task. In this paper, for the first time, we define and solve the problem of privacy-preserving query over encrypted graph-structured data in cloud computing (PPGQ), and establish a set of strict privacy requirements for such a secure cloud data utilization system to become a reality. Our work utilizes the principle of "filtering-and-verification". We prebuild a feature-based index to provide feature-related information about each encrypted data graph, and then choose the efficient inner product as the pruning tool to carry out the filtering procedure. To meet the challenge of supporting graph query without privacy breaches, we propose a secure inner product computation technique, and then improve it to achieve various privacy requirements under the known-background threat model.

Lu Li,Xufeng Jiang,Fei Zhu,An Liu

DOI: https://doi.org/10.1007/978-981-15-3281-8_9

2020-01-01

Abstract:In the cloud computing paradigm, data owners could outsource their databases to the service provider, and thus reap huge benefits from releasing the heavy storage and management tasks to the cloud server. However, sensitive data, such as medical or financial records, should be encrypted before uploading to the cloud server. Unfortunately, this will introduce new challenges to data utilization. In this paper, we study the problem of skyline queries in a way that data privacy for both data owner and the client is preserved. We propose a hybrid protocol via additively homomorphic encryption system and Yao’s garbled circuits. By taking advantages of Yao’s protocol, we design a highly improved protocol which can be used to determine the skyline point and exclude the points dominated by others in an oblivious way. Based on this subroutine, we construct a fully secure protocol for skyline queries. We theoretically prove that the protocols are secure in the semi-honest model. Through analysis and extensive experiments, we demonstrate the efficiency and scalability of our proposed solutions.

Wei Yang,Yang Xu,Yiwen Nie,Yao Shen,Liusheng Huang

DOI: https://doi.org/10.1007/978-3-319-91458-9_8

2018-01-01

Abstract:With the prevalence of cloud computing, data owners are motivated to outsource their databases to the cloud. However, sensitive information has to be encrypted to preserve the privacy, which inevitably makes effective data utilization a challenging task. Existing work either focuses on keyword searches, or suffers from inadequate security guarantees or inefficiency. In this paper, we focus on the problem of multi-dimensional range queries over dynamic encrypted cloud data. We propose a Tree-based private Range Query scheme over dynamic Encrypted cloud Data (TRQED), which enables faster-than-linear range queries and supports data dynamics while preserving the query privacy and single-dimensional privacy simultaneously. TRQED achieves provable security against semi-honest adversaries under known background model. Extensive experiments on real-world datasets show that the overhead of TRQED is desirable, and TRQED is more efficient compared with existing work.

Bharath K. Samanthula,Wei Jiang,Elisa Bertino

DOI: https://doi.org/10.48550/arXiv.1401.3768

2014-01-15

Cryptography and Security

Abstract:With the many benefits of cloud computing, an entity may want to outsource its data and their related analytics tasks to a cloud. When data are sensitive, it is in the interest of the entity to outsource encrypted data to the cloud; however, this limits the types of operations that can be performed on the cloud side. Especially, evaluating queries over the encrypted data stored on the cloud without the entity performing any computation and without ever decrypting the data become a very challenging problem. In this paper, we propose solutions to conduct range queries over outsourced encrypted data. The existing methods leak valuable information to the cloud which can violate the security guarantee of the underlying encryption schemes. In general, the main security primitive used to evaluate range queries is secure comparison (SC) of encrypted integers. However, we observe that the existing SC protocols are not very efficient. To this end, we first propose a novel SC scheme that takes encrypted integers and outputs encrypted comparison result. We empirically show its practical advantage over the current state-of-the-art. We then utilize the proposed SC scheme to construct two new secure range query protocols. Our protocols protect data confidentiality, privacy of user's query, and also preserve the semantic security of the encrypted data; therefore, they are more secure than the existing protocols. Furthermore, our second protocol is lightweight at the user end, and it can allow an authorized user to use any device with limited storage and computing capability to perform the range queries over outsourced encrypted data.

Yousheng Zhou,Xia Li,Ming Wang,Yuanni Liu

DOI: https://doi.org/10.1016/j.csa.2022.100007

2023-12-01

Cyber Security and Applications

Abstract:Location-based service (LBS) is enjoying a great popularity with the fast growth of mobile Internet. As the volume of data increases dramatically, an increasing number of location service providers (LSPs) are moving LBS data to cloud platforms for benefit of affordability and stability. However, while cloud server provides convenience and stability, it also leads to data security and user privacy leakage. Aiming at the problems of insufficient privacy protection and inefficient query in the existing LBS data outsourcing schemes, this paper presents a novel privacy-preserving top-k query for outsourcing situations. Firstly, to ensure data security of LSP and privacy of the user, the enhanced asymmetric scalar-product preserving encryption and public key searchable encryption have been adopted to encrypt outsourced data and LBS query, which can effectively lower the computational cost and realize the privacy protection search. Secondly, an efficient and secure index structure is constructed by using a coded quadtree and the bloom filter, so that the cloud server can quickly locate the user’s query region to improve retrieval efficiency. Finally, the formal security analysis is given under the random oracle model, and the performance is evaluated by experiments which demonstrates that our scheme is preferable to existing schemes.

Kaiping Xue,Shaohua Li,Jianan Hong,Yingjie Xue,Nenghai Yu,Peilin Hong

DOI: https://doi.org/10.1109/TIFS.2017.2675864

2017-01-01

Abstract:Industries and individuals outsource database to realize convenient and low-cost applications and services. In order to provide sufficient functionality for SQL queries, many secure database schemes have been proposed. However, such schemes are vulnerable to privacy leakage to cloud server. The main reason is that database is hosted and processed in cloud server, which is beyond the control of data owners. For the numerical range query (“>,” “<,” and so on), those schemes cannot provide sufficient privacy protection against practical challenges, e.g., privacy leakage of statistical properties, access pattern. Furthermore, increased number of queries will inevitably leak more information to the cloud server. In this paper, we propose a two-cloud architecture for secure database, with a series of intersection protocols that provide privacy preservation to various numeric-related range queries. Security analysis shows that privacy of numerical information is strongly protected against cloud providers in our proposed scheme.

Hui Xu,Xiaofeng Ding,Hai Jin,Qing Yu

DOI: https://doi.org/10.1002/cpe.5458

2021-01-01

Abstract:Although cloud computing saves the cost of enterprises and individuals to manage data in various applications on public cloud servers, it also causes the problem of the leakage of critical personal information and sensitive data. Therefore, the issues about data privacy of the published personal information have become a challenging problem. Most of the existing methods focus on cryptography-based techniques by encrypting the sensitive data before publishing. However, these techniques are either too computation expensive or only some authorized users can get access to the encrypted cloud data. The consequence is that the search response time is not satisfactory and the sharing extent of the cloud data is becoming limited. Motivated by this, we propose a perturbation-based method to preserve the privacy of data in cloud. To accelerate the query processing without privacy breaches, a high-efficiency multi-dimensional index is built for answering range counting queries under differential privacy, which embeds privacy-preserving R-tree index in Content Addressable Network. Experimental results demonstrate that our methods not only protect data privacy in different degree, but also accelerate the query speed efficiently. Compared with the existing method Quad-opt, our method provides about 20% better data utility under the same differential privacy principles.

Wei Yang,Yangyang Geng,Lu Li,Xike Xie,Liusheng Huang

DOI: https://doi.org/10.1109/TKDE.2020.2983030

IF: 9.235

2022-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Cloud computing is motivating data owners to outsource their databases to the cloud. However, for privacy concerns, the sensitive data has to be encrypted before outsourcing, which inevitably posts a challenging task for effective data utilization. Existing work either focuses on keyword searches, or suffers from inadequate security guarantees or inefficiency. In this paper, we concentrate on mult...

Shuai Shang,Xiong Li,Rongxing Lu,Jianwei Niu,Xiaosong Zhang,Mohsen Guizani

DOI: https://doi.org/10.1109/JIOT.2022.3149638

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Edge-supported Industrial Internet of Things (IIoT) has recently received significant attention since the edge computing can greatly improve the service quality of IIoT applications. However, edge servers are not fully trusted and are often deployed at the edge of the network. Therefore, there are some security challenges that need to be addressed. For edge-supported IIoT, a privacy-preserving range query is one of the most important functional requirements. Recently, some privacy-preserving range query solutions have been proposed in different fields. However, most of them only support single-dimensional range query, which are inefficient for the requirement of multidimensional range query. To address these problems, we propose a privacy-preserving multidimensional range query scheme for edge-supported IIoT, called Edge-PPMRQ, in this article. In Edge-PPMRQ, a novel range division algorithm is designed, through which the multidimensional ranges can be merged into one range, so as to achieve multidimensional range query through one query request. In addition, Edge-PPMRQ also supports the range queries for continuous, discontinuous, and arbitrary boundary ranges. The detailed security analysis proves that Edge-PPMRQ is privacy preserving for the query ranges, the query results, and the sensed data of IIoT devices. Furthermore, extensive comparison experiments also illustrate that Edge-PPMRQ is efficient in communication and computation.

Yuanhao Wang,Qiong Huang,Hongbo Li,Meiyan Xiao,Sha Ma,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2021.3101059

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Thanks to its convenience and cost-savings feature, cloud computing ushers a new era. Yet its security and privacy issues must not be neglected. Private set intersection (PSI) is useful and important in many cloud computing applications, such as document similarity, genetic paternity and data mining. The cloud server performs intersection operations on two outsourced encrypted datasets of data owners. In the existing protocols, however, data owners cannot decide whether to use all or part of their encrypted data to compute the intersection, nor can they specify whom to compare with. In this paper, we introduce an enhanced notion of outsourced PSI, called authorized PSI (APSI), which supports flexible authorization and cross-type authorized comparison of datasets. To demonstrate this notion, we propose a concrete APSI protocol, and prove it to be secure in the random oracle model based on simple number-theoretic assumptions. Experimental results show that our APSI protocol has performance comparable with existing related outsourced PSI protocols.